Prośba o sprawdzenie loga - wali sie ie


(Ra) #1

przy przglądaniu stron pojawia się komunitak o braku winsx.dll i wywala IE

Logfile of HijackThis v1.97.7

Scan saved at 10:28:53, on 19.01.05

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\VeriSign\NAVI\naviagent.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WFXSVC.EXE

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wfxsnt40.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\NETTUR\komunik.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Zlsg\Exzlk.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Symantec\WinFax\WFXCTL32.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\PROGRA~1\DATABE~1\CONTRO~1\CONTRO~1.EXE

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\OpenOffice.org1.1.1\program\soffice.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Medtur\Moje dokumenty\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl

R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_0.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - C:\WINDOWS\winsx.dll

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_0.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll

O4 - HKLM..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

O4 - HKLM..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM..\Run: [komunikatorNetTur] C:\PROGRA~1\NETTUR\komunik.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [Ppewspiq] C:\Program Files\Zlsg\Exzlk.exe

O4 - HKLM..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Startup: E-mail.lnk = ?

O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.1\program\quickstart.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Gadu-Gadu.lnk = C:\Program Files\Gadu-Gadu\gg.exe

O4 - Global Startup: Skrót do Konfiguration1.lnk = C:\Program Files\DATA BECKER\Konfiguration1.svc

O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html

O9 - Extra button: i-Nav Pomoc (HKLM)

O9 - Extra 'Tools' menuitem: i-Nav Pomoc (HKLM)

O9 - Extra 'Tools' menuitem: i-Nav Ustawienia (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: Logics Software LOG-WEB (Java) 5,2,2,12 - http://www.startwebclient.de/logwebhtml ... 2_2_12.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/pl/big/1 ... gleNav.cab

O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4. ... egular.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://80.240.197.70:55/activex/AxisCamControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab


(3dm Racek) #2

Za co odpowiada ten bejerek ??

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

(adpawl) #3

Przeskanuj nowym Hijackiem 1.99 !!

i podmień potem loga...

Link: http://www.searchengines.pl/phpbb203/pl ... is1.99.zip

BTW

To plik Adobe Acrobat'a (Adobe Internet Explorer Plugin) -odp. za wyświetlanie pdf'ów w przeglądarce.


(Ra) #4

Logfile of HijackThis v1.99.0

Scan saved at 10:53:12, on 19.01.05

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\VeriSign\NAVI\naviagent.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WFXSVC.EXE

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wfxsnt40.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\NETTUR\komunik.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Zlsg\Exzlk.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Symantec\WinFax\WFXCTL32.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\PROGRA~1\DATABE~1\CONTRO~1\CONTRO~1.EXE

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\OpenOffice.org1.1.1\program\soffice.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE

C:\Program Files\Norton AntiVirus\OPScan.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Medtur\Moje

dokumenty\hijackthis1.99\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.onet.pl

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.onet.pl

R3 - URLSearchHook: i-Nav IDN SearchHook -

{CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program

Files\VeriSign\i-Nav\i-nav_4_2_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} -

C:\WINDOWS\winsx.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} -

C:\Program Files\VeriSign\i-Nav\i-nav_4_2_0.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

C:\WINDOWS\Downloaded Program Files\googlenav.dll

O4 - HKLM..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"

O4 - HKLM..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec

Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

O4 - HKLM..\Run: [Advanced Tools Check]

C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM..\Run: [komunikatorNetTur] C:\PROGRA~1\NETTUR\komunik.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime

O4 - HKLM..\Run: [Ppewspiq] C:\Program Files\Zlsg\Exzlk.exe

O4 - HKLM..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash

/minimized

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Startup: E-mail.lnk = ?

