Chcesz sprawdzić swój log z Hijackthisa? Wklej go tutaj...

[Alliata]

Rantek

Rantek,ty wiesz w jaki sposób sie gryzą ?? AV.Każdy Informatyk ci to powie, ze kilka AV daje mniejszy efekt niz jeden dobry.

Smucić to sie możesz ty.Używasz Kilku AV ,taa ?? to ja jestem ciekaw jak twoj komp bedzie wygladal za pół albo rok


Załóżmy ze Nod i Kasper znajdują infekcje a G-Date nie.I G-date działa za zasadzie rootkita i zmiejsza prawdopodobieństwo wykrycia.

 

[izoll]

Originally posted by dorianmas
izoll, log czysty.

dziekuje

 

[proxima]

Rantek,ty wiesz w jaki sposób sie gryzą ?? AV.Każdy Informatyk ci to powie, ze kilka AV daje mniejszy efekt niz jeden dobry.[/b]

"Gryza" sie wówczas gdy 2 (lub więcej) ma aktywną ochronę rezydentną. Jeśli natomiast tylko jeden a reszta jest używana do skanowania tylko to jest oki.

 

[dorianmas]

RYNIEK, log czysty.

208.65.153.253

to jest ip youtube

 

[0wn3r]

Skąd to wziąłeś, że jeśli więcej niż 4 - 5 połączeń to infekcja? Ja mam akurat 22 połączenia i ani jednego syfu. Logi z ComboFix'a & HijackThis sobie sprawdzam, NOD32 skanuje dysk co tydzień i nic

 

[RYNIEK]

Re: Rantek

Originally posted by Alliata
Rantek,ty wiesz w jaki sposób sie gryzą ?? AV.Każdy Informatyk ci to powie, ze kilka AV daje mniejszy efekt niz jeden dobry.

Smucić to sie możesz ty.Używasz Kilku AV ,taa ?? to ja jestem ciekaw jak twoj komp bedzie wygladal za pół albo rok


Załóżmy ze Nod i Kasper znajdują infekcje a G-Date nie.I G-date działa za zasadzie rootkita i zmiejsza prawdopodobieństwo wykrycia.

Po pierwsze RYNIEK a nie Rantek-taki z ciebie haxi0r a czytać nie umiesz lol....
Po drugie-od kiedy to Windows Defender jest antywirusem???Prawda Ad-Aware niby potrafi wykryć jakiegoś trojana-tak przynajmniej opisują producenci ten program-ale tak to ja się sugeruję przede wszytkim G-Datą.
Popatrz że już od ponad pół roku mam na jednym kompie Ad-Aware+G-Data+Windows Defender i nic się nie gryzie ze sobą....z kompem też nic tragicznego się nie działo....

 

[Brola]

Sprawdzcie moje loga....;] Thx za pomoc...
Logfile of HijackThis v1.99.1
Scan saved at 23:05:26, on 2008-02-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
Crogram FilesArcaBitArcaVirABregmon.exe
Crogram FilesArcaBitArcaVirAVMenu.exe
C:WINDOWSsystem32Rscmpt.exe
C:WINDOWStsnpstd3.exe
Crogram FilesNVIDIA CorporationNvMixerNVMixerTray.exe
C:WINDOWSvsnpstd3.exe
Crogram FilesUnlockerUnlockerAssistant.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
Crogram FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe
Crogram FilesArcaBitArcaVirNetMonSV.exe
C:WINDOWSSystem32alg.exe
Crogram FilesArcaBitCommonArcaBit.Core.Configurator2.exe
Crogram FilesArcaBitArcaVirAvMon.exe
Crogram FilesIVT CorporationBlueSoleilBTNtService.exe
Crogram FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesArcaBitCommonTaskScheduler.exe
Crogram FilesArcaBitCommonArcaBit.Core.LoggingService.exe
Crogram FilesInternet Exploreriexplore.exe
Crogram FilesHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.interia.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - Crogram FilesivoExpressivointegrih-iexplorerIH_iexplorer.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar1.dll
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - Crogram FilesivoExpressivointegrih-iexplorerIH_iexplorer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [ArcaCheck] Crogram FilesArcaBitArcaVirArcaCheck.exe /startup
O4 - HKLM..Run: [abregmon] Crogram FilesArcaBitArcaVirABregmon.exe
O4 - HKLM..Run: [AVMenu] Crogram FilesArcaBitArcaVirAVMenu.exe
O4 - HKLM..Run: [Rscmpt] C:WINDOWSsystem32Rscmpt.exe
O4 - HKLM..Run: [IndexSearch] Crogram FilesScanSoftPaperPortIndexSearch.exe
O4 - HKLM..Run: [SetDefPrt] Crogram FilesBrotherBrmfl06aBrStDvPt.exe
O4 - HKLM..Run: [tsnpstd3] C:WINDOWStsnpstd3.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NVMixerTray] "Crogram FilesNVIDIA CorporationNvMixerNVMixerTray.exe"
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [snpstd3] C:WINDOWSvsnpstd3.exe
O4 - HKLM..Run: [UnlockerAssistant] "Crogram FilesUnlockerUnlockerAssistant.exe"
O4 - HKLM..RunServices: [DD2.exe]

