Chcesz sprawdzić swój log z Hijackthisa? Wklej go tutaj...

[patology]

Założyłem ten temat, ponieważ chce uniknąć zaśmiecenia forum postami typu: "Mam trojana - jak go usunąć" ; "Sprawdźcie mój log z Hijacka".

1. Ściągnij program
2. Wybierz opcje Do a system scan and save a log file
3. Raport wklej tutaj.

Możesz też użyc tej witryny w celu sprawdzenia loga.

Podstawowe informacje - przeczytaj!

 

[temporary]

Logfile of HijackThis v1.99.1
Scan saved at 21:47:40, on 2006-01-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
FrogramyAvast4aswUpdSv.exe
FrogramyAvast4ashServ.exe
C:WINDOWSsystem32atiptaxx.exe
FrogramyPowerDVDPDVDServ.exe
Crogram FilesJavajre1.5.0_06binjusched.exe
FrogramyAvast4ashDisp.exe
FrogramyAutoConnectAutoConnect.exe
FrogramySpybot - Search & DestroyTeaTimer.exe
Crogram FilesSAGEMSAGEM F@st 800-840dslmon.exe
FrogramyAvast4ashMaiSv.exe
FrogramyAvast4ashWebSv.exe
C:WINDOWSsystem32svchost.exe
FrogramyTlentlen.exe
Crogram FilesOperaOpera.exe
Crogram FilesWinRARWinRAR.exe
COCUME~1AdminUSTAWI~1TempRar$EX00.845HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://onet.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - CROGRA~1BFGTOO~1BFGTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - FrogramySPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_06binssv.dll
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - CROGRA~1BFGTOO~1BFGTOO~1.DLL
O4 - HKLM..Run: [AtiPTA] atiptaxx.exe
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [Synchronization Manager] %SystemRoot%system32mobsync.exe /logon
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [CorelDRAW Graphics Suite 11b] FrogramyCorelLanguagesPLProgramsRegistration.exe /title="CorelDRAW Graphics Suite 12" /date=011706 serial=DR12WNP-9936859-UJJ lang=PL
O4 - HKLM..Run: [RemoteControl] FrogramyPowerDVDPDVDServ.exe
O4 - HKLM..Run: [SunJavaUpdateSched] Crogram FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [avast!] FrogramyAvast4ashDisp.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "Crogram FilesCommon FilesAheadlibNMBgMonitor.exe"
O4 - HKCU..Run: [AutoConnect] FrogramyAutoConnectAutoConnect.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] FrogramySpybot - Search & DestroyTeaTimer.exe
O4 - Global Startup: DSLMON.lnk = Crogram FilesSAGEMSAGEM F@st 800-840dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOfficeOSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLMSystemCCSServicesTcpip..{8EEF0DA2-A7C3-4BA2-A9A9-E129CCD45F0E}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLMSystemCCSServicesTcpip..{FD4FAA85-A48D-42E4-BED9-890A9810A88C}: NameServer = 194.204.159.1
O20 - Winlogon Notify: avpe32 - C:WINDOWSSYSTEM32avpe32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - FrogramyAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - FrogramyAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - FrogramyAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - FrogramyAvast4ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

Czekam na propozycje...

 

[red_ag]

FrogramySpybot - Search & DestroyTeaTimer.exe

O4 - HKCU..Run: [SpybotSD TeaTimer] FrogramySpybot - Search & DestroyTeaTimer.exe


C:WINDOWSsystem32atiptaxx.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe[/b]

To napewno ...

 

[astRX]

Uruchom kompa w trybie awaryjnym z obsługą sieci ( F8 na starcie), odpal jeszcze raz HijackThisa, zrób "Do a system scan only" i zaznacz te pozycje:

O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - CROGRA~1BFGTOO~1BFGTOO~1.DLL

O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - CROGRA~1BFGTOO~1BFGTOO~1.DLL

O4 - HKCU..Run: [SpybotSD TeaTimer] FrogramySpybot - Search & DestroyTeaTimer.exe

O17 - HKLMSystemCCSServicesTcpip..{8EEF0DA2-A7C3-4BA2-A9A9-E129CCD45F0E}: NameServer = 194.204.152.34 217.98.63.164


O17 - HKLMSystemCCSServicesTcpip..{FD4FAA85-A48D-42E4-BED9-890A9810A88C}: NameServer = 194.204.159.1

O23 - Service: avast! Mail Scanner - Unknown owner - FrogramyAvast4ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - FrogramyAvast4ashWebSv.exe" /service (file missing)

