CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo log z hijacka – dziex

log z hijacka – dziex

Witajcie. Robótka:
Logfile of HijackThis v1.97.7
Scan saved at 14:46:59, on 2005–11–20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\carpserv.exe
C:\program files\antydialer tp\antydialertp.exe
C:\Program Files\Paragon Software\Paragon CD–ROM Emulator\cdman.exe
C:\Ekspert\usr\MYSQL\bin\mysqld.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Bankrut\bankrut.exe
C:\WINDOWS\system32\wscntfy.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
D:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DOM\Pulpit\pliki\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {58F07DD3–924D–4141–BC74–299F523A95F1} – C:\WINDOWS\pxwma.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: (no name) – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar3.dll
O3 – Toolbar: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – (no file)
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar3.dll
O4 – HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [EasyTuneIV] C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [CARPService] carpserv.exe
O4 – HKLM\..\Run: [AntyDialerTP] "c:\program files\antydialer tp\antydialertp.exe" tray
O4 – HKLM\..\Run: [cdman.exe] "C:\Program Files\Paragon Software\Paragon CD–ROM Emulator\cdman.exe" /startup
O4 – HKLM\..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe
O4 – HKCU\..\Run: [Spamihilator] "d:\Program Files\Spamihilator\spamihilator.exe"
O4 – Startup: Bankrut.lnk = C:\Program Files\Bankrut\bankrut.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – D:\PROGRA~1\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – D:\PROGRA~1\FlashGet\jc_all.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {56336BCB–3D8A–11D6–A00B–0050DA18DE71} (RdxIE Class) – http://software–dl.real.com/1823763bbe7f4856df05/netzip/RdxIE601.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123249926994
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab




Dziękuje. :)

Odpowiedzi: 5

1. Chyba tak.
2. Link do hijackthis.de znajduje sie w poscie wsskazanym wczesniej przez Żółtego. Jak wiec odebrac Twoj post ? Flood ?
3. Zmien rozmiar czcionki w swoim podpisie.
EL NINO
Dodano
21.11.2005 00:04:56
Żółty:
Under – nie uwaźasz, źe lekkim przegięciem jest cytowanie całości posta po to by jedną linijkę napisać ??

Cyba nie!!!
Under
Dodano
20.11.2005 22:29:47
Under – nie uwaźasz, źe lekkim przegięciem jest cytowanie całości posta po to by jedną linijkę napisać ??
Żółty
Dodano
20.11.2005 22:25:54
ATC:
Witajcie. Robótka:
Logfile of HijackThis v1.97.7
Scan saved at 14:46:59, on 2005–11–20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\carpserv.exe
C:\program files\antydialer tp\antydialertp.exe
C:\Program Files\Paragon Software\Paragon CD–ROM Emulator\cdman.exe
C:\Ekspert\usr\MYSQL\bin\mysqld.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Bankrut\bankrut.exe
C:\WINDOWS\system32\wscntfy.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
D:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DOM\Pulpit\pliki\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {58F07DD3–924D–4141–BC74–299F523A95F1} – C:\WINDOWS\pxwma.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: (no name) – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar3.dll
O3 – Toolbar: SearchToolbar – {08BEC6AA–49FC–4379–3587–4B21E286C19E} – (no file)
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar3.dll
O4 – HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [EasyTuneIV] C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [CARPService] carpserv.exe
O4 – HKLM\..\Run: [AntyDialerTP] "c:\program files\antydialer tp\antydialertp.exe" tray
O4 – HKLM\..\Run: [cdman.exe] "C:\Program Files\Paragon Software\Paragon CD–ROM Emulator\cdman.exe" /startup
O4 – HKLM\..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe
O4 – HKCU\..\Run: [Spamihilator] "d:\Program Files\Spamihilator\spamihilator.exe"
O4 – Startup: Bankrut.lnk = C:\Program Files\Bankrut\bankrut.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – D:\PROGRA~1\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – D:\PROGRA~1\FlashGet\jc_all.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {56336BCB–3D8A–11D6–A00B–0050DA18DE71} (RdxIE Class) – http://software–dl.real.com/1823763bbe7f4856df05/netzip/RdxIE601.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123249926994
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab




Dziękuje. :)



http://www.hijackthis.de/en i se sprawdz sam 1!!!!!1 :twisted: :twisted: :twisted: :twisted:
Under
Dodano
20.11.2005 22:23:34
Adam Słodowy –> http://forum.centrumxp.pl/viewtopic.php?t=37513
Żółty
Dodano
20.11.2005 16:17:19
ATC
Dodano:
20.11.2005 15:58:27
Komentarzy:
5
Strona 1 / 1