O4 - HKLM..RunServices: [gg.exe] C:Windowsgg.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Skype] "Crogram FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [swg] Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - HKCU..Run: [WinMonCtf] C:WINDOWSWinMonCtf.exe
O4 - Startup: OpenOffice.ux.pl 2.0.1.lnk = Crogram FilesOpenOffice.ux.pl 2.0.1programquickstart.exe
O4 - Startup: svchost.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonlreg/component/INGOnl.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158600453375
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.140.237.244/activex/AMC.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{77CA1F9E-0EC1-4840-882F-5EFCA8A99441}: NameServer = 10.101.1.1,194.204.159.1,62.233.128.17
O17 - HKLMSystemCS1ServicesTcpip..{77CA1F9E-0EC1-4840-882F-5EFCA8A99441}: NameServer = 10.101.1.1,194.204.159.1,62.233.128.17
O20 - Winlogon Notify: TS_LogonListener - C:WINDOWSSYSTEM32TS_LogonListener.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - Crogram FilesCommon FilesABBYYFineReader9.00LicensingPENetworkLicenseServer.exe" -service (file missing)
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit - Crogram FilesArcaBitArcaVirNetMonSV.exe
O23 - Service: ArcaBit.Core.Configurator - ArcaBit - Crogram FilesArcaBitCommonArcaBit.Core.Configurator2.exe
O23 - Service: ArcaBit.Core.LoggingService - ArcaBit - Crogram FilesArcaBitCommonArcaBit.Core.LoggingService.exe
O23 - Service: ArcaBit.TaskScheduler - ArcaBit sp. z o.o. - Crogram FilesArcaBitCommonTaskScheduler.exe
O23 - Service: ArcaVir Antivirus Monitor Service (ArcaVirMonitor) - ArcaBit - Crogram FilesArcaBitArcaVirAvMon.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - Crogram FilesIVT CorporationBlueSoleilBTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - Crogram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: ipfw_helper (ipfw) - Unknown owner - Crogram FilesMCS StudiosMCS Firewall 6systemipfw.exe (file missing)
O23 - Service: License Management Service ESD - element5 - Crogram FilesCommon Fileselement5 SharedServiceLicence Manager ESD.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - Crogram FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

 

[B33RK4]

Czyste poza :

C:Windowsgg.exe -> coś nie bardzo podchodzi ścieżka...

 

[Brola]

O4 - HKLM..RunServices: [DD2.exe] to jest GGT Mam pytanie jezeli ktos podczas robienie servera do tego trojka zaznaczyl ukrywanie procesow to jak je usunac?? thx za pomoc....

