A co panowie szlachta powiecie na ten wpis ?:
zaintrygowal mnieKod:O17 - HKLMSystemCCSServicesTcpip..{9B26CE69-9345-4C48-B72A-75F14B588661}: NameServer = 194.204.152.34
----
pzdr
A co panowie szlachta powiecie na ten wpis ?:
zaintrygowal mnieKod:O17 - HKLMSystemCCSServicesTcpip..{9B26CE69-9345-4C48-B72A-75F14B588661}: NameServer = 194.204.152.34
----
pzdr
ta ja bym nie chciał usówac wpisu z DNS'ami
chcecie to kasujcie ale juz sie nie zapytacie tu czemu wam net przestał chodzic:twisted:
Mogli byscie sprawdzic i moj
Logfile of HijackThis v1.99.1
Scan saved at 23:28:11, on 2006-02-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOW***plorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
F:Programy3dsmax8mentalraysatelliteraysat_3dsmax8s erver.exe
C:Program FilesNorton SystemWorksNorton AntiVirusnavapsvc.exe
C:Program FilesNorton SystemWorksNorton AntiVirusIWPNPFMntor.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesWinampwinampa.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesQuickTimeqttask.exe
D:iTunesHelper.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAheadlibNMBgMonitor.exe
E:biniPodService.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSaveSave.exe
C:Program FilesATI TechnologiesATI.ACECLI.exe
C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
C:Program FilesDAEMON Toolsdaemon.exe
DBitLordBitLord.exe
C:totalcmdTOTALCMD.EXE
C:PROGRA~1WinZipwinzip32.exe
Cocuments and SettingsFunPulpitpiotrNowy folderHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [Anti Trojan Elite] C:Program FilesAnti Trojan EliteTJEnder.exe :NO
O4 - HKLM..Run: [Workflow] H:Workflow.exe
O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime
O4 - HKLM..Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [Overnet] C:Program FilesOverneteDonkey2000.exe -t
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "D:iTunesHelper.exe"
O4 - HKLM..Run: [eDonkey2000] "D
O4 - HKLM..Run: [I downloaded pirated Software from P2P and now I post my Hijack log] C:WINDOWSsystem32warez.exe
O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadlibNMBgMonitor.exe"
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Komunikator] C:Program FilesTlen.pltlen.exe
O4 - HKCU..Run: [WhenUSave] "C:Program FilesSaveSave.exe"
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:Program FilesATI TechnologiesATI.ACECLI.exe
O8 - Extra context menu item: &Google Search - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:Program FilesGoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - F:ProgramyIrfanViewEbayEbay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Broken Internet access because of LSP provider 'c
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:biniPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - F:Programy3dsmax8mentalraysatelliteraysat_3dsmax8s erver.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton SystemWorksNorton AntiVirusnavapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton SystemWorksNorton AntiVirusIWPNPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:WINDOWSSYSTEMDRIVERntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - C:WINDOWSSYSTEMDRIVERntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:WINDOWSSYSTEMDRIVERntsrv.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton SystemWorksNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
Ten wpis jest the best :
To badziewie wywal, w sumie powinno to wykryc SpyBot : Search & Destroy :Kod:O4 - HKLM..Run: [I downloaded pirated Software from P2P and now I post my Hijack log] C:WINDOWSsystem32warez.exe
Kod:O10 - Broken Internet access because of LSP provider 'c:program filesnewdotnetnewdotnet7_14.dll' missing
szkoda ze taki log staje sie bez uzyteczny jak np. napisze sobie taki kolo wirka ktory bedzie w autostart udawal proces antyvira =) np. ccApp.exe
przejzycie log zobaczycie ccApp.exe lokalizacja c
a w realiach ccApp.exe moze odpalac inny plik gdzies siedzacy sobie w systemie =)
co wtedy ?
<div class='quotetop'>CYTAT("maSs")</div>Ten wpis jest the best :
To badziewie wywal, w sumie powinno to wykryc SpyBot : Search & Destroy :Kod:O4 - HKLM..Run: [I downloaded pirated Software from P2P and now I post my Hijack log] C:WINDOWSsystem32warez.exe
[/b]Kod:O10 - Broken Internet access because of LSP provider 'c:program filesnewdotnetnewdotnet7_14.dll' missing
Ja bym jeszcze wykopał tego backdoor'a :twisted:
I te koniki :twisted:Kod:****O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:WINDOWSSYSTEMDRIVERntuser.exe (file missing)
Kod:O23 - Service: NTLOAD - Unknown owner - C:WINDOWSSYSTEMDRIVERntsrv.exe (file missing)Kod:O23 - Service: NTSVCMGR - Unknown owner - C:WINDOWSSYSTEMDRIVERntsrv.exe (file missing)
Problem
Logfile of HijackThis v1.99.1
Scan saved at 18:30:43, on 2006-02-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSsystem32Ati2evxx.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSSystem32svchost.exe
D:Program FilesTGTSoftStyleXPStyleXPService.exe
D:WINDOWSsystem32LEXBCES.EXE
D:WINDOWSsystem32LEXPPS.EXE
D:WINDOWSsystem32spoolsv.exe
D:WINDOWSsvchost.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSsystem32wscntfy.exe
D:WINDOWSsystem32Ati2evxx.exe
D:WINDOW***plorer.EXE
D:WINDOWSsystem32mssearchnet.exe
D:WINDOWSsystem32nvctrl.exe
D:Program FilesWinampwinampa.exe
D:Program FilesCyberLinkPowerDVDPDVDServ.exe
D:Program FilesDAEMON Toolsdaemon.exe
D:Program FilesDAPDAP.EXE
D:Program FilesTGTSoftStyleXPStyleXP.exe
D:Program FilesGadu-Gadugg.exe
D:Program FilesMozilla Firefoxfirefox.exe
D:Program FilesWinRARWinRAR.exe
D
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - D:WINDOWSsystem32hp4973.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d
O4 - HKLM..Run: [NeroFilterCheck] D:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [WinampAgent] D:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [RemoteControl] "D:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [DAEMON Tools] "D:Program FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [DownloadAccelerator] "D:Program FilesDAPDAP.EXE" /STARTUP
O4 - HKCU..Run: [Skype] "D:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [STYLEXP] D:Program FilesTGTSoftStyleXPStyleXP.exe -Hide
O4 - Global Startup: GStartup.lnk = D:Program FilesCommon FilesGMTGMT.exe
O8 - Extra context menu item: &Download with &DAP - D:Program FilesDAPdapextie.htm
O8 - Extra context menu item: &Google Search - res://D:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://D:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - D:Program FilesDAPdapextie2.htm
O8 - Extra context menu item: Si&milar Pages - res://D:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.5.0_06binssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.5.0_06binssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:Program FilesSpikurl_wpmsg.dll
O20 - Winlogon Notify: WBSrv - D:PROGRA~1StardockOBJECT~1WINDOW~1wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:WINDOWSsystem32ati2sgag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:WINDOWSsystem32LEXBCES.EXE
O23 - Service: StyleXPService - Unknown owner - D:Program FilesTGTSoftStyleXPStyleXPService.exe
Pozbadz sie tego:
Przyda ci sie do tego program KillBox [OPIS]Kod:D:WINDOWSsvchost.exe D:WINDOWSsystem32nvctrl.exe (Info: http://wirusy.antivirenkit.pl/pl/opi...2.Zlob.es.html) D:WINDOWSsystem32mssearchnet.exe (Info: http://www.generation-nt.com/process...chnet-exe/233/) O4 - Global Startup: GStartup.lnk = D:Program FilesCommon FilesGMTGMT.exe (Info: http://www.liutilities.com/products/...sslibrary/gmt/) O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:Program FilesSpikurl_wpmsg.dll O20 - Winlogon Notify: WBSrv - D:PROGRA~1StardockOBJECT~1WINDOW~1wbsrv.dll O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - D:WINDOWSsystem32hp4973.tmp
Nastepnie podaj nowy log z HijackThis'a
Zeskanuj jeszcze komputer programami:
Spybot - Search & Destroy & Ad-Aware (Spolszczenie)
oraz skanerem Online: [Panda ActiveScan]
Kod:http://www.pandasoftware.com/activescan/pol/activescan_principal.htm
Witam,
prosze Was o przejrzenie tego :
Z góry dziekuje, pozdrawiam.Kod:Logfile of HijackThis v1.99.1 Scan saved at 14:19:52, on 2006-02-13 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSSystem32CTsvcCDA.exe C:WINDOWSSystem32nvsvc32.exe C:WINDOWSSystem32UAService7.exe C:WINDOW***plorer.EXE C:Program FilesCreativeSB Live! 24-bitSurround MixerCTSysVol.exe C:Program FilesWinampwinampa.exe C:Program FilesD-Toolsdaemon.exe C:Program FilesJavajre1.5.0_06binjusched.exe C:Program FilesCommon FilesRealUpdate_OBevntsvc.exe C:WINDOWSSystem32RUNDLL32.EXE C:WINDOWSSystem32ctfmon.exe C:Program FilesGadu-Gadugg.exe C:WINDOWSSystem32wuauclt.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesWinampwinamp.exe C:Program FilesWinRARWinRAR.exe C:DOCUME~1PiotrasUSTAWI~1TempRar$EX00.234HijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSB Live! 24-bitSurround MixerCTSysVol.exe /r O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe"**-lang 1033 O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [TkBellExe] C:Program FilesCommon FilesRealUpdate_OBevntsvc.exe -osboot O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:Program FilesWinHTTrackWinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:Program FilesWinHTTrackWinHTTrackIEBar.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:Program FilesSpikurl_wpmsg.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSSystem32CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:WINDOWSSystem32UAService7.exe
Przegląd robisz
....jedynie to moze byc "COŚ" ale nie koniecznie
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:WINDOWSSystem32UAService7.exe
mozna o tym poczytać: http://www.neuber.com/taskmanager/process/...rvice7.exe.html
no i aktualizacja IE :-D
proszę o sprawdzenie loga
Logfile of HijackThis v1.99.1
Scan saved at 01:31:33, on 2006-02-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSinet20010winlogon.exe
C:WINDOWSsystem32CTHELPER.EXE
C:WINDOWSsystem32spooldriversw32x863hpztsb04.exe
C:Program FilesCreativeMouse Opticalmouse_2k.exe
D:ProgramyPowerDVD6PDVDServ.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesMKSBinmks_menu.exe
C:Program FilesMKSBinABregmon.exe
C:Program FilesMKSBinNetMonSV.exe
C:WINDOWSsystem32CTsvcCDA.exe
C:Program FilesMKSBinmksmonsv.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32wdfmgr.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:Program FilesMKSBinmks_scan.exe
C:WINDOWSinet20010mm4.exe
C
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.onet.pl
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.onet.pl
F3 - REG:win.ini: run=C:WINDOWSinet20010winlogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb04.exe
O4 - HKLM..Run: [CreativeMouse ] C:Program FilesCreativeMouse Opticalmouse_2k.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [RemoteControl] D:ProgramyPowerDVD6PDVDServ.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 - HKLM..Run: [ABREGMON] C:Program FilesMKSBinABregmon.exe
O4 - HKLM..Run: [xp_system] C:WINDOWSinet20010winlogon.exe
O4 - HKCU..Run: [NBJ] "D:ProgramyNeroNero BackItUpNBJ.exe"
O4 - HKCU..Run: [xp_system] C:WINDOWSinet20010winlogon.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O20 - Winlogon Notify: avpe32 - C:WINDOWSSYSTEM32avpe32.dll
O20 - Winlogon Notify: dvd4free - C:WINDOWSSYSTEM32dvd4free.dll
O20 - Winlogon Notify: msctl32.dll - C:WINDOWS
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:Program FilesMKSBinNetMonSV.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:WINDOWSsystem32cmdtel.exe (file missing)
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:Program FilesMKSbinMkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:Program FilesMKSBinmksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - C:Program FilesMKSBinmks_scan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
Tryb awaryjny (albo użyj KillBox patrz post 3boot'a
Kod:C:WINDOWSinet20010winlogon.exenajlepiej cały ten folder "inet20010"Kod:C:WINDOWSinet20010mm4.exe
znajdz to i usuń:
To fix:Kod:C:WINDOWSSYSTEM32avpe32.dll C:WINDOWSSYSTEM32dvd4free.dll C:WINDOWSmsctl32.dll
Daj nowy logKod:O4 - HKLM..Run: [xp_system] C:WINDOWSinet20010winlogon.exe O4 - HKCU..Run: [xp_system] C:WINDOWSinet20010winlogon.exe O20 - Winlogon Notify: avpe32 - C:WINDOWSSYSTEM32avpe32.dll O20 - Winlogon Notify: dvd4free - C:WINDOWSSYSTEM32dvd4free.dll O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:WINDOWSsystem32cmdtel.exe (file missing) O20 - Winlogon Notify: msctl32.dll - C:WINDOWS
załatwione
Poszło. Juz po problemie. Wielkie Dzięki Pzdr
Jednak nie wszystko ok. Nowy log.
[quote]Logfile of HijackThis v1.99.1
Scan saved at 11:17:46, on 2006-02-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesMKSBinNetMonSV.exe
C:WINDOWSsystem32CTsvcCDA.exe
C:Program FilesMKSBinmksmonsv.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32wdfmgr.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:Program FilesMKSBinmks_scan.exe
C:WINDOWSsystem32CTHELPER.EXE
C:WINDOWSsystem32spooldriversw32x863hpztsb04.exe
C:Program FilesCreativeMouse Opticalmouse_2k.exe
D:ProgramyPowerDVD6PDVDServ.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesMKSBinmks_menu.exe
C:Program FilesMKSBinABregmon.exe
C:WINDOWSsystem32sms_msn40.exe
C:WINDOWSsystem32sms_msn.exe
C:WINDOWSsystem32ngpw40.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.onet.pl
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.onet.pl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: ngsh35.clsIS - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - C:WINDOWSsystem32ngsh35.dll
O2 - BHO: Local Spool Net support DLL - {41943050-65CC-454B-81E4-9C8A9D7CBAEA} - C:WINDOWSsystem32localsplnet.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:WINDOWSinet200103.01.00.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb04.exe
O4 - HKLM..Run: [CreativeMouse ] C:Program FilesCreativeMouse Opticalmouse_2k.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [RemoteControl] D:ProgramyPowerDVD6PDVDServ.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 - HKLM..Run: [ABREGMON] C:Program FilesMKSBinABregmon.exe
O4 - HKLM..Run: [sms_msn40] C:WINDOWSsystem32sms_msn40.exe
O4 - HKLM..Run: [sms_msn] C:WINDOWSsystem32sms_msn.exe
O4 - HKCU..Run: [NBJ] "D:ProgramyNeroNero BackItUpNBJ.exe"
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O20 - Winlogon Notify: avpe32 - C:WINDOWSSYSTEM32avpe32.dll
O20 - Winlogon Notify: dvd4free - C:WINDOWSSYSTEM32dvd4free.dll
O20 - Winlogon Notify: hpprintx - C:WINDOWSSYSTEM32hpprintx.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:WINDOWSsystem32boaooibo.dll (file missing)
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:WINDOWSsystem32aehdgofm.dll
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:Program FilesMKSBinNetMonSV.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:Program FilesMKSbinMkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:Program FilesMKSBinmksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - C:Program FilesMKSBinmks_scan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
Użyj KillBox'a POBIERZ
Wyłacz przywracanie systemu!
Znajdź i usuń to pogrubione za pomocą tego programiku
C:WINDOWSsystem32sms_msn40.exe
C:WINDOWSsystem32sms_msn.exe
C:WINDOWSsystem32ngpw40.exe
To fixuj w Hijacku
O2 - BHO: ngsh35.clsIS - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - C:WINDOWSsystem32ngsh35.dll
O2 - BHO: Local Spool Net support DLL - {41943050-65CC-454B-81E4-9C8A9D7CBAEA} - C:WINDOWSsystem32localsplnet.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:WINDOWSinet200103.01.00.dll (file missing)
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O4 - HKLM..Run: [sms_msn40] C:WINDOWSsystem32sms_msn40.exe
O4 - HKLM..Run: [sms_msn] C:WINDOWSsystem32sms_msn.exe
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:WINDOWSsystem32boaooibo.dll (file missing)
Tu juz jest problem :twisted:
O20 - Winlogon Notify: avpe32 - C:WINDOWSSYSTEM32avpe32.dll
O20 - Winlogon Notify: dvd4free - C:WINDOWSSYSTEM32dvd4free.dll
O20 - Winlogon Notify: hpprintx - C:WINDOWSSYSTEM32hpprintx.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:WINDOWSsystem32aehdgofm.dll
Spróbuj Kilboxem zniczczyć pliki dll
Wbijasz sie w tryb awaryjny F8 :-D
odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej scieżke:
C:WINDOWSSYSTEM32avpe32.dll
,wciskasz x i zostaniesz zapytany o restart ,nie zgadzasz sie i wklejasz
C:WINDOWSSYSTEM32avpe32.dll
i nastepne:
C:WINDOWSSYSTEM32dvd4free.dll
C:WINDOWSSYSTEM32hpprintx.dll
C:WINDOWSsystem32aehdgofm.dll
jak wkleisz wszystko to program będzie pytał o restart-potwierdzasz
Potem FIX w Hijacku tych 020 i 021
Może pomoże :wink:
Uprawnienia
