proszę o sprawdzenie loga

Gość: gupek IP: *.cable-modem.tkk.net.pl 15.10.06, 12:18

Logfile of HijackThis v1.99.1
Scan saved at 12:13:50, on 2006-10-15
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\MMediaCodec\isamonitor.exe
C:\Program Files\MMediaCodec\pmsngr.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MMediaCodec\isamini.exe
C:\Program Files\MMediaCodec\pmmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
D:\firefox.exe
C:\Documents and Settings\Admin\Pulpit\GENERAL\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = onet.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = localhost:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
d:\gry martina\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program
Files\MMediaCodec\isaddon.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common
Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
/Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common
Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program
Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [WheresJames Startup Manager] C:\Program
Files\WheresJames\StartupMgr\StartupMgr.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program
Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with Internet TOOLS - C:\Program
Files\MarBit\TOOLS\MBdownload.htm
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) -
67.15.101.3/g_bin/pl/boards_2_0_0_23.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) -
67.15.101.3/g_bin/pl/navy_2_0_0_19.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122070779662
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {EEE9000F-9E6E-48A7-BA3C-56F961A11E60}
(PremiumRateConnector.Connector) -
ssl.dialer.pl/activeinstaller/PremiumRateConnector.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} -
C:\WINNT\system32\dpfwu.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINNT\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINNT\system32\ZoneLabs\vsmon.exe

Szpiegowska aplikacja bus

Obserwuj wątek

Gość: gupek Re: proszę o sprawdzenie loga IP: *.cable-modem.tkk.net.pl 15.10.06, 23:31

Logfile of HijackThis v1.99.1
Scan saved at 23:18:00, on 2006-10-15
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\firefox.exe
C:\Documents and Settings\Admin\Pulpit\GENERAL\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = localhost:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\gry
martina\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common
Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
/Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common
Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program
Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [WheresJames Startup Manager] C:\Program
Files\WheresJames\StartupMgr\StartupMgr.exe
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program
Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with Internet TOOLS - C:\Program
Files\MarBit\TOOLS\MBdownload.htm
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) -
67.15.101.3/g_bin/pl/boards_2_0_0_23.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) -
67.15.101.3/g_bin/pl/navy_2_0_0_19.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122070779662
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINNT\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINNT\system32\ZoneLabs\vsmon.exe

jeszcze raz wielkie dzięki!!

Drzewko
Od najstarszego
Od najnowszego

Gość: Kolobos Re: proszę o sprawdzenie loga IP: *.icm.edu.pl 15.10.06, 13:43

Zamknij porty przy pomocy wwdc, uzyj tez:
siri.urz.free.fr/Fix/SmitfraudFix_En.php (zrob to co masz napisane pod "Clean", log z usuwania wklej na forum)

W hjt usun:
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program
Files\MMediaCodec\isaddon.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <- odinstaluj, klik na olowek na pasku yahoo i uninstall.
O16 - DPF: {EEE9000F-9E6E-48A7-BA3C-56F961A11E60}
(PremiumRateConnector.Connector) -
ssl.dialer.pl/activeinstaller/PremiumRateConnector.cab
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} -
C:\WINNT\system32\dpfwu.dll <- plik usun z dysku.

Na koniec skan przy pomocy ewido, po wszystkim wklej nowy log.
- Gość: gupek Re: proszę o sprawdzenie loga IP: *.cable-modem.tkk.net.pl 15.10.06, 23:27
  
  Dzięki wielkie Kolobos!
  Porty zamknąłem(całus dla Neder w przyklejonych), SmitfraudFix zadziałał, a
  napociłem się bo angielskiego nie znam, wklejam log, a drugi z hjt w następnym
  poście bo nie wiem czy się zmieści. Wszystko działa ok, tylko tapetę wcięło-co
  ona winna? I jeszcze pytanie, co ten cholerny program mógł mi narobić?
  
  pozdr.SmitFraudFix v2.109
  
  Scan done at 16:42:25,86, N 2006-10-15
  Run from C:\Documents and Settings\admin\Pulpit\prog\SmitfraudFix
  OS: Microsoft Windows 2000 [Wersja 5.00.2195] - Windows_NT
  Fix run in safe mode
  
  »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
  !!!Attention, following keys are not inevitably infected!!!
  
  SrchSTS.exe by S!Ri
  Search SharedTaskScheduler's .dll
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
  "{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"
  
  [HKEY_CLASSES_ROOT\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32]
  @="C:\WINNT\system32\dpfwu.dll"
  
  [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4}\InProcServer32]
  @="C:\WINNT\system32\dpfwu.dll"
  
  »»»»»»»»»»»»»»»»»»»»»»»» Killing process
  
  »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
  
  GenericRenosFix by S!Ri
  
  C:\WINNT\system32\dpfwu.dll -> Hoax.Win32.Renos.gen.d
  C:\WINNT\system32\dpfwu.dll -> Deleted
  
  »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
  
  C:\DOCUME~1\admin~1\MENUST~1\VirusBurster 6.2.lnk Deleted
  C:\DOCUME~1\ALLUSE~1\MENUST~1\Online Security Guide.url Deleted
  C:\DOCUME~1\ALLUSE~1\MENUST~1\Security Troubleshooting.url Deleted
  C:\Program Files\MMediaCodec\ Deleted
  C:\Program Files\VirusBurster\ Deleted
  
  »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
  
  »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
  
  Registry Cleaning done.
  