 

[krzychu1991s]

Logfile of HijackThis v1.99.1

Scan saved at 21:03:28, on 2008-02-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesLavasoftAd-Aware 2007aawservice.exe

C:WINDOWSExplorer.EXE

c:windowssystem32svchost.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:WINDOWSSOUNDMAN.EXE

C:WINDOWSsystem32spoolsv.exe

C:Program FilesATI TechnologiesATI.ACECLI.EXE

C:Program FilesJavajre1.6.0_03binjusched.exe

C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe

C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe

C:Program FilesHPhpcoretechhpcmpmgr.exe

C:WINDOWSsystem32spooldriversw32x863hpztsb09.exe

C:WINDOWSsystem32ctfmon.exe

C:PROGRA~1CheckP3checkp3.exe

C:Program FilesCommon FilesAheadlibNMBgMonitor.exe

C:Program FilesSkypePhoneSkype.exe

C:PROGRA~1CACHEM~1CachemanXP.exe

C:WINDOWSsystem32PnkBstrA.exe

C:WINDOWSsystem32PnkBstrB.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:Program FilesATI TechnologiesATI.ACEcli.exe

C:Program FilesATI TechnologiesATI.ACEcli.exe

C:WINDOWSsystem32wuauclt.exe

C:Program FilesAlwil SoftwareAvast4ashSimpl.exe

C:Program FilesMicrosoft OfficeOffice10EXCEL.EXE

C:Program FilesMozilla Firefoxfirefox.exe

C:WINDOWSExplorer.EXE

C:Program FilesHijackThisHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32secpol.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACECLIStart.exe"

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"

O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033

O4 - HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe

O4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe"

O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"

O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb09.exe

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [CheckP3] C:PROGRA~1CheckP3checkp3.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadlibNMBgMonitor.exe"

O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized

O4 - HKCU..Run: [amva] C:WINDOWSsystem32amvo.exe

O4 - Startup: hamachi.lnk = C:Program FilesHamachihamachi.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url]

O17 - HKLMSystemCCSServicesTcpip..{CCC5321C-DA8F-4709-92DF-18AAD420AB5B}: NameServer = 192.168.1.1

O17 - HKLMSystemCCSServicesTcpip..{D8EA8847-EB41-402D-8696-44C178391E60}: NameServer = 192.168.1.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O20 - Winlogon Notify: fsmgmt - C:WINDOWSSYSTEM32fsmgmt.dll

O20 - Winlogon Notify: WgaLogon - C:WINDOWS

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:PROGRA~1CACHEM~1CachemanXP.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe

O23 - Service: MySql - Unknown owner - c:usr/MYSQL/bin/mysqld.exe

O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe

O23 - Service: Armed Assault Drivers Auto Removal (pr2agmlb) (pr2agmlb) - Bohemia Interactive - C:WINDOWSsystem32pr2agmlb.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)

O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:WINDOWSsystem32sfrem02.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:Program FilesTuneUp Utilities 2006WinStylerThemeSvc.exe

 

[shallet]

zglasza brak rundll32.exe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:28, on 2008-02-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesKaspersky LabKaspersky Internet Security 6.0avp.exe
C:WINDOWSsystem32slserv.exe
Crogram FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
Crogram FilesJavajre1.5.0_11binjusched.exe
Crogram FilesKaspersky LabKaspersky Internet Security 6.0avp.exe
Crogram FilesNokiaNokia PC Suite 6LaunchApplication.exe
Crogram FilesD4D4.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesZyDAS Technology CorporationZyDAS_802.11g_UtilityZDWlan.exe
Crogram FilesPC Connectivity SolutionServiceLayer.exe
Crogram FilesGadu-Gadugg.exe
Crogram FilesOperaOpera.exe
Crogram FilesJavajre1.5.0_11binjucheck.exe
Crogram FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_11binssv.dll
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.5.0_11binjusched.exe"
O4 - HKLM..Run: [AVP] "Crogram FilesKaspersky LabKaspersky Internet Security 6.0avp.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [PCSuiteTrayApplication] Crogram FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup
O4 - HKLM..Run: [Dimension4] Crogram FilesD4D4.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = Crogram FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: ZDWLan Utility.lnk = Crogram FilesZyDAS Technology CorporationZyDAS_802.11g_UtilityZDWlan.exe
O8 - Extra context menu item: Dodaj do blokowanych banerów - Crogram FilesKaspersky LabKaspersky Internet Security 6.0ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_11binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_11binssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Crogram FilesKaspersky LabKaspersky Internet Security 6.0scieplugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLMSystemCCSServicesTcpip..{9BF7E8C1-598D-44C3-A372-6CDDAFF685B3}: NameServer = 194.204.152.34,214.98.63.164
O20 - AppInit_DLLs: CROGRA~1KASPER~1KASPER~1.0adialhk.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - Crogram FilesKaspersky LabKaspersky Internet Security 6.0avp.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - Crogram FilesWinPcaprpcapd.exe
O23 - Service: ServiceLayer - Nokia. - Crogram FilesPC Connectivity SolutionServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:WINDOWSSYSTEM32slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - Crogram FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe

--
End of file - 5087 bytes

 

[dorianmas]

shallet,

Fix


O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

 

[respekt]

Prosze o sprawdzenie

Logfile of HijackThis v1.99.1
Scan saved at 11:56:42, on 2008-02-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wscntfy.exe
Crogram FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32RunDll32.exe
Crogram FilesJavajre1.6.0_03binjusched.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesWhatPulseWhatPulse.exe
CROGRA~1WapSterAQQAQQ.exe
Crogram FilesATI TechnologiesATI.ACECLI.exe
C:WINDOWSsystem32RaConfig.exe
Crogram FilesCommon FilesTeleca SharedGeneric.exe
Crogram FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
C:WINDOWSsystem32wuauclt.exe
D:Lineage IIsystemSL2.exe
D:Lineage IIsystemL2.exe
Crogram FilesMoorHuntMoorHunt.exe
Crogram FilesMozilla Firefoxfirefox.exe
Cocuments and SettingsCentrum DowodzeniaPulpitNowy folder (5)HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://search.bearshare.com/pl/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Hacked by Godzilla
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O1 - Hosts: 216.107.242.199 l2authd.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - Crogram FilesWinamp Toolbarwinamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - Crogram FilesFlashGetjccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_03binssv.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - Crogram FilesBurn4Free Toolbarv3.3.0.1Burn4Free_Toolbar.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - CROGRA~1FlashFXPIEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - Crogram FilesFlashGetgetflash.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Crogram FilesWinamp Toolbarwinamptb.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - Crogram FilesBurn4Free Toolbarv3.3.0.1Burn4Free_Toolbar.dll
O4 - HKLM..Run: [MS32DLL] C:WINDOWSMS32DLL.dll.vbs
O4 - HKLM..Run: [ATIPTA] Crogram FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [ATICCC] "Crogram FilesATI TechnologiesATI.ACEcli.exe" runtime
O4 - HKLM..Run: [C-Media Speaker Configuration] Cocuments and SettingsCentrum DowodzeniaPulpitSetup.exe /SPEAKER
O4 - HKLM..Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [NBKeyScan] "Crogram FilesNeroNero8Nero BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [Sony Ericsson PC Suite] "Crogram FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.6.0_03binjusched.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "Crogram FilesCommon FilesNeroLibNMBgMonitor.exe"
O4 - HKCU..Run: [WhatPulse] Crogram FilesWhatPulseWhatPulse.exe
O4 - HKCU..Run: [AQQ] CROGRA~1WapSterAQQAQQ.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = Crogram FilesAdobeReader 8.0Readerreader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = Crogram FilesAdobeReader 8.0ReaderAdobeCollabSync.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = Crogram FilesATI TechnologiesATI.ACECLI.exe
O4 - Global Startup: RaConfig.lnk = C:WINDOWSsystem32RaConfig.exe
O8 - Extra context menu item: &Download All with FlashGet - Crogram FilesFlashGetjc_all.htm
O8 - Extra context menu item: &Download with FlashGet - Crogram FilesFlashGetjc_link.htm
O8 - Extra context menu item: &Winamp Toolbar Search - Cocuments and SettingsAll UsersDane aplikacjiWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Crogram FilesFlashGetFlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - Crogram FilesFlashGetFlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O17 - HKLMSystemCCSServicesTcpip..{A82E8122-D7D4-4365-B52C-D3826AD1DDAC}: NameServer = 194.204.152.34,194.204.159.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe[/b]

