Komp zaczyna mielić


(Tropek22) #1

komp pracuje wolno i mieli :cry:

Logfile of HijackThis v1.99.1

Scan saved at 23:16:12, on 2007-02-15

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\msiexec.exe

C:\Documents and Settings\Tomek\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis3.zip\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Neostrada TP\NeostradaTP.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{1D964859-B644-4BB0-9346-F8CA128442A8}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{1D964859-B644-4BB0-9346-F8CA128442A8}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

(Joan Sunshine) #2

log ok, instalowałeś coś ostatnio ważnego, grzebałeś w systemie? Zrób skan http://www.ewido.net/en/download/ po update i podaj wynik :slight_smile:


(Tropek22) #3

_________________________________________________

ewido anti-spyware online scanner

__________________________________________________

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\Tomek\Cookies\tomek@2o7[1].txt

Risk: Medium

Name: TrackingCookie.Doubleclick

Path: C:\Documents and Settings\Tomek\Cookies\tomek@doubleclick[1].txt

Risk: Medium

Name: TrackingCookie.Fastclick

Path: C:\Documents and Settings\Tomek\Cookies\tomek@fastclick[2].txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: C:\Documents and Settings\Tomek\Cookies\tomek@gde.adocean[1].txt

Risk: Medium

Name: TrackingCookie.Ivwbox

Path: C:\Documents and Settings\Tomek\Cookies\tomek@ivwbox[2].txt

Risk: Medium

Name: TrackingCookie.Fastclick

Path: C:\Documents and Settings\Tomek\Cookies\tomek@media.fastclick[1].txt

Risk: Medium

Name: TrackingCookie.Mediaplex

Path: C:\Documents and Settings\Tomek\Cookies\tomek@mediaplex[1].txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: C:\Documents and Settings\Tomek\Cookies\tomek@my.adocean[1].txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: C:\Documents and Settings\Tomek\Cookies\tomek@pracuj.adocean[2].txt

Risk: Medium

Name: TrackingCookie.Statcounter

Path: C:\Documents and Settings\Tomek\Cookies\tomek@statcounter[1].txt

Risk: Medium

Name: TrackingCookie.Reliablestats

Path: C:\Documents and Settings\Tomek\Cookies\tomek@stats1.reliablestats[1].txt

Risk: Medium

Name: TrackingCookie.Webtrendslive

Path: C:\Documents and Settings\Tomek\Cookies\tomek@statse.webtrendslive[1].txt

Risk: Medium

Name: TrackingCookie.Tradedoubler

Path: C:\Documents and Settings\Tomek\Cookies\tomek@tradedoubler[2].txt

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\CLSID{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{016859C2-97B6-45FC-816B-A3B91BA10A0F}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{03713ADE-819C-43D9-B138-67828D4C0405}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{0BDF8F38-347C-4810-BDA6-2F85C1050B26}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{18A1A6BB-8AE3-47E3-B9D4-75ABFE0CAC03}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{2D1254A1-4A1A-4339-9DE5-D05CADD5C44C}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{2F34C08C-E0AF-4EB2-AFCF-3A13DC489FA6}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{49D486E8-1932-492D-B1BD-B4D638BEBD84}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{49E2EB9D-A5E6-450E-9708-251876BF3E7F}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{68C625EA-B8E3-4FC1-9F6E-8A1B50AA9C8C}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{6F821290-E277-4F87-B4BD-AE48564EF21D}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{9BA6B541-EB04-44C9-9156-9573DB5345A5}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{A8718256-70C8-4914-8F64-B8B9C1A64AAA}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{C3A42538-303B-4541-915D-C79AD9C75EB8}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{C48AE974-0D27-47D6-A3E9-881CF3301F72}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{DA02B168-8841-4248-BF22-67E2EC5958C3}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\Interface{E505FB9B-6CB3-44C5-9F0E-B01121076CC9}

Risk: Medium

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\TypeLib{00B3D2B1-1EAD-4611-A348-9ECBC4C565A7}

Risk: Medium

Name: Adware.IntCodec

Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006

Risk: Medium

Name: Adware.WinAntiVirus

Path: HKLM\SYSTEM\CurrentControlSet\Services\vspf

Risk: Medium

Name: Adware.WinAntiVirus

Path: HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security

Risk: Medium

Name: Adware.WinAntiVirus

Path: HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum

Risk: Medium

Name: Adware.WinAntiVirus

Path: HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk

Risk: Medium

Name: Adware.WinAntiVirus

Path: HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security

Risk: Medium

Name: Adware.WinAntiVirus

Path: HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum

Risk: Medium

Name: Adware.Generic

Path: HKU\S-1-5-21-823518204-1563985344-1957994488-1003\Software\Internet Security

Risk: Medium

Name: Adware.WinAntiVirus

Path: HKU\S-1-5-21-823518204-1563985344-1957994488-1003\Software\WinAntiVirus Pro 2006

Risk: Medium

Name: Adware.WinAntiVirus

Path: HKU\S-1-5-21-823518204-1563985344-1957994488-1003\Software\WinAntiVirus Pro 2006\Settings

