Log z Hijacka. Prosze o pomoc i sprawdzenie


(Aśka_0) #1
Logfile of HijackThis v1.98.2 

Scan saved at 13:15:00, on 2005-02-06 

Platform: Windows XP SP2 (WinNT 5.01.2600) 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) 


Running processes: 

C:WINDOWSSystem32 smss.exe 

C:WINDOWSsystem32 winlogon.exe 

C:WINDOWSsystem32 services.exe 

C:WINDOWSsystem32 lsass.exe 

C:WINDOWSsystem32 svchost.exe 

C:WINDOWSSystem32 svchost.exe 

C:Program FilesCommon FilesSymantec SharedccProxy.exe 

C:Program FilesCommon FilesSymantec SharedccSetMgr.exe 

C:Program FilesNorton Internet SecurityISSVC.exe 

C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe 

C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe 

C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe 

C:WINDOWSsystem32spoolsv.exe 

C:Program FilesNorton Internet SecurityNorton AntiVirus 

avapsvc.exe 

C:WINDOWSSystem32 

vsvc32.exe 

C:WINDOWSSystem32svchost.exe 


C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe 

C:PROGRA~1ToolbarTBPSSvc.exe 

C:WINDOWSExplorer.EXE 

C:Program FilesCommon FilesWinToolsWToolsS.exe 

C:Program FilesWindows AdStatusWinStat.exe 

C:Program FilesWindows AdStatusWinStatKeep.exe 

C:Program FilesCommon FilesSymantec SharedccApp.exe 

C:WINDOWSsystem32undll32.exe 

C:Program FilesCommon FilesWinToolsWToolsA.exe 

C:PROGRA~1ToolbarTBPS.exe 

C:windowssystem32hnhxmu.exe 

C:Program FilesQuickTimeqttask.exe 

C:Program FilesCommon FilesRealUpdate_OBealsched.exe 

C:Program FilesMessengermsmsgs.exe 

C:windowssystem32calc.exe 

C:PROGRA~1ToolbarPIB.exe 

C:Program FilesGadu-Gadugg.exe 

C:Program FilesCommon FilesWinToolsWSup.exe 

C:Program FilesKazaa Lite K++Kazaa.kpp 

C:Program FilesInternet Exploreriexplore.exe 

C:Program FilesCommon FilesSymantec SharedAdBlockingNSMdtr.exe 

C:Program FilesInternet Exploreriexplore.exe 

C:Program FilesInternet Exploreriexplore.exe 

C:Program FilesWinRARWinRAR.exe 

C:DOCUME~1JoannaLOCALS~1TempRar$EX00.451HijackThis.exe 


R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = [http] 

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [http] 

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [http] 

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [http] 

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = [http] 

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = [http] 

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [http] 

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = [http] 

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = iexplore 

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer provided by Freeserve 

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=[http] 

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = 

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:PROGRA~1Toolbar oolbar.dll 

O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:WINDOWSPynix.dll 

O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx 

O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:PROGRA~1SEARCH~1SEARCH~1.DLL 

O2 - BHO: (no name) - {2356C3F9-1055-8FCB-E6BE-5A98E3DEA131} - C:DOCUME~1BogdanAPPLIC~1PROCAB~1BUILD LOUD.exe 

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:Program FilesNewDotNet 

ewdotnet6_38.dll 

O2 - BHO: (no name) - {7895365F-8D8B-8B93-B087-417E270B39FD} - C:DOCUME~1JoannaAPPLIC~1PROCAB~1BUILD LOUD.exe 

O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:Program FilesMediaLoads EnhancedME2.DLL 

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:PROGRA~1COMMON~1WinToolsWToolsB.dll 

O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:PROGRA~1Toolbar oolbar.dll 

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:WINDOWSwsem302.dll (file missing) 

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll 

O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file) 

O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:Program FilesWhenUSearchsearch.dll (file missing) 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll 

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:PROGRA~1Toolbar oolbar.dll 

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll 

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup 

O4 - HKLM..Run: [Windows AdStatus] C:Program FilesWindows AdStatusWinStat.exe 

O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe" 

O4 - HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~1.DLL,NewDotNetStartup -s 

O4 - HKLM..Run: [TBPS] C:PROGRA~1ToolbarTBPS.exe 

O4 - HKLM..Run: [hnhxmu] c:windowssystem32hnhxmu.exe 

O4 - HKLM..Run: [farmmext] C:WINDOWSfarmmext.exe 

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime 

O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBealsched.exe" -osboot 

O4 - HKLM..RunServices: [RegisterDropHandler] C:PROGRA~1TEXTBR~1.0BinREGIST~1.EXE 

O4 - HKLM..RunServices: [Microsoft QMGR] msnqmgr.exe 

O4 - HKLM..RunServices: [Microsoft Services] C:WINDOWSSystem32 

sz32.exe 

O4 - HKLM..RunServices: [RDLL] RunDll16.exe 

O4 - HKCU..Run: [Keybdcntl] c:windowssystem32keybdcntl.exe 

O4 - HKCU..Run: [MessengerPlus3] "C:Program FilesMessenger Plus! 3MsgPlus.exe" /WinStart 

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background 

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray 

O4 - HKCU..Run: [WinTools] C:PROGRA~1COMMON~1WinToolsWToolsA.exe 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe 

O10 - Hijacked Internet access by New.Net 

O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll 

O14 - IERESET.INF: START_PAGE_URL=[http] 

O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - [http] 

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - [http] 

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - [http] 

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - [http] 

O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - [http] 

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - [http] 

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [http] 

O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - [http] 

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [http] 

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:Program FilesHPhpcoretechcomphpuiprot.dll 

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:PROGRA~1Toolbar oolbar.dll

oh tak bardzo bym chciala tyle ze jak na nowej wersji hijackthis skanuje to zaraz po zakonczeniu mi sie pojawia wiadomosc od windowsa typu "Hihack this has encountered a problem and needs to close. We are sorry for any inconveniance"... probowalam sciagac z różnych żródeł ale i tak wyskakuje to samo


(Aśka_0) #2

Wielkie dzieki za pomoc :slight_smile: .... oto nowy

Logfile of HijackThis v1.98.2

Scan saved at 17:28:57, on 2005-02-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\PROGRA~1\Toolbar\TBPSSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Windows AdStatus\WinStat.exe

C:\Program Files\Windows AdStatus\WinStatKeep.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\WinTools\WToolsA.exe

C:\PROGRA~1\Toolbar\TBPS.exe

C:\windows\system32\hnhxmu.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\windows\system32\calc.exe

C:\PROGRA~1\Toolbar\PIB.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Common Files\WinTools\WSup.exe

C:\Program Files\Kazaa Lite K++\Kazaa.kpp

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Joanna\LOCALS~1\Temp\Rar$EX01.979\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fbyfoguqggddifzjjzl.com/ejyAgepUbqZeGTW3W_OHLQRLDoChWIWUL2TZTNdjLkI.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bcwaldmthkzuqsi.uk/5uboTUqDbAqqdD_MNFXIte//LFvXNSCCQhV/QVZGBIA.asp

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {2356C3F9-1055-8FCB-E6BE-5A98E3DEA131} - C:\DOCUME~1\Bogdan\APPLIC~1\PROCAB~1\BUILD LOUD.exe

O2 - BHO: (no name) - {7895365F-8D8B-8B93-B087-417E270B39FD} - C:\DOCUME~1\Joanna\APPLIC~1\PROCAB~1\BUILD LOUD.exe

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)

O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe

O4 - HKLM\..\Run: [hnhxmu] c:\windows\system32\hnhxmu.exe

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe

O4 - HKLM\..\RunServices: [Microsoft Services] C:\WINDOWS\System32\nsz32.exe

O4 - HKCU\..\Run: [Keybdcntl] c:\windows\system32\keybdcntl.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/

O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://connect.online-dialer.com/MaConnect.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://203.166.19.20/quickdl/proclaim/NSupd9x.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4025.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

(Qbek50) #3

NC :lol:


(wieszak) #4

poczytaj o tym .

http://www.dagma.pl/new/oprogramowanie. ... ech&id=227

DAGMA Sp. z o.o. - bezpieczeństwo w sieci: programy antywirusowe, zapory ogniowe (firewall) i inne.

Do wywalenia

Skanery online podane w tym dziale.

I zrób to co mówi kolega wyłącz przywracanie systemu oraz czyszczenie kompa w trybie awaryjnym


(Aśka_0) #5

ni jestem dobra w kompach.. jak mam zainstalowac ten Servise Pack 2? i jak mam wyłączyc przywracanie systemu oraz czyszczenie kompa w trybie awaryjnym


(fiesta) #6

Aśka nie słuchaj głupot. Service packa 2 masz już zainstalowanego.

Zbędne posty zaśmiecające topic skasowałem.


(Musg) #7
C:\Program Files\Windows AdStatus\WinStat.exe trojan

   	C:\Program Files\Windows AdStatus\WinStatKeep.exe trojan C:\Program Files\Common Files\WinTools\WSup.exe

trojan---te procesy masz zafiksowac i usunac recznie z kompa w trybie awaryjnym f8

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file

   	O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)

O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll (file missing)

 	O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe

   	O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe

O4 - HKCU\..\Run: [Keybdcntl] c:\windows\system32\keybdcntl.exe

   	O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90}

(Loader Class) - http://connect.online-dialer.com/MaConnect.cab

to masz zafiksowac i pamietaj o wylaczeniu przywracania systemu :slight_smile:


(123448) #8

jeszcze polecam zainstalowanie jakiegos firewalla , bo nigdzie nie widze żebyś go miała, no chyba że korzystasz z tego firmy Symantec. i polecam jeszcze skorzystanie z jakiegos programu od szpiegów takich jak : malware , spyware, adware bo widze że oprucz skanowania on-line tego Nortona to masz jeszcze Trojan remover i a-squared (np. ściagnij sobie ad-aware no i Spybot S&D)


(Aśka_0) #9

czy wiecie moze jak po angliesku jest ten tryb awaryjny? bo ja mam anglieksi komp, anglieksi system itp i nie ma czegos takiego jak "emergency mode"... czy to nie jest rpzypadkiem 'safe mode'? bo takie cos jest...


(Aśka_0) #10

UDALO mi sie wrescie zrobic scan nowa wersja hijackera..... oto moj log

Logfile of HijackThis v1.99.0

Scan saved at 21:03:13, on 2005-02-07

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton Internet Security\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\windows\system32\hnhxmu.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\windows\system32\calc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\DOCUME~1\Joanna\LOCALS~1\Temp\Rar$EX00.176\HijackThis.exe

C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Joanna\LOCALS~1\Temp\Rar$EX00.529\HijackThis.exe

C:\Program Files\Common Files\Real\Update_OB\realevent.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fbyfoguqggddifzjjzl.com/ejyAgepUbqZeGTW3W_OHLQRLDoChWIWUL2TZTNdjLkI.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bcwaldmthkzuqsi.uk/5uboTUqDbAqqdD_MNFXIte//LFvXNSCCQhV/QVZGBIA.asp

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {2356C3F9-1055-8FCB-E6BE-5A98E3DEA131} - C:\DOCUME~1\Bogdan\APPLIC~1\PROCAB~1\BUILD LOUD.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7895365F-8D8B-8B93-B087-417E270B39FD} - C:\DOCUME~1\Joanna\APPLIC~1\PROCAB~1\BUILD LOUD.exe

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [hnhxmu] c:\windows\system32\hnhxmu.exe

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE

O4 - HKLM\..\RunServices: [Microsoft Services] C:\WINDOWS\System32\nsz32.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4025.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ISSvc - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WinTools for IE service - Unknown - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

(Kuz5) #11

Jeżeli nie używasz Windows Messenger to go usuń:

Start=>Uruchom=>Wpisz polecenie

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove