Chcesz sprawdzić swój log z Hijackthisa? Wklej go tutaj...

[harrie]

Mógłby ktoś to sprawdzić?

Logfile of HijackThis v1.99.1

Scan saved at 14:27:46, on 2007-07-15

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32ZoneLabsvsmon.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32svchost.exe

C:WINDOWSSOUNDMAN.EXE

C:Program FilesHPHP Software UpdateHPWuSchd2.exe

C:Program FilesZone LabsZoneAlarmzlclient.exe

C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesHPDigital Imagingbinhpqtra08.exe

C:Program FilesHPDigital ImagingbinhpqSTE08.exe

C:Program FilesHPDigital ImagingProduct Assistantbinhprblog.exe

C:Program FilesOperaOpera.exe

C:Program FilesGadu-Gadugg.exe

C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe

C:Documents and SettingsAdminPulpithijackthisHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.neostrada.pl[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll

O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe

O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"

O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"

O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe

O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1taskbaricon.exe

O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe

O4 - HKLM..Run: [adiras] adiras.exe

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll

O11 - Options group: [INTERNATIONAL] International*

O17 - HKLMSystemCCSServicesTcpip..{5CCC0E4F-3985-453B-BC7C-997ED086DC98}: NameServer = 194.204.159.1 217.98.63.164

O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe

I sillent runners

"Silent Runners.vbs", revision R50, [url]http://www.silentrunners.org/[/url]

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"





Startup items buried in registry:

---------------------------------



HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}

"CTFMON.EXE" = "C:WINDOWSsystem32ctfmon.exe" [MS]



HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit" [MS]

"HP Software Update" = "C:Program FilesHPHP Software UpdateHPWuSchd2.exe" ["Hewlett-Packard Co."]

"ZoneAlarm Client" = ""C:Program FilesZone LabsZoneAlarmzlclient.exe"" ["Zone Labs, LLC"]

"AVP" = ""C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"" ["Kaspersky Lab"]

"WooCnxMon" = "C:PROGRA~1NEOSTR~1CnxMon.exe" [file not found]

"WOOTASKBARICON" = "C:PROGRA~1NEOSTR~1taskbaricon.exe" [file not found]

"WOOWATCH" = "C:PROGRA~1NEOSTR~1Watch.exe" [file not found]

"adiras" = "adiras.exe" [null data]



HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   InProcServer32(Default) = "C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   InProcServer32(Default) = "C:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"]



HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]

"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW"

  -> {HKLM...CLSID} = "Statystyki ochrony WWW"

                   InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll" ["Kaspersky Lab"]



HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify

<<!>> klogonDLLName = "C:WINDOWSsystem32klogon.dll" ["Kaspersky Lab"]



HKLMSoftwareClasses*shellexContextMenuHandlers

HexWorkshopContextMenu(Default) = "{DB34D5DC-D41A-482E-A5EF-8FA0F88761DA}"

  -> {HKLM...CLSID} = "Hex Workshop Shell Extension"

                   InProcServer32(Default) = "C:Program FilesBreakPoint SoftwareHex Workshop 4.2hwext.dll" ["BreakPoint Software, Inc."]

Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0ShellEx.dll" ["Kaspersky Lab"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]



HKLMSoftwareClassesDirectoryshellexContextMenuHandlers

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]



HKLMSoftwareClassesFoldershellexContextMenuHandlers

Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"

  -> {HKLM...CLSID} = (no title provided)

                   InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0ShellEx.dll" ["Kaspersky Lab"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]





Group Policies {policy setting}:

--------------------------------



Note: detected settings may not have any effect.



HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem



"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}



"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}





Active Desktop and Wallpaper:

-----------------------------



Active Desktop may be disabled at this entry:

HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState



Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral

"Wallpaper" = "C:WINDOWSwebwallpaperIdylla.bmp"



Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCUControl PanelDesktop

"Wallpaper" = "C:WINDOWSwebwallpaperIdylla.bmp"





Enabled Screen Saver:

---------------------



HKCUControl PanelDesktop

"SCRNSAVE.EXE" = "C:WINDOWSsystem32logon.scr" [MS]





Startup items in "Admin" & "All Users" startup folders:

-------------------------------------------------------



C:Documents and SettingsAll UsersMenu StartProgramyAutostart

"DSLMON" -> shortcut to: "C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe" [empty string]

"HP Digital Imaging Monitor" -> shortcut to: "C:Program FilesHPDigital Imagingbinhpqtra08.exe" ["Hewlett-Packard Co."]





Winsock2 Service Provider DLLs:

-------------------------------



Namespace Service Providers



HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E
ntries {++}

000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]

000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]



Transport Service Providers



HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En
tries {++}

0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%system32rsvpsp.dll [MS], 04 - 05





Toolbars, Explorer Bars, Extensions:

------------------------------------



Explorer Bars



HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars



HKLMSoftwareClassesCLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = "Volet Wanadoo"

Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]

InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [file not found]



HKLMSoftwareClassesCLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = "ToolBand Class"

Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]

InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [file not found]



HKLMSoftwareClassesCLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = "Volet Wanadoo"

Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]

InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [file not found]



HKLMSoftwareClassesCLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = "Statystyki ochrony WWW"

Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]

InProcServer32(Default) = "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll" ["Kaspersky Lab"]



Extensions (Tools menu items, main toolbar menu buttons)



HKLMSoftwareMicrosoftInternet ExplorerExtensions

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}

"ButtonText" = "Statystyki ochrony WWW"





Miscellaneous IE Hijack Points

------------------------------



HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks

<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)

  -> {HKLM...CLSID} = "Search Class"

                   InProcServer32(Default) = "C:PROGRA~1NEOSTR~1SEARCH~1.DLL" [file not found]





Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------



Kaspersky Anti-Virus 6.0, AVP, ""C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r" ["Kaspersky Lab"]

NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]

TrueVector Internet Monitor, vsmon, "C:WINDOWSsystem32ZoneLabsvsmon.exe -service" ["Zone Labs, LLC"]





Print Monitors:

---------------



HKLMSystemCurrentControlSetControlPrintMonitors

HP Standard TCP/IP PortDriver = "HpTcpMon.dll" ["Hewlett Packard"]

hpzlnt12Driver = "hpzlnt12.dll" ["HP"]





----------

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.



+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 101 seconds.

---------- (total run time: 148 seconds)

@down
Czy mi się zdaje czy ty na siłe wrzucasz logi?
btw nie graj w tibie...

 

[Lindlay xd]

Logfile of HijackThis v1.99.1
Scan saved at 15:40:11, on 2007-07-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
Crogram FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32nvsvc32.exe
Erogram FilesDialNetWrOS.EXE
Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe
Crogram FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSExplorer.EXE
Crogram FilesCommon FilesRealUpdate_OBrealsched.exe
CROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSMixer.exe
Erogram FilesDialNetwinpppoverethernet.exe
C:WINDOWSsystem32wuauclt.exe
D:Tibia 8.0Tibia.exe
Crogram FilesGadu-Gadugg.exe
D:Tibia Autotibiaauto.exe
C:WINDOWSsystem32wpabaln.exe
Crogram FilesMozilla Firefoxfirefox.exe
Drogram FilesProcessExplorerHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Crogram FilesYahoo!CompanionInstallscpnycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Erogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - Crogram FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_01binssv.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnycomp5_6_2_0.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [TkBellExe] "Crogram FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [avast!] CROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..Run: [a-winpoet-service] "Erogram FilesDialNetwinpppoverethernet.exe"
O4 - HKLM..Run: [] "EROGRA~1DialNetFPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT"
O4 - HKLM..Run: [z-wrdialer] "Erogram FilesDialNetwrdialer.exe"
O4 - HKCU..Run: [Gadu-Gadu] "Crogram FilesGadu-Gadugg.exe" /tray
O4 - Startup: Adobe Gamma.lnk = Crogram FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Crogram FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O17 - HKLMSystemCCSServicesTcpip..{077D4BB9-FBC6-45C4-A048-E18B61D7976E}: NameServer = 217.30.129.149,217.30.137.200
O17 - HKLMSystemCCSServicesTcpip..{0A7C998A-20B7-4D9E-94D7-50E70E496D95}: NameServer = 217.30.129.149 217.30.137.200
O17 - HKLMSystemCS1ServicesTcpip..{077D4BB9-FBC6-45C4-A048-E18B61D7976E}: NameServer = 217.30.129.149,217.30.137.200
O17 - HKLMSystemCS2ServicesTcpip..{077D4BB9-FBC6-45C4-A048-E18B61D7976E}: NameServer = 217.30.129.149,217.30.137.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - Crogram FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - Crogram FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - Crogram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - Erogram FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:WINDOWSsystem32wdfmgr.exe (file missing)
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - Erogram FilesDialNetWrOS.EXE

 

[Kanciastoporty]

•Erogram FilesDialNetwinpppoverethernet.exe- jezeli wiesz co to, to zostaw, jezeli nie, to usun
•O4 - HKLM..Run: [] "EROGRA~1DialNetFPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT" - jezeli wiesz co to, to zostaw, jezeli nie, to usun
•O4 - HKLM..Run: [z-wrdialer] "Erogram FilesDialNetwrdialer.exe" - usun
•O17 - HKLMSystemCCSServicesTcpip..{077D4BB9-FBC6-45C4-A048-E18B61D7976E}: NameServer = 217.30.129.149,217.30.137.200- jezeli znasz te ip, to zostaw, jezeli nie, to usun
•O17 - HKLMSystemCCSServicesTcpip..{0A7C998A-20B7-4D9E-94D7-50E70E496D95}: NameServer = 217.30.129.149 217.30.137.200- jezeli znasz te ip, to zostaw, jezeli nie, to usun
•O17 - HKLMSystemCS1ServicesTcpip..{077D4BB9-FBC6-45C4-A048-E18B61D7976E}: NameServer = 217.30.129.149,217.30.137.200- jezeli znasz te ip, to zostaw, jezeli nie, to usun
•O17 - HKLMSystemCS2ServicesTcpip..{077D4BB9-FBC6-45C4-A048-E18B61D7976E}: NameServer = 217.30.129.149,217.30.137.200 - jezeli znasz te ip, to zostaw, jezeli nie, to usun
/taki zapis bedzie czytelniejszy ;]

 

[Szuja]

Originally posted by Kanciastoporty
HKLMSystemCCSServicesTcpip..{077D4BB9-FBC6-45C4-A048-E18B61D7976E}: NameServer = 217.30.129.149,217.30.137.200- jezeli znasz te ip, to zostaw, jezeli nie, to usun
•O17 - HKLMSystemCCSServicesTcpip..{0A7C998A-20B7-4D9E-94D7-50E70E496D95}: NameServer = 217.30.129.149 217.30.137.200- jezeli znasz te ip, to zostaw, jezeli nie, to usun
•O17 - HKLMSystemCS1ServicesTcpip..{077D4BB9-FBC6-45C4-A048-E18B61D7976E}: NameServer = 217.30.129.149,217.30.137.200- jezeli znasz te ip, to zostaw, jezeli nie, to usun
•O17 - HKLMSystemCS2ServicesTcpip..{077D4BB9-FBC6-45C4-A048-E18B61D7976E}: NameServer = 217.30.129.149,217.30.137.200 - jezeli znasz te ip, to zostaw, jezeli nie, to usun

Przecież to serwery dns dialogu z legnicy ( dns.legnica.dialog.net.pl ).

 

[Wani14]

Jak wszyscy to i ja dam swojego loga

oto on :
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32spoolsv.exe
CROGRA~1GrisoftAVG7avgamsvr.exe
CROGRA~1GrisoftAVG7avgupsvc.exe
CROGRA~1GrisoftAVG7avgemc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSExplorer.EXE
Crogram FilesZone LabsZoneAlarmzlclient.exe
Crogram FilesGadu-Gadugg.exe
drogram FilesWinampwinamp.exe
drogram FilesWinampwinamp.exe
Drogram FilesCamStudioCamStudio.exe
CROGRA~1MOZILL~1FIREFOX.EXE
Cocuments and SettingsbamberPulpitHiJackThis_v2.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://wp.pl/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = L1cza
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - Crogram FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_01binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Crogram FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [Zone Labs Client] "Crogram FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [BitTorrent] "Drogram FilesBitTorrentbittorrent.exe" --force_start_minimized
O4 - HKCU..Run: [swg] Crogram FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [FreeCall] "Drogram FilesFreeCall.comFreeCallFreeCall.exe" -nosplash -minimized
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUSS-1-5-19..Run: [AVG7_Run] CROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'USŁUGA LOKALNA')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - Drogram FilesVisualRoutevrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - Drogram FilesVisualRoutevrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_01binssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Crogram FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - CROGRA~1GrisoftAVG7avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - CROGRA~1GrisoftAVG7avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - CROGRA~1GrisoftAVG7avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - Crogram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe

 

[Kanciastoporty]

log czysty

 

[EsX]

Witam mam takie pytanie wiec to wyglada tak

Logfile of HijackThis v1.99.1

Scan saved at 11:43:37, on 2007-07-23

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSexplorer.exe

C:Program FilesUnlockerUnlockerAssistant.exe

C:WINDOWSSOUNDMAN.EXE

C:WINDOWSALCWZRD.EXE

C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe

C:Program FilesCommon FilesRealUpdate_OBrealsched.exe

C:Program FilesJavajre1.6.0_02binjusched.exe

C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.EXE

C:Program FilesQuickTimeqttask.exe

C:Program FilesRay AdamsATI Tray Toolsatitray.exe

C:Program FilesAusLogics BoostSpeedboostspeed.exe

C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe

C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe

C:Program FilesWinampwinamp.exe

C:Program FilesGadu-Gadugg.exe

C:Program FilesOperaOpera.exe

D:HijackThisHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL

O4 - HKLM..Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe

O4 - HKLM..Run: [UnlockerAssistant] "C:Program FilesUnlockerUnlockerAssistant.exe"

O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..Run: [kis] "C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe"

O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe"  -osboot

O4 - HKLM..Run: [StartCCC] C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe

O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe"

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKCU..Run: [AtiTrayTools] "C:Program FilesRay AdamsATI Tray Toolsatitray.exe"

O4 - HKCU..Run: [Odkurzacz-MCD] C:Program FilesOdkurzaczodk_mcd.exe

O4 - HKCU..Run: [BoostSpeed] "C:Program FilesAusLogics BoostSpeedboostspeed.exe" /Q

O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:Program FilesKaspersky LabKaspersky Internet Security 6.0ie_banner_deny.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll

O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Internet Security 6.0scieplugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O20 - AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1.0adialhk.dll

O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe" -r (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Lite XI.SP1Win32RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:Program FilesSiSoftwareSiSoftware Sandra Lite XI.SP1RpcSandraSrv.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe

jak sprawdzalem na stronce to niby log jest czysty tylko jedno mnie zastanawia podejrzane dla mnie jest to

F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe

co sadzicie o tym?

 

[Kanciastoporty]

instalowales astona?

 

[EsX]

wlasnie nie

 

[Kanciastoporty]

sprobuj tak
usun ta linijke, pozniej w HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon zmień wartość o nazwie Shell na explorer.exe
tak jak tutaj

 

[luciferio_n]

log

Tak tylko tu trafiłem i pomyślałem, że jak wkleję, to może wyjść tylko na dobre :]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:48:18, on 2007-07-23

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32wscntfy.exe

C:WINDOWSsystem32taskmgr.exe

C:WINDOWSExplorer.exe

C:Program FilesThomsonSpeedTouch USBDragdiag.exe

C:WINDOWSsystem32ctfmon.exe

D:Program FilesGadu-Gadugg.exe

D:Program FilesAutoConnectAutoConnect.exe

D:Program FilesOperaOpera.exe

d:Program FilesTrend MicroHijackThisHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL

F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:Program FilesBitComettoolsBitCometBHO.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - -C:Program FilesKnight Online Toolbarv3.2.0.0Knight_Online_Toolbar.dll (file missing)

O2 - BHO: GigaSize toolbar - {B8A7839C-51E8-4067-ADA3-CA74BABC1976} - D:Program FilesGigaSize.com IncGigaSize ToolbarKenciatb.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - -C:Program FilesCanonEasy-WebPrintToolband.dll (file missing)

O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:WINDOWSsystem32SHDOCVW.DLL

O3 - Toolbar: (no name) - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file)

O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - -C:Program FilesKnight Online Toolbarv3.2.0.0Knight_Online_Toolbar.dll (file missing)

O3 - Toolbar: GigaSize toolbar - {B8A7839C-51E8-4067-ADA3-CA74BABC1976} - D:Program FilesGigaSize.com IncGigaSize ToolbarKenciatb.dll

O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] -nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [PrtDisp] -PrtDisp.exe

O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k

O4 - HKLM..Run: [Resume copy] -copyfstq.exe /startup

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-19..Run: [NETIANET] C:Program FilesNetiaNetnetianet.exe (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Clean Traces - D:Program FilesDAPPrivacy Packagedapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - D:Program FilesDAPdapextie.htm

O8 - Extra context menu item: Download &all with DAP - D:Program FilesDAPdapextie2.htm

O8 - Extra context menu item: Mail to a Friend... - [url]http://client.alexa.com/holiday/script/actions/mailto.htm[/url]

O8 - Extra context menu item: See Related Links - [url]http://client.alexa.com/holiday/script/actions/related.htm[/url]

O8 - Extra context menu item: Write a Review... - [url]http://client.alexa.com/holiday/script/actions/review.htm[/url]

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra button: (no name) - {0015690D-1D8A-45bc-81A7-B7C63E9CABCD} - D:Program FilesGigaSize.com IncGigaSize ToolbarKenciatb.dll

O9 - Extra 'Tools' menuitem: GigaSize toolbar - {0015690D-1D8A-45bc-81A7-B7C63E9CABCD} - D:Program FilesGigaSize.com IncGigaSize ToolbarKenciatb.dll

O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)

O9 - Extra 'Tools' menuitem: GigaSize Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url]http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab[/url]

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - [url]http://67.15.101.3/g_bin/pl/cards_2_0_0_71.cab[/url]

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - [url]http://www.mks.com.pl/skaner/SkanerOnline.cab[/url]

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url]

O17 - HKLMSystemCCSServicesTcpip..{9EE67668-57EE-4667-A18B-3A6D69CE40E3}: NameServer = 213.241.79.37 83.238.255.76

O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - -C:WINDOWSsystem32rrtcany.dll (file missing)

O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - -C:WINDOWSsystem32rrtcany.dll (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: Printer Control - Unknown owner - -C:WINDOWSsystem32PrintCtrl.exe (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - -C:WINDOWSsystem32PSIService.exe (file missing)

O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - D:PROGRA~1DAPSpeedBit Video AcceleratorVideoAcceleratorEngine.exe



--

End of file - 6661 bytes

 

[Kanciastoporty]

•O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - -Crogram FilesKnight Online Toolbarv3.2.0.0Knight_Online_Toolbar.dll (file missing) - mozesz usunac, ale nie musisz (jest to wpis po pliku ktorego juz nie ma)
•O2 - BHO: GigaSize toolbar - {B8A7839C-51E8-4067-ADA3-CA74BABC1976} - Drogram FilesGigaSize.com IncGigaSize ToolbarKenciatb.dll - jezeli wiesz co to jest (jakas czesc programu ktory sciagnales, albo cos) to zostaw, jezeli nie wiesz, to usun
•O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - -Crogram FilesCanonEasy-WebPrintToolband.dll (file missing) - mozesz usunac, ale nie musisz (jest to wpis po pliku ktorego juz nie ma)
•O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:WINDOWSsystem32SHDOCVW.DLL - ta biblioteka to jest plik systemowy, ale ht sugeruje ze jest niebezpieczny (w kazdym razie to jest z alexa toolbar) Narazie to pomin, pozniej wklej drugi log po poprawieniu reszty wpisow
•O3 - Toolbar: (no name) - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - (no file) - mozesz usunac, ale nie musisz (jest to wpis do jakims zlosliwym oprogramowaniu, usunietym juz z systemu)
•O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - -Crogram FilesKnight Online Toolbarv3.2.0.0Knight_Online_Toolbar.dll (file missing) - mozesz usunac, ale nie musisz (jest to wpis po pliku ktorego juz nie ma)
•O3 - Toolbar: GigaSize toolbar - {B8A7839C-51E8-4067-ADA3-CA74BABC1976} - Drogram FilesGigaSize.com IncGigaSize ToolbarKenciatb.dll - jezeli wiesz co to jest (jakas czesc programu ktory sciagnales, albo cos) to zostaw, jezeli nie wiesz, to usun
•O4 - HKLM..Run: [PrtDisp] -PrtDisp.exe - jezeli wiesz co to jest (jakas czesc programu ktory sciagnales, albo cos) to zostaw, jezeli nie wiesz, to usun
•O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k -

Originally posted by
Gutek2222]znak errora, który u ciebie nastąpił. Wejście nieszkodliwe. Ten KernelFaultCheck możesz usunąć Hijackiem i całkowicie zapobiec powstawaniu tego wpisu poprzez:
Panel sterowania >>> System >>> Zaawansowne >>> Uruchamianie i odzyskiwanie. Klikasz Ustawienia i w sekcji Zapisywanie informacji o debugowaniu ustaw opcję na Brak.

•O4 - HKLM..Run: [Resume copy] -copyfstq.exe /startup - jezeli wiesz co to jest (jakas czesc programu ktory sciagnales, albo cos) to zostaw, jezeli nie wiesz, to usun
•
→O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
→O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
→O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm - Jezeli nie znasz tych trzech wprowadzen ("Mail to a Friend...", "See Related Links", "Write a Review...") to usun. Sa to wprowadzenia ktore pojawiaja sie gdy klikasz prawym przyciskiem myszy w Internet Explorerze.
•O9 - Extra button: (no name) - {0015690D-1D8A-45bc-81A7-B7C63E9CABCD} - Drogram FilesGigaSize.com IncGigaSize ToolbarKenciatb.dll - Dodatkowy guzik bez nazwy, raczej napewno nie jest ci to potrzebne wiec usun
•O9 - Extra 'Tools' menuitem: GigaSize toolbar - {0015690D-1D8A-45bc-81A7-B7C63E9CABCD} - Drogram FilesGigaSize.com IncGigaSize ToolbarKenciatb.dll - jezeli nie wiesz co to jest za wprowadzenie (nazwa "GigaSize toolbar") to usun
•O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file) - taki sam przypadek jak 2 wprowadzenia wyzej, z tym ze jest nieaktywny. Wiec mozesz usunac, jezeli chcesz
• O9 - Extra 'Tools' menuitem: GigaSize Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file) - przypadek jak wyzej, z tym ze z konkretna nazwa ("GigaSize Toolbar"). Rob jak wyzej
•O17 - HKLMSystemCCSServicesTcpip..{9EE67668-57EE-4667-A18B-3A6D69CE40E3}: NameServer = 213.241.79.37 83.238.255.76 - jezeli znasz to ip, to zostawiasz, jezeli nie, to usuwasz
•O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - -C:WINDOWSsystem32rrtcany.dll (file missing) - pozostalosc po pliku, ktorego nie ma. Wiec jezeli chcesz to mozesz usunac.
•O22 - SharedTaskScheduler: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - -C:WINDOWSsystem32rrtcany.dll (file missing) - Wpis po pliku, ktorego juz nie ma. Mozesz usunac jezeli chcesz.
•O23 - Service: Printer Control - Unknown owner - -C:WINDOWSsystem32PrintCtrl.exe (file missing) - jezeli znasz to usluge to zostaw, chociaz i tak plik juz nie istnieje. Wiec jezeli chcesz to mozesz usunac.

 

[WunD3r]

Logfile of HijackThis v1.99.1
Scan saved at 19:17:23, on 2007-07-23
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSexplorer.exe
C:WINDOWSSystem32RUNDLL32.EXE
D:INTERN~1MEDIAKEY.EXE
C:WINDOWSSystem32CTHELPER.EXE
D:INTERN~1KBOSDCtl.EXE
D:Esetnod32kui.exe
C:WINDOWSSystem32MMTray.exe
D:INTERN~1KCodeMsg.EXE
D:Zone LabsZoneAlarmzlclient.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb10.exe
Crogram FilesHPhpcoretechhpcmpmgr.exe
Crogram FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
Crogram FilesCyberLinkPowerDVDPDVDServ.exe
Crogram FilesJavajre1.5.0_10binjusched.exe
D:NOKIANOKIAP~1LAUNCH~1.EXE
D:A4TechMouseAmoumain.exe
C:WINDOWSSystem32ctfmon.exe
Crogram FilesMicrosoft ActiveSyncwcescomm.exe
CROGRA~1MICROS~3rapimgr.exe
CROGRA~1COMMON~1PCSuiteServicesSERVIC~1.EXE
D:lgLGSyncManager.exe
Cocuments and SettingsAll UsersMenu StartProgramyAutostartUninstall.exe
C:WINDOWSsystem32Ctsvccda.exe
d:Esetnod32krn.exe
D:XfireXfire.exe
C:WINDOWSSystem32nvsvc32.exe
Crogram FilesCyberLinkShared filesRichVideo.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSSystem32MsPMSPSv.exe
d:Esetnod32.exe
Crogram FilesInternet ExplorerIEXPLORE.EXE
Crogram FilesHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.windowsxlive.net
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:AdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:BitConnetBitComettoolsBitCometBHO_1.1.3.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_10binssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:FlashGetjccatch.dll
O2 - BHO: (no name) - {D61D7E1A-6613-49CA-B6F9-51DB248E209D} - Crogram FilesVideo ActiveX Accessiesplg.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:FlashGetfgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - Crogram FilesVideo ActiveX Accessiesbpl.dll (file missing)
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [MediaKey] D:INTERN~1MEDIAKEY.EXE
O4 - HKLM..Run: [CTHelper] CTHELPER.EXE
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKLM..Run: [Jet Detection] d:CreativeSBLivePROGRAMADGJDet.exe
O4 - HKLM..Run: [nod32kui] "d:Esetnod32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [MMTray] MMTray.exe
O4 - HKLM..Run: [Zone Labs Client] d:Zone LabsZoneAlarmzlclient.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb10.exe
O4 - HKLM..Run: [HP Component Manager] "Crogram FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [HP Software Update] "Crogram FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [RemoteControl] "Crogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [LanguageShortcut] "Crogram FilesCyberLinkPowerDVDLanguageLanguage.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.5.0_10binjusched.exe"
O4 - HKLM..Run: [Adobe Photo Downloader] "Crogram FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"
O4 - HKLM..Run: [PCSuiteTrayApplication] D:NOKIANOKIAP~1LAUNCH~1.EXE -onlytray
O4 - HKLM..Run: [Vista Sidebar] Crogram FilesVista Sidebarsidebar.exe
O4 - HKLM..Run: [WheelMouse] d:A4TechMouseAmoumain.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [swg] Crogram FilesGoogleGoogleToolbarNotifier1.2.908.5008GoogleToolbarNotifier.exe
O4 - HKCU..Run: [H/PC Connection Agent] "Crogram FilesMicrosoft ActiveSyncwcescomm.exe"
O4 - Startup: Xfire.lnk = D:XfireXfire.exe
O4 - Global Startup: Expressivo.lnk = Crogram FilesivoExpressivo Demoexpressivo.exe
O4 - Global Startup: LG SyncManager.lnk = D:lgLGSyncManager.exe
O4 - Global Startup: Microsoft Office.lnk = D:Microsoft OfficeOfficeOSA9.EXE
O4 - Global Startup: Uninstall.exe
O8 - Extra context menu item: Download All by FlashGet - D:FlashGetjc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:FlashGetjc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_10binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_10binssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - CROGRA~1MICROS~3INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - CROGRA~1MICROS~3INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - CROGRA~1MICROS~3INetRepl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:FlashGetflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:FlashGetflashget.exe
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_21.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169818200140
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab
O23 - Service: Adobe LM Service - Adobe Systems - Crogram FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32Ctsvccda.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - d:Esetnod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - Crogram FilesCyberLinkShared filesRichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe[/b]

ech moj brat jakiegoś wirusa "zassysał" gdzieś ,ale go usunąłem i wciąż pokazuje mi alert ,że go mam ... chyba coś w rejestrze pozmieniał ;/

 

[Kanciastoporty]

•O4 - Global Startup: Expressivo.lnk = Crogram FilesivoExpressivo Demoexpressivo.exe
•O4 - Global Startup: Uninstall.exe
•O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_21.cab
•O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjim...Plugin11USA.cab
przyczyna pojawiania sie alertu moga byc te wpisy
dwa ostatnie jezeli nie znasz tych stron
Jezeli to nie to, to wklej screena z alertem

 

[WunD3r]

Originally posted by Kanciastoporty
•O4 - Global Startup: Expressivo.lnk = Crogram FilesivoExpressivo Demoexpressivo.exe
•O4 - Global Startup: Uninstall.exe
•O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_21.cab
•O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjim...Plugin11USA.cab
przyczyna pojawiania sie alertu moga byc te wpisy
dwa ostatnie jezeli nie znasz tych stron
Jezeli to nie to, to wklej screena z alertem

expressivo to dodatek do allplayera reszta to gry wp.pl i gra Gunz :

http://www.fotosik.pl/pokaz_obrazek/pelny/...6c84e02fc1.html

i to

http://www.fotosik.pl/pokaz_obrazek/pelny/...63f8e675fc.html

 

[Kanciastoporty]

ale teraz nie rozumiem, rozwiazales problem? po co mi dales te dwa klucze? Napisalem ze jak nei pomoglo zebys wkleil alerta

 

[luciferio_n]

Zfixowałem 13 wpisów co do reszty, to albo wiedziałem, że są potrzebne/nieszkodliwe, albo powiedziałeś, żebym wrzucił kolejnego loga.

Teraz co do Twoich wątpliwości:
•O4 - HKLM..Run: [Resume copy] -copyfstq.exe /startup, to jest coś od kopiowania-wyłączyłem to kiedyś w msconfig i później nie miałem opcji kopiuj wklej (jak klikałem ppm), więc to chyba coś win$

•O4 - HKLM..Run: [PrtDisp] -PrtDisp.exe to mi wygląda znajomo, ale nie iwem do czego służy, znalazłem w windows/system32 taki plik-o takiej nazwie, ikona wyglądała znajomo, a jak włączyłem ten plik(*.exe), to włączył sie tylko proces i dał się normalnie zamknąć(przez systemowy menadźae zadań). Usunąłem wpis, ale tamtego pliku nie.

•O17 - HKLMSystemCCSServicesTcpip..{9EE67668-57EE-4667-A18B-3A6D69CE40E3}: NameServer = 213.241.79.37 83.238.255.76 To również nie wie co to jest :/ ale wywaliłem, bo nie przypominam sobie tych IP.


Co do plików GigaSize toolbar, to jestem o to spokojny, alexy nie usuwaem, ale mogę, bo i tak nie korzystam. nowy log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:15:09, on 2007-07-23

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSsystem32taskmgr.exe

C:WINDOWSsystem32wscntfy.exe

C:WINDOWSExplorer.exe

C:Program FilesThomsonSpeedTouch USBDragdiag.exe

C:WINDOWSsystem32ctfmon.exe

D:Program FilesAutoConnectAutoConnect.exe

D:Program FilesOperaOpera.exe

D:Program FilesTrend MicroHijackThisHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL

F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:Program FilesBitComettoolsBitCometBHO.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: GigaSize toolbar - {B8A7839C-51E8-4067-ADA3-CA74BABC1976} - D:Program FilesGigaSize.com IncGigaSize ToolbarKenciatb.dll

O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:WINDOWSsystem32SHDOCVW.DLL

O3 - Toolbar: GigaSize toolbar - {B8A7839C-51E8-4067-ADA3-CA74BABC1976} - D:Program FilesGigaSize.com IncGigaSize ToolbarKenciatb.dll

O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] -nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [Resume copy] -copyfstq.exe /startup

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-19..Run: [NETIANET] C:Program FilesNetiaNetnetianet.exe (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Clean Traces - D:Program FilesDAPPrivacy Packagedapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - D:Program FilesDAPdapextie.htm

O8 - Extra context menu item: Download &all with DAP - D:Program FilesDAPdapextie2.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra button: (no name) - {0015690D-1D8A-45bc-81A7-B7C63E9CABCD} - D:Program FilesGigaSize.com IncGigaSize ToolbarKenciatb.dll

O9 - Extra 'Tools' menuitem: GigaSize toolbar - {0015690D-1D8A-45bc-81A7-B7C63E9CABCD} - D:Program FilesGigaSize.com IncGigaSize ToolbarKenciatb.dll

O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)

O9 - Extra 'Tools' menuitem: GigaSize Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url]http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab[/url]

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - [url]http://67.15.101.3/g_bin/pl/cards_2_0_0_71.cab[/url]

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - [url]http://www.mks.com.pl/skaner/SkanerOnline.cab[/url]

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url]

O17 - HKLMSystemCCSServicesTcpip..{9EE67668-57EE-4667-A18B-3A6D69CE40E3}: NameServer = 213.241.79.37 83.238.255.76

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - -C:WINDOWSsystem32PSIService.exe (file missing)

O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - D:PROGRA~1DAPSpeedBit Video AcceleratorVideoAcceleratorEngine.exe



--

End of file - 5245 bytes

 

[Kanciastoporty]

wklej jeszcze raz loga bo sa linijki poprzesuwane

 

[luciferio_n]

Zedytowałem, żeby nie brudzić na forum, a no i dzięki za pomoc

 

[Kanciastoporty]

reszta wydaje sie byc w porzadku