Chcesz sprawdzić swój log z Hijackthisa? Wklej go tutaj...

[Reg@lis]

sry za post ale juz sprawdzilem na stronce ;p

 

[TOM-12]

Do czego służą podkreślone?



Logfile of HijackThis v1.99.1
Scan saved at 21:15, on 2007-05-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
Crogram FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesNeroNero 7InCDInCDsrv.exe
Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32svchost.exe
Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe
Crogram FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wscntfy.exe
Crogram FilesThomsonSpeedTouch USBDragdiag.exe
CROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32spooldriversw32x863hpztsb05.exe
CROGRA~1TEXTBR~1.0BinINSTAN~1.EXE
C:WINDOWSSOUNDMAN.EXE
Crogram FilesPERFECT SERIESMULTI-DIRECTION OPTICAL MOUSE1.4MOUSE32A.EXE
Crogram FilesJavajre1.6.0_01binjusched.exe
Crogram FilesQuickTimeqttask.exe
Crogram FilesNeroNero 7InCDInCD.exe
Cocuments and SettingsTomMoje dokumentyhijackthisHijackThis.exe
C:WINDOWSsystem32wuauclt.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = L1cza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - CROGRA~1NEOSTR~1SEARCH~1.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_01binssv.dll
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "Crogram FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [avast!] CROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb05.exe
O4 - HKLM..Run: [InstantAccess] CROGRA~1TEXTBR~1.0BinINSTAN~1.EXE /h
O4 - HKLM..Run: [RegisterDropHandler] CROGRA~1TEXTBR~1.0BinREGIST~1.EXE
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [LWBMOUSE] Crogram FilesPERFECT SERIESMULTI-DIRECTION OPTICAL MOUSE1.4MOUSE32A.EXE
O4 - HKLM..Run: [et3] et4
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.6.0_01binjusched.exe"
O4 - HKLM..Run: [QuickTime Task] "Crogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "Crogram FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [NeroFilterCheck] Crogram FilesCommon FilesAheadLibNeroCheck.exe
O4 - HKLM..Run: [InCD] Crogram FilesNeroNero 7InCDInCD.exe
O4 - HKLM..RunServices: [RegisterDropHandler] CROGRA~1TEXTBR~1.0BinREGIST~1.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binnpjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binnpjpi160_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - Crogram FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - Crogram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - Crogram FilesNeroNero 7InCDInCDsrv.exe
O23 - Service: PDEngine - Raxco Software, Inc. - Crogram FilesRaxcoPerfectDiskPDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - Crogram FilesRaxcoPerfectDiskPDSched.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:WINDOWSsystem32sfrem01.exe

 

[proxima]

smss.exe -Session Manager SubSystem - proces kluczowy windy
svchost.exe - proces hosta (w telegraficznym skrócie)
wuauclt.exe - odpowiada za aktualizacje windy

Tyle ode mnie

 

[Nero0]

