ied–s7
witam! mam caly czas aktywny norton internet security 2005 i antywira AVG [reguralne aktualizacje],ktore blokuja mi rozne smiecie co jakis czas ,ale czasem nie blokuje ied–s7 ktory znajduje sie potem bezposrednio na dysku c: i jest to archiwum . czy jest jakis program ktory by to blokowal? dodam ze rozne antyviry online nie wykrywaja go jako wirusa. usuwam go bezposrednio do kosza i oprozniam. czy moze zostawia gdzies jeszcze swoje slady?
pozdrawiam
pozdrawiam
Odpowiedzi: 3
No rzeczywiscie log masz czysty
Przeczytaj prosze ten temat:
http://www.lavasoftsupport.com/index.php?showtopic=54954
Przeczytaj prosze ten temat:
http://www.lavasoftsupport.com/index.php?showtopic=54954
Logfile of HijackThis v1.97.7
Scan saved at 19:24:15, on 2005–01–25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesNorton Internet SecurityISSVC.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
C:PROGRA~1WanadooTaskbarIcon.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
C:PROGRA~1WanadooEspaceWanadoo.exe
C:PROGRA~1WanadooComComp.exe
C:PROGRA~1WanadooWatch.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesAvant Browseravant.exe
D:InstalkiHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: Norton Internet Security – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton Internet Security – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 – HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [CleanIt] C:Program FilesCleanItcleanit.exe
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1WanadooWatch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:PROGRA~1WanadooTaskbarIcon.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:Program FilesAvant BrowserAddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:Program FilesAvant BrowserAddToADBlackList.htm
O8 – Extra context menu item: Download All by FlashGet – C:PROGRA~1FlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:PROGRA~1FlashGetjc_link.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:Program FilesAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:Program FilesAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – C:Program FilesAvant BrowserSearch.htm
O9 – Extra button: Research (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
O16 – DPF: {3E68E405–C6DE–49FF–83AE–41EE9F4C36CE} (Office Update Installation Engine) – http://office.microsoft.com/officeupdate/content/opuc.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104690240592
O16 – DPF: {80DD2229–B8E4–4C77–B72F–F22972D723EA} (AvxScanOnline Control) – http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {A3009861–330C–4E10–822B–39D16EC8829D} (CRAVOnline Object) – http://www.ravantivirus.com/scan/ravonline.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{061D10A1–C9EC–466B–B32E–9CAF5F561059}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLMSystemCS1ServicesTcpip..{061D10A1–C9EC–466B–B32E–9CAF5F561059}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLMSystemCS2ServicesTcpip..{061D10A1–C9EC–466B–B32E–9CAF5F561059}: NameServer = 194.204.152.34 217.98.63.164
wyglada czysto
a co z ta kwestia zeby to na przyszlosc zablokowac
?
Scan saved at 19:24:15, on 2005–01–25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesNorton Internet SecurityISSVC.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
C:PROGRA~1WanadooTaskbarIcon.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
C:PROGRA~1WanadooEspaceWanadoo.exe
C:PROGRA~1WanadooComComp.exe
C:PROGRA~1WanadooWatch.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesAvant Browseravant.exe
D:InstalkiHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: Norton Internet Security – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton Internet Security – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 – HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [CleanIt] C:Program FilesCleanItcleanit.exe
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1WanadooWatch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:PROGRA~1WanadooTaskbarIcon.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:Program FilesAvant BrowserAddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:Program FilesAvant BrowserAddToADBlackList.htm
O8 – Extra context menu item: Download All by FlashGet – C:PROGRA~1FlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:PROGRA~1FlashGetjc_link.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:Program FilesAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:Program FilesAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – C:Program FilesAvant BrowserSearch.htm
O9 – Extra button: Research (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
O16 – DPF: {3E68E405–C6DE–49FF–83AE–41EE9F4C36CE} (Office Update Installation Engine) – http://office.microsoft.com/officeupdate/content/opuc.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104690240592
O16 – DPF: {80DD2229–B8E4–4C77–B72F–F22972D723EA} (AvxScanOnline Control) – http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {A3009861–330C–4E10–822B–39D16EC8829D} (CRAVOnline Object) – http://www.ravantivirus.com/scan/ravonline.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{061D10A1–C9EC–466B–B32E–9CAF5F561059}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLMSystemCS1ServicesTcpip..{061D10A1–C9EC–466B–B32E–9CAF5F561059}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLMSystemCS2ServicesTcpip..{061D10A1–C9EC–466B–B32E–9CAF5F561059}: NameServer = 194.204.152.34 217.98.63.164
wyglada czysto
a co z ta kwestia zeby to na przyszlosc zablokowac
?
Wklej loga z Hijack This
Bedziesz tam mial cos podobnego do:
O16 – DPF: {11111111–1111–1111–1111–111111113457} – file://c:ied_s7.cab
Bedziesz tam mial cos podobnego do:
O16 – DPF: {11111111–1111–1111–1111–111111113457} – file://c:ied_s7.cab
Strona 1 / 1