trojan jakiś
mam problem bo mi wyskoczylo takie okno zamiast tapety:
A fatal error in IE has occured at 0028:c0011e36 in VXD VMM + 00010E36>Error was caused by trojan–Spy. HTML.Smitfraud.c
*System can not function in normal mode.Please chceck yuo security settings.
*Scan your PC with abalible antiwirus/spyware remover program to fix the problem
.jak cos to daje log:
Logfile of HijackThis v1.99.1
Scan saved at 16:36:35, on 2005–04–15
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS.000\System32\smss.exe
D:\WINDOWS.000\SYSTEM32\winlogon.exe
D:\WINDOWS.000\system32\services.exe
D:\WINDOWS.000\system32\lsass.exe
D:\WINDOWS.000\system32\svchost.exe
D:\WINDOWS.000\System32\svchost.exe
D:\WINDOWS.000\Explorer.EXE
D:\WINDOWS.000\system32\spoolsv.exe
D:\Program Files\MKS\Bin\NetMonSV.exe
D:\Program Files\MKS\Bin\mksmonsv.exe
D:\WINDOWS.000\System32\nvsvc32.exe
D:\WINDOWS.000\System32\helper.exe
C:\program files\powerstrip\pstrip.exe
D:\WINDOWS.000\System32\intmonp.exe
D:\Program Files\MKS\Bin\mks_menu.exe
D:\Program Files\MKS\Bin\ABregmon.exe
D:\WINDOWS.000\System32\ctfmon.exe
C:\wp.exe
D:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp
D:\Program Files\D–Link AirPlus\AirPlus.exe
D:\Program Files\NetPanel\NetPanel.exe
D:\Program Files\MKS\Bin\mks_scan.exe
D:\WINDOWS.000\System32\msiexec.exe
D:\WINDOWS.000\popuper.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Klonowscy\Moje dokumenty\ściągnięte\hijackthis_199\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchmaid.com/search.php?qq=%s
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 – URLSearchHook: ICQ Toolbar – {855F3B16–6D32–4fe6–8A56–BBB695989046} – D:\Program Files\ICQToolbar\toolbaru.dll
F2 – REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 – BHO: Solid Converter PDF – {259F616C–A300–44F5–B04A–ED001A26C85C} – D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 – BHO: IE 4.x–5.x BHO in ObjectPascal – {49E0E0F0–5C30–11D4–945D–000000000000} – D:\PROGRA~1\MarBit\TOOLS\IEHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:\PROGRA~1\FLASHGET\jccatch.dll
O2 – BHO: IEHlprObj Class – {CE7C3CF0–4B15–11D1–ABED–709549C10000} – D:\Program Files\NetPanel\IEHelper.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS.000\System32\msdxm.ocx
O3 – Toolbar: ICQ Toolbar – {855F3B16–6D32–4fe6–8A56–BBB695989046} – D:\Program Files\ICQToolbar\toolbaru.dll
O3 – Toolbar: Solid Converter PDF – {259F616C–A300–44F5–B04A–ED001A26C85C} – D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS.000\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NeroCheck] D:\WINDOWS.000\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [Security iGuard] D:\Program Files\Security iGuard\Security iGuard.exe
O4 – HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS.000\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [MKS_MENU] D:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] D:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [NetPanel] "D:\Program Files\NetPanel\Starter.exe" /path="D:\Program Files\NetPanel"
O4 – HKLM\..\Run: [KAZAA] "D:\Program Files\Kazaa Lite Rewolucja\kpp.exe" "D:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp" /SYSTRAY
O4 – HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS.000\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 – Startup: Spolszczenie – Auto Update.lnk = D:\Program Files\ICQLite\icq_5.03_build_2315_pl.exe
O4 – Global Startup: D–Link AirPlus.lnk = ?
O4 – Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &ICQ Toolbar Search – res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 – Extra context menu item: Download All by FlashGet – D:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – D:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Download with Internet TOOLS – D:\Program Files\MarBit\TOOLS\MBdownload.htm
O9 – Extra button: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – D:\Program Files\ICQLite\ICQLite.exe
O9 – Extra 'Tools' menuitem: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – D:\Program Files\ICQLite\ICQLite.exe
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra button: (no name) – SolidConverterPDF – (no file) (HKCU)
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge–c293.cab
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 – DPF: {8626DFA9–2BAC–4BDA–8663–8DAA0F942C0D} – http://megapanel.gem.pl/temp/netp/0892/1719/8286/3400/5_0892171982863400.ocx
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {E95CF138–A587–4C54–8175–3AD80997CB14} (GINSOCCER Class) – http://67.15.101.3/g_bin/pl/soccer_2_0_0_8.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{7134E7CE–00E2–4488–9531–1AA8F98676EA}: NameServer = 213.199.225.10,213.199.225.14
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – D:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – D:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – D:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – D:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS.000\System32\nvsvc32.exe
proszę o pomoc.skanowałem go ad aware se
A fatal error in IE has occured at 0028:c0011e36 in VXD VMM + 00010E36>Error was caused by trojan–Spy. HTML.Smitfraud.c
*System can not function in normal mode.Please chceck yuo security settings.