Logfile of HijackThis v1.99.1
Scan saved at 21:10:40, on 2007-05-11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesAntiVir PersonalEdition Classicsched.exe
Crogram FilesAntiVir PersonalEdition Classicavguard.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
Crogram FilesThomsonSpeedTouch USBDragdiag.exe
Crogram FilesCyberLinkPowerDVDPDVDServ.exe
Crogram FilesD-Toolsdaemon.exe
Crogram FilesAntiVir PersonalEdition Classicavgnt.exe
Crogram FilesJavajre1.6.0binjusched.exe
CROGRA~1NEOSTR~1CnxMon.exe
CROGRA~1NEOSTR~1TaskbarIcon.exe
C:WINDOWSSystem32ctfmon.exe
Grogram FilesTlen.pltlen.exe
CROGRA~1NEOSTR~1NeostradaTP.exe
CROGRA~1NEOSTR~1ComComp.exe
CROGRA~1NEOSTR~1Watch.exe
Grogram FilesOperaOpera.exe
Cocuments and SettingsAdministratorPulpithijaHijackThis.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSsystem32ftp.exe
C:WINDOWSsystem32tftp.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - CROGRA~1NEOSTR~1SEARCH~1.DLL
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - Crogram FilesMulti_MediatbMult.dll
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar2.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - Crogram FilesMulti_MediatbMult.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - CROGRA~1BEARSH~1BEARSH~1MediaBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar2.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - Crogram FilesMulti_MediatbMult.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "Crogram FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [RemoteControl] "Crogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [DAEMON Tools-1033] "Crogram FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [avgnt] "Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.6.0binjusched.exe"
O4 - HKLM..Run: [WooCnxMon] CROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [WOOWATCH] CROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [WOOTASKBARICON] CROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKLM..Run: [Onet.pl AutoUpdate] Crogram FilesCommon FilesOnet.plNewAutoUpdate.exe /tsr
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "G:Gadu-Gadugg.exe" /tray
O4 - HKCU..Run: [Komunikator] Grogram FilesTlen.pltlen.exe
O4 - HKCU..Run: [Skype] "Crogram FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [swg] Crogram FilesGoogleGoogleToolbarNotifier1.0.720.3640GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0binssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_21.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_30.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_46.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_32.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab
O17 - HKLMSystemCCSServicesTcpip..{90697767-ABF8-435E-A2FA-1B65814EF667}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe[/b]

C:WINDOWSsystem32tftp.exe to mi zatrzymuje co chwile av guard...nie daaje rady tego usunac...wywalic to?

 

[Kanciastoporty]

w trybie awaryjnym to wywal

 

[Nero0]

Originally posted by Kanciastoporty
w trybie awaryjnym to wywal

Ta...:/ Mów do obrazu obraz ani razu ;-)
Naczytalem sie dzis troche na ten temat bo dobre 12h probuje usunac robaka, którego mam...

Poblokowalem porty net teraz chodzi szybciej ale on chyba nadal siedzi, nie wiem zabardzo co robic ; d zeby go usunac
ten tftp i ftp to tylko kopie tego vira :/ mam jeszcze pelno plików .dll z róznymi "numerami"
które co jakis czas blokuje AVG, ale nie potrafi ich usunac
daje nowe logi i prosze o pomoc

Logfile of HijackThis v1.99.1
Scan saved at 00:53:48, on 2007-05-12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesAntiVir PersonalEdition Classicsched.exe
Crogram FilesAntiVir PersonalEdition Classicavguard.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSexplorer.exe
C:WINDOWSSOUNDMAN.EXE
Crogram FilesThomsonSpeedTouch USBDragdiag.exe
Crogram FilesCyberLinkPowerDVDPDVDServ.exe
Crogram FilesD-Toolsdaemon.exe
Crogram FilesAntiVir PersonalEdition Classicavgnt.exe
Crogram FilesJavajre1.6.0binjusched.exe
CROGRA~1NEOSTR~1CnxMon.exe
CROGRA~1NEOSTR~1TaskbarIcon.exe
C:WINDOWSSystem32ctfmon.exe
Grogram FilesTlen.pltlen.exe
CROGRA~1NEOSTR~1NeostradaTP.exe
CROGRA~1NEOSTR~1ComComp.exe
CROGRA~1NEOSTR~1Watch.exe
Grogram FilesOperaOpera.exe
C:WINDOWSSystem32wuauclt.exe
Grogram FilesLavasoftAd-Aware SE PersonalAd-Aware.exe
Cocuments and SettingsAdministratorPulpithijaHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - CROGRA~1NEOSTR~1SEARCH~1.DLL
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - Crogram FilesMulti_MediatbMult.dll
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar2.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - Crogram FilesMulti_MediatbMult.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - CROGRA~1BEARSH~1BEARSH~1MediaBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar2.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - Crogram FilesMulti_MediatbMult.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "Crogram FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [RemoteControl] "Crogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [DAEMON Tools-1033] "Crogram FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [avgnt] "Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.6.0binjusched.exe"
O4 - HKLM..Run: [WooCnxMon] CROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [WOOWATCH] CROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [WOOTASKBARICON] CROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKLM..Run: [Onet.pl AutoUpdate] Crogram FilesCommon FilesOnet.plNewAutoUpdate.exe /tsr
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "G:Gadu-Gadugg.exe" /tray
O4 - HKCU..Run: [Komunikator] Grogram FilesTlen.pltlen.exe
O4 - HKCU..Run: [Skype] "Crogram FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [swg] Crogram FilesGoogleGoogleToolbarNotifier1.0.720.3640GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0binssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_21.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_30.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_46.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_32.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab
O17 - HKLMSystemCCSServicesTcpip..{90697767-ABF8-435E-A2FA-1B65814EF667}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe[/b]

 

[Kanciastoporty]

po pierwsze nie wiem o co ci chodzi
po drugie juz dostales odpowiedz w innym temacie
po trzecie R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - CROGRA~1BEARSH~1BEARSH~1MediaBar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll
po czwarte http://www.hijackthis.de/

 

[HeadShot]

Originally posted by Kanciastoporty
po pierwsze nie wiem o co ci chodzi
po drugie juz dostales odpowiedz w innym temacie
po trzecie R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - CROGRA~1BEARSH~1BEARSH~1MediaBar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll
po czwarte http://www.hijackthis.de/

po piate sciagnij program Easy Cleaner, wyczysc system i jak masz tam 'opcje' autostart, to wywal wszystko. btw: jak masz minute do zamkniecia kompa, to cofnij czas w zegarze systemowym i juz.

 

[Nero0]

Originally posted by Kanciastoporty
po pierwsze nie wiem o co ci chodzi
po drugie juz dostales odpowiedz w innym temacie
po trzecie R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - CROGRA~1BEARSH~1BEARSH~1MediaBar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll

To usunac rozumiem.
Wracajac do robala którego mam :
http://www.kaspersky.pl/services.html?s=fa...p;details_id=54
nie da sie uzunac...
jak usunac tftp w systemie aw... tylka wlaczyc system aw i wywalic to?

Może odinstalować robaka Blaster zamykając jego proces i usuwając plik przenoszący robaka.
Ulega samodestrukcji kiedy rok w dacie systemowej to 2004.
Sprawdza wersję systemu operacyjnego i pobiera łatkę systemową łatającą lukę Buffer Overrun w interfejsie RPC z jednego z poniżej wypisanych adresów:

http://download.microsoft.com/download/6/9...6-cb99b62f9f2a/
Windows2000-KB823980-x86-KOR.exe

http://download.microsoft.com/download/5/8...6-0a56b0a9d8e6/
Windows2000-KB823980-x86-CHT.exe

http://download.microsoft.com/download/2/8...5-6858b759e977/
Windows2000-KB823980-x86-CHS.exe

http://download.microsoft.com/download/0/1...2-b4b9d42049d5/
Windows2000-KB823980-x86-ENU.exe

http://download.microsoft.com/download/e/3...6-3e81eb4554f6/
WindowsXP-KB823980-x86-KOR.exe

http://download.microsoft.com/download/2/3...2-6cec324b3ce8/
WindowsXP-KB823980-x86-CHT.exe

http://download.microsoft.com/download/a/a...8-85e42de9d2c0/
WindowsXP-KB823980-x86-CHS.exe

http://download.microsoft.com/download/9/8...e-b7a52a983f01/
WindowsXP-KB823980-x86-ENU.exe

Zwiększa ruch po portach TCP 135 i 707 oraz UDP 69.
Nachi.A tworzy następujące pliki w katalogu %systemdir%wins:
DLLHOST.EXE. Plik ten jest kopią robaka.
SVCHOST.EXE. Kopiuje on plik TFTPD.EXE i uruchamia usługę Network Connections Sharing (dzielenie łącza sieciowego), próbując ukryć uruchominy proces klienta TFTP.
Nachi.A dodaje nastepujące wpisy do Rejstru Systemowego:
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services
RpcPatch = DLLHOST.EXE
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services
RpcTftpd = SVCHOST.EXE
Wpisy te zapewniając aktywację robaka przy każdym uruchomieniu systemu.[/b]

usunac te klucze z rejestru?

