HiJackThis – prosze o spr loga
Prosze o sprawdzenie loga, dzieki
Logfile of HijackThis v1.99.1
Scan saved at 20:55:52, on 2005–04–30
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Tray Helper_Tuterko\Tray_helper.exe
C:\WINDOWS\System32\wuauclt.exe
E:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Tuterko\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kurnik.pl/literaki/?cookie=71276ef22bcf15ad0a2000c16d202a34
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.trayhelper.com/misc/live_update/_reload_page_update.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
F3 – REG:win.ini: load=c:\progra~1\collins\watch.exe
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem219.dll (file missing)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 – HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\system\rundll33.exe
O4 – HKLM\..\Run: [Configuration Loader] msgfix.exe
O4 – HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 – HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 – HKLM\..\Run: [eprogramfile0] e:\program files\lotus\orgreg\prtStart.exe 18 17 11 27 2004 "e:\program files\lotus\orgreg\orgprt.exe"
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 – HKLM\..\RunServices: [Microsoft AUT Update] MSlta32.exe
O4 – HKLM\..\RunServices: [Microsoft Update Server] mssrv.exe
O4 – HKLM\..\RunServices: [Microsoft Spool Server] spoolsvc.exe
O4 – HKLM\..\RunServices: [Configuration Loader] msgfix.exe
O4 – HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 – HKCU\..\Run: [IZSoftTrayHelper] C:\Program Files\Tray Helper_Tuterko\Launch.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{C712E3BD–F93B–484F–90F2–360911FD11C4}: NameServer = 212.160.238.131,80.85.224.2
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Outpost Firewall Service (OutpostFirewall) – Agnitum – C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logfile of HijackThis v1.99.1
Scan saved at 20:55:52, on 2005–04–30
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Tray Helper_Tuterko\Tray_helper.exe
C:\WINDOWS\System32\wuauclt.exe
E:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Tuterko\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kurnik.pl/literaki/?cookie=71276ef22bcf15ad0a2000c16d202a34
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.trayhelper.com/misc/live_update/_reload_page_update.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
F3 – REG:win.ini: load=c:\progra~1\collins\watch.exe
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem219.dll (file missing)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 – HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\system\rundll33.exe
O4 – HKLM\..\Run: [Configuration Loader] msgfix.exe
O4 – HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 – HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 – HKLM\..\Run: [eprogramfile0] e:\program files\lotus\orgreg\prtStart.exe 18 17 11 27 2004 "e:\program files\lotus\orgreg\orgprt.exe"
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 – HKLM\..\RunServices: [Microsoft AUT Update] MSlta32.exe
O4 – HKLM\..\RunServices: [Microsoft Update Server] mssrv.exe
O4 – HKLM\..\RunServices: [Microsoft Spool Server] spoolsvc.exe
O4 – HKLM\..\RunServices: [Configuration Loader] msgfix.exe
O4 – HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 – HKCU\..\Run: [IZSoftTrayHelper] C:\Program Files\Tray Helper_Tuterko\Launch.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{C712E3BD–F93B–484F–90F2–360911FD11C4}: NameServer = 212.160.238.131,80.85.224.2
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Outpost Firewall Service (OutpostFirewall) – Agnitum – C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Odpowiedzi: 2
Odpal regedit, wyszukaj "_{CFBFAE00–17A6–11D0–99CB–00C04FD64497}" i usun recznie. Pliki wymienione ponizej wyszukaj na dysku i usun. W HJ usun:
Coz to za program ? Uzywasz Lotusa ?
O4 – HKLM\..\Run: [eprogramfile0] e:\program files\lotus\orgreg\prtStart.exe 18 17 11 27 2004 "e:\program files\lotus\orgreg\orgprt.exe"
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem219.dll (file missing)
O4 – HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\system\rundll33.exe
O4 – HKLM\..\Run: [Configuration Loader] msgfix.exe
O4 – HKLM\..\RunServices: [Microsoft AUT Update] MSlta32.exe
O4 – HKLM\..\RunServices: [Microsoft Update Server] mssrv.exe
O4 – HKLM\..\RunServices: [Microsoft Spool Server] spoolsvc.exe
O4 – HKLM\..\RunServices: [Configuration Loader] msgfix.exe
Coz to za program ? Uzywasz Lotusa ?
O4 – HKLM\..\Run: [eprogramfile0] e:\program files\lotus\orgreg\prtStart.exe 18 17 11 27 2004 "e:\program files\lotus\orgreg\orgprt.exe"
Wyłącz przywracanie i pozbadz sie plików oraz wpisów w HJT:
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem219.dll (file missing)
O4 – HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\system\rundll33.exe
O4 – HKLM\..\Run: [Configuration Loader] msgfix.exe
O4 – HKLM\..\RunServices: [Microsoft AUT Update] MSlta32.exe
O4 – HKLM\..\RunServices: [Microsoft Update Server] mssrv.exe
O4 – HKLM\..\RunServices: [Microsoft Spool Server] spoolsvc.exe
O4 – HKLM\..\RunServices: [Configuration Loader] msgfix.exe
Strona 1 / 1