Co do atiptaxx.exe to jest to ATI Desktop Control Panel from ATI Technologies (bezpieczne)

Potem przeskanuj kompa jakimś antywirem online lub zainstaluj sobie (lepsze rozwiązanie)na kompie porządnego AV i przeskanuj

 

[rafal]

FrogramySpybot - Search & DestroyTeaTimer.exe

O4 - HKCU..Run: [SpybotSD TeaTimer] FrogramySpybot - Search & DestroyTeaTimer.exe


C:WINDOWSsystem32atiptaxx.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe


To napewno ...[/b]

Red_ag : przeciez TeaTimer to dodatek ze Spybota do ochrony rejestru , a te "ati2evxx" i "atiptaxx" to do obslugi karty graficznej ATI, wiec to raczej napewno niegrozne programy ;-)

 

[SZKOD[nick]]

To ja też poprosze o sprawdzenie loga...

Logfile of HijackThis v1.99.1

Scan saved at 09:21:04, on 2006-01-12

Platform: Windows ME (Win9x 4.90.300020)

MSIE: Internet Explorer v5.50 (5.50.4134.0100)



Running processes:

C:NOSKILLSYSTEMKERNEL32.DLL

C:NOSKILLSYSTEMMSGSRV32.EXE

C:NOSKILLSYSTEMmmtask.tsk

C:NOSKILLSYSTEMMPREXE.EXE

C:PROGSKERIOPERSFW.EXE

C:NOSKILLEXPLORER.EXE

C:NOSKILLSYSTEMDDHELP.EXE

C:NOSKILLSYSTEMSTIMON.EXE

C:NOSKILLSYSTEMSYSTRAY.EXE

C:PROGSLOGITECHMOUSEWARESYSTEMEM_EXEC.EXE

C:NOSKILLSYSTEM32DRIVERSKODAKCCS.EXE

C:NOSKILLSYSTEMWMIEXE.EXE

D:TCLOCKTCLOCK.EXE

D:GGGG.EXE

D:WINAMPWINAMP.EXE

C:PROGSFIREFOXFIREFOX.EXE

D:MIRCMIRC.EXE

C:NOSKILLPULPITHIJACKTHISHIJACKTHIS.EXE



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.20.xt.pl/[/url]

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:NOSKILLSYSTEMMSDXM.OCX

O4 - HKLM..Run: [ScanRegistry] C:NOSKILLscanregw.exe /autorun

O4 - HKLM..Run: [SystemTray] SysTray.Exe

O4 - HKLM..Run: [REGTEST] C:ProgsRRGUARDrrguard.exe -1

O4 - HKLM..Run: [EM_EXEC] C:PROGSLOGITECHMOUSEW~1SYSTEMEM_EXEC.EXE

O4 - HKLM..Run: [KodakCCS] C:NOSKILLSystem32DriversKodakCCS.exe

O4 - HKLM..RunServices: [PersFw] "C:ProgsKeriopersfw.exe" /hide

O4 - Startup: tclock.exe.lnk = D:TClocktclock.exe

 

[rafal]

Ambitnie szukalem i znalazlem.... chyba

bo wkoncu ME i XP ciut sie roznia i co moze wygladac normalnie w ME , wyglada podejrzanie dla uzytkownika XP i na odwrot ;-)
Ale ten proces :
C:NOSKILLSYSTEMWMIEXE.EXE
moze byc wg. baz antywirusowych Nortona oraz "VSANTY(costam)" trojanem : W32/Torun.A
ale nie dam sobie reki odciac

//szkod[nick] wrzuc raport z http://virusscan.jotti.org/ , i pokaz jak to naprawde wyglada

 

[SZKOD[nick]]

Czysty

 File:       WMIEXE.EXE

Status:     

OK

MD5     b8bb4d9dbf4ff8b40efd6fa39211a68e

Packers detected:     

-

Scanner results

AntiVir     

Found nothing

ArcaVir     

Found nothing

Avast     

Found nothing

AVG Antivirus     

Found nothing

BitDefender     

Found nothing

ClamAV     

Found nothing

Dr.Web     

Found nothing

F-Prot Antivirus     

Found nothing

Fortinet     

Found nothing

Kaspersky Anti-Virus     

Found nothing

NOD32     

Found nothing

Norman Virus Control     

Found nothing

UNA     

Found nothing

VBA32     

Found nothing

 

[rafal]

ahhh i kolejna teoria spiskowa zostala obalona

 

[Pepi]

SZKOD[nick] rade mam dla ciebie
zamiast ME postaw sobie 98 bo jest stabilniejszy
wedłog mnie ME to porażka M$

 

[SZKOD[nick]]

Pepi: Win Me nie lubi niektórych konfiguracji sprzętowych... Z moją się nei gryzie i jest stabilny poza tym mam go na przekór bo ponoć najgorszy ale dzięki za rade i tak, a co z logiem? może jednak coś się znajdzie : )

 

[Pepi]

C:NOSKILLSYSTEMSTIMON.EXE
C:NOSKILLSYSTEMMPREXE.EXE

te dwa procesy mi jada

 

[rafal]

Pepi : przeciez to normalne aplikacje w WinME nawet i lokalizacje sie zgadzaja, zreszta skumaj sobie to :

stimon - stimon.exe - Process Information

Process File: stimon or stimon.exe
Process Name: Microsoft Windows 98/ME’s Still Image Monitor.

Description:
stimon.exe is a process belinging to Microsoft Windows, and provides additional support for scanners, digital cameras and other video input devices. This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.[/b]

mprexe - mprexe.exe - Process Information

Process File: mprexe or mprexe.exe
Process Name: Windows Routing Process

Description:
mprexe.exe is a process which is initiated by Microsoft Windows 9x and ME only. It allows the computer to use multiple network protocols, and network adapters by routing between both. This hidden process will only appear in the Windows task list should there be a problem with it. Otherwise it should be left enabled.[/b]

 

[patology]

Szkodnik wiadomo że log jest czysty =] w każdym razie niczego sie nie dopatrzylem.

 

[temporary]

O17 - HKLMSystemCCSServicesTcpip..{8EEF0DA2-A7C3-4BA2-A9A9-E129CCD45F0E}: NameServer = 194.204.152.34 217.98.63.164[/b]

Usunalem ten shit, ale po ponownym restarcie komputera znow sie pojawia... :evil:

 

[ktostam]

to ja też poprosze

Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSSystem32Ati2evxx.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSsystem32spoolsv.exe
Drogram FilesAlwil SoftwareAvast4aswUpdSv.exe
Drogram FilesAlwil SoftwareAvast4ashServ.exe
D:WINDOWSSystem32SLEE81.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSsystem32ZONELABSvsmon.exe
D:WINDOWSsystem32Ati2evxx.exe
D:WINDOWSexplorer.exe
D:WINDOWSSOUNDMAN.EXE
Drogram FilesATI TechnologiesATI Control Panelatiptaxx.exe
Drogram FilesZone LabsZoneAlarmzlclient.exe
D:AnyDVDAnyDVD.exe
DROGRA~1ALWILS~1Avast4ashDisp.exe
D:WINDOWSSystem32ctfmon.exe
Drogram FilesCream SoftwareSmieciarek NxGSmieciarek.exe
Drogram FilesSteganos Security Suite 7 SESSSSE7.exe
Drogram FilesCream SoftwareSupelek NxGFMN.exe
Drogram FilesKalendarz XPKalendarz.exe
Drogram FilesSteganos Security Suite 7 SESSSSE7.exe
Drogram FilesAlwil SoftwareAvast4ashWebSv.exe
Drogram FilesGadu-Gadugg.exe
Drogram FilesOperaOpera.exe
D:WINDOWSSystem32cmd.exe
D:WINDOWSsystem32NOTEPAD.EXE
Documents and SettingsGLOBIPulpithijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Drogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [NeroCheck] D:WINDOWSSystem32NeroCheck.exe
O4 - HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [DAEMON Tools-1033] "Drogram FilesD-Toolsdaemon.exe" -lang 1045
O4 - HKLM..Run: [ATIPTA] "Drogram FilesATI TechnologiesATI Control Panelatiptaxx.exe"
O4 - HKLM..Run: [Zone Labs Client] Drogram FilesZone LabsZoneAlarmzlclient.exe
O4 - HKLM..Run: [AnyDVD] D:AnyDVDAnyDVD.exe
O4 - HKLM..Run: [CloneCDTray] "Drogram FilesSlySoftCloneCDCloneCDTray.exe" /s
O4 - HKLM..Run: [avast!] DROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKCU..Run: [CTFMON.EXE] D:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [CS Smieciarek NxG] "Drogram FilesCream SoftwareSmieciarek NxGSmieciarek.exe"
O4 - HKCU..Run: [SSSSE7] "Drogram FilesSteganos Security Suite 7 SESSSSE7.exe" -boot
O4 - HKCU..Run: [Forget-Me-kNot NxG] "Drogram FilesCream SoftwareSupelek NxGFMN.exe"
SettingsGLOBIPulpit[[1].haker.com.pl]Wspomagacz_2k5_BETA_Build_29Klient.exe
O4 - HKCU..Run: [Komunikator] C:Tlen.pltlen.exe
O4 - HKCU..Run: [tray] Documents and SettingsGLOBIPulpitpogoda-1.49pogodapogoda.exe /tray
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = Drogram FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Kalendarz XP.lnk = Drogram FilesKalendarz XPKalendarz.exe
O8 - Extra context menu item: Subskrybuj w domyślnym agregatorze - Documents and SettingsGLOBIDane aplikacjiRssBanditiecontext_subscribefeed.htm
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - Drogram FilesFlashGetjc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - Drogram FilesFlashGetjc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Drogram FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Drogram FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - DROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:WINDOWSwebrelated.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - DROGRA~1FLASHGETflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - DROGRA~1FLASHGETflashget.exe
O16 - DPF: {2DF91772-19DC-47AE-B52F-B8E2FE545625} (Spd2 Class) - http://www.lemontv.pl/lmctrls.cab
O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) - http://czat.onet.pl/client/kalambury/NetPunGame1.dll
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{5D611BC2-FE43-4BA6-91EE-83F30B54DF90}: NameServer = 217.30.129.149 217.30.137.200
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - Drogram FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:WINDOWSsystem32ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - Drogram FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - Drogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - Drogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - D:WINDOWSSystem32SLEE81.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:WINDOWSsystem32ZONELABSvsmon.exe

