Bezsilny


(ŁysyKoń) #1

:o proszę niech ktoś mi to sprawdzi,ja nie mam wogółe o tym pojęcia.

Logfile of HijackThis v1.99.1

Scan saved at 04:24:20, on 2005-03-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\system32\pavsrv.exe

C:\Program Files\Kerio\Personal Firewall\persfw.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\AVENGINE.EXE

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ivo\UniSpiker-2.2\uni_spiker-2.2.exe

C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\SYSTEM32\cidaemon.exe

C:\Documents and Settings\Michał\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Internet Anonym - {00000000-0002-0002-0000-000000000000} - c:\program files\steganos internet anonym 6\siaiep.dll

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [AQQ] C:\Program Files\MyPortal\Akuku\Akuku.exe

O4 - HKCU..\Run: [sIA6] "C:\Program Files\Steganos Internet Anonym 6\sia.exe" /booting

O4 - Startup: UniSpiker-2.2.lnk = C:\Program Files\ivo\UniSpiker-2.2\uni_spiker-2.2.exe

O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll

O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing

O17 - HKLM\System\CCS\Services\Tcpip..{C8997473-9327-4DD5-9448-86D1672712C2}: NameServer = 217.30.129.149,217.30.137.200

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\WINDOWS\SYSTEM32\pavsrv.exe

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


(Stachan) #2

wg mnie powyzsze do usunięcia a potem gruntowny skan tym:

http://forum.dobreprogramy.pl/viewtopic.php?t=8175


(Musg) #3

wylacz przywracanie systemu i wejdz w tryb awaryjny f8 i zafixuj

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O1 - Hosts: 207.68.172.246 msn.com

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

nastepnie scan tymi programami

http://forum.dobreprogramy.pl/viewtopic.php?t=17671

i dajesz raz jeszcze log


(ŁysyKoń) #4

Logfile of HijackThis v1.99.1

Scan saved at 10:23:43, on 2005-03-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\system32\pavsrv.exe

C:\Program Files\Kerio\Personal Firewall\persfw.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\AVENGINE.EXE

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ivo\UniSpiker-2.2\uni_spiker-2.2.exe

C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\SYSTEM32\cidaemon.exe

C:\WINDOWS\system32\cmd.exe

C:\Documents and Settings\Michał\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: (no name) - {00000000-0002-0002-0000-000000000000} - (no file)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [AQQ] C:\Program Files\MyPortal\Akuku\Akuku.exe

O4 - HKCU..\Run: [sIA6] "C:\Program Files\Steganos Internet Anonym 6\sia.exe" /booting

O4 - HKCU..\Run: [ETD Security Scanner] "C:\Program Files\ETD Security Scanner\ETD Security Scanner.exe" /s

O4 - Startup: UniSpiker-2.2.lnk = C:\Program Files\ivo\UniSpiker-2.2\uni_spiker-2.2.exe

O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip..{C8997473-9327-4DD5-9448-86D1672712C2}: NameServer = 217.30.129.149,217.30.137.200

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\WINDOWS\SYSTEM32\pavsrv.exe

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


(Musg) #5

O3 - Toolbar: (no name) - {00000000-0002-0002-0000-000000000000} - (no file) usun jeszcze to


(ŁysyKoń) #6

Logfile of HijackThis v1.99.1

Scan saved at 11:56:55, on 2005-03-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\system32\pavsrv.exe

C:\Program Files\Kerio\Personal Firewall\persfw.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\AVENGINE.EXE

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ivo\UniSpiker-2.2\uni_spiker-2.2.exe

C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe

C:\WINDOWS\SYSTEM32\cidaemon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Michał\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Internet Anonym - {00000000-0002-0002-0000-000000000000} - c:\program files\steganos internet anonym 6\siaiep.dll

O4 - HKLM..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [AQQ] C:\Program Files\MyPortal\Akuku\Akuku.exe

O4 - Startup: UniSpiker-2.2.lnk = C:\Program Files\ivo\UniSpiker-2.2\uni_spiker-2.2.exe

O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip..{C8997473-9327-4DD5-9448-86D1672712C2}: NameServer = 217.30.129.149,217.30.137.200

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\WINDOWS\SYSTEM32\pavsrv.exe

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

to chyba wszystko


(boczi) #7

Tak, jest już ok.


(ŁysyKoń) #8

wielkie dzięki!działa bez zażutu