Czysto ??
Hejka
Prosiłabym o sprawdzenie logów z hijackthis
Ostatnio jakoś miałam troche programów szpiegujących , chciałabym wiedzieć chy juź wszystkie mam z głowy :D 8)
Logfile of HijackThis v1.99.1
Scan saved at 14:42:13, on 2005–10–01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti–Hacker\KAVPF.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Gadu–Gadu\Gadu–Gadu\gg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\1\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: bho2gr Class – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – C:\Program Files\GetRight\xx2gr.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 – Toolbar: Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 – HKLM\..\Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti–Virus Personal\kav.exe" /minimize
O4 – HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad–Aware SE Professional\Ad–Watch.exe"
O4 – HKLM\..\Run: [arcn] C:\WINDOWS\arcn.exe
O4 – HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 – HKLM\..\Run: [saap] c:\program files\zango\saap.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Spamihilator] "E:\Spamihilator\spamihilator.exe"
O4 – HKCU\..\Run: [KamikazeKat] C:\Program Files\ScreenMates\Gato2.exe
O4 – HKCU\..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none
O4 – HKCU\..\Run: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" –boot
O4 – HKCU\..\Run: [eSkiMoS R2] "D:\eSkiMoS R2\eSkiMoS.exe" tray
O4 – HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe –Hide
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: Kaspersky Anti–Hacker.lnk = ?
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (Ganymede Board Games) – http://67.15.101.3/g_bin/pl/boards_2_0_0_22.cab
O16 – DPF: {4D7F48C0–CB49–4EA6–97D4–04F4EACC2F3B} – http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115899759040
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122636889179
O16 – DPF: {74D05D43–3236–11D4–BDCD–00C04F9A3B61} (HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/pl/slots70_2_0_0_24.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {EF791A6B–FC12–4C68–99EF–FB9E207A39E6} (McFreeScan Class) – http://download.mcafee.com/molbin/iss–loc/vso/en–us/tools/mcfscan/2,0,0,4539/mcfscan.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{0CE5E9B6–883C–4D69–8BF8–F50E3B926EB2}: NameServer = 10.1.88.1,194.204.159.1,194.204.152.34
O17 – HKLM\System\CS1\Services\Tcpip\..\{0CE5E9B6–883C–4D69–8BF8–F50E3B926EB2}: NameServer = 10.1.88.1,194.204.159.1,194.204.152.34
O17 – HKLM\System\CS2\Services\Tcpip\..\{0CE5E9B6–883C–4D69–8BF8–F50E3B926EB2}: NameServer = 10.1.88.1,194.204.159.1,194.204.152.34
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti–Virus Personal\kavsvc.exe
dzięki i czekam
Prosiłabym o sprawdzenie logów z hijackthis
Ostatnio jakoś miałam troche programów szpiegujących , chciałabym wiedzieć chy juź wszystkie mam z głowy :D 8)
Logfile of HijackThis v1.99.1
Scan saved at 14:42:13, on 2005–10–01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti–Hacker\KAVPF.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Gadu–Gadu\Gadu–Gadu\gg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\1\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: bho2gr Class – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – C:\Program Files\GetRight\xx2gr.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 – Toolbar: Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 – HKLM\..\Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti–Virus Personal\kav.exe" /minimize
O4 – HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad–Aware SE Professional\Ad–Watch.exe"
O4 – HKLM\..\Run: [arcn] C:\WINDOWS\arcn.exe
O4 – HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 – HKLM\..\Run: [saap] c:\program files\zango\saap.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Spamihilator] "E:\Spamihilator\spamihilator.exe"
O4 – HKCU\..\Run: [KamikazeKat] C:\Program Files\ScreenMates\Gato2.exe
O4 – HKCU\..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none
O4 – HKCU\..\Run: [SIAPRO7] "C:\Program Files\Steganos Internet Anonym Pro 7\SIAPRO7.exe" –boot
O4 – HKCU\..\Run: [eSkiMoS R2] "D:\eSkiMoS R2\eSkiMoS.exe" tray
O4 – HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe –Hide
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: Kaspersky Anti–Hacker.lnk = ?
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (Ganymede Board Games) – http://67.15.101.3/g_bin/pl/boards_2_0_0_22.cab
O16 – DPF: {4D7F48C0–CB49–4EA6–97D4–04F4EACC2F3B} – http://sib1.od2.com/common/Member/ClientInstall/7.20.0003/OCI/setup.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115899759040
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1122636889179
O16 – DPF: {74D05D43–3236–11D4–BDCD–00C04F9A3B61} (HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/pl/slots70_2_0_0_24.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {EF791A6B–FC12–4C68–99EF–FB9E207A39E6} (McFreeScan Class) – http://download.mcafee.com/molbin/iss–loc/vso/en–us/tools/mcfscan/2,0,0,4539/mcfscan.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{0CE5E9B6–883C–4D69–8BF8–F50E3B926EB2}: NameServer = 10.1.88.1,194.204.159.1,194.204.152.34
O17 – HKLM\System\CS1\Services\Tcpip\..\{0CE5E9B6–883C–4D69–8BF8–F50E3B926EB2}: NameServer = 10.1.88.1,194.204.159.1,194.204.152.34
O17 – HKLM\System\CS2\Services\Tcpip\..\{0CE5E9B6–883C–4D69–8BF8–F50E3B926EB2}: NameServer = 10.1.88.1,194.204.159.1,194.204.152.34
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti–Virus Personal\kavsvc.exe
dzięki i czekam
Odpowiedzi: 2
dzięki :D
Nie jest czysto do końca, coś zostało
Jeśli numery DNSów są Twoje to wszystko.
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
O4 – HKLM\..\Run: [arcn] C:\WINDOWS\arcn.exe
O4 – HKLM\..\Run: [saap] c:\program files\zango\saap.exe
Jeśli numery DNSów są Twoje to wszystko.
Strona 1 / 1