Chcesz sprawdzić swój log z Hijackthisa? Wklej go tutaj...

[patology]

obcykamy =]

R3 - Default URLSearchHook is missing

O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - Crogram FilesAccoonaASearchAssist.dll

O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - Crogram FilesBitComet Toolbarv2.0.0.4BitComet_Toolbar.dll

O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing[/b]

To usuwasz w Hijacku, a Accona (Crogram filesAccona) znika z dysku.

ps- dobry pomysl z podawaniem logow w txt =]

 

[rafal]

wlasnie TXT to chyba lepsza opcja, bo niektorych logi wrzucone bezposrednio to az odrzucaja

 

[hexed]

Logfile of HijackThis v1.99.1

Scan saved at 17:35:46, on 2006-01-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesCommon FilesSymantec SharedccProxy.exe

C:WINDOWSExplorer.EXE

C:Program FilesCommon FilesSymantec SharedccSetMgr.exe

C:Program FilesNorton Internet SecurityISSVC.exe

C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe

C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe

C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSsystem323Com_DMI3CDMINIC.EXE

C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe

C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe

C:PROGRA~1GrisoftAVGFRE~1avgemc.exe

C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe

E:nmapbinnmapserv.exe

C:WINDOWSSystem32nvsvc32.exe

C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

C:Program FilesJavajre1.5.0_03binjusched.exe

C:PROGRA~1GrisoftAVGFRE~1avgcc.exe

C:PROGRA~1IEACCE~1IEAccelerator.exe

C:Program FilesQuickTimeqttask.exe

C:Program FilesCommon FilesSymantec SharedccApp.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesMessengermsmsgs.exe

C:WINDOWSSystem32svchost.exe

C:PROGRA~1NORTON~1NORTON~1navw32.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:WINDOWSsystem32NOTEPAD.EXE

C:Documents and SettingsSyrniXPulpithijackthisHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.wp.pl/[/url]

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=localhost:8080

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll

O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - e:anomyzersia2006iep.dll

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_03binjusched.exe

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP

O4 - HKLM..Run: [IE Accelerator] C:PROGRA~1IEACCE~1IEAccelerator.exe /Auto

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033

O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"

O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe /Consumer

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Gadu-Gadu] "E:GaduGadu7.0gg.exe" /tray

O4 - HKCU..Run: [siabcs] C:Program FilesSteganos Internet Anonym 2siabcs.exe

O4 - HKCU..Run: [SIA2006] "E:AnomyzerSIA2006.exe" -boot

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

O4 - Global Startup: LNSS Status Monitor.lnk = E:Guardianstatusmonitor.exe

O8 - Extra context menu item: &Google Search - res://c:program filesgoogleGoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:program filesgoogleGoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:program filesgoogleGoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:program filesgoogleGoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:program filesgoogleGoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:program filesgoogleGoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:WINDOWSsystem323Com_DMI3CDMINIC.EXE

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe

O23 - Service: GFI LANguard N.S.S. 7.0 Attendant Service - Unknown owner - E:Guardianlnssatt.exe" -service (file missing)

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:Program FilesNorton Internet SecurityISSVC.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe

O23 - Service: NMap - Unknown owner - E:nmapbinnmapserv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)

O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

 

[patology]

usuwasz:

O23 - Service: GFI LANguard N.S.S. 7.0 Attendant Service - Unknown owner - E:Guardianlnssatt.exe" -service (file missing)[/b]

 

[darex]

Czy moge poprosić o sorawdzenie mojego.Pozdrawiam Darek Logfile of HijackThis v1.99.1
Scan saved at 00:13:47, on 2006-01-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesTGTSoftStyleXPStyleXPService.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32netdde.exe
Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
Crogram FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32cisvc.exe
C:WINDOWSsystem32CTsvcCDA.EXE
C:WINDOWSsystem32driversKodakCCS.exe
C:WINDOWSsystem32MsPMSPSv.exe
Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe
Crogram FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSSYSTEM32Ati2evxx.exe
C:WINDOWSExplorer.EXE
Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSOUNDMAN.EXE
Crogram FilesJavaj2re1.4.2_04binjusched.exe
CROGRA~1ALWILS~1Avast4ashDisp.exe
Crogram FilesThomsonSpeedTouch USBDragdiag.exe
Crogram FilesMicrosoft AntiSpywaregcasServ.exe
Crogram FilesCommon FilesRealUpdate_OBrealsched.exe
Crogram FilesCommon FilesMicrosoft SharedDAOsvchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSYSTEM32cidaemon.exe
Crogram FilesMicrosoft AntiSpywaregcasDtServ.exe
Crogram FilesMozilla Firefoxfirefox.exe
COCUME~1dariaUSTAWI~1TempRar$EX01.109HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.interia.pl/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.interia.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - CROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - Crogram FilesTGTSoftStyleXPTGT_BHO.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM..Run: [ATIPTA] Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] Crogram FilesJavaj2re1.4.2_04binjusched.exe
O4 - HKLM..Run: [Soltek] C:WINDOWSsystem32autorun.exe
O4 - HKLM..Run: [avast!] CROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "Crogram FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [Odkurzacz-MCD] Crogram FilesOdkurzacz 10.0 Proodk_mcd.exe
O4 - HKLM..Run: [gcasServ] "Crogram FilesMicrosoft AntiSpywaregcasServ.exe"
O4 - HKLM..Run: [WinLiveUpdate] Crogram FilesCommon FilesMicrosoft SharedDAOsvchost.exe
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - HKCU..Run: [STYLEXP] Crogram FilesTGTSoftStyleXPStyleXP.exe -Hide
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: &Download with &DAP - Crogram FilesDAPdapextie.htm
O8 - Extra context menu item: &Google Search - res://crogram filesgoogleGoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://crogram filesgoogleGoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://crogram filesgoogleGoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://crogram filesgoogleGoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://crogram filesgoogleGoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O12 - Plugin for .spop: Crogram FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O17 - HKLMSystemCCSServicesTcpip..{59009017-36FB-415C-9D85-5F541EB2EC02}: NameServer = 195.114.161.55 195.114.181.130
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - Crogram FilesWirtualna Polskawpkontakturl_wpmsg.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Critical System Service BootDrv (BootDrv) - Unknown owner - C:WINDOWSsystem32BootDSvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe
O23 - Service: StyleXPService - Unknown owner - Crogram FilesTGTSoftStyleXPStyleXPService.exe

 

[patology]

Usuwasz:

Crogram FilesCommon FilesMicrosoft SharedDAOsvchost.exe

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM..Run: [WinLiveUpdate] Crogram FilesCommon FilesMicrosoft SharedDAOsvchost.exe

O17 - HKLMSystemCCSServicesTcpip..{59009017-36FB-415C-9D85-5F541EB2EC02}: NameServer = 195.114.161.55 195.114.181.130

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - Crogram FilesWirtualna Polskawpkontakturl_wpmsg.dll

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)

O23 - Service: Critical System Service BootDrv (BootDrv) - Unknown owner - C:WINDOWSsystem32BootDSvc.exe (file missing)[/b]

 

[darex]

Dziękuje dużo pomogło :-D

 

[real3k]

prosze o interpretacje

Logfile of HijackThis v1.99.1
Scan saved at 23:05:25, on 2006-01-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32nvsvc32.exe
Crogram FilesKerioWinRoute Firewallwinroute.exe
C:WINDOWSMixer.exe
CROGRA~1NEOSTR~1CnxMon.exe
Crogram FilesThomsonSpeedTouch USBDragdiag.exe
CROGRA~1NEOSTR~1TaskbarIcon.exe
C:WINDOWSsystem32RUNDLL32.EXE
Crogram FilesDAEMON Toolsdaemon.exe
Crogram FilesCommon FilesRealUpdate_OBevntsvc.exe
Crogram FilesNetLimiterNetLimiter.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesGadu-Gadugg.exe
CROGRA~1MyPortalSpeed-XSpeedX.exe
Crogram FilesKerioWinRoute FirewallWrCtrl.exe
Crogram FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe
CROGRA~1NEOSTR~1NeostradaTP.exe
CROGRA~1NEOSTR~1ComComp.exe
CROGRA~1NEOSTR~1Watch.exe
Crogram Filesmozilla.orgMozillamozilla.exe
Crogram FilesMass Downloadermassdown.exe
C:WINDOWSExplorer.EXE
Crogram FilesAdobeAcrobat 7.0ReaderAcroRd32Info.exe
DownloadhijackthisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Local Spool Net support DLL - {41943050-65CC-454B-81E4-9C8A9D7CBAEA} - C:WINDOWSsystem32localsplnet.dll
O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - crogram fileszangozangohook.dll (file missing)
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - Crogram FilesMass DownloaderMDHELPER.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..Run: [WooCnxMon] CROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "Crogram FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [WOOWATCH] CROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [WOOTASKBARICON] CROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [KAVPersonal50] "Crogram FilesKaspersky LabKaspersky Anti-Virus Personal Prokav.exe" /minimize
O4 - HKLM..Run: [DAEMON Tools] "Crogram FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [TkBellExe] Crogram FilesCommon FilesRealUpdate_OBevntsvc.exe -osboot
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - HKLM..Run: [NetLimiter] Crogram FilesNetLimiterNetLimiter.exe /s
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "Crogram FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [SpeedX] CROGRA~1MyPortalSpeed-XSpeedX.exe
O4 - HKCU..Run: [Komunikator] Crogram FilesTlen.pltlen.exe
O4 - HKCU..Run: [WrCtrl] "Crogram FilesKerioWinRoute FirewallWrCtrl.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = Crogram FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = Crogram FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = Crogram FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe
O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOfficeOSA9.EXE
O8 - Extra context menu item: Pobierz &Wszystko używając Mass Downloader'a - Crogram FilesMass DownloaderAdd_All.htm
O8 - Extra context menu item: Pobierz używając &Mass Downloader'a - Crogram FilesMass DownloaderAdd_Url.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - Crogram FilesMass Downloadermassdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - Crogram FilesMass Downloadermassdown.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130497819074
O17 - HKLMSystemCCSServicesTcpip..{D8494C1F-13B7-4263-93BF-73FE3229D3E1}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - Crogram FilesKaspersky LabKaspersky Anti-Virus Personal Prokavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: SpywareCleanerService - Unknown owner - Crogram FilesSpyware CleanerSCService.exe (file missing)
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Kerio Technologies - Crogram FilesKerioWinRoute Firewallwinroute.exe

 

[tianhao]

Jak wszyscy to wszyscy

Ja tez poprosze o sprawdzenie

Logfile of HijackThis v1.99.1

Scan saved at 08:06:44, on 2006-01-20

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00  (6.00.2900.2180)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesSygateSPFsmc.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

C:Program FilesEsetnod32kui.exe

C:Program FilesCommon FilesRealUpdate_OBrealsched.exe

C:Program FilesMiranda IMmiranda32.exe

C:Program FilesEsetnod32krn.exe

C:WINDOWSSystem32nvsvc32.exe

C:Program FilesSolidDocumentsSolidConverterPDFSCPDFSolidPdfService.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:WINDOWSsystem32wuauclt.exe

C:Documents and SettingsTianhaoPulpitHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:Program FilesSolidDocumentsSolidConverterPDFSCPDFExploreExtPDF.dll

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:Program FilesDesktop Sidebarsbhelp.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll

O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FlashGetfgiebar.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:Program FilesSolidDocumentsSolidConverterPDFSCPDFExploreExtPDF.dll

O4 - HKLM..Run: [SMC] "C:Program FilesSygateSPFSmc.exe" -start

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nod32kui] "C:Program FilesEsetnod32kui.exe" /WAITSERVICE

O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe"  -osboot

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - Startup: Miranda IM.lnk = C:Program FilesMiranda IMmiranda32.exe

O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:Program FilesDesktop Sidebarsbhelp.dll/menuhandler.html

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:Program FilesFlashGetjc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:Program FilesFlashGetjc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:Program FilesDesktop Sidebarsbhelp.dll

O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:Program FilesDesktop Sidebarsbhelp.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132998279109[/url]

O20 - Winlogon Notify: WBSrv - C:PROGRA~1StardockOBJECT~1WINDOW~1wbsrv.dll

O23 - Service: FPAZFSQUCQ - Sysinternals - [url]www.sysinternals.com[/url] - C:DOCUME~1TianhaoUSTAWI~1TempFPAZFSQUCQ.exe

O23 - Service: MySql - Unknown owner - E:serusr/MYSQL/bin/mysqld.exe (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:Program FilesEsetnod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)

O23 - Service: RSMAGD - Unknown owner - C:DOCUME~1TianhaoUSTAWI~1TempRSMAGD.exe (file missing)

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:Program FilesSolidDocumentsSolidConverterPDFSCPDFSolidPdfService.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:Program FilesSygateSPFsmc.exe

 

[patology]

O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O23 - Service: MySql - Unknown owner - E:serusr/MYSQL/bin/mysqld.exe (file missing)

O23 - Service: RSMAGD - Unknown owner - COCUME~1TianhaoUSTAWI~1TempRSMAGD.exe (file missing)[/b]

Fix ;]

 

[Gooralesco]

A co panowie szlachta powiecie na ten wpis ?:

O17 - HKLMSystemCCSServicesTcpip..{9B26CE69-9345-4C48-B72A-75F14B588661}: NameServer = 194.204.152.34

zaintrygowal mnie

----
pzdr

 

[Pepi]

ta ja bym nie chciał usówac wpisu z DNS'ami

chcecie to kasujcie ale juz sie nie zapytacie tu czemu wam net przestał chodzic

:twisted:

 

[Piotr__21]

Mogli byscie sprawdzic i moj

Logfile of HijackThis v1.99.1
Scan saved at 23:28:11, on 2006-02-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesCommon FilesSymantec SharedccSetMgr.exe
Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe
Crogram FilesCommon FilesSymantec SharedSNDSrvc.exe
Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
Crogram FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
Frogramy3dsmax8mentalraysatelliteraysat_3dsmax8server.exe
Crogram FilesNorton SystemWorksNorton AntiVirusnavapsvc.exe
Crogram FilesNorton SystemWorksNorton AntiVirusIWPNPFMntor.exe
Crogram FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32rundll32.exe
Crogram FilesATI TechnologiesATI.ACEcli.exe
Crogram FilesWinampwinampa.exe
Crogram FilesCommon FilesSymantec SharedccApp.exe
Crogram FilesQuickTimeqttask.exe
D:iTunesHelper.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesCommon FilesAheadlibNMBgMonitor.exe
E:biniPodService.exe
Crogram FilesMessengermsmsgs.exe
Crogram FilesSaveSave.exe
Crogram FilesATI TechnologiesATI.ACECLI.exe
Crogram FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
Crogram FilesDAEMON Toolsdaemon.exe
DBitLordBitLord.exe
C:totalcmdTOTALCMD.EXE
CROGRA~1WinZipwinzip32.exe
Cocuments and SettingsFunPulpitpiotrNowy folderHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - Crogram FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - Crogram FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [Anti Trojan Elite] Crogram FilesAnti Trojan EliteTJEnder.exe :NO
O4 - HKLM..Run: [Workflow] H:Workflow.exe
O4 - HKLM..Run: [ATIPTA] Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [ATICCC] "Crogram FilesATI TechnologiesATI.ACEcli.exe" runtime
O4 - HKLM..Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM..Run: [WinampAgent] Crogram FilesWinampwinampa.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [ccApp] "Crogram FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [Overnet] Crogram FilesOverneteDonkey2000.exe -t
O4 - HKLM..Run: [QuickTime Task] "Crogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "D:iTunesHelper.exe"
O4 - HKLM..Run: [eDonkey2000] "DiotreDonkey2000edonkey2000.exe" -t
O4 - HKLM..Run: [I downloaded pirated Software from P2P and now I post my Hijack log] C:WINDOWSsystem32warez.exe
O4 - HKLM..Run: [DAEMON Tools] "Crogram FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "Crogram FilesCommon FilesAheadlibNMBgMonitor.exe"
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Komunikator] Crogram FilesTlen.pltlen.exe
O4 - HKCU..Run: [WhenUSave] "Crogram FilesSaveSave.exe"
O4 - Global Startup: ATI CATALYST System Tray.lnk = Crogram FilesATI TechnologiesATI.ACECLI.exe
O8 - Extra context menu item: &Google Search - res://Crogram FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://Crogram FilesGoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://Crogram FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://Crogram FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://Crogram FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://Crogram FilesGoogleGoogleToolbar1.dll/cmtrans.html
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - FrogramyIrfanViewEbayEbay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O10 - Broken Internet access because of LSP provider 'crogram filesnewdotnetnewdotnet7_14.dll' missing
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - Crogram FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:biniPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - Frogramy3dsmax8mentalraysatelliteraysat_3dsmax8server.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - Crogram FilesNorton SystemWorksNorton AntiVirusnavapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - Crogram FilesNorton SystemWorksNorton AntiVirusIWPNPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:WINDOWSSYSTEMDRIVERntuser.exe (file missing)
O23 - Service: NTLOAD - Unknown owner - C:WINDOWSSYSTEMDRIVERntsrv.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - C:WINDOWSSYSTEMDRIVERntsrv.exe (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - Crogram FilesNorton SystemWorksNorton AntiVirusSAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - Crogram FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

 

[rafal]

Ten wpis jest the best :

O4 - HKLM..Run: [I downloaded pirated Software from P2P and now I post my Hijack log] C:WINDOWSsystem32warez.exe

To badziewie wywal, w sumie powinno to wykryc SpyBot : Search & Destroy :

O10 - Broken Internet access because of LSP provider 'c:program filesnewdotnetnewdotnet7_14.dll' missing

 

[Hunter]

szkoda ze taki log staje sie bez uzyteczny jak np. napisze sobie taki kolo wirka ktory bedzie w autostart udawal proces antyvira =) np. ccApp.exe
przejzycie log zobaczycie ccApp.exe lokalizacja crogram filesnorton antyvirus ^^

a w realiach ccApp.exe moze odpalac inny plik gdzies siedzacy sobie w systemie =)
co wtedy ?

 

[RedCrow]

<div class='quotetop'>CYTAT("maSs")</div>

Ten wpis jest the best :

O4 - HKLM..Run: [I downloaded pirated Software from P2P and now I post my Hijack log] C:WINDOWSsystem32warez.exe

To badziewie wywal, w sumie powinno to wykryc SpyBot : Search & Destroy :

O10 - Broken Internet access because of LSP provider 'c:program filesnewdotnetnewdotnet7_14.dll' missing

[/b]

Ja bym jeszcze wykopał tego backdoor'a :twisted:

     O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:WINDOWSSYSTEMDRIVERntuser.exe (file missing)

I te koniki :twisted:

O23 - Service: NTLOAD - Unknown owner - C:WINDOWSSYSTEMDRIVERntsrv.exe (file missing)

O23 - Service: NTSVCMGR - Unknown owner - C:WINDOWSSYSTEMDRIVERntsrv.exe (file missing)

 

[Divrael_90]

Problem

Logfile of HijackThis v1.99.1
Scan saved at 18:30:43, on 2006-02-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSsystem32Ati2evxx.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSSystem32svchost.exe
Drogram FilesTGTSoftStyleXPStyleXPService.exe
D:WINDOWSsystem32LEXBCES.EXE
D:WINDOWSsystem32LEXPPS.EXE
D:WINDOWSsystem32spoolsv.exe
D:WINDOWSsvchost.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSsystem32wscntfy.exe
D:WINDOWSsystem32Ati2evxx.exe
D:WINDOWSExplorer.EXE
D:WINDOWSsystem32mssearchnet.exe
D:WINDOWSsystem32nvctrl.exe
Drogram FilesWinampwinampa.exe
Drogram FilesCyberLinkPowerDVDPDVDServ.exe
Drogram FilesDAEMON Toolsdaemon.exe
Drogram FilesDAPDAP.EXE
Drogram FilesTGTSoftStyleXPStyleXP.exe
Drogram FilesGadu-Gadugg.exe
Drogram FilesMozilla Firefoxfirefox.exe
Drogram FilesWinRARWinRAR.exe
DOCUME~1-Axel-USTAWI~1TempRar$EX00.968HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - D:WINDOWSsystem32hp4973.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - drogram filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [NeroFilterCheck] D:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [WinampAgent] Drogram FilesWinampwinampa.exe
O4 - HKLM..Run: [RemoteControl] "Drogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [DAEMON Tools] "Drogram FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [DownloadAccelerator] "Drogram FilesDAPDAP.EXE" /STARTUP
O4 - HKCU..Run: [Skype] "Drogram FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [Gadu-Gadu] "Drogram FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [STYLEXP] Drogram FilesTGTSoftStyleXPStyleXP.exe -Hide
O4 - Global Startup: GStartup.lnk = Drogram FilesCommon FilesGMTGMT.exe
O8 - Extra context menu item: &Download with &DAP - Drogram FilesDAPdapextie.htm
O8 - Extra context menu item: &Google Search - res://Drogram FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://Drogram FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://Drogram FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - Drogram FilesDAPdapextie2.htm
O8 - Extra context menu item: Si&milar Pages - res://Drogram FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://Drogram FilesGoogleGoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Drogram FilesJavajre1.5.0_06binssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Drogram FilesJavajre1.5.0_06binssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Drogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Drogram FilesMessengermsmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "DROGRA~1MSNMES~1msgrapp.dll" (file missing)
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - Drogram FilesSpikurl_wpmsg.dll
O20 - Winlogon Notify: WBSrv - DROGRA~1StardockOBJECT~1WINDOW~1wbsrv.dll
O23 - Service: Adobe LM Service - Adobe Systems - Drogram FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:WINDOWSsystem32ati2sgag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:WINDOWSsystem32LEXBCES.EXE
O23 - Service: StyleXPService - Unknown owner - Drogram FilesTGTSoftStyleXPStyleXPService.exe

 

[3boot]

Pozbadz sie tego:

D:WINDOWSsvchost.exe 



D:WINDOWSsystem32nvctrl.exe 

(Info: [url]http://wirusy.antivirenkit.pl/pl/opis/Trojan-Downloader.Win32.Zlob.es.html[/url])



D:WINDOWSsystem32mssearchnet.exe

(Info: [url]http://www.generation-nt.com/processus/trojan-zlob-d-trojan-mssearchnet-exe/233/[/url])



O4 - Global Startup: GStartup.lnk = D:Program FilesCommon FilesGMTGMT.exe

(Info: [url]http://www.liutilities.com/products/wintaskspro/processlibrary/gmt/[/url])



O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:Program FilesSpikurl_wpmsg.dll



O20 - Winlogon Notify: WBSrv - D:PROGRA~1StardockOBJECT~1WINDOW~1wbsrv.dll



O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - D:WINDOWSsystem32hp4973.tmp

Przyda ci sie do tego program KillBox [OPIS]
Nastepnie podaj nowy log z HijackThis'a

Zeskanuj jeszcze komputer programami:
Spybot - Search & Destroy & Ad-Aware (Spolszczenie)
oraz skanerem Online: [Panda ActiveScan]

http://www.pandasoftware.com/activescan/pol/activescan_principal.htm

 

[SmallPetPan]

Witam,
prosze Was o przejrzenie tego :

Logfile of HijackThis v1.99.1

Scan saved at 14:19:52, on 2006-02-13

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSSystem32CTsvcCDA.exe

C:WINDOWSSystem32nvsvc32.exe

C:WINDOWSSystem32UAService7.exe

C:WINDOWSExplorer.EXE

C:Program FilesCreativeSB Live! 24-bitSurround MixerCTSysVol.exe

C:Program FilesWinampwinampa.exe

C:Program FilesD-Toolsdaemon.exe

C:Program FilesJavajre1.5.0_06binjusched.exe

C:Program FilesCommon FilesRealUpdate_OBevntsvc.exe

C:WINDOWSSystem32RUNDLL32.EXE

C:WINDOWSSystem32ctfmon.exe

C:Program FilesGadu-Gadugg.exe

C:WINDOWSSystem32wuauclt.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesWinampwinamp.exe

C:Program FilesWinRARWinRAR.exe

C:DOCUME~1PiotrasUSTAWI~1TempRar$EX00.234HijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSB Live! 24-bitSurround MixerCTSysVol.exe /r

O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE

O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe"  -lang 1033

O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe

O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [TkBellExe] C:Program FilesCommon FilesRealUpdate_OBevntsvc.exe -osboot

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:Program FilesWinHTTrackWinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:Program FilesWinHTTrackWinHTTrackIEBar.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:Program FilesSpikurl_wpmsg.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSSystem32CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:WINDOWSSystem32UAService7.exe

Z góry dziekuje, pozdrawiam.

 

[RedCrow]

Przegląd robisz

......log czysty
....jedynie to moze byc "COŚ" ale nie koniecznie

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:WINDOWSSystem32UAService7.exe
mozna o tym poczytać: http://www.neuber.com/taskmanager/process/...rvice7.exe.html


no i aktualizacja IE :-D