 

[Matheex]

Logfile of HijackThis v1.99.1
Scan saved at 11:38:37, on 2007-05-12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
Crogram FilesEsetnod32krn.exe
C:WINDOWSSystem32nvsvc32.exe
Crogram FilesWZCBDL ServiceWZCBDLS.exe
Crogram FilesD-LinkAir UtilityAirCFG.exe
C:WINDOWSMixer.exe
C:WINDOWSSystem32RUNDLL32.EXE
Crogram FilesEsetnod32kui.exe
Crogram FilesWinampwinampa.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb04.exe
C:WINDOWSSystem32ctfmon.exe
Crogram FilesGadu-Gadugg.exe
Crogram FilesTlen.pltlen.exe
Crogram FilesOperaOpera.exe
Crogram FilesWinampwinamp.exe
Drogram FilesHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.pl/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.google.pl/search?q=%s
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - Drogram FilesFlashGetjccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [D-Link Air Utility] Crogram FilesD-LinkAir UtilityAirCFG.exe
O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [nod32kui] "Crogram FilesEsetnod32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [WinampAgent] Crogram FilesWinampwinampa.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb04.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "Crogram FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [Komunikator] Crogram FilesTlen.pltlen.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - Drogram FilesFlashGetjc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - Drogram FilesFlashGetjc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O17 - HKLMSystemCCSServicesTcpip..{EDE02CED-1CCC-46EF-A1D6-74E364D35970}: NameServer = 195.136.250.200,195.136.250.201
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - Crogram FilesEsetnod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - Crogram FilesWZCBDL ServiceWZCBDLS.exe

 

[Kanciastoporty]

matheex twoj log raczej czysty
Do moderatorow
nie lepiej by bylo zamknac ten temat na koncu dodajac linka do tutoriala z hijackthisem.de?

 

[HeadShot]

Mam problem, ostatnio odpala mi sie IE (czasem FF) i wyskakuje komunikat ze moj komp jest zawirusowany. Ostatnio sciagam tylko z rs.com (czyste na 100%), nie chodze po zadnych stronach, siedze tylko na 4 forach od miecha, od kumpli tez nie biore zadnych plikow.
Czytalem tutek Kornika52, ale nic podejrzanego nie wykrylem, jedynie ze IE jest w wersji 6.0.

Moj log:

Logfile of HijackThis v1.99.1
Scan saved at 08:31:38, on 2007-05-19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
CrogramyRam OptRam Opt.exe
CrogramyGadu-Gadugg.exe
CrogramyWinampwinamp.exe
C:WINDOWSSystem32wuauclt.exe
CrogramyFirefoxfirefox.exe
Cocuments and SettingsHeadShotPulpithijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.gadu-gadu.pl/peer2peer.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - CrogramyFLASHG~1fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - CROGRA~1MEGAUP~1MEGAUP~1.DLL
O4 - HKCU..Run: [Ram_Opt] CrogramyRam OptRam Opt.exe
O4 - HKCU..Run: [Gadu-Gadu] "CrogramyGadu-Gadugg.exe" /tray
O8 - Extra context menu item: Download All by FlashGet - CrogramyFlash Getjc_all.htm
O8 - Extra context menu item: Download using FlashGet - CrogramyFlash Getjc_link.htm
O8 - Extra context menu item: Pobierz za pomocą Mega Manager... - CrogramyMega Managermm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - CrogramyFLASHG~1flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - CrogramyFLASHG~1flashget.exe
O23 - Service: Adobe LM Service - Adobe Systems - Crogram FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe[/b]

 

[bait13]

@up
w logu jest czysto tylko masz starą wersję IE

 

[HeadShot]

Originally posted by bait13
@up
w logu jest czysto tylko masz starą wersję IE

Wlasnie ze nie jest czysto, w IE nawet nie moge grac w HackMe 1.0 (FF nie obsluguje), bo jakies reklamy sie otwieraja i tego typu badziew.

