Bardzo proszę o sprawdzenie loga :)

kopec86 · 6 Czerwiec 2005 14:56

Logfile of HijackThis v1.99.1

Scan saved at 16:53:51, on 2005-06-06

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\D-Tools\daemon.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\WINDOWS\System32\ctfmon.exe

D:\Instale\Serv-U 5.0.0.4\ServUTray.exe

C:\Program Files\Vypress Chat\vyc.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Opera7\Opera.exe

C:\Documents and Settings\Mariusz\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.millenet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 17.145.117.11 d-ru-1f.kaspersky-labs.com

O1 - Hosts: 17.145.117.11 d-ru-1h.kaspersky-labs.com

O1 - Hosts: 17.145.117.11 d-ru-2f.kaspersky-labs.com

O1 - Hosts: 17.145.117.11 d-ru-2h.kaspersky-labs.com

O1 - Hosts: 17.145.117.11 d-eu-2f.kaspersky-labs.com

O1 - Hosts: 17.145.117.11 d-eu-2h.kaspersky-labs.com

O1 - Hosts: 17.145.117.11 d-eu-1f.kaspersky-labs.com

O1 - Hosts: 17.145.117.11 d-eu-1h.kaspersky-labs.com

O1 - Hosts: 17.145.117.11 d-us-1f.kaspersky-labs.com

O1 - Hosts: 17.145.117.11 d-us-1h.kaspersky-labs.com

O1 - Hosts: 17.145.117.11 downloads1.kaspersky.ru

O1 - Hosts: 17.145.117.11 downloads2.kaspersky.ru

O1 - Hosts: 17.145.117.11 downloads3.kaspersky.ru

O1 - Hosts: 17.145.117.11 downloads4.kaspersky.ru

O1 - Hosts: 17.145.117.11 downloads5.kaspersky.ru

O1 - Hosts: 17.145.117.11 www.kaspersky.ru

O1 - Hosts: 17.145.117.11 kaspersky.ru

O1 - Hosts: 17.145.117.11 kaspersky-labs.com

O1 - Hosts: 17.145.117.11 www.kaspersky-labs.com

O1 - Hosts: 82.146.42.123 lloydstsb.co.uk

O1 - Hosts: 82.146.42.123 online.lloydstsb.co.uk

O1 - Hosts: 82.146.42.123 www.lloydstsb.co.uk

O1 - Hosts: 82.146.42.123 www.lloydstsb.com

O1 - Hosts: 82.146.42.123 personal.barclays.co.uk

O1 - Hosts: 82.146.42.123 barclays.co.uk

O1 - Hosts: 82.146.42.123 ibank.barclays.co.uk

O1 - Hosts: 82.146.42.123 www.barclays.co.uk

O1 - Hosts: 82.146.42.123 www.nwolb.com

O1 - Hosts: 82.146.42.123 nwolb.com

O1 - Hosts: 82.146.42.123 hsbc.co.uk

O1 - Hosts: 82.146.42.123 www.hsbc.co.uk

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [AT-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe

O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe

O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [ServUTrayIcon] D:\Instale\Serv-U 5.0.0.4\ServUTray.exe

O4 - Global Startup: Vypress Chat StartUp.lnk = C:\Program Files\Vypress Chat\vyc.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab

O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_24.cab

O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - http://67.15.101.3/g_bin/pl/makao_2_0_0_15.cab

O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_24.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab

O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

kuz5 · 6 Czerwiec 2005 15:25

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

O1 - Hosts: 17.145.117.11 d-ru-1f.kaspersky-labs.com O1 - Hosts: 17.145.117.11 d-ru-1h.kaspersky-labs.com O1 - Hosts: 17.145.117.11 d-ru-2f.kaspersky-labs.com O1 - Hosts: 17.145.117.11 d-ru-2h.kaspersky-labs.com O1 - Hosts: 17.145.117.11 d-eu-2f.kaspersky-labs.com O1 - Hosts: 17.145.117.11 d-eu-2h.kaspersky-labs.com O1 - Hosts: 17.145.117.11 d-eu-1f.kaspersky-labs.com O1 - Hosts: 17.145.117.11 d-eu-1h.kaspersky-labs.com O1 - Hosts: 17.145.117.11 d-us-1f.kaspersky-labs.com O1 - Hosts: 17.145.117.11 d-us-1h.kaspersky-labs.com O1 - Hosts: 17.145.117.11 downloads1.kaspersky.ru O1 - Hosts: 17.145.117.11 downloads2.kaspersky.ru O1 - Hosts: 17.145.117.11 downloads3.kaspersky.ru O1 - Hosts: 17.145.117.11 downloads4.kaspersky.ru O1 - Hosts: 17.145.117.11 downloads5.kaspersky.ru O1 - Hosts: 17.145.117.11 http://www.kaspersky.ru O1 - Hosts: 17.145.117.11 kaspersky.ru O1 - Hosts: 17.145.117.11 kaspersky-labs.com O1 - Hosts: 17.145.117.11 http://www.kaspersky-labs.com O1 - Hosts: 82.146.42.123 lloydstsb.co.uk O1 - Hosts: 82.146.42.123 online.lloydstsb.co.uk O1 - Hosts: 82.146.42.123 http://www.lloydstsb.co.uk O1 - Hosts: 82.146.42.123 http://www.lloydstsb.com O1 - Hosts: 82.146.42.123 personal.barclays.co.uk O1 - Hosts: 82.146.42.123 barclays.co.uk O1 - Hosts: 82.146.42.123 ibank.barclays.co.uk O1 - Hosts: 82.146.42.123 http://www.barclays.co.uk O1 - Hosts: 82.146.42.123 http://www.nwolb.com O1 - Hosts: 82.146.42.123 nwolb.com O1 - Hosts: 82.146.42.123 hsbc.co.uk O1 - Hosts: 82.146.42.123 http://www.hsbc.co.uk

kopec86 · 6 Czerwiec 2005 17:37

Logfile of HijackThis v1.99.1

Scan saved at 19:37:07, on 2005-06-06

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\D-Tools\daemon.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\WINDOWS\System32\ctfmon.exe

D:\Instale\Serv-U 5.0.0.4\ServUTray.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Mariusz\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.millenet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [AT-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe

O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe

O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [ServUTrayIcon] D:\Instale\Serv-U 5.0.0.4\ServUTray.exe

O4 - Global Startup: Vypress Chat StartUp.lnk = C:\Program Files\Vypress Chat\vyc.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab

O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_24.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_36.cab

O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - http://67.15.101.3/g_bin/pl/makao_2_0_0_15.cab

O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_24.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab

O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

czy teraz jest wszystko OK ?? :> i dzieki za pomoc

kuz5 · 6 Czerwiec 2005 17:41

Log czysty

musg · 6 Czerwiec 2005 17:43

polecam aktualizacje windowsa o sp2:

SP2