Chcesz sprawdzić swój log z Hijackthisa? Wklej go tutaj...

[DaRiO_Hack]

Pora się nauczyć

Witajcie!
Czy możecie pomóc mi w ustawieniu zabespieczeń kompa? Poniżej moje logi. Jestem "młokosem" więc liczę, że poprowadzi mnie ktoś za rękę. Proszę!!!

Logfile of HijackThis v1.99.1
Scan saved at 15:21:27, on 2007-01-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
CROGRA~1ABFSOF~1ABFOUT~12.0ABFOUT~1.EXE
Crogram FilesioloSystem Mechanic Professional 6IoloSGCtrl.exe
Crogram FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32alg.exe
C:WINDOWSSOUNDMAN.EXE
Crogram FilesioloSystem Mechanic Professional 6SystemGuardAlerter.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesMessengermsmsgs.exe
Crogram FilesCream SoftwareSmieciarek NxGSmieciarek.exe
Crogram FilesSkypePhoneSkype.exe
CROGRA~1LavasoftAD-AWA~1Ad-Watch.exe
Crogram FilesioloSystem Mechanic Professional 6Search and RecoverDiskImageService.exe
C:WINDOWSsystem32rundll32.exe
Crogram FilesioloSystem Mechanic Professional 6SMSystemAnalyzer.exe
Crogram FilesD-Link AirPlusAirPlus.exe
Crogram FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe
Crogram FilesLogitechSetPointSetPoint.exe
Crogram FilesCommon FilesLogitechKhalSharedKHALMNPR.EXE
Crogram FilesSkypePlugin ManagerSkypePM.exe
Crogram FilesMozilla Firefoxfirefox.exe
Crogram FilesGadu-Gadugg.exe
Crogram FilesOutlook Expressmsimn.exe
Crogram FilestotalcmdTOTALCMD.EXE
COCUME~1TATU~1USTAWI~1Temp_tc1HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.spoldzielnialotto.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_10binssv.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [PDF Converter Registry Controller] "Crogram FilesScanSoftPDF ConverterRegistryController.exe"
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [SMSystemAnalyzer] "Crogram FilesioloSystem Mechanic Professional 7SMSystemAnalyzer.exe"
O4 - HKLM..Run: [SystemGuardAlerter] SystemGuardAlerter.exe
O4 - HKLM..Run: [KAVPersonal50] "Crogram FilesKaspersky LabKaspersky Anti-Virus Personalkav.exe" /minimize
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [CS Smieciarek NxG] "Crogram FilesCream SoftwareSmieciarek NxGSmieciarek.exe"
O4 - HKCU..Run: [Skype] "Crogram FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [AWMON] "CROGRA~1LavasoftAD-AWA~1Ad-Watch.exe"
O4 - HKCU..Run: [Search and Recover Disk Image Service] "Crogram FilesioloSystem Mechanic Professional 6Search and RecoverDiskImageService.exe"
O4 - HKCU..Run: [Search and Recover Drive Image Service] "Crogram FilesioloSystem Mechanic Professional 7Search and RecoverDriveImageService.exe"
O4 - HKCU..Run: [SMSystemAnalyzer] "Crogram FilesioloSystem Mechanic Professional 6SMSystemAnalyzer.exe"
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = Crogram FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://KROGRA~1Office10EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word - res://Crogram FilesScanSoftPDF ConverterIEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_10binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_10binssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - CROGRA~1SkypePhoneIEPluginSKYPEI~1.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - Crogram FilesioloCommonLibioloDMVSvc.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - Crogram FilesioloSystem Mechanic Professional 6IoloSGCtrl.exe
O23 - Service: kavsvc - Kaspersky Lab - Crogram FilesKaspersky LabKaspersky Anti-Virus Personalkavsvc.exe
O23 - Service: lxcg_device - Unknown owner - C:WINDOWSsystem32lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

 

[Zigus]

prosze o pomoc ;]

Logfile of HijackThis v1.99.1
Scan saved at 13:01:32, on 2007-02-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32nvraidservice.exe
Crogram FilesAshampooAshampoo FireWallFireWall.exe
Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesGadu-Gadugg.exe
Crogram FilesRALINKRT2500 Wireless LAN CardInstallerWINXPRaConfig2500.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSSystem32wbemunsecapp.exe
CROGRA~1MOZILL~1FIREFOX.EXE
COCUME~1DarekUSTAWI~1TempKatalog tymczasowy 1 dla hijackthis.zipHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - CROGRA~1MEGAUP~1MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - CROGRA~1MEGAUP~1MEGAUP~1.DLL
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NVRaidService] C:WINDOWSsystem32nvraidservice.exe
O4 - HKLM..Run: [Ashampoo FireWall] "Crogram FilesAshampooAshampoo FireWallFireWall.exe" -TRAY
O4 - HKLM..Run: [kav] "Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "Crogram FilesGadu-Gadugg.exe" /tray
O4 - Global Startup: RaConfig2500.lnk = Crogram FilesRALINKRT2500 Wireless LAN CardInstallerWINXPRaConfig2500.exe
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: crogram filesashampooashampoo firewallspi.dll
O10 - Unknown file in Winsock LSP: crogram filesashampooashampoo firewallspi.dll
O10 - Unknown file in Winsock LSP: crogram filesashampooashampoo firewallspi.dll
O10 - Unknown file in Winsock LSP: crogram filesashampooashampoo firewallspi.dll
O10 - Unknown file in Winsock LSP: crogram filesashampooashampoo firewallspi.dll
O10 - Unknown file in Winsock LSP: crogram filesashampooashampoo firewallspi.dll
O17 - HKLMSystemCCSServicesTcpip..{24614C1D-4CA2-4115-8C8B-A81B4D8135FA}: NameServer = 194.204.152.34,192.204.159.1
O17 - HKLMSystemCS1ServicesTcpip..{24614C1D-4CA2-4115-8C8B-A81B4D8135FA}: NameServer = 194.204.152.34,192.204.159.1
O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

 

[Kanciastoporty]

jezeli nikt nie powie to wklej sobie tutaj tego loga
pokaze ci ktore wpisy sa podejrzane tudziez niebezpieczne

 

[awe1]

proplem -prosze o sprawdzenie

Dzięki za rade.

 

[Kanciastoporty]

patrz moj post wyzej.
Ktos powiedzial w tym temacie zeby kierowac swoje logi wlasnie tam. Nikt nie ma czasu/checi sprawdzania ciagle tego samego.
Po co sie z czyms meczyc jak moze to za nas zrobic program?

 

[Mesmeroo]

...

Mam jedno pytanko

Bawiłem sie dzisiaj VSK i odpaliłem u siebie wczesniej skonfigurowany serwer (podczas konfiguracji zaznaczyłem "Wyłącz Menager Zadań")
Więc jak teraz włączyć menager Zadań. . .?

 

[Kanciastoporty]

"reczna", uruchom regedit (start - uruchom - wpisz: regedit - wcisnij ENTER)

nastepnie przejdz do klucza:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

Value Name: DisableTaskMgr
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = default, 1 = wylacz disable Task Manager)

Mozesz tez poszukac w calym rejestrze DisableTaskMgr
(ustaw sie wtedy na poczatku rejestru)
i jesli znaleziona wartosc bedzie miala typ DWORD,
ustaw ja na zero

Uwaga: przed zmianami w rejestrach zrob kopie zapasowa rejestrow
albo utworz punkt przywracania (lub upewnij sie ze masz jeden sprawny punkt)[/b]

bylo juz na forum, nastepnym razem poszukaj

pozdrawiam

 

[korek_a]

Z góry dziękuje

Logfile of HijackThis v1.99.1
Scan saved at 09:11:29, on 2007-02-16
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
Crogram FilesNorton AntiVirusnavapsvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSExplorer.EXE
CROGRA~1NORTON~1navapw32.exe
CROGRA~1NEOSTR~1CnxMon.exe
Crogram FilesThomsonSpeedTouch USBDragdiag.exe
CROGRA~1NEOSTR~1TaskbarIcon.exe
Crogram FilesJavajre1.5.0_10binjusched.exe
Crogram FilesCyberLinkPowerDVDPDVDServ.exe
Crogram FilesD-Toolsdaemon.exe
C:WINDOWSSystem32ctfmon.exe
Crogram FilesGadu-Gadugg.exe
Crogram FilesMessengermsmsgs.exe
C:WINDOWSSystem32wuauclt.exe
C:WINDOWSSystem32svchost.exe
CROGRA~1NEOSTR~1NeostradaTP.exe
CROGRA~1NEOSTR~1ComComp.exe
CROGRA~1NEOSTR~1Watch.exe
D:eMuleemule.exe
CROGRA~1MOZILL~1FIREFOX.EXE
Cocuments and Settingskorek panPulpithijackthisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://szukaj.wp.pl
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - CROGRA~1NEOSTR~1SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - CROGRA~1MEGAUP~1MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_10binssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - Crogram FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Crogram FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - CROGRA~1MEGAUP~1MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NAV Agent] CROGRA~1NORTON~1navapw32.exe
O4 - HKLM..Run: [WooCnxMon] CROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "Crogram FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [WOOWATCH] CROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [WOOTASKBARICON] CROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.5.0_10binjusched.exe"
O4 - HKLM..Run: [RemoteControl] "Crogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [DAEMON Tools-1033] "Crogram FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "Crogram FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [Skype] "Crogram FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_10binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_10binssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O17 - HKLMSystemCCSServicesTcpip..{80C3841D-7CEE-4C46-9AC3-D1AEACDB564D}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - Crogram FilesCommon FilesMicrosoft SharedHelphxds.dll
O23 - Service: Usługa Autoochrony w programie Norton AntiVirus (navapsvc) - Symantec Corporation - Crogram FilesNorton AntiVirusnavapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - CROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe

 

[Mesmeroo]

Prosiłbym o sprawdzenie

Logfile of HijackThis v1.99.1
Scan saved at 14:28:01, on 2007-02-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
Crogram FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSSOUNDMAN.EXE
Crogram FilesCyberLinkPowerDVDPDVDServ.exe
CROGRA~1ALWILS~1Avast4ashDisp.exe
Crogram FilesLexmark 1200 Serieslxczbmgr.exe
Crogram FilesLexmark 1200 Serieslxczbmon.exe
Crogram FilesDAEMON Toolsdaemon.exe
Crogram FilesJavajre1.5.0_10binjusched.exe
Crogram FilesWinampWinampa.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesGadu-Gadugg.exe
Crogram FilesCommon FilesAheadlibNMBgMonitor.exe
Crogram FilesMozilla Firefoxfirefox.exe
CROGRA~1DrWebspidernt.exe
Cocuments and SettingsBartekPulpithijackthisHijackThis.exe

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - Crogram FilesMyGlobalSearchbar1.binMGSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_10binssv.dll
O2 - BHO: Little Fighter 2 Toolbar Helper - {AB41010D-4804-4793-A6A2-3B5EBE2348DD} - Crogram FilesLittle Fighter 2 Toolbarv2.0.0.1Little_Fighter_2_Toolbar.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - CROGRA~1BEARSH~1BEARSH~2MediaBar.dll (file missing)
O3 - Toolbar: Little Fighter 2 Toolbar - {C11483F7-D7D8-4804-98D8-6055470BB989} - Crogram FilesLittle Fighter 2 Toolbarv2.0.0.1Little_Fighter_2_Toolbar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll (file missing)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - Crogram FilesMyGlobalSearchbar1.binMGSBAR.DLL
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [RemoteControl] "Crogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [avast!] CROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [Lexmark 1200 Series] "Crogram FilesLexmark 1200 Serieslxczbmgr.exe"
O4 - HKLM..Run: [BearShare] "Crogram FilesBearShareBearShare.exe" /pause
O4 - HKLM..Run: [DAEMON Tools] "Crogram FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.5.0_10binjusched.exe"
O4 - HKLM..Run: [WinampAgent] "Crogram FilesWinampWinampa.exe"
O4 - HKLM..Run: [SpIDerNT] CROGRA~1DrWebspidernt.exe /agent
O4 - HKLM..Run: [SpIDerMail] "Crogram FilesDrWebspiderml.exe"
O4 - HKLM..Run: [DrWebScheduler] Crogram FilesDrWebDRWEBSCD.EXE
O4 - HKLM..RunOnce: [InstallShieldSetup] CROGRA~1INSTAL~1{BBE2F~1setup.exe -rebootCROGRA~1INSTAL~1{BBE2F~1reboot.ini -l0x15
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "Crogram FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "Crogram FilesCommon FilesAheadlibNMBgMonitor.exe"
O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOfficeOSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_10binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_10binssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32drwebsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32drwebsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32drwebsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32drwebsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: SpIDer Guard for Windows NT (spidernt) - Doctor Web, Ltd. - Crogram FilesDrWebSpiderNT.exe[/b]

