Aska_0
6 Luty 2005 15:23
#1
Logfile of HijackThis v1.98.2
Scan saved at 13:15:00, on 2005-02-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32 smss.exe
C:WINDOWSsystem32 winlogon.exe
C:WINDOWSsystem32 services.exe
C:WINDOWSsystem32 lsass.exe
C:WINDOWSsystem32 svchost.exe
C:WINDOWSSystem32 svchost.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesNorton Internet SecurityISSVC.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton Internet SecurityNorton AntiVirus
avapsvc.exe
C:WINDOWSSystem32
vsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:PROGRA~1ToolbarTBPSSvc.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesWinToolsWToolsS.exe
C:Program FilesWindows AdStatusWinStat.exe
C:Program FilesWindows AdStatusWinStatKeep.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSsystem32undll32.exe
C:Program FilesCommon FilesWinToolsWToolsA.exe
C:PROGRA~1ToolbarTBPS.exe
C:windowssystem32hnhxmu.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesCommon FilesRealUpdate_OBealsched.exe
C:Program FilesMessengermsmsgs.exe
C:windowssystem32calc.exe
C:PROGRA~1ToolbarPIB.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesCommon FilesWinToolsWSup.exe
C:Program FilesKazaa Lite K++Kazaa.kpp
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCommon FilesSymantec SharedAdBlockingNSMdtr.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1JoannaLOCALS~1TempRar$EX00.451HijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = [http]
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [http]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [http]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [http]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = [http]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = [http]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [http]
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = [http]
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = iexplore
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=[http]
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:PROGRA~1Toolbar oolbar.dll
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:WINDOWSPynix.dll
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:PROGRA~1PERFEC~1BHOPERFEC~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:PROGRA~1SEARCH~1SEARCH~1.DLL
O2 - BHO: (no name) - {2356C3F9-1055-8FCB-E6BE-5A98E3DEA131} - C:DOCUME~1BogdanAPPLIC~1PROCAB~1BUILD LOUD.exe
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:Program FilesNewDotNet
ewdotnet6_38.dll
O2 - BHO: (no name) - {7895365F-8D8B-8B93-B087-417E270B39FD} - C:DOCUME~1JoannaAPPLIC~1PROCAB~1BUILD LOUD.exe
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:Program FilesMediaLoads EnhancedME2.DLL
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:PROGRA~1COMMON~1WinToolsWToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:PROGRA~1Toolbar oolbar.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:WINDOWSwsem302.dll (file missing)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:Program FilesWhenUSearchsearch.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:PROGRA~1Toolbar oolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [Windows AdStatus] C:Program FilesWindows AdStatusWinStat.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM..Run: [TBPS] C:PROGRA~1ToolbarTBPS.exe
O4 - HKLM..Run: [hnhxmu] c:windowssystem32hnhxmu.exe
O4 - HKLM..Run: [farmmext] C:WINDOWSfarmmext.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBealsched.exe" -osboot
O4 - HKLM..RunServices: [RegisterDropHandler] C:PROGRA~1TEXTBR~1.0BinREGIST~1.EXE
O4 - HKLM..RunServices: [Microsoft QMGR] msnqmgr.exe
O4 - HKLM..RunServices: [Microsoft Services] C:WINDOWSSystem32
sz32.exe
O4 - HKLM..RunServices: [RDLL] RunDll16.exe
O4 - HKCU..Run: [Keybdcntl] c:windowssystem32keybdcntl.exe
O4 - HKCU..Run: [MessengerPlus3] "C:Program FilesMessenger Plus! 3MsgPlus.exe" /WinStart
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [WinTools] C:PROGRA~1COMMON~1WinToolsWToolsA.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=[http]
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - [http]
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - [http]
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - [http]
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - [http]
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - [http]
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - [http]
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [http]
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - [http]
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - [http]
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:Program FilesHPhpcoretechcomphpuiprot.dll
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:PROGRA~1Toolbar oolbar.dll
oh tak bardzo bym chciala tyle ze jak na nowej wersji hijackthis skanuje to zaraz po zakonczeniu mi sie pojawia wiadomosc od windowsa typu “Hihack this has encountered a problem and needs to close. We are sorry for any inconveniance”… probowalam sciagac z różnych żródeł ale i tak wyskakuje to samo
Aska_0
6 Luty 2005 16:31
#2
Wielkie dzieki za pomoc
Logfile of HijackThis v1.98.2
Scan saved at 17:28:57, on 2005-02-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows AdStatus\WinStat.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\windows\system32\hnhxmu.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\calc.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Kazaa Lite K++\Kazaa.kpp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Joanna\LOCALS~1\Temp\Rar$EX01.979\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fbyfoguqggddifzjjzl.com/ejyAgepUbqZeGTW3W_OHLQRLDoChWIWUL2TZTNdjLkI.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bcwaldmthkzuqsi.uk/5uboTUqDbAqqdD_MNFXIte//LFvXNSCCQhV/QVZGBIA.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2356C3F9-1055-8FCB-E6BE-5A98E3DEA131} - C:\DOCUME~1\Bogdan\APPLIC~1\PROCAB~1\BUILD LOUD.exe
O2 - BHO: (no name) - {7895365F-8D8B-8B93-B087-417E270B39FD} - C:\DOCUME~1\Joanna\APPLIC~1\PROCAB~1\BUILD LOUD.exe
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [hnhxmu] c:\windows\system32\hnhxmu.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe
O4 - HKLM\..\RunServices: [Microsoft Services] C:\WINDOWS\System32\nsz32.exe
O4 - HKCU\..\Run: [Keybdcntl] c:\windows\system32\keybdcntl.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://connect.online-dialer.com/MaConnect.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://203.166.19.20/quickdl/proclaim/NSupd9x.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4025.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
wieszak
6 Luty 2005 16:50
#4
poczytaj o tym .
