Prosba o analize loga

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:apachemysqlinmysqld–nt.exe
C:Program FilesNorton AntiVirus avapsvc.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:WINDOWSsystem32 vsvc32.exe
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:Program Filesone LabsoneAlarmzlclient.exe
C:WINDOWSsystem32LXSUPMON.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesD–Toolsdaemon.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32oneLabsvsmon.exe
C:Program FilesSAGEMSAGEM F@st 800–840DSLMON.exe
C:Program FileseMuleemule.exe
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:Program FilesWinampWinamp.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32 tvdm.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar2.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O3 – Toolbar: ReGet Bar – {17939A30–18E2–471E–9D3A–56DD725F1215} – C:Program FilesReGetDxiebar.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar2.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [Zone Labs Client] "C:Program Filesone LabsoneAlarmzlclient.exe"
O4 – HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [adiras] adiras.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [DAEMON Tools–1033] "C:Program FilesD–Toolsdaemon.exe" –lang 1033
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" –osboot
O4 – HKLM..Run: [TrojanScanner] C:Program FilesTrojan RemoverTrjscan.exe
O4 – HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 – Global Startup: DSLMON.LNK = C:Program FilesSAGEMSAGEM F@st 800–840DSLMON.exe
O8 – Extra context menu item: &Google Search – res://c:program filesgoogleGoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: &Pobierz przez ReGet Deluxe – C:Program FilesCommon FilesReGet SharedCC_Link.htm
O8 – Extra context menu item: Backward Links – res://c:program filesgoogleGoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:program filesgoogleGoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 – Extra context menu item: Pobierz &wszystko przez ReGet Deluxe – C:Program FilesCommon FilesReGet SharedCC_All.htm
O8 – Extra context menu item: Similar Pages – res://c:program filesgoogleGoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:program filesgoogleGoogleToolbar2.dll/cmtrans.html
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Real.com (HKLM)
O9 – Extra button: SWFDecompiler (HKLM)
O9 – Extra 'Tools' menuitem: Sothink SWF Decompiler (HKLM)
O12 – Plugin for .tif: C:Program FilesInternet ExplorerPLUGINS pqtplugin7.dll
O16 – DPF: {0246ECA8–996F–11D1–BE2F–00A0C9037DFE} (TDServer Control) – http://www.fonts.lv/fonts/activex/tdserver.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=8fd11b82b249444e619d774ba9df4bce36ebdb3c59b3e6c3a0495e4a24 1884a238737a6ff104ae03760f3f2262212ed6870056533ce2bfd617cb78228c122da4:54aa0b63e31b1645b7e39f97dd64b521
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 – DPF: {19E28AFC–EAE3–4CE5–AC83–2407B42F57C9} (MSSecurityAdvisor Class) – http://download.microsoft.com/download/0/5/c/05c905f4–dd30–427d–a3de–373c3e5552fc/msSecAdv.cab?1092832637109
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
O16 – DPF: {3E68E405–C6DE–49FF–83AE–41EE9F4C36CE} (Office Update Installation Engine) – http://office.microsoft.com/officeupdate/content/opuc.cab
O16 – DPF: {858B4F85–E945–4F0C–AF65–059E0AD9EEC0} (IntraLaunch.MainControl) – file://J:InterfaceIntraLaunch.CAB
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38044.4313194444
O16 – DPF: {A8658086–E6AC–4957–BC8E–8D54A7E8A790} (GDIChk Object) – http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
O16 – DPF: {CAFEEFAC–0014–0001–0002–ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) –
O16 – DPF: {D27CDB6E–0000–0000–0000–000000000000} – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{7135EECF–D91A–4AE5–8237–E4C94267392C}: NameServer = 194.204.152.34 217.98.63.164

Troche ten norton antivirus smieci ale mimo wszystko jest skuteczny :wink:

THX

AntyWin:
Za co sa odpowiedzialne wpisy ktore podales

Pierwszy jest niegrozny a drugi, jak wiesc gminna niesie, to sciezka do pobrania czesci skladowej szpiegow. public/winupdate.com nie jest witryna microsoftu.

AntyWin:
co kryje sie pod ostatnim wpisem 017

To Twoje serwery DNS – "NameServer", czyli Domain Name Server.

EL NINO

Dodano: 24.10.2004 03:55:48

Dzieki wielkie,

mam jescze kilka pytanek:

Za co sa odpowiedzialne wpisy ktore podales i co kryje sie pod ostatnim wpisem 017

jeszcze raz wielkie dzieki

AntyWin

Dodano: 22.10.2004 14:01:01

Tylko tyle:

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank

O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=8fd11b82b249444e619d77 4ba9df4bce36ebdb3c59b3e6c3a0495e4a241884a238737a6ff104ae03760f3f2262212ed6870056533ce2bfd617cb78228c122da4:54aa0b63e31b1645b7e39f97dd64b521

EL NINO

Dodano: 22.10.2004 13:17:00

Prosba o analize loga

Odpowiedzi: 3