Login

Dla specjalistów Bezpieczeństwo
#1

Logfile of HijackThis v1.99.0

Scan saved at 21:02:26, on 2005-03-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\SpeedFan\speedfan.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\AutoCAD 2005\acad.exe

C:\DOCUME~1\DETEKT~1\USTAWI~1\Temp\AdskCleanup.0001

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\DC++\DCPlusPlus.exe

C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe

C:\Program Files\AutoCAD 2005\acad.exe

C:\DOCUME~1\DETEKT~1\USTAWI~1\Temp\AdskCleanup.0001

C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe

C:\Program Files\ACAD2000\acad.exe

C:\Program Files\PowerQuest\PartitionMagic 8.0\PMagic.exe

C:\Program Files\PowerQuest\PartitionMagic 8.0\PMagicnt.exe

H:\stary dysk\Ważne\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cracks.am/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM…\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 “EPSON Stylus C42 Series” /O5 “LPT1:” /M “Stylus C42”

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O8 - Extra context menu item: Analizuj za pomocą LeechGet - file://C:\Program Files\LeechGet 2004\Parser.html

O8 - Extra context menu item: Pobierz używając kreatora LeechGet - file://C:\Program Files\LeechGet 2004\Wizard.html

O8 - Extra context menu item: Pobierz używając LeechGet - file://C:\Program Files\LeechGet 2004\AddUrl.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O17 - HKLM\System\CCS\Services\Tcpip…{CE6ABBBE-3A8D-40F7-83EC-7903892F7949}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

#2

i mojego tez ,a co

Logfile of HijackThis v1.99.0

Scan saved at 21:07:44, on 2005-03-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\FSI\F-Prot\fpavupdm.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

C:\Program Files\FSI\F-Prot\F-Sched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\NetLimiter\NetLimiter.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SysInfoMyWork\SysInfoMyWork.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\DC++\DCPlusPlus.exe

C:\Program Files\Opera\opera.exe

C:\totalcmd\TOTALCMD.EXE

C:\Program Files\FSI\F-Prot\F-StopW.exe

D:\CD_Xx\CDRW_Xx\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.101.250:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime

O4 - HKLM…\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

O4 - HKLM…\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP

O4 - HKLM…\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s

O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Startup: SysInfoMyWork.lnk = C:\Program Files\SysInfoMyWork\SysInfoMyWork.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra ‘Tools’ menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O16 - DPF: {55F2FE00-C6E1-11D4-84BC-009027889212} (Seagate DiscWizard English) - http://www.seagate.com/support/disc/asp … dscwiz.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe

O23 - Service: Sandra Data Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe

O23 - Service: Sandra Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe

#3

fajna stronka startowa :smiley:

ech-poza tym masz czysto.No i jak masz te stronke :smiley: ustawiona to tez jest

oczywiscie ok

#4

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

kosz 8)

#5

detektyw 997 ja koffam swoje Ebay

wiec zostawiam

:stuck_out_tongue: :stuck_out_tongue:

#6

big tHx musg 8)

#7

a mnie kto sprawdzi beczy>>

#8

Kamcia, oczywiście czyścioch :D:D

Dla kosmetyki możesz wywalić to:

O16 - DPF: {55F2FE00-C6E1-11D4-84BC-009027889212} (Seagate DiscWizard English) - http://www.seagate.com/support/disc/asp … dscwiz.cab

#9

mam cie zbadac ? Juz ci podałem ze masz wszytko OK 8)

#10

Kamcia_18

kosmetyka:

NeroCheck.exe

Wyłącz z autostartu :stuck_out_tongue:

#11

dzieki jupi

mam czysto to przez ta suszarke

:B-fly: :wink: :wink: