Prosze o sprawdzenia LOG

kamaa · 27 Październik 2004 16:03

Logfile of HijackThis v1.98.2

Scan saved at 17:24:17, on 2004-10-27

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svcshost.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\WINDOWS\System32\wuautlc.exe

C:\WINDOWS\System32\msfw.exe

C:\Program Files\Winamp3\winampa.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\WINDOWS\System32\wuamgrd.exe

C:\WINDOWS\System32\PDSched.exe

C:\WINDOWS\System32\MSlti32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Microsoft Windows Update] svcshost.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM\..\Run: [WindowsUpdate Service] wuautlc.exe

O4 - HKLM\..\Run: [Windows Firewall Manager] msfw.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\yjulcdo.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe

O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe

O4 - HKLM\..\Run: [Microsoft AUT Update] MSlti32.exe

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\gysveli.exe

O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe

O4 - HKLM\..\RunServices: [Windows Firewall Manager] msfw.exe

O4 - HKLM\..\RunServices: [WindowsUpdate Service] wuautlc.exe

O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe

O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe

O4 - HKLM\..\RunServices: [Microsoft Windows Update] svcshost.exe

O4 - HKLM\..\RunOnce: [Microsoft Windows Update] svcshost.exe

O4 - HKCU\..\Run: [Microsoft Windows Update] svcshost.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe

O4 - HKCU\..\Run: [Microsoft DirectX] PDSched.exe

O4 - HKCU\..\Run: [Microsoft AUT Update] MSlti32.exe

O4 - HKCU\..\RunOnce: [Microsoft Windows Update] svcshost.exe

O4 - Startup: Reboot.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3F7E05D4-6C98-4BCC-AB6B-EDD3CCF8B942}: NameServer = 194.204.152.34 217.98.63.164

Francuz · 27 Październik 2004 19:40

C:\WINDOWS\System32\wuamgrd.exe

C:\WINDOWS\System32\PDSched.exe

C:\WINDOWS\System32\svcshost.exe

O4 - HKCU…\Run: [Microsoft Update] wuamgrd.exe

O4 - HKCU…\Run: [Microsoft DirectX] PDSched.exe

O4 - HKLM…\RunServices: [Microsoft Windows Update] svcshost.exe

O4 - HKLM…\RunOnce: [Microsoft Windows Update] svcshost.exe

to jest jakieś dziwne

O4 - HKLM…\Run: [system Update] C:\WINDOWS\System32\yjulcdo.exe

golden_finger · 27 Październik 2004 21:21

To nie jest dziwne, to robak worm_sdbot

:okulary: