log mnie dobija
juz nie moge wytrzymać.niedawno zrobiłem kompa po wirusie atu znów.tata mi włazi na jakieś stronki jak jestem w szkole i musze sprzatać w kompie.jak mozna zrobic zeby sie tak nie robiło,albo zeby zablokowac te strony z wirusami.albo nauczcie mnie z tym logiem jak sie go czyści.jak wy to robicie??proszę o spr loga.
Logfile of HijackThis v1.99.1
Scan saved at 20:19:29, on 2005–04–18
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS.000\System32\smss.exe
D:\WINDOWS.000\SYSTEM32\winlogon.exe
D:\WINDOWS.000\system32\services.exe
D:\WINDOWS.000\system32\lsass.exe
D:\WINDOWS.000\system32\svchost.exe
D:\WINDOWS.000\System32\svchost.exe
D:\WINDOWS.000\Explorer.EXE
D:\WINDOWS.000\system32\spoolsv.exe
D:\Program Files\MKS\Bin\NetMonSV.exe
D:\Program Files\MKS\Bin\mksmonsv.exe
D:\WINDOWS.000\System32\nvsvc32.exe
C:\program files\powerstrip\pstrip.exe
D:\Program Files\MKS\Bin\mks_menu.exe
D:\Program Files\MKS\Bin\ABregmon.exe
D:\WINDOWS.000\mfcsv.exe
D:\WINDOWS.000\System32\ctfmon.exe
D:\Program Files\D–Link AirPlus\AirPlus.exe
D:\Program Files\ICQLite\X_icq_5.03_build_2315_pl.exe
D:\Program Files\NetPanel\NetPanel.exe
D:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Gadu–Gadu\gg.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Klonowscy\Moje dokumenty\ściągnięte\hijackthis_199\HijackThis.exe
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {CC0B2577–F2AD–A94E–4800–0338C9878A37} – D:\WINDOWS.000\system32\javadn.dll
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS.000\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NeroCheck] D:\WINDOWS.000\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS.000\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [MKS_MENU] D:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] D:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [NetPanel] "D:\Program Files\NetPanel\Starter.exe" /path="D:\Program Files\NetPanel"
O4 – HKLM\..\Run: [KAZAA] "D:\Program Files\Kazaa Lite Rewolucja\kpp.exe" "D:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp" /SYSTRAY
O4 – HKLM\..\Run: [mfcsv.exe] D:\WINDOWS.000\mfcsv.exe
O4 – HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS.000\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: Spolszczenie – Auto Update.lnk = D:\Program Files\ICQLite\icq_5.03_build_2315_pl.exe
O4 – Global Startup: D–Link AirPlus.lnk = ?
O4 – Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &ICQ Toolbar Search – res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 – Extra context menu item: Download All by FlashGet – D:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – D:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – D:\Program Files\ICQLite\ICQLite.exe
O9 – Extra 'Tools' menuitem: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – D:\Program Files\ICQLite\ICQLite.exe
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra button: (no name) – SolidConverterPDF – (no file) (HKCU)
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 – DPF: {8626DFA9–2BAC–4BDA–8663–8DAA0F942C0D} – http://megapanel.gem.pl/temp/netp/0892/1719/8286/3400/5_0892171982863400.ocx
O16 – DPF: {E95CF138–A587–4C54–8175–3AD80997CB14} (GINSOCCER Class) – http://67.15.101.3/g_bin/pl/soccer_2_0_0_8.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{7134E7CE–00E2–4488–9531–1AA8F98676EA}: NameServer = 213.199.225.10,213.199.225.14
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – D:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – D:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – D:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – D:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS.000\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 20:19:29, on 2005–04–18
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS.000\System32\smss.exe
D:\WINDOWS.000\SYSTEM32\winlogon.exe
D:\WINDOWS.000\system32\services.exe
D:\WINDOWS.000\system32\lsass.exe
D:\WINDOWS.000\system32\svchost.exe
D:\WINDOWS.000\System32\svchost.exe
D:\WINDOWS.000\Explorer.EXE
D:\WINDOWS.000\system32\spoolsv.exe
D:\Program Files\MKS\Bin\NetMonSV.exe
D:\Program Files\MKS\Bin\mksmonsv.exe
D:\WINDOWS.000\System32\nvsvc32.exe
C:\program files\powerstrip\pstrip.exe
D:\Program Files\MKS\Bin\mks_menu.exe
D:\Program Files\MKS\Bin\ABregmon.exe
D:\WINDOWS.000\mfcsv.exe
D:\WINDOWS.000\System32\ctfmon.exe
D:\Program Files\D–Link AirPlus\AirPlus.exe
D:\Program Files\ICQLite\X_icq_5.03_build_2315_pl.exe
D:\Program Files\NetPanel\NetPanel.exe
D:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Gadu–Gadu\gg.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Klonowscy\Moje dokumenty\ściągnięte\hijackthis_199\HijackThis.exe
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {CC0B2577–F2AD–A94E–4800–0338C9878A37} – D:\WINDOWS.000\system32\javadn.dll
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS.000\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NeroCheck] D:\WINDOWS.000\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS.000\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [MKS_MENU] D:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] D:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [NetPanel] "D:\Program Files\NetPanel\Starter.exe" /path="D:\Program Files\NetPanel"
O4 – HKLM\..\Run: [KAZAA] "D:\Program Files\Kazaa Lite Rewolucja\kpp.exe" "D:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp" /SYSTRAY
O4 – HKLM\..\Run: [mfcsv.exe] D:\WINDOWS.000\mfcsv.exe
O4 – HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS.000\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: Spolszczenie – Auto Update.lnk = D:\Program Files\ICQLite\icq_5.03_build_2315_pl.exe
O4 – Global Startup: D–Link AirPlus.lnk = ?
O4 – Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &ICQ Toolbar Search – res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 – Extra context menu item: Download All by FlashGet – D:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – D:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – D:\Program Files\ICQLite\ICQLite.exe
O9 – Extra 'Tools' menuitem: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – D:\Program Files\ICQLite\ICQLite.exe
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra button: (no name) – SolidConverterPDF – (no file) (HKCU)
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 – DPF: {8626DFA9–2BAC–4BDA–8663–8DAA0F942C0D} – http://megapanel.gem.pl/temp/netp/0892/1719/8286/3400/5_0892171982863400.ocx
O16 – DPF: {E95CF138–A587–4C54–8175–3AD80997CB14} (GINSOCCER Class) – http://67.15.101.3/g_bin/pl/soccer_2_0_0_8.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{7134E7CE–00E2–4488–9531–1AA8F98676EA}: NameServer = 213.199.225.10,213.199.225.14
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – D:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – D:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – D:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – D:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS.000\System32\nvsvc32.exe
Odpowiedzi: 2
mozesz tez zablokowac strony przez plik hosts
C:\windows\system32\drivers\etc\hosts
otwierasz notatnikiem i pod localhosts wpisujesz np
127.0.0.1 cydoor.com
127.0.0.1 to przekierowywanie na adres twojego kompa
a cydoor.com to adres
btw bez http://
C:\windows\system32\drivers\etc\hosts
otwierasz notatnikiem i pod localhosts wpisujesz np
127.0.0.1 cydoor.com
127.0.0.1 to przekierowywanie na adres twojego kompa
a cydoor.com to adres
btw bez http://
Pozbadz sie tego:
W temacie o HiJacku znajdziesz linka do strony sprawdzajacej logi.
P.S. Zaloz hasla na konta administratorow i powiedz ojcu: a kuku.
D:\WINDOWS.000\mfcsv.exe
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {CC0B2577–F2AD–A94E–4800–0338C9878A37} – D:\WINDOWS.000\system32\javadn.dll
O4 – HKLM\..\Run: [mfcsv.exe] D:\WINDOWS.000\mfcsv.exe
O9 – Extra button: (no name) – SolidConverterPDF – (no file) (HKCU)
W temacie o HiJacku znajdziesz linka do strony sprawdzajacej logi.
P.S. Zaloz hasla na konta administratorow i powiedz ojcu: a kuku.
Strona 1 / 1