http://www.dagma.pl/new/oprogramowanie. … ech&id=227
DAGMA Sp. z o.o. - bezpieczeństwo w sieci: programy antywirusowe, zapory ogniowe (firewall) i inne.
Do wywalenia
Skanery online podane w tym dziale.
I zrób to co mówi kolega wyłącz przywracanie systemu oraz czyszczenie kompa w trybie awaryjnym
Aska_0
6 Luty 2005 16:52
#5
ni jestem dobra w kompach… jak mam zainstalowac ten Servise Pack 2? i jak mam wyłączyc przywracanie systemu oraz czyszczenie kompa w trybie awaryjnym
fiesta
6 Luty 2005 17:00
#6
Aśka nie słuchaj głupot. Service packa 2 masz już zainstalowanego.
Zbędne posty zaśmiecające topic skasowałem.
musg
6 Luty 2005 17:09
#7
C:\Program Files\Windows AdStatus\WinStat.exe trojan
C:\Program Files\Windows AdStatus\WinStatKeep.exe trojan C:\Program Files\Common Files\WinTools\WSup.exe
trojan—te procesy masz zafiksowac i usunac recznie z kompa w trybie awaryjnym f8
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll (file missing)
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [Keybdcntl] c:\windows\system32\keybdcntl.exe
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90}
(Loader Class) - http://connect.online-dialer.com/MaConnect.cab
to masz zafiksowac i pamietaj o wylaczeniu przywracania systemu
Diablos
6 Luty 2005 19:12
#8
jeszcze polecam zainstalowanie jakiegos firewalla , bo nigdzie nie widze żebyś go miała, no chyba że korzystasz z tego firmy Symantec. i polecam jeszcze skorzystanie z jakiegos programu od szpiegów takich jak : malware , spyware, adware bo widze że oprucz skanowania on-line tego Nortona to masz jeszcze Trojan remover i a-squared (np. ściagnij sobie ad-aware no i Spybot S&D)
Aska_0
7 Luty 2005 17:43
#9
czy wiecie moze jak po angliesku jest ten tryb awaryjny? bo ja mam anglieksi komp, anglieksi system itp i nie ma czegos takiego jak “emergency mode”… czy to nie jest rpzypadkiem ‘safe mode’? bo takie cos jest…
Aska_0
7 Luty 2005 19:14
#10
UDALO mi sie wrescie zrobic scan nowa wersja hijackera… oto moj log
Logfile of HijackThis v1.99.0
Scan saved at 21:03:13, on 2005-02-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\system32\hnhxmu.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\calc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\DOCUME~1\Joanna\LOCALS~1\Temp\Rar$EX00.176\HijackThis.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Joanna\LOCALS~1\Temp\Rar$EX00.529\HijackThis.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fbyfoguqggddifzjjzl.com/ejyAgepUbqZeGTW3W_OHLQRLDoChWIWUL2TZTNdjLkI.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bcwaldmthkzuqsi.uk/5uboTUqDbAqqdD_MNFXIte//LFvXNSCCQhV/QVZGBIA.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2356C3F9-1055-8FCB-E6BE-5A98E3DEA131} - C:\DOCUME~1\Bogdan\APPLIC~1\PROCAB~1\BUILD LOUD.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7895365F-8D8B-8B93-B087-417E270B39FD} - C:\DOCUME~1\Joanna\APPLIC~1\PROCAB~1\BUILD LOUD.exe
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [hnhxmu] c:\windows\system32\hnhxmu.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\RunServices: [Microsoft Services] C:\WINDOWS\System32\nsz32.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4025.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinTools for IE service - Unknown - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
kuz5
7 Luty 2005 20:13
#11
Jeżeli nie używasz Windows Messenger to go usuń:
Start=>Uruchom=>Wpisz polecenie
RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove
… oto nowy