 

[Kanciastoporty]

ile razy mozna do was mowic ze sa od tego programy?!
zamiast wklejac loga z hijack thisa tutaj to go wklejcie TUTAJ

 

[fl3a]

Oba logi wygladaja na czyste...

Logi najlepiej kierowac tu:
http://www.searchengines.pl/phpbb203/index.php?showforum=99

 

[Madziulek]

Logfile of HijackThis v1.99.1
Scan saved at 19:59:31, on 2007-02-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32wdfmgr.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSExplorer.EXE
C:WINDOWShtpatch.exe
C:WINDOWSsystem32RunDll32.exe
C:WINDOWSsystem32spooldriversw32x863hpztsb08.exe
Crogram FilesHewlett-PackardHP Software UpdateHPWuSchd.exe
Crogram FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
Crogram FilesJavajre1.5.0_10binjusched.exe
Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
Drogram FilesTlen.pltlen.exe
Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
Crogram FilesMozilla Firefoxfirefox.exe
Drogram FilesSpyware Doctorsdhelp.exe
Drogram FilesSpyware Doctorswdoctor.exe
C:WINDOWSsystem32wuauclt.exe
Cocuments and SettingsFilipPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - EROGRA~1FlashGetjccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - CROGRA~1MEGAUP~1MEGAUP~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - DROGRA~1SPYWAR~1toolsiesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_10binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - DROGRA~1SPYWAR~1toolsiesdpb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - Erogram FilesFlashGetgetflash.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - CROGRA~1MEGAUP~1MEGAUP~1.DLL
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - Erogram FilesFlashGetfgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [Gainward] C:WINDOWSTBPanel.exe /A
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [HTpatch] C:WINDOWShtpatch.exe
O4 - HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb08.exe
O4 - HKLM..Run: [HP Software Update] Crogram FilesHewlett-PackardHP Software UpdateHPWuSchd.exe
O4 - HKLM..Run: [DeviceDiscovery] Crogram FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.5.0_10binjusched.exe"
O4 - HKLM..Run: [AVKTray] "Crogram FilesG DATAAntiVirus 2007AVKTrayAVKTray.exe"
O4 - HKLM..Run: [kav] "Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"
O4 - HKLM..Run: [Flashget] EROGRA~1FlashGetFlashget.exe /min
O4 - HKCU..Run: [Komunikator] Drogram FilesTlen.pltlen.exe
O4 - HKCU..Run: [Spyware Doctor] "Drogram FilesSpyware Doctorswdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = Erogram FilesMicrosoft OfficeOfficeOSA9.EXE
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - EROGRA~1FlashGetjc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - EROGRA~1FlashGetjc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_10binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_10binssv.dll
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - DROGRA~1SPYWAR~1toolsiesdpb.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - EROGRA~1FlashGetflashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - EROGRA~1FlashGetflashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O17 - HKLMSystemCCSServicesTcpip..{7BC232A2-3DF6-4A3A-B637-8DEA700534AC}: NameServer = 192.168.1.1
O17 - HKLMSystemCS1ServicesTcpip..{7BC232A2-3DF6-4A3A-B637-8DEA700534AC}: NameServer = 192.168.1.1
O17 - HKLMSystemCS2ServicesTcpip..{7BC232A2-3DF6-4A3A-B637-8DEA700534AC}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O23 - Service: AVKProxy - Unknown owner - Crogram FilesCommon FilesG DATAAVKProxyAVKProxy.exe (file missing)
O23 - Service: AVK Service (AVKService) - Unknown owner - Crogram FilesG DATAAntiVirus 2007AVKAVKService.exe (file missing)
O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - Crogram FilesG DATAAntiVirus 2007AVKAVKWCtl.exe (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - Drogram FilesSpyware Doctorsdhelp.exe




Czy wszystko jest w porządku? Ostatnio nie mogę uruchomić start>wyszukaj>pliki lub foldery, oraz w panelu sterowania konta użytkowników. Na dodatek niemożna gg uruchomić.

Wydaje mi się że mam Net-Worm.Win32.Afire.c, ale nie jestem pewien.

 

[fl3a]

Log wyglada na czysty! Nie widze nic podejrzanego...
Nic nie pasuje do opisu Net-Worm.Win32.Afire.c.

 

[flor3k]

ja tez to dzis dostałem i przeniosllo mnie na google.pl , załapałem wirusa czy nie? jak to sprawdzic?

 

[fl3a]

ja tez to dzis dostałem i przeniosllo mnie na google.pl , załapałem wirusa czy nie? jak to sprawdzic?[/b]

Wklej logi moze cos pokaza...

 

[mOrLuCk]

Proszę bardzo o sprawdzenie mojego logu.

Logfile of HijackThis v1.99.1

Scan saved at 23:35:52, on 2007-02-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:Program FilesAntiVir PersonalEdition Classicsched.exe

C:WINDOWSSOUNDMAN.EXE

C:Program FilesAntiVir PersonalEdition Classicavguard.exe

C:WINDOWSsystem32driversCDAC11BA.EXE

C:WINDOWSsystem32nvsvc32.exe

C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS

C:Program FilesDigital Media Readerreadericon45G.exe

C:Program FilesAntiVir PersonalEdition Classicavgnt.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe

C:Program FilesWinampwinamp.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesGadu-Gadugg.exe

C:DOCUME~1OwnerLOCALS~1TempRar$EX00.375HijackThis.exe



R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

O1 - Hosts: 212.72.187.2 L2authd.lineage2.com

O1 - Hosts: 212.72.187.2 L2testauthd.lineage2.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:PROGRA~1FlashGetjccatch.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:windowssystem32BAE.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:Program FilesFlashGetgetflash.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:Program FilesFlashGetfgiebar.dll

O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [readericon] C:Program FilesDigital Media Readerreadericon45G.exe

O4 - HKLM..Run: [Recguard] %WINDIR%SMINSTRECGUARD.EXE

O4 - HKLM..Run: [Reminder] %WINDIR%CreatorRemind_XP.exe

O4 - HKLM..Run: [avgnt] "C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background

O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe

O4 - Startup: iexplore.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:PROGRA~1FlashGetjc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:PROGRA~1FlashGetjc_all.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz używając Download &Express'a - C:Program FilesDownload ExpressAdd_Url.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {A352D8E5-25DE-4B83-872F-98842905DE04} (NlsComm Component Class) - [url]http://login.hanbiton.com/cab/NLSnSSO.cab[/url]

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicsched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:Program FilesAntiVir PersonalEdition Classicavguard.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:WINDOWSsystem32driversCDAC11BA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:Program FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)

Pozdrawiam mOrLuCk

 

[fl3a]

Zgodnie z tym opisem plik BAE.dll moze byc komponentem malware lub komponentem Browser Address Error Redirector by Dell Inc. - BAE.dll. Raczej to drugie

Po za tym niczego podejrzanego

 

[mOrLuCk]

Wielkie Dzięki

 

[Kinia20]

Witam wszystkich forumowiczów!!
Mam od kilku dni problemy z moim komputerem(strasznie muli),
zrobilam juz porzadek kasperskym ale za duzo to nie dalo.
Dlatego postanowilam pobawic sie programem hijackthis. No dobra to skoro juz mam loga to wklejam go tu i mam nadzieje ze ktos bedzie na tyle uprzejmy iz powie mi co mam z tym fantem dalej zrobic.

POzdrawiam Kinia :]


Logfile of HijackThis v1.99.1
Scan saved at 16:59:01, on 2007-03-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
Crogram FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
Crogram FilesSpyware Doctorsdhelp.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:WINDOWSExplorer.EXE
CROGRA~1NEOSTR~1CnxMon.exe
CROGRA~1NEOSTR~1TaskbarIcon.exe
C:WINDOWSsystem32keyhook.exe
Crogram FilesWinampWinampa.exe
Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesSpyware Doctorswdoctor.exe
C:WINDOWS?ystem32m?iexec.exe
Crogram FilesBitTorrentbittorrent.exe
Crogram FilesSAGEMSAGEM F@st 800-840dslmon.exe
C:WINDOWSsystem32WgaTray.exe
C:WINDOWSsystem32sistray.exe
CROGRA~1NEOSTR~1NeostradaTP.exe
C:WINDOWSsystem32wscntfy.exe
CROGRA~1NEOSTR~1ComComp.exe
CROGRA~1NEOSTR~1Watch.exe
Crogram FilesOperaOpera.exe
Cocuments and SettingsKiniaPulpithijackthisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - CROGRA~1SPYWAR~1toolsiesdsg.dll
O2 - BHO: (no name) - {8D65AB0F-6FED-114D-E08F-6353E4F139C2} - C:WINDOWSsystem32ofprw.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - CROGRA~1SPYWAR~1toolsiesdpb.dll
O2 - BHO: (no name) - {B8489B0F-42DE-2479-CDBF-537ED4C114F2} - C:WINDOWSsystem32ofprw.dll (file missing)
O2 - BHO: (no name) - {F942FCF9-2271-48D1-6117-6C3DD01058F4} - C:WINDOWSsystem32rjfh.dll (file missing)
O2 - BHO: (no name) - {F9ED5841-87C2-BE6C-8008-C8C72F845DF2} - C:WINDOWSsystem32tmdgiuai.dll (file missing)
O4 - HKLM..Run: [WooCnxMon] CROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [WOOWATCH] CROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [WOOTASKBARICON] CROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKLM..Run: [SiS Windows KeyHook] C:WINDOWSsystem32keyhook.exe
O4 - HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 - HKLM..Run: [WinampAgent] "Crogram FilesWinampWinampa.exe"
O4 - HKLM..Run: [AVP] "Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Spyware Doctor] "Crogram FilesSpyware Doctorswdoctor.exe" /Q
O4 - HKCU..Run: [Bkeylxn] C:WINDOWS?ystem32m?iexec.exe
O4 - HKCU..Run: [BitTorrent] "Crogram FilesBitTorrentbittorrent.exe" --force_start_minimized
O4 - Global Startup: DSLMON.lnk = Crogram FilesSAGEMSAGEM F@st 800-840dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:WINDOWSsystem32sistray.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - CROGRA~1SPYWAR~1toolsiesdpb.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157105884687
O17 - HKLMSystemCCSServicesTcpip..{1254C06C-877C-42CF-A096-B24820936C2A}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLMSystemCS1ServicesTcpip..{1254C06C-877C-42CF-A096-B24820936C2A}: NameServer = 194.204.152.34 217.98.63.164
O20 - AppInit_DLLs:
O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - Crogram FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - Crogram FilesSpyware Doctorsdhelp.exe

 

[fl3a]

O2 - BHO: (no name) - {8D65AB0F-6FED-114D-E08F-6353E4F139C2} - C:WINDOWSsystem32ofprw.dll (file missing)
O2 - BHO: (no name) - {B8489B0F-42DE-2479-CDBF-537ED4C114F2} - C:WINDOWSsystem32ofprw.dll (file missing)
O2 - BHO: (no name) - {F942FCF9-2271-48D1-6117-6C3DD01058F4} - C:WINDOWSsystem32rjfh.dll (file missing)
O2 - BHO: (no name) - {F9ED5841-87C2-BE6C-8008-C8C72F845DF2} - C:WINDOWSsystem32tmdgiuai.dll (file missing)

O20 - Winlogon Notify: winemx32 - winemx32.dll (file missing)[/b]

To mozna smialo usunac przy pomocy HJT.

Crogram FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe[/b]

OFF: Jak wyłączyć program Mdm.exe

ADSL: Konfiguracja połączenia DIAL-UP dla ADSL'a ( net24, neo) modem USB
Mozna usunac wszystkie aplikacja zwiazane z neostrada i korzystac z dial-up.

Watro skorzystac z dobrodziejstw konta ograniczonego rezygnujac przynajmniej z czesci programow zabezpieczajacych...