Logfile of HijackThis v1.99.1
Scan saved at 21:10:40, on 2007-05-11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesAntiVir PersonalEdition Classicsched.exe
Crogram FilesAntiVir PersonalEdition Classicavguard.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
Crogram FilesThomsonSpeedTouch USBDragdiag.exe
Crogram FilesCyberLinkPowerDVDPDVDServ.exe
Crogram FilesD-Toolsdaemon.exe
Crogram FilesAntiVir PersonalEdition Classicavgnt.exe
Crogram FilesJavajre1.6.0binjusched.exe
CROGRA~1NEOSTR~1CnxMon.exe
CROGRA~1NEOSTR~1TaskbarIcon.exe
C:WINDOWSSystem32ctfmon.exe
Grogram FilesTlen.pltlen.exe
CROGRA~1NEOSTR~1NeostradaTP.exe
CROGRA~1NEOSTR~1ComComp.exe
CROGRA~1NEOSTR~1Watch.exe
Grogram FilesOperaOpera.exe
Cocuments and SettingsAdministratorPulpithijaHijackThis.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSsystem32ftp.exe
C:WINDOWSsystem32tftp.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - CROGRA~1NEOSTR~1SEARCH~1.DLL
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - Crogram FilesMulti_MediatbMult.dll
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar2.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - Crogram FilesMulti_MediatbMult.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - CROGRA~1BEARSH~1BEARSH~1MediaBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar2.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - Crogram FilesMulti_MediatbMult.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "Crogram FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [RemoteControl] "Crogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [DAEMON Tools-1033] "Crogram FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [avgnt] "Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.6.0binjusched.exe"
O4 - HKLM..Run: [WooCnxMon] CROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [WOOWATCH] CROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [WOOTASKBARICON] CROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKLM..Run: [Onet.pl AutoUpdate] Crogram FilesCommon FilesOnet.plNewAutoUpdate.exe /tsr
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "G:Gadu-Gadugg.exe" /tray
O4 - HKCU..Run: [Komunikator] Grogram FilesTlen.pltlen.exe
O4 - HKCU..Run: [Skype] "Crogram FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [swg] Crogram FilesGoogleGoogleToolbarNotifier1.0.720.3640GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0binssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_21.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_30.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_46.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_32.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab
O17 - HKLMSystemCCSServicesTcpip..{90697767-ABF8-435E-A2FA-1B65814EF667}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe[/b]
Ta...:/ Mów do obrazu obraz ani razu ;-)Originally posted by Kanciastoporty
w trybie awaryjnym to wywal
Logfile of HijackThis v1.99.1
Scan saved at 00:53:48, on 2007-05-12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesAntiVir PersonalEdition Classicsched.exe
Crogram FilesAntiVir PersonalEdition Classicavguard.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSexplorer.exe
C:WINDOWSSOUNDMAN.EXE
Crogram FilesThomsonSpeedTouch USBDragdiag.exe
Crogram FilesCyberLinkPowerDVDPDVDServ.exe
Crogram FilesD-Toolsdaemon.exe
Crogram FilesAntiVir PersonalEdition Classicavgnt.exe
Crogram FilesJavajre1.6.0binjusched.exe
CROGRA~1NEOSTR~1CnxMon.exe
CROGRA~1NEOSTR~1TaskbarIcon.exe
C:WINDOWSSystem32ctfmon.exe
Grogram FilesTlen.pltlen.exe
CROGRA~1NEOSTR~1NeostradaTP.exe
CROGRA~1NEOSTR~1ComComp.exe
CROGRA~1NEOSTR~1Watch.exe
Grogram FilesOperaOpera.exe
C:WINDOWSSystem32wuauclt.exe
Grogram FilesLavasoftAd-Aware SE PersonalAd-Aware.exe
Cocuments and SettingsAdministratorPulpithijaHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - CROGRA~1NEOSTR~1SEARCH~1.DLL
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - Crogram FilesMulti_MediatbMult.dll
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar2.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - Crogram FilesMulti_MediatbMult.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - CROGRA~1BEARSH~1BEARSH~1MediaBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar2.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - Crogram FilesMulti_MediatbMult.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "Crogram FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [RemoteControl] "Crogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [DAEMON Tools-1033] "Crogram FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [avgnt] "Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.6.0binjusched.exe"
O4 - HKLM..Run: [WooCnxMon] CROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [WOOWATCH] CROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [WOOTASKBARICON] CROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKLM..Run: [Onet.pl AutoUpdate] Crogram FilesCommon FilesOnet.plNewAutoUpdate.exe /tsr
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "G:Gadu-Gadugg.exe" /tray
O4 - HKCU..Run: [Komunikator] Grogram FilesTlen.pltlen.exe
O4 - HKCU..Run: [Skype] "Crogram FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [swg] Crogram FilesGoogleGoogleToolbarNotifier1.0.720.3640GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0binssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_21.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_30.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_46.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_32.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab
O17 - HKLMSystemCCSServicesTcpip..{90697767-ABF8-435E-A2FA-1B65814EF667}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe[/b]
Originally posted by Kanciastoporty
po pierwsze nie wiem o co ci chodzi
po drugie juz dostales odpowiedz w innym temacie
po trzecie R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - CROGRA~1BEARSH~1BEARSH~1MediaBar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll
po czwarte http://www.hijackthis.de/
To usunac rozumiem.Originally posted by Kanciastoporty
po pierwsze nie wiem o co ci chodzi
po drugie juz dostales odpowiedz w innym temacie
po trzecie R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - CROGRA~1BEARSH~1BEARSH~1MediaBar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll
usunac te klucze z rejestru?Może odinstalować robaka Blaster zamykając jego proces i usuwając plik przenoszący robaka.
Ulega samodestrukcji kiedy rok w dacie systemowej to 2004.
Sprawdza wersję systemu operacyjnego i pobiera łatkę systemową łatającą lukę Buffer Overrun w interfejsie RPC z jednego z poniżej wypisanych adresów:
http://download.microsoft.com/download/6/9...6-cb99b62f9f2a/
Windows2000-KB823980-x86-KOR.exe
http://download.microsoft.com/download/5/8...6-0a56b0a9d8e6/
Windows2000-KB823980-x86-CHT.exe
http://download.microsoft.com/download/2/8...5-6858b759e977/
Windows2000-KB823980-x86-CHS.exe
http://download.microsoft.com/download/0/1...2-b4b9d42049d5/
Windows2000-KB823980-x86-ENU.exe
http://download.microsoft.com/download/e/3...6-3e81eb4554f6/
WindowsXP-KB823980-x86-KOR.exe
http://download.microsoft.com/download/2/3...2-6cec324b3ce8/
WindowsXP-KB823980-x86-CHT.exe
http://download.microsoft.com/download/a/a...8-85e42de9d2c0/
WindowsXP-KB823980-x86-CHS.exe
http://download.microsoft.com/download/9/8...e-b7a52a983f01/
WindowsXP-KB823980-x86-ENU.exe
Zwiększa ruch po portach TCP 135 i 707 oraz UDP 69.
Nachi.A tworzy następujące pliki w katalogu %systemdir%wins:
DLLHOST.EXE. Plik ten jest kopią robaka.
SVCHOST.EXE. Kopiuje on plik TFTPD.EXE i uruchamia usługę Network Connections Sharing (dzielenie łącza sieciowego), próbując ukryć uruchominy proces klienta TFTP.
Nachi.A dodaje nastepujące wpisy do Rejstru Systemowego:
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services
RpcPatch = DLLHOST.EXE
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services
RpcTftpd = SVCHOST.EXE
Wpisy te zapewniając aktywację robaka przy każdym uruchomieniu systemu.[/b]
Logfile of HijackThis v1.99.1
Scan saved at 08:31:38, on 2007-05-19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
CrogramyRam OptRam Opt.exe
CrogramyGadu-Gadugg.exe
CrogramyWinampwinamp.exe
C:WINDOWSSystem32wuauclt.exe
CrogramyFirefoxfirefox.exe
Cocuments and SettingsHeadShotPulpithijackthisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.gadu-gadu.pl/peer2peer.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - CrogramyFLASHG~1fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - CROGRA~1MEGAUP~1MEGAUP~1.DLL
O4 - HKCU..Run: [Ram_Opt] CrogramyRam OptRam Opt.exe
O4 - HKCU..Run: [Gadu-Gadu] "CrogramyGadu-Gadugg.exe" /tray
O8 - Extra context menu item: Download All by FlashGet - CrogramyFlash Getjc_all.htm
O8 - Extra context menu item: Download using FlashGet - CrogramyFlash Getjc_link.htm
O8 - Extra context menu item: Pobierz za pomocą Mega Manager... - CrogramyMega Managermm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - CrogramyFLASHG~1flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - CrogramyFLASHG~1flashget.exe
O23 - Service: Adobe LM Service - Adobe Systems - Crogram FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe[/b]
Originally posted by bait13
@up
w logu jest czysto tylko masz starą wersję IE
Originally posted by lukpam
Mam od niedawna problem z dyskiem systemowym C, zmniejsza mi się na nim miejsce (kurczy się), jeżeli zwolnię trochę miejsca po chwili znika i pojawia się komunikat "mało miejsca na dysku C"
Mój log to:
Logfile of HijackThis v1.99.1
Scan saved at 12:43:54, on 2007-05-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
DrogramyKaspersky Anti-Virus 6.0avp.exe
DrogramyDiskeeper 2007DkService.exe
C:WINDOWSSystem32GEARSec.exe
DrogramyNorton Ghost 10AgentVProSvc.exe
Crogram FilesCyberlinkShared filesRichVideo.exe
Crogram FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ntvdm.exe
Crogram FilesThomsonSpeedTouch USBDragdiag.exe
DrogramyNorton Ghost 10AgentGhostTray.exe
Crogram FilesAnalog DevicesSoundMAXSMax4PNP.exe
Crogram FilesAnalog DevicesSoundMAXSmax4.exe
Crogram FilesJavajre1.6.0_01binjusched.exe
DrogramyDAEMON Toolsdaemon.exe
DrogramyKaspersky Anti-Virus 6.0avp.exe
C:WINDOWSSamsungLaserSMMgrssmmgr.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesCommon FilesAheadlibNMBgMonitor.exe
D:Acrobat 5.0 CEDistillrAcroTray.exe
Crogram FilesMozilla Firefoxfirefox.exe
d:Acrobat 5.0 CEAcrobatAcrobat.exe
DrogramyWinampwinamp.exe
DrogramySpy SweeperSpySweeper.exe
F:Rapid17 Maja98427SJ5USDownloader-LiteUSDownloader.exe
D:My DownloadsNotes on a ScandaPROGRAMYhijackthisHijackThis.exe
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
F3 - REG:win.ini: load=drogramywatch.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:Acrobat 5.0 CEAcrobatActiveXAcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - DrogramyGetRightxx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - DrogramySpybot - Search & DestroySDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_01binssv.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - DrogramyExpressivoIH_iexplore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar3.dll
O2 - BHO: VGOIEHelper Class - {B6FA00D9-86EC-4158-9488-D00DFF897E86} - Crogram Files21cnVGOVGOIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar3.dll
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - DrogramyExpressivoIH_iexplore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "Crogram FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [Norton Ghost 10.0] "DrogramyNorton Ghost 10AgentGhostTray.exe"
O4 - HKLM..Run: [SoundMAXPnP] "Crogram FilesAnalog DevicesSoundMAXSMax4PNP.exe"
O4 - HKLM..Run: [SoundMAX] "Crogram FilesAnalog DevicesSoundMAXSmax4.exe" /tray
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [ISUSScheduler] "Crogram FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.6.0_01binjusched.exe"
O4 - HKLM..Run: [DAEMON Tools] "DrogramyDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [kav] "DrogramyKaspersky Anti-Virus 6.0avp.exe"
O4 - HKLM..Run: [Samsung LBP SM] "C:WINDOWSSamsungLaserSMMgrssmmgr.exe" /autorun
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [AutoConnect] "Crogram FilesAutoConnectAutoConnect.exe"
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "Crogram FilesCommon FilesAheadlibNMBgMonitor.exe"
O4 - HKCU..Run: [StartCCC] "Crogram FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe"
O4 - Global Startup: Acrobat Assistant.lnk = D:Acrobat 5.0 CEDistillrAcroTray.exe
O8 - Extra context menu item: Download with GetRight Pro - DrogramyGetRightGRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://DrogramyMICROS~1OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - DrogramyGetRightGRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - DrogramyKaspersky Anti-Virus 6.0scieplugin.dll
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:WINDOWSSystem32shdocvw.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - DrogramyMICROS~1OFFICE11REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - Crogram FilesYahoo!Commonyinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149052664796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLMSystemCCSServicesTcpip..{812F22FA-0801-4DCA-BE91-F87FF5156AB6}: NameServer = 194.204.159.1 217.98.63.164
O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O20 - Winlogon Notify: WRNotifier - C:WINDOWSSYSTEM32WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - DrogramyKaspersky Anti-Virus 6.0avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - Crogram FilesCommon FilesSymantec SharedccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - Crogram FilesCommon FilesSymantec SharedccSetMgr.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - DrogramyDiskeeper 2007DkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:WINDOWSSystem32GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - Crogram FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe
O23 - Service: Norton Ghost - Symantec Corporation - DrogramyNorton Ghost 10AgentVProSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - Crogram FilesCyberlinkShared filesRichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - Crogram FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - Crogram FilesCommon FilesUlead SystemsDVDULCDRSvr.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - DrogramySpy SweeperSpySweeper.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:53:27, on 2007-05-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32nvsvc32.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wscntfy.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSsystem32ctfmon.exe
C:Program FilesProgram sieciowy dla SAGEM Wi-Fi 11g USB adapterWLANUTL.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesAzureusAzureus.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsPiotrPulpitHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:Program FilesFlashGetjccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:Program FilesFlashGetgetflash.dll
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:Program FilesFlashGetjc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:Program FilesFlashGetjc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:Program FilesFlashGetFlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:Program FilesFlashGetFlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)