Blagam sprawdzcie loga
Wiem ze mam zainfekowany komuter,co chwile mi wysyla z kompa email za emailem,moja siec ma takie zabezpieczenmie ze jak przekrocze jakis limit w podejrzanych emailach to mi neta odlacza sprawdzcie mi i powiedzcie jak mam sie tego pozbyc,mks niedziala,avast niedziala,bietefender tez nie,spybot tez nie pomogl czym moge sie tego pozbyc jakim programem tego smss.exe chcialam usuna podczas awaryjnego uruchamiania systemu ale sie nie dalo bo sie tam tez wlaczal z systemem
Logfile of HijackThis v1.99.1
Scan saved at 19:23:38, on 2006–03–16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\Avast4\aswUpdSv.exe
d:\Program Files\Avast4\ashServ.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
d:\Program Files\Avast4\ashWebSv.exe
d:\Program Files\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Opera\Opera.exe
D:\Program Files\HFXP2\hfxp.exe
C:\DOCUME~1\kotek\USTAWI~1\Temp\Rar$EX00.732\HijackThis.exe
d:\Program Files\WinRAR\WinRAR.exe
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.150.20.143:7212
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: IDM Helper – {0055C089–8582–441B–A0BF–17B458C2A3A8} – D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 – BHO: (no name) – {17A54BFC–8214–4F5C–B1A7–A161BFA5FDCC} – C:\WINDOWS\system32\xs\Working\IEMon.dll
O2 – BHO: URLLink – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – (no file)
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [CBitSpirit] "D:\Program Files\BitSpirit\BitSpirit.exe" /start
O4 – HKLM\..\Run: [avast!] d:\PROGRA~1\Avast4\ashDisp.exe
O8 – Extra context menu item: Download All Links with IDM – D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 – Extra context menu item: Download with IDM – D:\Program Files\Internet Download Manager\IEExt.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Pobierz z &BitSpirit – D:\Program Files\BitSpirit\bsurl.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Run WinHTTrack – {36ECAF82–3300–8F84–092E–AFF36D6C7040} – C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 – Extra 'Tools' menuitem: Launch WinHTTrack – {36ECAF82–3300–8F84–092E–AFF36D6C7040} – C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O10 – Hijacked Internet access by New.Net
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – d:\Program Files\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – d:\Program Files\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – d:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – d:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: Diskeeper – Diskeeper Corporation – D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPodService – Unknown owner – C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 – Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) – TuneUp Software GmbH – C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 – Service: Windows Log – Unknown owner – C:\WINDOWS\system32\nvsvcd.exe
Logfile of HijackThis v1.99.1
Scan saved at 19:23:38, on 2006–03–16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\Avast4\aswUpdSv.exe
d:\Program Files\Avast4\ashServ.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
d:\Program Files\Avast4\ashWebSv.exe
d:\Program Files\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Opera\Opera.exe
D:\Program Files\HFXP2\hfxp.exe
C:\DOCUME~1\kotek\USTAWI~1\Temp\Rar$EX00.732\HijackThis.exe
d:\Program Files\WinRAR\WinRAR.exe
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.150.20.143:7212
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: IDM Helper – {0055C089–8582–441B–A0BF–17B458C2A3A8} – D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 – BHO: (no name) – {17A54BFC–8214–4F5C–B1A7–A161BFA5FDCC} – C:\WINDOWS\system32\xs\Working\IEMon.dll
O2 – BHO: URLLink – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – (no file)
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [CBitSpirit] "D:\Program Files\BitSpirit\BitSpirit.exe" /start
O4 – HKLM\..\Run: [avast!] d:\PROGRA~1\Avast4\ashDisp.exe
O8 – Extra context menu item: Download All Links with IDM – D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 – Extra context menu item: Download with IDM – D:\Program Files\Internet Download Manager\IEExt.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Pobierz z &BitSpirit – D:\Program Files\BitSpirit\bsurl.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Run WinHTTrack – {36ECAF82–3300–8F84–092E–AFF36D6C7040} – C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 – Extra 'Tools' menuitem: Launch WinHTTrack – {36ECAF82–3300–8F84–092E–AFF36D6C7040} – C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O10 – Hijacked Internet access by New.Net
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – d:\Program Files\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – d:\Program Files\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – d:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – d:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: Diskeeper – Diskeeper Corporation – D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPodService – Unknown owner – C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 – Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) – TuneUp Software GmbH – C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 – Service: Windows Log – Unknown owner – C:\WINDOWS\system32\nvsvcd.exe
Odpowiedzi: 2
Babcia@Stefa:
niewiem coto:
To się dowiedz.
lila – skorzystaj z przyklejonej instrukcji dotyczącej sprawdzania logów autorstwa EL NINO. Wpis
usuniesz korzystając z instrukcji z tego postu – fragment "Usuwanie usług ... ". Jak usunąć New.Net było opisywane wielokrotnie na forum – poszukaj.O23 – Service: Windows Log – Unknown owner – C:\WINDOWS\system32\nvsvcd.exe
niewolno usuwać tych programów co zaznaczyłeś na czerwono!!
niewiem coto:
D:\Program Files\HFXP2\hfxp.exe
O10 – Hijacked Internet access by New.Net
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
ale niepodejrzewam źe to te pliki
niewiem coto:
D:\Program Files\HFXP2\hfxp.exe
O10 – Hijacked Internet access by New.Net
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
ale niepodejrzewam źe to te pliki
Strona 1 / 1