 

[dorianmas]

respekt,

Fix

O4 - HKLM..Run: [MS32DLL] C:WINDOWSMS32DLL.dll.vbs

 

[respekt]

Originally posted by dorianmas
respekt,

Fix

O4 - HKLM..Run: [MS32DLL] C:WINDOWSMS32DLL.dll.vbs

Tylkow jaki sposob mam to usunac ? pozbyc sie tego

 

[Skryhull]

Logfile of HijackThis v1.99.1
Scan saved at 21:16:23, on 2008-02-07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32CTsvcCDA.EXE
Crogram FilesOLYMPUSDeviceDetectorDM1Service.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesCommon FilesYDPUserAccessManageruseraccess.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:YDPDictwatch.exe
Crogram FilesJavajre1.6.0_03binjusched.exe
C:WINDOWSSOUNDMAN.EXE
Crogram FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
Crogram FilesCyberLinkPowerDVDPDVDServ.exe
Crogram FilesQuickTimeqttask.exe
Crogram FilesIntelPROSetWiredNCSPROSetPRONoMgr.exe
Crogram FilesMusicMatchMusicMatch Jukeboxmm_tray.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSsystem32hkcmd.exe
Crogram FilesASUSProbeAsusProb.exe
C:WINDOWSALCWZRD.EXE
C:WINDOWSALCMTR.EXE
C:WINDOWSsystem32wscntfy.exe
Crogram FilesRealRealPlayerRealPlay.exe
Crogram FilesCommon FilesOnet.plAutoUpdate.exe
Crogram FilesSony EricssonMobile2Application LauncherApplication Launcher.exe
C:WINDOWSsystem32Rundll32.exe
Crogram FilesCreativeSound Blaster X-FiVolume PanelVolPanlu.exe
Crogram FilesMessengermsmsgs.exe
C:WINDOWSSystem32svchost322.exe
Drogram FilesGadu-Gadugg.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesCreativeMediaSourceDetectorCTDetect.exe
Crogram FilesCommon FilesTeleca SharedCapabilityManager.exe
C:YDPDICTWatch.exe
Crogram FilesOLYMPUSDeviceDetectorDevDtct2.exe
crogram FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe
Crogram FilesCommon FilesTeleca SharedGeneric.exe
Crogram FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exe
Crogram FilesMozilla Firefoxfirefox.exe
Crogram FilesMusicMatchMusicMatch Jukeboxmmjb.exe
Crogram FilesMusicMatchMusicMatch JukeboxMMDiag.exe
Crogram FilesMicrosoft OfficeOffice10WINWORD.EXE
C:WINDOWSmsagentAgentSvr.exe
C:WINDOWSsystem32dwwin.exe
Crogram FilesHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll
F3 - REG:win.ini: load=C:YDPDictwatch.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - CROGRA~1BPKqwertywb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_03binssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - CROGRA~1FlashGetjccatch.dll (file missing)
O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - Crogram FilesVideo ActiveX Accessiesplg.dll (file missing)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - CROGRA~1TEXTwareQUICKF~1PlugInsIEHelp.dll
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - CROGRA~1BEARSH~1BEARSH~2MediaBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Crogram FilesBearShare applicationsBearShare MediaBarMediaBar.dll
O4 - HKLM..Run: [sys32cmd] Cocuments and SettingsDarekPulpitAdiActive Key Loggersys32win.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "Crogram FilesJavajre1.6.0_03binjusched.exe"
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM..Run: [Share-to-Web Namespace Daemon] crogram FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
O4 - HKLM..Run: [RemoteControl] "Crogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [QuickTime Task] "Crogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [PRONoMgrWired] Crogram FilesIntelPROSetWiredNCSPROSetPRONoMgr.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [MMTray] Crogram FilesMusicMatchMusicMatch Jukeboxmm_tray.exe
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [ASUS Probe] Crogram FilesASUSProbeAsusProb.exe
O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [RealTray] Crogram FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [LanzarL2007] "COCUME~1DarekUSTAWI~1Temp{F3416172-C9D8-4A64-8A57-75B2D33860FE}{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}....L2007tmpSetup.exe" /SETUP:"/l0x0015"
O4 - HKLM..Run: [Onet.pl AutoUpdate] Crogram FilesCommon FilesOnet.plAutoUpdate.exe /tsr
O4 - HKLM..Run: [Sony Ericsson PC Suite] "Crogram FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions
O4 - HKLM..Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM..Run: [VolPanel] "Crogram FilesCreativeSound Blaster X-FiVolume PanelVolPanlu.exe" /r
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [inifesh] C:WINDOWSSystem32svchost322.exe
O4 - HKCU..Run: [Gadu-Gadu] "Drogram FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Windows Registry Repair Pro] Crogram Files3B SoftwareWindows Registry Repair ProRegistryRepairPro.exe 4
O4 - HKCU..Run: [Creative Detector] "Crogram FilesCreativeMediaSourceDetectorCTDetect.exe" /R
O4 - Global Startup: Aktywacja Testera.lnk = C:YDPDICTWatch.exe
O4 - Global Startup: Device Detector 2.lnk = Crogram FilesOLYMPUSDeviceDetectorDevDtct2.exe
O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.EXE
O23 - Service: DM1Service - OLYMPUS OPTICAL CO.,LTD - Crogram FilesOLYMPUSDeviceDetectorDM1Service.exe
O23 - Service: Intel NCS NetService (NetSvc) - IntelŽ Corporation - Crogram FilesIntelPROSetWiredNCSSyncNetSvc.exe
O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - Crogram FilesCommon FilesYDPUserAccessManageruseraccess.exe

 

[0wn3r]

Wywal to :

C:WINDOWSALCMTR.EXE
C:WINDOWSSystem32svchost322.exe

No i tyle.

 

[respekt]

Originally posted by 0wn3r
Wywal to :

C:WINDOWSALCMTR.EXE
C:WINDOWSSystem32svchost322.exe

No i tyle.

Jak usunac takie pliki ?
C:WINDOWSSystem32svchost322.exe

probowalem programem unlocker ale nie idzie :/
crtl+alt+delete przy probie zamkniecia aplikacji ona po 2sec, pojawia sie na nowo :/

jak sie tego pozbyc ??

 

[Alliata]

Autorun

z Autostartu też przydałoby się usunięcie :


O4 - Startup: svchost.exe
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU..Run: [inifesh] C:WINDOWSSystem32svchost322.exe

 

[57ye]

Co u mnie ?

Logfile of HijackThis v1.99.1

Scan saved at 21:46:07, on 2008-02-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSSystem32nvsvc32.exe

C:WINDOWSsystem32wscntfy.exe

C:WINDOWSExplorer.EXE

C:Program FilesVDOToolTBPanel.exe

C:WINDOWSsystem32RUNDLL32.EXE

C:WINDOWSRTHDCPL.EXE

C:Program FilesJavajre1.6.0_03binjusched.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesGadu-Gadugg.exe

C:WINDOWSsystem32msiexec.exe

C:Program FilesOperaOpera.exe

C:Program FilesWinampwinamp.exe

C:Program FilesHijackThisHijackThis.exe



R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll

O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarbar1.binASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarbar1.binASKSBAR.DLL

O4 - HKLM..Run: [Gainward] C:Program FilesVDOToolTBPanel.exe /A

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..Run: [SkyTel] SkyTel.EXE

O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_03binjusched.exe"

O4 - HKLM..Run: [egui] "C:Program FilesESETESET NOD32 Antivirusegui.exe" /hide /waitservice

O4 - HKLM..Run: [NodLogin] C:Program FilesESETESET Smart Securitynodlogin.exe

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeReader 8.0Readerreader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:program filesbonjourmdnsnsp.dll' missing

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:Program FilesWindows LiveMailmailcomm.dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:Program FilesBonjourmDNSResponder.exe (file missing)

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:Program FilesESETESET NOD32 AntivirusEHttpSrv.exe (file missing)

O23 - Service: Eset Service (ekrn) - Unknown owner - C:Program FilesESETESET NOD32 Antivirusekrn.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Unknown owner - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe