wysylanie bzdetow przez smtp
Witam mam problem z wysylaniem maili nad ktorym nie mam kontroli – czy ktos po logu zerknie mi co to moze byc ?
z gory dziekuje
Logfile of HijackThis v1.97.7
Scan saved at 14:38:54, on 2005–05–30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inet10079\winlogon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\system32\dstart4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\windows\system32\fffgok.exe
C:\Program Files\skrzynka bogiego\skrzynka.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\winsocks5.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\svcproc.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\svcproc.exe
C:\Documents and Settings\alex\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search–paga.com/10079/
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R3 – Default URLSearchHook is missing
F1 – win.ini: run=C:\WINDOWS\inet10079\winlogon.exe
O1 – Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f–secure.com ftp.f–secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my–etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate–ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f–secure.com www.kaspersky.ru www.mcafee.com www.my–etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 – BHO: (no name) – {2E246FAE–8420–11D9–870D–000C2917DE7F} – C:\WINDOWS\SYSTEM\Loader.dll
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – (no file)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: (no name) – {00000000–0000–0000–0000–000000000000} – (no file)
O4 – HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS\inet10079\winlogon.exe
O4 – HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 – HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 – HKLM\..\Run: [Windows Service] C:\WINDOWS\system32\dstart4.exe
O4 – HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 – HKLM\..\Run: [hnzkag] c:\windows\system32\fffgok.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [skrzynka bogiego] C:\Program Files\skrzynka bogiego\skrzynka.exe
O4 – HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS\inet10079\winlogon.exe
O4 – HKCU\..\Run: [Windows Service] C:\WINDOWS\system32\dstart4.exe
O4 – HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe –trayboot
O4 – Global Startup: ę ńń Canon LBP–810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{92AE4308–CD1B–49B9–85F4–142FDC78C6A9}: NameServer = 194.204.159.1,194.204.152.34
z gory dziekuje
Logfile of HijackThis v1.97.7
Scan saved at 14:38:54, on 2005–05–30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inet10079\winlogon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\system32\dstart4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\windows\system32\fffgok.exe
C:\Program Files\skrzynka bogiego\skrzynka.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\winsocks5.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\svcproc.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\svcproc.exe
C:\Documents and Settings\alex\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search–paga.com/10079/
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R3 – Default URLSearchHook is missing
F1 – win.ini: run=C:\WINDOWS\inet10079\winlogon.exe
O1 – Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f–secure.com ftp.f–secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my–etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate–ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f–secure.com www.kaspersky.ru www.mcafee.com www.my–etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 – BHO: (no name) – {2E246FAE–8420–11D9–870D–000C2917DE7F} – C:\WINDOWS\SYSTEM\Loader.dll
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – (no file)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: (no name) – {00000000–0000–0000–0000–000000000000} – (no file)
O4 – HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS\inet10079\winlogon.exe
O4 – HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 – HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 – HKLM\..\Run: [Windows Service] C:\WINDOWS\system32\dstart4.exe
O4 – HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 – HKLM\..\Run: [hnzkag] c:\windows\system32\fffgok.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [skrzynka bogiego] C:\Program Files\skrzynka bogiego\skrzynka.exe
O4 – HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS\inet10079\winlogon.exe
O4 – HKCU\..\Run: [Windows Service] C:\WINDOWS\system32\dstart4.exe
O4 – HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe –trayboot
O4 – Global Startup: ę ńń Canon LBP–810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{92AE4308–CD1B–49B9–85F4–142FDC78C6A9}: NameServer = 194.204.159.1,194.204.152.34
Odpowiedzi: 2
Przydaloby sie rowniez usunac:
%SysDir%\Drivers\delprot.sys
W awaryjnym:
HKLM\SYSTEM\CurrentControlSet\Services\Delprot
co ma zwiazek z C:\WINDOWS\isrvs\
P.S. Jak gada net, jest to nowa odmiana VX2.
%SysDir%\Drivers\delprot.sys
W awaryjnym:
HKLM\SYSTEM\CurrentControlSet\Services\Delprot
co ma zwiazek z C:\WINDOWS\isrvs\
P.S. Jak gada net, jest to nowa odmiana VX2.
Hijack stary jak diabli, sciagnij wersje 1.99.1, linki w FAQ
Wyłącz przywracanie systemu
Zakoncz w tasku procesy:
winlogon.exe (uruchomiony przez usera)
desktop.exe
dstart4.exe
fffgok.exe
winsocks5.exe
svcproc.exe 3x (w nowszym HJT byś miał wejscie w 023)
Usun wpisy oraz pogrubione pliki/katalogi z dysku:
Wyłącz przywracanie systemu
Zakoncz w tasku procesy:
winlogon.exe (uruchomiony przez usera)
desktop.exe
dstart4.exe
fffgok.exe
winsocks5.exe
svcproc.exe 3x (w nowszym HJT byś miał wejscie w 023)
Usun wpisy oraz pogrubione pliki/katalogi z dysku:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search–paga.com/10079/
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.richfind.com/ie/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.richfind.com/ie/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R3 – Default URLSearchHook is missing
F1 – win.ini: run=C:\WINDOWS\inet10079\winlogon.exe
O1 – Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f–secure.com ftp.f–secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my–etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate–ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f–secure.com www.kaspersky.ru www.mcafee.com www.my–etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 – BHO: (no name) – {2E246FAE–8420–11D9–870D–000C2917DE7F} – C:\WINDOWS\SYSTEM\Loader.dll
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – (no file)
O3 – Toolbar: (no name) – {00000000–0000–0000–0000–000000000000} – (no file)
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS\inet10079\winlogon.exe
O4 – HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 – HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 – HKLM\..\Run: [Windows Service] C:\WINDOWS\system32\dstart4.exe
O4 – HKLM\..\Run: [hnzkag] c:\windows\system32\fffgok.exe
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS\inet10079\winlogon.exe
O4 – HKCU\..\Run: [Windows Service] C:\WINDOWS\system32\dstart4.exe
Strona 1 / 1