O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program

Files\OpenOffice.org1.1.1\program\quickstart.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE

O4 - Global Startup: Controller.LNK = C:\Program

Files\Symantec\WinFax\WFXCTL32.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

5.0\Distillr\AcroTray.exe

O4 - Global Startup: Gadu-Gadu.lnk = C:\Program Files\Gadu-Gadu\gg.exe

O4 - Global Startup: Skrót do Konfiguration1.lnk = C:\Program Files\DATA

BECKER\Konfiguration1.svc

O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded

Program Files\googlenav.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links -

res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page -

res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded

Program Files\googlenav.dll/cmsimilar.html

O9 - Extra button: i-Nav Pomoc - {CE000992-A58C-4441-8938-744CD72AB27F} -

http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)

O9 - Extra 'Tools' menuitem: i-Nav Pomoc -

{CE000992-A58C-4441-8938-744CD72AB27F} -

http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)

O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} -

C:\Program Files\VeriSign\i-Nav\i-nav_4_2_0.dll

O9 - Extra 'Tools' menuitem: i-Nav Ustawienia -

{CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program

Files\VeriSign\i-Nav\i-nav_4_2_0.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ING Bank Online -

https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: Logics Software LOG-WEB (Java) 5,2,2,12 -

http://www.startwebclient.de/logwebhtml ... 2_2_12.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

scanner) -

http://security.symantec.com/sscv6/Shar ... vSniff.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

Class) -

http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) -

http://toolbar.google.com/data/pl/big/1 ... gleNav.cab

O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) -

http://www.ysbweb.com/ist/softwares/v4. ... egular.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -

http://80.240.197.70:55/activex/AxisCamControl.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -

http://skaner.mks.com.pl/SkanerOnline.cab

O18 - Filter: text/html - {20CAF462-1FA8-44BD-BACA-98CB4E692C69} -

C:\Documents and Settings\Medtur\Ustawienia lokalne\Dane

aplikacji\microsoft\internet explorer\V0.26.dat

O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program

Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: VeriSign Updater - VeriSign, Inc. - C:\Program

Files\VeriSign\NAVI\naviagent.exe

O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program

Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SymWMI Service - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WinFax PRO - Symantec Corporation -

C:\WINDOWS\System32\WFXSVC.EXE


(adpawl) #5

W trybie awaryjnym! zaznaczone na czerwono pliki/katalogi wykasuj z dysku...

potem jeszcze koniecznie skan cwshredder'em, pestpatrolem i spybotem. (oczywiście po zrobieniu update !!

linki: http://download.zonelabs.com/bin/free/p ... olHome.exe

http://download.softpedia.ro/software/A ... sd14b2.exe

http://cwshredder.net/bin/CWShredder.exe

Messangera możesz odinstalować (np. programem XP-Antispy)

BTW

To nie jest nic groźnego i nie 3eba tego kasować... :smiley:

C:\PROGRA~1\NETTUR\komunik.exe

http://www.nettur.pl/?Act=show_doc_register_step


(Adarek) #6

Start kompa do trybu awaryjnego.

Wyłacz przywracanie systemu

Z dusku usuń:

C:\PROGRA~1\NETTUR\ komunik.exe

C:\Program Files\Zlsg\ Exzlk.exe

znasz ? zostawiasz nie ?:arrow: usuń

Za pomocą HijackThis

usuń

O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - 


C:\WINDOWS\winsx.dll

Wyrejestruj z systemu winsx.dll Start -> uruchom ->Wpisujesz : regsvr32 \u C:\WINDOWS\System32\ tu wpisujesz nazwe pliku dll. \ naciskasz >>>Enter Teraz znajdz go :arrow: usuń Dalej

O4 - HKLM\..\Run: [komunikatorNetTur] C:\PROGRA~1\NETTUR\komunik.exe

 O4 - HKLM\..\Run: [Ppewspiq] C:\Program Files\Zlsg\Exzlk.exe 

O4 - Startup: E-mail.lnk = ? 


O9 - Extra button: i-Nav Pomoc - {CE000992-A58C-4441-8938-744CD72AB27F} - 


http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) 

O9 - Extra 'Tools' menuitem: i-Nav Pomoc - 


{CE000992-A58C-4441-8938-744CD72AB27F} - 


http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) 


C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe 

O23 - Service: SymWMI Service - Symantec Corporation - C:\Program

Restart kompa .

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE

.Start>>>wszystkie programy >>>Autostart. Tu usuwasz Office

Zainstaluj i uruchom:

Pestpatrol

Ewido Free Security Suite

Sprawdz system >>>co znajdą ?:arrow: usuń

Restart kompa i :

Odinstaluj i zainstaluj ponownie antywirusa .

Teraz skan tym odnowa zainstalowanym antywirusem. (oczywiście z nowymi bazami danych)

:smiley: