log do analizy
Podejrzanie zwalnia mi net... moze coś w procesach??
Logfile of HijackThis v1.99.1
Scan saved at 16:09:51, on 2005–11–25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\WINDOWS\system32\utilman.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\XP\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Loader Class – {2E246FAE–8420–11D9–870D–000C2917DE7F} – C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 – BHO: BHOmodObj Class – {7F6828CA–9E42–462C–BC60–418C8144012C} – c:\windows\system\BHOmod.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:\WINDOWS\system32\msbe.dll (file missing)
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 – HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD2\AnyDVD.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 – Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 – Plugin for .MOV: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 – Trusted IP range: 67.19.178.84 (HKLM)
O16 – DPF: ING Bank Online – https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O20 – Winlogon Notify: Shell Extensions – C:\WINDOWS\system32\mihtmler.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:09:51, on 2005–11–25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\WINDOWS\system32\utilman.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\XP\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Loader Class – {2E246FAE–8420–11D9–870D–000C2917DE7F} – C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 – BHO: BHOmodObj Class – {7F6828CA–9E42–462C–BC60–418C8144012C} – c:\windows\system\BHOmod.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:\WINDOWS\system32\msbe.dll (file missing)
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 – HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD2\AnyDVD.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 – Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 – Plugin for .MOV: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 – Trusted IP range: 67.19.178.84 (HKLM)
O16 – DPF: ING Bank Online – https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O20 – Winlogon Notify: Shell Extensions – C:\WINDOWS\system32\mihtmler.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
Odpowiedzi: 8
Co przez to rozumiesz ? Nie mozna odinstalowac z Dodaj/usun ? Nie mozna zaznaczyc w HJ i usunac ? Nie mozna usunac recznie, wczesniej konczac proces w Task managerze ?
niestety nie da sie usunac media access :–(
Sprawdz sobie loga sama –> http://forum.centrumxp.pl/viewtopic.php?t=37513
Usun zgodnie ze wskazaniami, do tego wpisy i pliki pokazane jako "Unknown":
kl.exe
paytime.exe
bxproxy.exe (chyba ze to znasz)
leeman.exe
+ wpisy O23 z "file missing" i O18 jesli usunelas wpkontakt.
Media Access odinstaluj wczesniej z Dodaj/usun programy jesli bedzie taka mozliwosc.
Usun zgodnie ze wskazaniami, do tego wpisy i pliki pokazane jako "Unknown":
kl.exe
paytime.exe
bxproxy.exe (chyba ze to znasz)
leeman.exe
+ wpisy O23 z "file missing" i O18 jesli usunelas wpkontakt.
Media Access odinstaluj wczesniej z Dodaj/usun programy jesli bedzie taka mozliwosc.
z gory dziekuje za pomoc...
Logfile of HijackThis v1.99.1
Scan saved at 21:30:06, on 29.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\explorer.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Siemens\Gigaset WLAN Adapter\wlm.exe
C:\WINDOWS\kl.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\tool2.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Julia\Desktop\gosia–dok\inne dok\Gadu–Gadu\gg.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Julia\Lokale Einstellungen\Temp\Temporres Verzeichnis 1 fr hijackthis.zip\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R3 – URLSearchHook: ICQ Toolbar – {855F3B16–6D32–4fe6–8A56–BBB695989046} – C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\Eigene Downloads\ICQToolbar\toolbaru.dll
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Need2Find Bar BHO – {4D1C4E81–A32A–416b–BCDB–33B3EF3617D3} – C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 – BHO: InstaFinderK – {4E7BD74F–2B8D–469E–90F0–F66AB581A933} – C:\Programme\INSTAFINK\instafink.dll
O3 – Toolbar: ICQ Toolbar – {855F3B16–6D32–4fe6–8A56–BBB695989046} – C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\Eigene Downloads\ICQToolbar\toolbaru.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: RX Toolbar – {25D8BACF–3DE2–4B48–AE22–D659B8D835B0} – C:\Programme\RXToolBar\RXToolBar.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 – HKLM\..\Run: [OfficeGuard RegChecker] "C:\Dokumente und Einstellungen\Julia\Desktop\gosia–dok\inne dok\ogrc.exe"
O4 – HKLM\..\Run: [AVPCC] "C:\Dokumente und Einstellungen\Julia\Desktop\gosia–dok\inne dok\avpcc.exe" /wait
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 – HKLM\..\RunServices: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Dokumente und Einstellungen\Julia\Desktop\gosia–dok\inne dok\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 – Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O8 – Extra context menu item: &ICQ Toolbar Search – res://C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\Eigene Downloads\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 – Extra context menu item: &Search – http://ky.bar.need2find.com/KY/menusearch.html?p=KY
O8 – Extra context menu item: Nach Microsoft &Excel exportieren – res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Recherchieren – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 – Extra button: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\Eigene Downloads\ICQLite\ICQLite.exe
O9 – Extra 'Tools' menuitem: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\Eigene Downloads\ICQLite\ICQLite.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O14 – IERESET.INF: START_PAGE_URL=http://www.medion.com/
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c403.cab
O16 – DPF: {1D6711C8–7154–40BB–8380–3DEA45B69CBF} (Web P2P Installer) –
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (Ganymede Board Games) – http://67.15.101.3/g_bin/pl/boards_2_0_0_20.cab
O16 – DPF: {4B4513E2–4E57–43DF–9496–FCD37E9DFA64} (GameDesire Sea Battle) – http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 – DPF: {4C39376E–FA9D–4349–BACC–D305C1750EF3} (EPUImageControl Class) – http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1–0–3–18.cab
O16 – DPF: {9085316E–42BA–11D4–BAA3–0080C8D7ED4A} (GameDesire JungleHunter) – http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 – DPF: {A1FE3DE0–CF77–11D4–8340–0080C8D7ED4A} (GameDesire Pinball Demon) – http://67.15.101.3/g_bin/pl/demon_2_0_0_19.cab
O16 – DPF: {A67BA5E3–5B79–11D6–A711–00C12601EADE} – http://www.fjut.net/codec.exe
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_22.cab
O16 – DPF: {AD7013FF–1D9A–4F36–94A6–3CD408A663F9} (GameDesire BreakOut) – http://67.15.101.3/g_bin/pl/breakout_2_0_0_18.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–983219421AEF} (GameDesire 1Player Word Games) – http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_34.cab
O16 – DPF: {E0B795B4–FD95–4ABD–A375–27962EFCE8CF} (StarInstall Control) – http://install.serviceurl.de/StarInstall.ocx
O16 – DPF: {E23FABEE–12E3–33DA–DA12–195DAC123984} (GameDesire Mahjong) – http://67.15.101.3/g_bin/pl/mahjong_2_0_0_18.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab
O18 – Protocol: wpmsg – {2E0AC5A0–3597–11D6–B3ED–0001021DC1C3} – C:\Programme\Wirtualna Polska\wpkontakt\url_wpmsg.dll (file missing)
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Programme\AVPersonal\AVGUARD.EXE
O23 – Service: AVP Control Centre Service (AVPCC) – Unknown owner – C:\Dokumente und Einstellungen\Julia\Desktop\gosia–dok\inne dok\avpcc.exe" /Service (file missing)
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 – Service: KAV Monitor Service (KAVMonitorService) – Unknown owner – C:\Dokumente und Einstellungen\Julia\Desktop\gosia–dok\inne dok\avpm.exe" /Service (file missing)
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 21:30:06, on 29.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\explorer.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Siemens\Gigaset WLAN Adapter\wlm.exe
C:\WINDOWS\kl.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\tool2.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Julia\Desktop\gosia–dok\inne dok\Gadu–Gadu\gg.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Julia\Lokale Einstellungen\Temp\Temporres Verzeichnis 1 fr hijackthis.zip\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R3 – URLSearchHook: ICQ Toolbar – {855F3B16–6D32–4fe6–8A56–BBB695989046} – C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\Eigene Downloads\ICQToolbar\toolbaru.dll
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Need2Find Bar BHO – {4D1C4E81–A32A–416b–BCDB–33B3EF3617D3} – C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 – BHO: InstaFinderK – {4E7BD74F–2B8D–469E–90F0–F66AB581A933} – C:\Programme\INSTAFINK\instafink.dll
O3 – Toolbar: ICQ Toolbar – {855F3B16–6D32–4fe6–8A56–BBB695989046} – C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\Eigene Downloads\ICQToolbar\toolbaru.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: RX Toolbar – {25D8BACF–3DE2–4B48–AE22–D659B8D835B0} – C:\Programme\RXToolBar\RXToolBar.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 – HKLM\..\Run: [OfficeGuard RegChecker] "C:\Dokumente und Einstellungen\Julia\Desktop\gosia–dok\inne dok\ogrc.exe"
O4 – HKLM\..\Run: [AVPCC] "C:\Dokumente und Einstellungen\Julia\Desktop\gosia–dok\inne dok\avpcc.exe" /wait
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 – HKLM\..\RunServices: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Dokumente und Einstellungen\Julia\Desktop\gosia–dok\inne dok\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 – Global Startup: Gigaset WLAN Adapter Monitor.lnk = ?
O8 – Extra context menu item: &ICQ Toolbar Search – res://C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\Eigene Downloads\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 – Extra context menu item: &Search – http://ky.bar.need2find.com/KY/menusearch.html?p=KY
O8 – Extra context menu item: Nach Microsoft &Excel exportieren – res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Recherchieren – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 – Extra button: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\Eigene Downloads\ICQLite\ICQLite.exe
O9 – Extra 'Tools' menuitem: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\Eigene Downloads\ICQLite\ICQLite.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O14 – IERESET.INF: START_PAGE_URL=http://www.medion.com/
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c403.cab
O16 – DPF: {1D6711C8–7154–40BB–8380–3DEA45B69CBF} (Web P2P Installer) –
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (Ganymede Board Games) – http://67.15.101.3/g_bin/pl/boards_2_0_0_20.cab
O16 – DPF: {4B4513E2–4E57–43DF–9496–FCD37E9DFA64} (GameDesire Sea Battle) – http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 – DPF: {4C39376E–FA9D–4349–BACC–D305C1750EF3} (EPUImageControl Class) – http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1–0–3–18.cab
O16 – DPF: {9085316E–42BA–11D4–BAA3–0080C8D7ED4A} (GameDesire JungleHunter) – http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 – DPF: {A1FE3DE0–CF77–11D4–8340–0080C8D7ED4A} (GameDesire Pinball Demon) – http://67.15.101.3/g_bin/pl/demon_2_0_0_19.cab
O16 – DPF: {A67BA5E3–5B79–11D6–A711–00C12601EADE} – http://www.fjut.net/codec.exe
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_22.cab
O16 – DPF: {AD7013FF–1D9A–4F36–94A6–3CD408A663F9} (GameDesire BreakOut) – http://67.15.101.3/g_bin/pl/breakout_2_0_0_18.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–983219421AEF} (GameDesire 1Player Word Games) – http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_34.cab
O16 – DPF: {E0B795B4–FD95–4ABD–A375–27962EFCE8CF} (StarInstall Control) – http://install.serviceurl.de/StarInstall.ocx
O16 – DPF: {E23FABEE–12E3–33DA–DA12–195DAC123984} (GameDesire Mahjong) – http://67.15.101.3/g_bin/pl/mahjong_2_0_0_18.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab
O18 – Protocol: wpmsg – {2E0AC5A0–3597–11D6–B3ED–0001021DC1C3} – C:\Programme\Wirtualna Polska\wpkontakt\url_wpmsg.dll (file missing)
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Programme\AVPersonal\AVGUARD.EXE
O23 – Service: AVP Control Centre Service (AVPCC) – Unknown owner – C:\Dokumente und Einstellungen\Julia\Desktop\gosia–dok\inne dok\avpcc.exe" /Service (file missing)
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 – Service: KAV Monitor Service (KAVMonitorService) – Unknown owner – C:\Dokumente und Einstellungen\Julia\Desktop\gosia–dok\inne dok\avpm.exe" /Service (file missing)
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Nic, zakończenie procesu nic mu nie zrobi. Nie usuwaj przypadkiem.
utilman.exe juź zakończyłem... :( co teraz??
utilman.exe – manadźer urządzeń, zostaje.
Do usuniecia jeszcze:
P.S. Chyba przestane poprawiać, zacznę ciąć.
Do usuniecia jeszcze:
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:\WINDOWS\system32\msbe.dll (file missing)
P.S. Chyba przestane poprawiać, zacznę ciąć.
Gentelmen_mh:
O2 – BHO: Loader Class – {2E246FAE–8420–11D9–870D–000C2917DE7F} – C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 – BHO: BHOmodObj Class – {7F6828CA–9E42–462C–BC60–418C8144012C} – c:\windows\system\BHOmod.dll
O15 – Trusted IP range: 67.19.178.84 (HKLM)
O20 – Winlogon Notify: Shell Extensions – C:\WINDOWS\system32\mihtmler.dll
Wyrejestrowanie biblioteki i jej usunięcie : C:\WINDOWS\system32\mihtmler.dll
UPD:
P.S. Chyba przestane poprawiać, zacznę ciąć.
Siebie, posty czy mnie :lol: ??
Strona 1 / 1