 

[patology]

ktostam: usuń to

O16 - DPF: {2DF91772-19DC-47AE-B52F-B8E2FE545625} (Spd2 Class) - http://www.lemontv.pl/lmctrls.cab

O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) - http://czat.onet.pl/client/kalambury/NetPunGame1.dll

O17 - HKLMSystemCCSServicesTcpip..{5D611BC2-FE43-4BA6-91EE-83F30B54DF90}: NameServer = 217.30.129.149 217.30.137.200[/b]

Reszta ok jesli wiesz co to jest Smieciarek.exe =]

temporary: niektore wpisy nalezy czyscic w trybie awaryjnym, bez przywracania systemu, niekiedy takze trzeba uzyc dodatkowych programow takich jak LSPfix.

 

[temporary]

Te wpisy pokazują mi sie tylko w trybie normalnym. Hijackthis niczego nie wykrywa w trybie awaryjnym...
Btw, jak sie korzysta z LSPfix'a :?: :roll:

 

[Riddick1]

A obcykacie moje logi??



Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
Drogram FilesantywirusF-seciureCommonFSM32.EXE
C:WINDOWSsystem32RUNDLL32.EXE
Drogram FilesantywirusspyrewareMASgcasServ.exe
Crogram FilesJavajre1.5.0_06binjusched.exe
Drogram FilessterownikidrukarkaHP Software UpdateHPWuSchd2.exe
Crogram FilesHPhpcoretechhpcmpmgr.exe
Crogram FilesNetropaMultimedia KeyboardMMKeybd.exe
Drogram FilesInternetp2peDonkey2000eDonkey2000.exe
Crogram FilesMessengermsmsgs.exe
Drogram FilessterownikidrukarkaDigital Imagingbinhpqtra08.exe
Crogram FilesNetropaMultimedia Keyboardnhksrv.exe
DROGRA~1ANTYWI~1F-SECI~1backweb4476822ProgramSERVIC~1.EXE
Crogram FilesNetropaMultimedia KeyboardTrayMon.exe
Crogram FilesNetropaOnscreen DisplayOSD.exe
Drogram FilesantywirusF-seciureAnti-Virusfsgk32st.exe
Drogram FilesantywirusF-seciureAnti-VirusFSGK32.EXE
Drogram FilesantywirusF-seciurebackweb4476822programfsbwsys.exe
Drogram FilesantywirusF-seciurebackweb4476822Programfspex.exe
Drogram FilesantywirusF-seciureCommonFSMA32.EXE
Drogram FilesantywirusF-seciureCommonFSMB32.EXE
C:WINDOWSsystem32nvsvc32.exe
Drogram FilesantywirusF-seciureAnti-Virusfssm32.exe
C:WINDOWSSystem32svchost.exe
Drogram FilesantywirusF-seciureCommonFCH32.EXE
Drogram FilesantywirusF-seciureCommonFAMEH32.EXE
Drogram FilesantywirusF-seciureAnti-Virusfsqh.exe
Drogram FilesantywirusF-seciureAnti-Virusfsrw.exe
Drogram FilesantywirusF-seciureFSPCfspc.exe
Drogram FilesantywirusspyrewareMASgcasDtServ.exe
Drogram FilesantywirusF-seciureFWESProgramfsdfwd.exe
Drogram FilesantywirusF-seciureAnti-Virusfsav32.exe
Drogram FilessterownikidrukarkaDigital Imagingbinhpqgalry.exe
DROGRA~1ANTYWI~1F-SECI~1ANTI-S~1fsaw.exe
Drogram FilesantywirusF-seciureFSGUIfsguidll.exe
Drogram FilesInternetGadu-Gadugg.exe
Crogram FilesWindows Media Playerwmplayer.exe
Drogram FilesInternetPrzeglądarkafirefox.exe
D:ŚciąganieHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.accoona.com/search_assistant/ac...ampaign=efc0605
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 219.93.174.110:553
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Drogram FilessystemoweAdobe Reader 6.0.2ReaderActiveXAcroIEHelper.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - Crogram FilesBitComet Toolbarv2.0.0.4BitComet_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_06binssv.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - Crogram FilesAccoonaASearchAssist.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - Crogram FilesBitComet Toolbarv2.0.0.4BitComet_Toolbar.dll
