Hijack_this


(Marekpratnicki) #1

kazali mi zalozyc nowy tema!! bo moze ktos wie co mam usunoc! !!

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Common Files\CMEII\CMESys.exe

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\GMT\GMT.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\LANChat Pro\LANChat.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Maras\Ustawienia lokalne\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=9

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\D9LG6I~1.DLL

O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: PowerGG.lnk = C:\Program Files\Gadu-Gadu\PowerGG.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O8 - Extra context menu item: Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Download by NetAnts - C:\PROGRA~1\NETANTS\NAGet.htm

O8 - Extra context menu item: Download All by NetAnts - C:\PROGRA~1\NETANTS\NAGetAll.htm

O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe

O9 - Extra 'Tools' menuitem: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O15 - Trusted Zone: *.greg-search.com

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/autoryzacja/mailcfg.ocx

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_06) -

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip..{3355D922-06AC-4573-9CE6-165A9FC754A2}: NameServer = 192.168.0.1

O20 - AppInit_DLLs: xhv4ymf184jd7.dll

jak cos tu byl pretem moje pytanie:http://forum.dobreprogramy.pl/viewtopic.php?t=9171


(Xiao19) #2

kasujessz

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=9

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\D9LG6I~1.DLL

O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

(nieuzywamy kasujemy)

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NETANTS\NAGet.htm

O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NETANTS\NAGetAll.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O15 - Trusted Zone: *.greg-search.com

O20 - AppInit_DLLs: xhv4ymf184jd7.dll

przesaknuj tym np.

--F-Secure--

http://support.f-secure.com/enu/home/ols.shtml

dodatkowo bedzie pewnosc


(Marekpratnicki) #3

usunlem te pliki!! zel dalej pojawiaja mi sie ta glu...ia strona startowa!! a co do skanowania niby mi cos sciaga ale nawet sie nie ruszy nic!!:(ok sorrki idzie powli!! a


(Tomek Zamlynny) #4

ponownie zrob scan, i zobacz czy wszystko usuneło


(Marekpratnicki) #5

co do loga:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=9

O20 - AppInit_DLLs: xhv4ymf184jd7.dll

usuwa sie jak jeszce ras skanuje pojawia sie


(Xiao19) #6

wez sciagnij

CWShredder_v1.59.1

przeskanuj tym

http://www.majorgeeks.com/downloadget.p ... 1960cc6e24

co do F-Secure na dole dajesz start scanning potem acept i ci sciaga baze potem skanuje dysk

--X-Scan--

http://www.spywareinfo.com/xscan.php

to do szpiegow ,BHQ itp.

ewet. daj potem jeszcze raz loga:

O20 - AppInit_DLLs: xhv4ymf184jd7.dll

(jakies badziewie totalne) jak neteges

robisz to oczywisce

kasacje w trybie awaryjnym


(Marekpratnicki) #7

Logfile of HijackThis v1.98.2

Scan saved at 19:23:21, on 2004-09-19

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\D-Tools\daemon.exe

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Spyware Doctor\spydoctor.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\Maras\Ustawienia lokalne\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=9

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\D9LG6I~1.DLL

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

O4 - HKCU..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q

O4 - Startup: PowerGG.lnk = C:\Program Files\Gadu-Gadu\PowerGG.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe

O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\PROGRA~1\NETANTS\NetAnts.exe

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/autoryzacja/mailcfg.ocx

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_06) -

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip..{3355D922-06AC-4573-9CE6-165A9FC754A2}: NameServer = 192.168.0.1


(Marekpratnicki) #8

a jeszce to :

O20 - AppInit_DLLs: xhv4ymf184jd7.dll


(Xiao19) #9

kasacja

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=9

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\D9LG6I~1.DLL

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O20 - AppInit_DLLs: xhv4ymf184jd7.dll

CWShredder_v1.59.1 nic ci nieznalazl to

badziewnie

oka

sciagasz te progsy nizej

instalujesz to

zabezpieczasz przegladarki z jakich korzystasz itp.

--Windows Worms Doors Cleaner v1.4.1--

http://www.firewallleaktester.com/tools/wwdc.exe

--SpywareBlaster 3.2--

http://www.javacoolsoftware.com/sbdownload.html

--SpywareGuard 2.2--

http://www.javacoolsoftware.com/sgdownload.html

tu masz opis co to sa za programiki

http://forum.dobreprogramy.pl/viewtopic ... ht=blaster

potem mozesz tym sobie przeleciec

--GFI Trojan--

http://www.windowsecurity.com/trojanscan/


(Marekpratnicki) #10

dobra temat mozna zamknac! !!