Prosba o sprawdzenie loga

bart · 17 Grudzień 2005 07:56

Logfile of HijackThis v1.99.1

Scan saved at 08:51:57, on 2005-12-17

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\MKS\Bin\NetMonSV.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe

C:\Program Files\MKS\Bin\mksmonsv.exe

C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\MKS\Bin\mks_scan.exe

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

C:\Program Files\MKS\Bin\mks_menu.exe

C:\Program Files\MKS\Bin\ABregmon.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\VIA\RAID\raid_tool.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\totalcmd\TOTALCMD.EXE

E:\hajk\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\Winampa.exe”

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM…\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe

O4 - HKLM…\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 7521009468

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 4724189234

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe

O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe

O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe

O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Bieniol · 17 Grudzień 2005 09:21

Log OK…

PS> Nastepnym razem pisz, dlaczego wstawiasz logi - co jest nie tak z kompem…

pozdrawiam

bart · 17 Grudzień 2005 21:17

Czy to grozne?

przy uruchamianiu Windows Worms Doors Cleaner mam wiadomosc

Your system seems to be infected by a virus, your SVCHOST virtual memory usage 23292Ko is beyond usual values. It is strongkly advised to check your system with an AntiVirus up to date and an AntiTrojans#

Przy Zonealarm w programach przy zoltej klodce wyskakuja mi dwa okienka Generic Host Process for Win32 Service. Czy to normalne, a jesli nie to co powinienem zrobic. Gosc mial fizyczny dostep do kompa moze to nie vir/troj tylko jakis server? nie bardzo kumam wszystko z kompow ale gosc kupil adapter do neta moze ma to cos wspulnego z tym iz mimo ze mam w zonealarm poblokowane porty i w windows worms doors cleaner tez sa blokowane ( netbios niechce sie wpelni zablokowac ikona jest na zolto pozostale na zielono)to zonealarm pokazal udostepnione foldery systemowo wszysko poblokowane pod winowsem jeszce raz moje terazniejsze logi

Logfile of HijackThis v1.99.1

Scan saved at 21:38:44, on 2005-12-17

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes: C:/WINDOWS/System32/smss.exe C:/WINDOWS/system32/winlogon.exe C:/WINDOWS/system32/services.exe C:/WINDOWS/system32/lsass.exe C:/WINDOWS/system32/svchost.exe C:/WINDOWS/System32/svchost.exe C:/WINDOWS/system32/spoolsv.exe C:/Program Files/MKS/Bin/NetMonSV.exe C:/WINDOWS/system32/crypserv.exe C:/Program Files/Norton SystemWorks/Norton Ghost/GhostStartService.exe C:/Program Files/MKS/Bin/mksmonsv.exe C:/PROGRA~1/NORTON~1/NORTON~1/NPROTECT.EXE C:/WINDOWS/system32/nvsvc32.exe C:/Program Files/Analog Devices/SoundMAX/SMAgent.exe C:/PROGRA~1/NORTON~1/NORTON~1/SPEEDD~1/NOPDB.EXE C:/WINDOWS/system32/ZoneLabs/vsmon.exe C:/WINDOWS/Explorer.EXE C:/Program Files/D-Tools/daemon.exe C:/Program Files/Winamp/Winampa.exe C:/Program Files/CyberLink/PowerDVD/PDVDServ.exe C:/Program Files/Norton SystemWorks/Norton Ghost/GhostStartTrayApp.exe C:/Program Files/MKS/Bin/mks_menu.exe C:/Program Files/MKS/Bin/ABregmon.exe C:/Program Files/Zone Labs/ZoneAlarm/zlclient.exe C:/WINDOWS/system32/ctfmon.exe C:/Program Files/Tlen.pl/tlen.exe C:/Program Files/Spybot - Search & Destroy/TeaTimer.exe C:/Program Files/VIA/RAID/raid_tool.exe C:/Program Files/MKS/Bin/mks_scan.exe C:/Program Files/Opera/Opera.exe C:/totalcmd/TOTALCMD.EXE E:/hajk/HijackThis.exe R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Program Files/Adobe/Acrobat 6.0/Reader/ActiveX/AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/PROGRA~1/SPYBOT~1/SDHelper.dll O4 - HKLM/…/Run: [DAEMON Tools-1033] “C:/Program Files/D-Tools/daemon.exe” -lang 1033 O4 - HKLM/…/Run: [WinampAgent] “C:/Program Files/Winamp/Winampa.exe” O4 - HKLM/…/Run: [NeroFilterCheck] C:/WINDOWS/system32/NeroCheck.exe O4 - HKLM/…/Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/system32/NvCpl.dll,NvStartup O4 - HKLM/…/Run: [nwiz] nwiz.exe /install O4 - HKLM/…/Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/system32/NvMcTray.dll,NvTaskbarInit O4 - HKLM/…/Run: [RemoteControl] “C:/Program Files/CyberLink/PowerDVD/PDVDServ.exe” O4 - HKLM/…/Run: [GhostStartTrayApp] C:/Program Files/Norton SystemWorks/Norton Ghost/GhostStartTrayApp.exe O4 - HKLM/…/Run: [MKS_MENU] C:/Program Files/MKS/Bin/mks_menu.exe O4 - HKLM/…/Run: [ABREGMON] C:/Program Files/MKS/Bin/ABregmon.exe O4 - HKLM/…/Run: [Zone Labs Client] C:/Program Files/Zone Labs/ZoneAlarm/zlclient.exe O4 - HKCU/…/Run: [CTFMON.EXE] C:/WINDOWS/system32/ctfmon.exe O4 - HKCU/…/Run: [Komunikator] C:/Program Files/Tlen.pl/tlen.exe O4 - HKCU/…/Run: [spybotSD TeaTimer] C:/Program Files/Spybot - Search & Destroy/TeaTimer.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:/Program Files/VIA/RAID/raid_tool.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:/PROGRA~1/MICROS~2/OFFICE11/EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/PROGRA~1/MICROS~2/OFFICE11/REFIEBAR.DLL O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:/Program Files/IrfanView/Ebay/Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 7521009468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 4724189234 O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:/Program Files/MKS/Bin/NetMonSV.exe O23 - Service: Crypkey License - Unknown owner - C:/WINDOWS/SYSTEM32/crypserv.exe O23 - Service: GhostStartService - Symantec Corporation - C:/Program Files/Norton SystemWorks/Norton Ghost/GhostStartService.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:/Program Files/MKS/bin/MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:/Program Files/MKS/Bin/mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:/Program Files/MKS/Bin/mks_scan.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:/PROGRA~1/NORTON~1/NORTON~1/NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:/WINDOWS/system32/nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:/Program Files/Analog Devices/SoundMAX/SMAgent.exe O23 - Service: Speed Disk service - Symantec Corporation - C:/PROGRA~1/NORTON~1/NORTON~1/SPEEDD~1/NOPDB.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:/WINDOWS/system32/ZoneLabs/vsmon.exe

Gutek · 17 Grudzień 2005 21:53

Czysto ale Generic Host Process for Win32 Service zablokoowany??? - http://securityresponse.symantec.com/av … xBlast.exe użyj

Zaopodaj: Trend Micro Hausecall online scanner