Symantec email proxy wyskakują okienka

Dla specjalistów Bezpieczeństwo
#1

Witam serdecznie i proszę o pomoc. Wyskakuja mi co chwilę okienka “Symantec emil proxy”.

Mój log:

Logfile of HijackThis v1.99.1

Scan saved at 16:56:57, on 2009-03-07

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\igfxsrvc.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe

C:\WINDOWS\system32\semwltray.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\services.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Citrix\ICA Client\pnagent.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\Downloaded Program Files\CONFLICT.917\FP_AX_CAB_INSTALLER.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\pl900290\USTAWI~1\Temp\Rar$EX16.1016\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet-pl.sanofi-aventis.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet-pl.sanofi-aventis.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.241.182/sa/portal

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM…\Run: [GCXX-Manager-Class] “C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe” -startup

O4 - HKLM…\Run: [sony Ericsson Wireless Manager UI] C:\WINDOWS\system32\semwltray

O4 - HKLM…\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent

O4 - HKLM…\Run: [DVDLauncher] “C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe”

O4 - HKLM…\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe”

O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”

O4 - HKLM…\Run: [e-Kiosk] “C:\Program Files\e-Kiosk Reader\eGazetaST.exe”

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [intelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”

O4 - HKLM…\Run: [intelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM…\Run: [services] C:\WINDOWS\services.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t

O4 - HKCU…\Run: [userinit] C:\Documents and Settings\pl900290\Dane aplikacji\twex.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://intranet-pl.sanofi-aventis.com

O15 - Trusted Zone: http://aventis.mylearning.pl

O15 - Trusted IP range: http://192.168.241.182

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan … stubie.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_43.cab

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp01.photoprintit.de/microsite/ … loader.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pharma.aventis.com

O17 - HKLM\Software…\Telephony: DomainName = waw.pharma.aventis.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pharma.aventis.com

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Host agenta programu SMS (CcmExec) - Unknown owner - C:\WINDOWS\system32\CCM\CcmExec.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Sony Ericsson Wireless LAN Tray Service (setrysvc) - Unknown owner - C:\WINDOWS\System32\setrysvc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Dodane 07.03.2009 (So) 17:12

bardzo przepraszam

http://wklejto.pl/28176

Dodane 07.03.2009 (So) 20:33

znalazłam Kasperskym że mam między innymi cos takiego:

Email-Worm.Win32.Jolee.il

jak to usunąć? jezeli dobrze zrozumiałam to robak siedzi w c/ WINDOWS

proszę o pomoc

Dodane 07.03.2009 (So) 22:35

pomoże ktos? :slight_smile:

#2

Jak widać - nie ma chętnych.

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.

Daj log z ComboFix

Nowsza instrukcja obsługi ComboFixa >http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix

Log wklej na http://wklej.org/, a w poście daj tylko link.

jessi