Mozecie sprawdzić mój log


(Rafi 21) #1

Logfile of HijackThis v1.99.0

Scan saved at 20:05:10, on 2005-02-17

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Windows AdService\WinAdServ.exe

C:\temp\salm.exe

C:\DOCUME~1\rafi\USTAWI~1\Temp\SAHAGE~1.EXE

C:\Program Files\Windows AdService\WinAdSlave.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Avant Browser\avant.exe

C:\program files\internet explorer\iexplore.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\WINDOWS\System32\taskmgr.exe

C:\Program Files\Winamp\winamp.exe

G:\instalki\sprawdzasz tu swój log\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll

O4 - HKLM..\Run: [internat.exe] internat.exe

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

O4 - HKLM..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe

O4 - HKLM..\Run: [salm] c:\temp\salm.exe

O4 - HKLM..\Run: [sAHBundle] C:\DOCUME~1\rafi\USTAWI~1\Temp\SAHAGE~1.EXE run

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [bySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe

O4 - HKCU..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O16 - DPF: Win32 Classes -

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxyz.mht! http://tdt.org.pl/popup/loudtorg.chm::/Bridge-c139.cab

O17 - HKLM\System\CCS\Services\Tcpip..{3B2F631F-CF0E-4D79-9A1E-FD3F6EFEA521}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip..{3B2F631F-CF0E-4D79-9A1E-FD3F6EFEA521}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE

O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


(Qbek50) #2

do kasacji:

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxyz.mht! http://tdt.org.pl/popup/loudtorg.chm::/Bridge-c139.cab

zainstaluj koniecznie SP2


(boczi) #3

Zainstaluj Service Pack 2!

Usuwasz:

C:\Program Files\Windows AdService\WinAdServ.exe

   	C:\temp\salm.exe

   	C:\Program Files\Windows AdService\WinAdSlave.exe

   	O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe

   	O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

   	O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxyz.mht!http://tdt.org.pl/popup/loudtorg.chm::/Bridge -c139.cab

   	O16 - DPF: Win32 Classes -

(Rafi 21) #4

a powstrzyma te wszystkie g****


(boczi) #5

Nic nie pomaga tak dobrze, jak zdrowy rozsądek.


(123448) #6

jeśli będziesz uważał na wszystkie rzeczy zwiazane z bezpieczeństwem to tak jak mówi Boczi będziesz miał mniej syfu używajac do obrony rozsadku :wink: no a wrazie złapania jakiegoś badziewia to zawsze znajdzie się jakaś przydatna aplikacje od spyware :stuck_out_tongue:


(Dragonlnx) #7

1.Czyścisz folder TEMP

2.Usuwasz w trybie awaryjnym + wyłączone przywr. systemu:

O4 - HKLM..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe

O4 - HKLM..\Run: [salm] c:\temp\salm.exe

Znasz to ? Nie/Kasacja

O4 - HKLM..\Run: [sAHBundle] C:\DOCUME~1\rafi\USTAWI~1\Temp\SAHAGE~1.EXE run

Skutki nieużywania SpywareBlaster'a :frowning:

O16 - DPF: Win32 Classes -

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxyz.mht!

Zainstaluj SpywareBlaster + SpywareGuard [ochrona rzeczywista]http://www.searchengines.pl/phpbb203/index.php?showtopic=11522