O4 - HKLM..Run: [F-Secure Manager] "Drogram FilesantywirusF-seciureCommonFSM32.EXE" /splash
O4 - HKLM..Run: [F-Secure TNB] "Drogram FilesantywirusF-seciureTNBTNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM..Run: [F-Secure Startup Wizard] "Drogram FilesantywirusF-seciureFSGUIFSSW.EXE" /reboot
O4 - HKLM..Run: [News Service] "Drogram FilesantywirusF-seciureFSGUIispnews.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [gcasServ] "Drogram FilesantywirusspyrewareMASgcasServ.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [AudioDeck] Crogram FilesVIAudioiSBADeckADeck.exe 1
O4 - HKLM..Run: [SunJavaUpdateSched] Crogram FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [HP Software Update] "Drogram FilessterownikidrukarkaHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [HP Component Manager] "Crogram FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [MULTIMEDIA KEYBOARD] Crogram FilesNetropaMultimedia KeyboardMMKeybd.exe
O4 - HKLM..Run: [eDonkey2000] Drogram FilesInternetp2peDonkey2000eDonkey2000.exe -t
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Gadu-Gadu] "Drogram FilesInternetGadu-Gadugg.exe" /tray
O4 - Global Startup: F-Secure 2006.lnk = Drogram FilesantywirusF-seciurebackweb4476822Programfspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = Drogram FilessterownikidrukarkaDigital Imagingbinhpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = Drogram FilessterownikidrukarkaDigital Imagingbinhpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = Drogram FilesEdutorOfficeOffice10OSA.EXE
O8 - Extra context menu item: &Zablokuj to okienko - Drogram FilesantywirusF-seciureAnti-Spywareblockpopups.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://DROGRA~1EdutorOfficeOffice10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Filtr sieci Web - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - Drogram FilesantywirusF-seciureFSPCfspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - Drogram FilesantywirusF-seciureFSPCfspcmsie.dll
O9 - Extra 'Tools' menuitem: Filtr sieci Web - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - Drogram FilesantywirusF-seciureFSPCfspcmsie.dll
O9 - Extra button: Osłona programu IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - Drogram FilesantywirusF-seciureAnti-Spywareieshield.dll
O9 - Extra 'Tools' menuitem: Osłona programu IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - Drogram FilesantywirusF-seciureAnti-Spywareieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - DROGRA~1ANTYWI~1F-SECI~1backweb4476822ProgramSERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - Drogram FilesantywirusF-seciureAnti-Virusfsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - Drogram FilesantywirusF-seciurebackweb4476822programfsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - Drogram FilesantywirusF-seciureFWESProgramfsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - Drogram FilesantywirusF-seciureFSPCfshttpsfshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - Drogram FilesantywirusF-seciureCommonFSMA32.EXE
O23 - Service: MySql - Unknown owner - c:usr/MYSQL/bin/mysqld.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - Crogram FilesNetropaMultimedia Keyboardnhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

 

[BolekTrojan]

Moze lepiej podawajce te wasze logi w txt ? Bo troche obszerny sie ten temat zrobi =]