Z folderu windows32 wywalilem jakis plik ktory znalazlem programem Easy Cleaner w opcjach autostartu. Tym programem przeskanowalem caly system i niby wszystko jest ok, ale ...

 

[bait13]

@up
nie siedze u ciebie na kompie więc nie wiem ale to co widać w logach z Hijack'a jest wszystko ok
;/
Może zainstaluj sobie jakąś inną przeglądarkę typu opera, mozilla to będzie ci działać to hackme

 

[lukpam]

Mam od niedawna problem z dyskiem systemowym C, zmniejsza mi się na nim miejsce (kurczy się), jeżeli zwolnię trochę miejsca po chwili znika i pojawia się komunikat "mało miejsca na dysku C"

Mój log to:

Logfile of HijackThis v1.99.1
Scan saved at 12:43:54, on 2007-05-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
DrogramyKaspersky Anti-Virus 6.0avp.exe
DrogramyDiskeeper 2007DkService.exe
C:WINDOWSSystem32GEARSec.exe
DrogramyNorton Ghost 10AgentVProSvc.exe
Crogram FilesCyberlinkShared filesRichVideo.exe
Crogram FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ntvdm.exe
Crogram FilesThomsonSpeedTouch USBDragdiag.exe
DrogramyNorton Ghost 10AgentGhostTray.exe
Crogram FilesAnalog DevicesSoundMAXSMax4PNP.exe
Crogram FilesAnalog DevicesSoundMAXSmax4.exe
Crogram FilesJavajre1.6.0_01binjusched.exe
DrogramyDAEMON Toolsdaemon.exe
DrogramyKaspersky Anti-Virus 6.0avp.exe
C:WINDOWSSamsungLaserSMMgrssmmgr.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesCommon FilesAheadlibNMBgMonitor.exe
D:Acrobat 5.0 CEDistillrAcroTray.exe
Crogram FilesMozilla Firefoxfirefox.exe
d:Acrobat 5.0 CEAcrobatAcrobat.exe
DrogramyWinampwinamp.exe
DrogramySpy SweeperSpySweeper.exe
F:Rapid17 Maja98427SJ5USDownloader-LiteUSDownloader.exe
D:My DownloadsNotes on a ScandaPROGRAMYhijackthisHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
F3 - REG:win.ini: load=drogramywatch.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:Acrobat 5.0 CEAcrobatActiveXAcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - DrogramyGetRightxx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - DrogramySpybot - Search & DestroySDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_01binssv.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - DrogramyExpressivoIH_iexplore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar3.dll
O2 - BHO: VGOIEHelper Class - {B6FA00D9-86EC-4158-9488-D00DFF897E86} - Crogram Files21cnVGOVGOIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar3.dll
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - DrogramyExpressivoIH_iexplore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "Crogram FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [Norton Ghost 10.0] "DrogramyNorton Ghost 10AgentGhostTray.exe"
O4 - HKLM..Run: [SoundMAXPnP] "Crogram FilesAnalog DevicesSoundMAXSMax4PNP.exe"
O4 - HKLM..Run: [SoundMAX] "Crogram FilesAnalog DevicesSoundMAXSmax4.exe" /tray
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [ISUSScheduler] "Crogram FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.6.0_01binjusched.exe"
O4 - HKLM..Run: [DAEMON Tools] "DrogramyDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [kav] "DrogramyKaspersky Anti-Virus 6.0avp.exe"
O4 - HKLM..Run: [Samsung LBP SM] "C:WINDOWSSamsungLaserSMMgrssmmgr.exe" /autorun
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [AutoConnect] "Crogram FilesAutoConnectAutoConnect.exe"
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "Crogram FilesCommon FilesAheadlibNMBgMonitor.exe"
O4 - HKCU..Run: [StartCCC] "Crogram FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe"
O4 - Global Startup: Acrobat Assistant.lnk = D:Acrobat 5.0 CEDistillrAcroTray.exe
O8 - Extra context menu item: Download with GetRight Pro - DrogramyGetRightGRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://DrogramyMICROS~1OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - DrogramyGetRightGRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - DrogramyKaspersky Anti-Virus 6.0scieplugin.dll
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:WINDOWSSystem32shdocvw.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - DrogramyMICROS~1OFFICE11REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - Crogram FilesYahoo!Commonyinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149052664796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLMSystemCCSServicesTcpip..{812F22FA-0801-4DCA-BE91-F87FF5156AB6}: NameServer = 194.204.159.1 217.98.63.164
O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O20 - Winlogon Notify: WRNotifier - C:WINDOWSSYSTEM32WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - DrogramyKaspersky Anti-Virus 6.0avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - Crogram FilesCommon FilesSymantec SharedccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - Crogram FilesCommon FilesSymantec SharedccSetMgr.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - DrogramyDiskeeper 2007DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:WINDOWSSystem32GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - Crogram FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe
O23 - Service: Norton Ghost - Symantec Corporation - DrogramyNorton Ghost 10AgentVProSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - Crogram FilesCyberlinkShared filesRichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - Crogram FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - Crogram FilesCommon FilesUlead SystemsDVDULCDRSvr.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - DrogramySpy SweeperSpySweeper.exe