*Scan your PC with abalible antiwirus/spyware remover program to fix the problem
.jak cos to daje log:
Logfile of HijackThis v1.99.1
Scan saved at 16:36:35, on 2005–04–15
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS.000\System32\smss.exe
D:\WINDOWS.000\SYSTEM32\winlogon.exe
D:\WINDOWS.000\system32\services.exe
D:\WINDOWS.000\system32\lsass.exe
D:\WINDOWS.000\system32\svchost.exe
D:\WINDOWS.000\System32\svchost.exe
D:\WINDOWS.000\Explorer.EXE
D:\WINDOWS.000\system32\spoolsv.exe
D:\Program Files\MKS\Bin\NetMonSV.exe
D:\Program Files\MKS\Bin\mksmonsv.exe
D:\WINDOWS.000\System32\nvsvc32.exe
D:\WINDOWS.000\System32\helper.exe
C:\program files\powerstrip\pstrip.exe
D:\WINDOWS.000\System32\intmonp.exe
D:\Program Files\MKS\Bin\mks_menu.exe
D:\Program Files\MKS\Bin\ABregmon.exe
D:\WINDOWS.000\System32\ctfmon.exe
C:\wp.exe
D:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp
D:\Program Files\D–Link AirPlus\AirPlus.exe
D:\Program Files\NetPanel\NetPanel.exe
D:\Program Files\MKS\Bin\mks_scan.exe
D:\WINDOWS.000\System32\msiexec.exe
D:\WINDOWS.000\popuper.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Klonowscy\Moje dokumenty\ściągnięte\hijackthis_199\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchmaid.com/search.php?qq=%s
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 – URLSearchHook: ICQ Toolbar – {855F3B16–6D32–4fe6–8A56–BBB695989046} – D:\Program Files\ICQToolbar\toolbaru.dll
F2 – REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 – BHO: Solid Converter PDF – {259F616C–A300–44F5–B04A–ED001A26C85C} – D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 – BHO: IE 4.x–5.x BHO in ObjectPascal – {49E0E0F0–5C30–11D4–945D–000000000000} – D:\PROGRA~1\MarBit\TOOLS\IEHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:\PROGRA~1\FLASHGET\jccatch.dll
O2 – BHO: IEHlprObj Class – {CE7C3CF0–4B15–11D1–ABED–709549C10000} – D:\Program Files\NetPanel\IEHelper.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS.000\System32\msdxm.ocx
O3 – Toolbar: ICQ Toolbar – {855F3B16–6D32–4fe6–8A56–BBB695989046} – D:\Program Files\ICQToolbar\toolbaru.dll
O3 – Toolbar: Solid Converter PDF – {259F616C–A300–44F5–B04A–ED001A26C85C} – D:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS.000\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NeroCheck] D:\WINDOWS.000\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [Security iGuard] D:\Program Files\Security iGuard\Security iGuard.exe
O4 – HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS.000\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [MKS_MENU] D:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] D:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [NetPanel] "D:\Program Files\NetPanel\Starter.exe" /path="D:\Program Files\NetPanel"
O4 – HKLM\..\Run: [KAZAA] "D:\Program Files\Kazaa Lite Rewolucja\kpp.exe" "D:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp" /SYSTRAY
O4 – HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS.000\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 – Startup: Spolszczenie – Auto Update.lnk = D:\Program Files\ICQLite\icq_5.03_build_2315_pl.exe
O4 – Global Startup: D–Link AirPlus.lnk = ?
O4 – Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &ICQ Toolbar Search – res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 – Extra context menu item: Download All by FlashGet – D:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – D:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Download with Internet TOOLS – D:\Program Files\MarBit\TOOLS\MBdownload.htm
O9 – Extra button: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – D:\Program Files\ICQLite\ICQLite.exe
O9 – Extra 'Tools' menuitem: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – D:\Program Files\ICQLite\ICQLite.exe
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra button: (no name) – SolidConverterPDF – (no file) (HKCU)
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge–c293.cab
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 – DPF: {8626DFA9–2BAC–4BDA–8663–8DAA0F942C0D} – http://megapanel.gem.pl/temp/netp/0892/1719/8286/3400/5_0892171982863400.ocx
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {E95CF138–A587–4C54–8175–3AD80997CB14} (GINSOCCER Class) – http://67.15.101.3/g_bin/pl/soccer_2_0_0_8.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{7134E7CE–00E2–4488–9531–1AA8F98676EA}: NameServer = 213.199.225.10,213.199.225.14
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – D:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – D:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – D:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – D:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS.000\System32\nvsvc32.exe
proszę o pomoc.skanowałem go ad aware se
Odpowiedzi: 2
intmonp.exe (–||–)
popuper.exe (–||–)
tych procesów nie da sie zakończyć.wyskakują mi jakies reklamki nawet jak nie mam włączonego internetu.miałem kiedyś z tym problem,ale se sam poradziłem a teraz to nie wiem.tata u mnie siedział nie wiem gdzie jak byłem w szkole.zawsze musze sprzątać po nim.
popuper.exe (–||–)
tych procesów nie da sie zakończyć.wyskakują mi jakies reklamki nawet jak nie mam włączonego internetu.miałem kiedyś z tym problem,ale se sam poradziłem a teraz to nie wiem.tata u mnie siedział nie wiem gdzie jak byłem w szkole.zawsze musze sprzątać po nim.
intmonp.exe (–||–)
popuper.exe (–||–)
tych procesów nie da sie zakończyć.wyskakują mi jakies reklamki nawet jak nie mam włączonego internetu.miałem kiedyś z tym problem,ale se sam poradziłem a teraz to nie wiem.tata u mnie siedział nie wiem gdzie jak byłem w szkole.zawsze musze sprzątać po nim.
popuper.exe (–||–)
tych procesów nie da sie zakończyć.wyskakują mi jakies reklamki nawet jak nie mam włączonego internetu.miałem kiedyś z tym problem,ale se sam poradziłem a teraz to nie wiem.tata u mnie siedział nie wiem gdzie jak byłem w szkole.zawsze musze sprzątać po nim.