log z hijacka help!!
Logfile of HijackThis v1.99.1
Scan saved at 21:16:04, on 2006–02–10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\neon\USTAWI~1\Temp\Rar$EX00.516\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\neon\USTAWI~1\Temp\Rar$EX00.329\autoruns.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.dialog.net.pl:8080
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{649099C2–D246–448F–8807–218728D97463}: NameServer = 217.30.129.149,217.30.137.200
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Prosze powiedziec co to jest to 023 bo wydaje mi sie ze to moze byc klopotem
po wlaczeniu kompa wywala mi komunika ze brakuje pliku i nie da rady wlaczyc a jakos w autostarcie tego nie ma
do tego kto mi powie jak wywalic child.dll probowalem w awaryjnym ale nie da rady :(
Odpowiedzi: 4
w84u:
Czesiek, ładne imię dla dziewczyny ;)C:\windows\winsysban8.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
O2 – BHO: (no name) – {20D57A66–F7DF–467d–907B–9B7F4A118AB7} – D:\WINDOWS\System32\tusrs.dll
O4 – HKLM\..\Run: [Anti–Virus Update Scheduler] C:\ir87l.exe
O4 – HKLM\..\Run: [Spooler SubSystem App] D:\WINDOWS\System32\spoolsvc.exe
O4 – HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe
O4 – HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe
O20 – Winlogon Notify: tusrs – D:\WINDOWS\SYSTEM32\tusrs.dll
23 – Service: Performance Logs (Perfhmon) – Unknown owner – D:\WINDOWS\System32\Perfhmon.exe (file missing)
O23 – Service: Service Hosts (ServiceHost) – Unknown owner – D:\WINDOWS\shost.exe (file missing)
O23 – Service: Win32Sr – Unknown owner – D:\WINDOWS\win32ssr.exe (file missing)
Tyle tego, źe mogłem coś pominąć
tak czeslaw to jej stary
Czesiek, ładne imię dla dziewczyny ;)
Tyle tego, źe mogłem coś pominąć
C:\windows\winsysban8.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
O2 – BHO: (no name) – {20D57A66–F7DF–467d–907B–9B7F4A118AB7} – D:\WINDOWS\System32\tusrs.dll
O4 – HKLM\..\Run: [Anti–Virus Update Scheduler] C:\ir87l.exe
O4 – HKLM\..\Run: [Spooler SubSystem App] D:\WINDOWS\System32\spoolsvc.exe
O4 – HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe
O4 – HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe
O20 – Winlogon Notify: tusrs – D:\WINDOWS\SYSTEM32\tusrs.dll
23 – Service: Performance Logs (Perfhmon) – Unknown owner – D:\WINDOWS\System32\Perfhmon.exe (file missing)
O23 – Service: Service Hosts (ServiceHost) – Unknown owner – D:\WINDOWS\shost.exe (file missing)
O23 – Service: Win32Sr – Unknown owner – D:\WINDOWS\win32ssr.exe (file missing)
Tyle tego, źe mogłem coś pominąć
Logfile of HijackThis v1.99.1
Scan saved at 20:53:18, on 2006–02–13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\HP\HP Software Update\HPWuSchd.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\windows\winsysban8.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\WINDOWS\system32\cmd.exe
D:\WINDOWS\system32\ftp.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Gadu–Gadu\gg.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\Czesiek\Ustawienia lokalne\Temp\Katalog tymczasowy 2 dla hijackthis_199.zip\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dialog.net.pl
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Microsoft Internet Explorer dostarczony przez Dialog
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {20D57A66–F7DF–467d–907B–9B7F4A118AB7} – D:\WINDOWS\System32\tusrs.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 – HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [KAVPersonal50] D:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe /minimize
O4 – HKLM\..\Run: [Anti–Virus Update Scheduler] C:\ir87l.exe
O4 – HKLM\..\Run: [Spooler SubSystem App] D:\WINDOWS\System32\spoolsvc.exe
O4 – HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe
O4 – HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe
O4 – HKLM\..\Run: [WinDLL (v4mon.dll)] rundll32.exe D:\WINDOWS\System32\v4mon.dll,start
O4 – HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O14 – IERESET.INF: START_PAGE_URL=http://www.dialog.net.pl
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{8D0B1E00–4EFF–490B–BEBC–CFA55ED64FD8}: NameServer = 217.30.129.149,217.30.137.200
O20 – Winlogon Notify: tusrs – D:\WINDOWS\SYSTEM32\tusrs.dll
O23 – Service: kavsvc – Kaspersky Lab – D:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Performance Logs (Perfhmon) – Unknown owner – D:\WINDOWS\System32\Perfhmon.exe (file missing)
O23 – Service: Pml Driver HPZ12 – HP – D:\WINDOWS\System32\HPZipm12.exe
O23 – Service: Service Hosts (ServiceHost) – Unknown owner – D:\WINDOWS\shost.exe (file missing)
O23 – Service: Win32Sr – Unknown owner – D:\WINDOWS\win32ssr.exe (file missing)
Prosze was jeszcze o sprawdzenie tego :( jest to log z kompa mojej dziewczyny mowila ze ma jakiego wira nie mowi konkretnie jakie sa objawy ale wiadomo to przeciez dziewczyna. prosze o pomoc!! z gory wielkie dzieki!!
Wszystko juz jest ok wykasowalem tego child.dll regrunem poprawilem to co kazales ale ciagle nie moge wlaczyc zapory pisze ze z niezidentifikowanych przyczyn bla bla bla skanowalem juz mks i wywalilem te podejrzane pliki i dalej sie nie da hmm..
Strona 1 / 1