 

[PawelSLU4]

Originally posted by lukpam
Mam od niedawna problem z dyskiem systemowym C, zmniejsza mi się na nim miejsce (kurczy się), jeżeli zwolnię trochę miejsca po chwili znika i pojawia się komunikat "mało miejsca na dysku C"

Mój log to:

Logfile of HijackThis v1.99.1
Scan saved at 12:43:54, on 2007-05-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
DrogramyKaspersky Anti-Virus 6.0avp.exe
DrogramyDiskeeper 2007DkService.exe
C:WINDOWSSystem32GEARSec.exe
DrogramyNorton Ghost 10AgentVProSvc.exe
Crogram FilesCyberlinkShared filesRichVideo.exe
Crogram FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ntvdm.exe
Crogram FilesThomsonSpeedTouch USBDragdiag.exe
DrogramyNorton Ghost 10AgentGhostTray.exe
Crogram FilesAnalog DevicesSoundMAXSMax4PNP.exe
Crogram FilesAnalog DevicesSoundMAXSmax4.exe
Crogram FilesJavajre1.6.0_01binjusched.exe
DrogramyDAEMON Toolsdaemon.exe
DrogramyKaspersky Anti-Virus 6.0avp.exe
C:WINDOWSSamsungLaserSMMgrssmmgr.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesCommon FilesAheadlibNMBgMonitor.exe
D:Acrobat 5.0 CEDistillrAcroTray.exe
Crogram FilesMozilla Firefoxfirefox.exe
d:Acrobat 5.0 CEAcrobatAcrobat.exe
DrogramyWinampwinamp.exe
DrogramySpy SweeperSpySweeper.exe
F:Rapid17 Maja98427SJ5USDownloader-LiteUSDownloader.exe
D:My DownloadsNotes on a ScandaPROGRAMYhijackthisHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
F3 - REG:win.ini: load=drogramywatch.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:Acrobat 5.0 CEAcrobatActiveXAcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - DrogramyGetRightxx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - DrogramySpybot - Search & DestroySDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_01binssv.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - DrogramyExpressivoIH_iexplore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar3.dll
O2 - BHO: VGOIEHelper Class - {B6FA00D9-86EC-4158-9488-D00DFF897E86} - Crogram Files21cnVGOVGOIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar3.dll
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - DrogramyExpressivoIH_iexplore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "Crogram FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [Norton Ghost 10.0] "DrogramyNorton Ghost 10AgentGhostTray.exe"
O4 - HKLM..Run: [SoundMAXPnP] "Crogram FilesAnalog DevicesSoundMAXSMax4PNP.exe"
O4 - HKLM..Run: [SoundMAX] "Crogram FilesAnalog DevicesSoundMAXSmax4.exe" /tray
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [ISUSScheduler] "Crogram FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.6.0_01binjusched.exe"
O4 - HKLM..Run: [DAEMON Tools] "DrogramyDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [kav] "DrogramyKaspersky Anti-Virus 6.0avp.exe"
O4 - HKLM..Run: [Samsung LBP SM] "C:WINDOWSSamsungLaserSMMgrssmmgr.exe" /autorun
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [AutoConnect] "Crogram FilesAutoConnectAutoConnect.exe"
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "Crogram FilesCommon FilesAheadlibNMBgMonitor.exe"
O4 - HKCU..Run: [StartCCC] "Crogram FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe"
O4 - Global Startup: Acrobat Assistant.lnk = D:Acrobat 5.0 CEDistillrAcroTray.exe
O8 - Extra context menu item: Download with GetRight Pro - DrogramyGetRightGRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://DrogramyMICROS~1OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - DrogramyGetRightGRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - DrogramyKaspersky Anti-Virus 6.0scieplugin.dll
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:WINDOWSSystem32shdocvw.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - DrogramyMICROS~1OFFICE11REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - Crogram FilesYahoo!Commonyinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149052664796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLMSystemCCSServicesTcpip..{812F22FA-0801-4DCA-BE91-F87FF5156AB6}: NameServer = 194.204.159.1 217.98.63.164
O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O20 - Winlogon Notify: WRNotifier - C:WINDOWSSYSTEM32WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - DrogramyKaspersky Anti-Virus 6.0avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - Crogram FilesCommon FilesSymantec SharedccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - Crogram FilesCommon FilesSymantec SharedccSetMgr.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - DrogramyDiskeeper 2007DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:WINDOWSSystem32GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - Crogram FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe
O23 - Service: Norton Ghost - Symantec Corporation - DrogramyNorton Ghost 10AgentVProSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - Crogram FilesCyberlinkShared filesRichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - Crogram FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - Crogram FilesCommon FilesUlead SystemsDVDULCDRSvr.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - DrogramySpy SweeperSpySweeper.exe

zobacz to

 

[Oorus]

Wklejam mojego loga, napiszcie czy wszystko ok. I jak coś nie używam tego internet explorera PP

Logfile of HijackThis v1.99.1

Scan saved at 12:53:27, on 2007-05-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSsystem32nvsvc32.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32wscntfy.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:WINDOWSsystem32RUNDLL32.EXE

C:WINDOWSsystem32ctfmon.exe

C:Program FilesProgram sieciowy dla SAGEM Wi-Fi 11g USB adapterWLANUTL.exe

C:Program FilesGadu-Gadugg.exe

C:Program FilesAzureusAzureus.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Documents and SettingsPiotrPulpitHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:Program FilesFlashGetjccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:Program FilesFlashGetgetflash.dll

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:Program FilesFlashGetjc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:Program FilesFlashGetjc_all.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:Program FilesFlashGetFlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:Program FilesFlashGetFlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)

 

[Kanciastoporty]

twoj log raczej czysty

 

[Oorus]

Ok dzięki. Jeszcze podczas wyłączania kompa pojawia się jakiś błąd z svchost, coś tam z pamięcią. Później wkleję treść tego błędu, teraz nie chce mi sie reboota robić.