  »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
  !!!Attention, following keys are not inevitably infected!!!
  
  SrchSTS.exe by S!Ri
  Search SharedTaskScheduler's .dll
  
  »»»»»»»»»»»»»»»»»»»»»»»» End
- Gość: gupek Re: proszę o sprawdzenie loga IP: *.cable-modem.tkk.net.pl 15.10.06, 23:31
  
  Logfile of HijackThis v1.99.1
  Scan saved at 23:18:00, on 2006-10-15
  Platform: Windows 2000 SP4 (WinNT 5.00.2195)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  
  Running processes:
  C:\WINNT\System32\smss.exe
  C:\WINNT\system32\winlogon.exe
  C:\WINNT\system32\services.exe
  C:\WINNT\system32\lsass.exe
  C:\WINNT\system32\svchost.exe
  C:\WINNT\system32\spoolsv.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\WINNT\system32\svchost.exe
  C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
  C:\WINNT\system32\nvsvc32.exe
  C:\WINNT\system32\regsvc.exe
  C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
  C:\WINNT\system32\ZoneLabs\vsmon.exe
  C:\WINNT\Explorer.EXE
  C:\Program Files\Common Files\Symantec Shared\SymTray.exe
  C:\WINNT\System32\WBEM\WinMgmt.exe
  C:\WINNT\system32\svchost.exe
  C:\WINNT\system32\svchost.exe
  C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
  C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
  C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  C:\WINNT\system32\internat.exe
  C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
  C:\Program Files\ewido anti-malware\ewidoctrl.exe
  D:\firefox.exe
  C:\Documents and Settings\Admin\Pulpit\GENERAL\hijackthis\hijackthis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  C:\windows\system32\blank.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  C:\windows\system32\blank.htm
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
  Settings,ProxyServer = localhost:8118
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\gry
  martina\Reader\ActiveX\AcroIEHelper.ocx
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
  Files\Java\jre1.5.0_06\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
  c:\program files\google\googletoolbar2.dll
  O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
  Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
  {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
  C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
  files\google\googletoolbar2.dll
  O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
  O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common
  Files\Symantec Shared\Symtray.exe SetReg
  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
  Files\Java\jre1.5.0_06\bin\jusched.exe
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  /Consumer
  O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
  Shared\Security Center\UsrPrmpt.exe
  O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
  Labs\ZoneAlarm\zlclient.exe"
  O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common
  Files\Symantec Shared\Symtrdr.exe
  O4 - HKCU\..\Run: [internat.exe] internat.exe
  O4 - HKCU\..\Run: [VoipDiscount] "C:\Program
  Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
  O4 - HKCU\..\Run: [WheresJames Startup Manager] C:\Program
  Files\WheresJames\StartupMgr\StartupMgr.exe
  O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program
  Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
  O4 - Global Startup: Microsoft Office.lnk = D:\Office\OSA9.EXE
  O8 - Extra context menu item: &Google Search - res://c:\program
  files\google\GoogleToolbar2.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program
  files\google\GoogleToolbar2.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program
  files\google\GoogleToolbar2.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
  files\google\GoogleToolbar2.dll/cmcache.html
  O8 - Extra context menu item: Download with Internet TOOLS - C:\Program
  Files\MarBit\TOOLS\MBdownload.htm
  O8 - Extra context menu item: Similar Pages - res://c:\program
  files\google\GoogleToolbar2.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program
  files\google\GoogleToolbar2.dll/cmtrans.html
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
  C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console -
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
  Files\Java\jre1.5.0_06\bin\ssv.dll
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) -
  67.15.101.3/g_bin/pl/boards_2_0_0_23.cab
  O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) -
  67.15.101.3/g_bin/pl/navy_2_0_0_19.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
  update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122070779662
  O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
  skaner.mks.com.pl/SkanerOnline.cab
  O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
  67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
  O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) -
  VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
  O23 - Service: LiveUpdate - Symantec Corporation -
  C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
  Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
  C:\WINNT\system32\nvsvc32.exe
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
  C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
  - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Speed Disk service - Symantec Corporation -
  C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
  O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
  Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
  C:\WINNT\system32\ZoneLabs\vsmon.exe
  
  jeszcze raz wielkie dzięki!!
  - Gość: Kolobos Re: proszę o sprawdzenie loga IP: *.escom.net.pl 15.10.06, 23:53
    
    Log jest ok, do kasacji jeszcze to:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    C:\windows\system32\blank.htm
    
    Nowych log'ow juz nie wklejaj.
    - Gość: gupek Re: proszę o sprawdzenie loga IP: *.cable-modem.tkk.net.pl 16.10.06, 00:01
      
      OK, hjt i SmitfraudFix - wywalić czy zostawić?
      
      Dzięki!
      - Gość: Kolobos Re: proszę o sprawdzenie loga IP: *.escom.net.pl 16.10.06, 00:39
        
        Zostaw, przydadza Ci sie nastepnym razem.

Najnowsze z forum Wirusy, trojany, spyware

Zaloguj się