Risk: Medium

Name: Not-A-Virus.Hoax.Win32.Renos.gb

Path: C:!KillBox\okkmtv.dll

Risk: Low

Name: Not-A-Virus.Downloader.Win32.WinFixer.o

Path: C:\Documents and Settings\Tomek\Dane aplikacji\errorsafefreeinstall_pl[1].exe

Risk: Low

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\Tomek\Ustawienia lokalne\Temp\Cookies\tomek@2o7[2].txt

Risk: Medium

Name: TrackingCookie.Adocean

Path: C:\Documents and Settings\Tomek\Ustawienia lokalne\Temp\Cookies\tomek@idg.adocean[1].txt

Risk: Medium

Name: TrackingCookie.Tradedoubler

Path: C:\Documents and Settings\Tomek\Ustawienia lokalne\Temp\Cookies\tomek@tradedoubler[2].txt

Risk: Medium

Name: Adware.Companion

Path: C:\Program Files\Common Files\Companion Wizard\compwiz.exe

Risk: Medium

Name: Adware.Companion

Path: C:\Program Files\Common Files\Companion Wizard\WapCHK.dll

Risk: Medium

Name: Adware.IntCodec

Path: C:\Program Files\IntCodec

Risk: Medium

Name: Adware.IntCodec

Path: C:\Program Files\IntCodec\ot.ico

Risk: Medium

Name: Adware.IntCodec

Path: C:\Program Files\IntCodec\ts.ico

Risk: Medium

Name: Adware.Generic

Path: C:\Program Files\PCODEC

Risk: Medium

Name: Adware.Generic

Path: C:\Program Files\PCODEC\iesuninst.exe

Risk: Medium

Name: Adware.Generic

Path: C:\Program Files\PCODEC\ot.ico

Risk: Medium

Name: Adware.Generic

Path: C:\Program Files\PCODEC\ts.ico

Risk: Medium

Name: Adware.NewDotNet

Path: C:\Program Files\themexp\Themexp.org File\NNWDAB638.EXE

Risk: Medium

Name: Adware.SaveNow

Path: C:\Program Files\themexp\Themexp.org File\VVSNInst.exe

Risk: Medium

Name: Adware.Generic

Path: C:\Program Files\Virus-Burst

Risk: Medium

Name: Adware.Generic

Path: C:\Program Files\Virus-Burst\virbur.ini

Risk: Medium

Name: Adware.Generic

Path: C:\Program Files\Virus-Burst\Virus-Burst.exe

Risk: Medium

Name: Adware.VirusBursters

Path: C:\Program Files\VirusBursters

Risk: Medium

Name: Adware.VirusBursters

Path: C:\Program Files\VirusBursters\ignored.lst

Risk: Medium

Name: Adware.VirusBursters

Path: C:\Program Files\VirusBursters\virusburster.ini

Risk: Medium

Name: Adware.VirusBursters

Path: C:\Program Files\VirusBursters\VirusBursters.exe

Risk: Medium

Name: Adware.SaveNow

Path: C:\Program Files\VVSN\VVSN.exe

Risk: Medium

Name: Not-A-Virus.Downloader.Win32.WinFixer.t

Path: C:\System Volume Information_restore{4684F56B-823A-4761-A429-348CC95E18CB}\RP136\A0078420.exe

Risk: Low

Name: Adware.ErrorSafe

Path: C:\System Volume Information_restore{4684F56B-823A-4761-A429-348CC95E18CB}\RP136\A0078421.exe

Risk: Medium

Name: Adware.WinFixer

Path: C:\System Volume Information_restore{4684F56B-823A-4761-A429-348CC95E18CB}\RP136\A0078422.exe

Risk: Medium

Name: Adware.ErrorSafe

Path: C:\System Volume Information_restore{4684F56B-823A-4761-A429-348CC95E18CB}\RP136\A0078424.dll

Risk: Medium

Name: Adware.ErrorSafe

Path: C:\System Volume Information_restore{4684F56B-823A-4761-A429-348CC95E18CB}\RP136\A0078426.dll

Risk: Medium

Name: Adware.ErrorSafe

Path: C:\System Volume Information_restore{4684F56B-823A-4761-A429-348CC95E18CB}\RP136\A0078427.dll

Risk: Medium

Name: Adware.ErrorSafe

Path: C:\System Volume Information_restore{4684F56B-823A-4761-A429-348CC95E18CB}\RP136\A0078430.dll

Risk: Medium

Name: Adware.SystemDoctor

Path: C:\System Volume Information_restore{4684F56B-823A-4761-A429-348CC95E18CB}\RP136\A0078434.exe

Risk: Medium

Name: Adware.Relevant

Path: C:\WINDOWS\system32\rkinstaller.exe

Risk: Medium

Złączono Posta : 17.02.2007 (Sob) 1:12

skasowalem to w skanerze nie wiem czy dobrze


(Gutek) #4

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym nowe logi z HJT i Silenta


(Tropek22) #5

co to jest silent


(adam9870) #6

W tym temacie:

http://forum.dobreprogramy.pl/viewtopic.php?t=36654

W drugim poście znajduje się opis Silenta.

Dodatkowo pokaż zawartość pliku rapport.txt znajdującego się bezpośrednio na partycji C. W tym pliku znajduje się raport z SmitFraudFix.