CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo mam prosbe mozecie mi sprawdzic rega??

mam prosbe mozecie mi sprawdzic rega??

Logfile of HijackThis v1.97.7
Scan saved at 00:17:44, on 2005–01–22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32savedump.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
C:Program FilesNorton SystemWorksNorton AntiVirusIWPNPFMntor.exe
C:PROGRA~1NORTON~1NORTON~2NPROTECT.EXE
C:PROGRA~1NORTON~1NORTON~2SPEEDD~1NOPDB.EXE
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:Program FilesJavaj2re1.4.2_05injusched.exe
C:PROGRA~1NEOSTR~1CnxMon.exe
C:PROGRA~1NEOSTR~1TaskbarIcon.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
D:ProgramyGadu–Gadugg.exe
C:WINDOWShhnt.exe
C:Documents and SettingsKamilDane aplikacjicedd.exe
C:WINDOWSSystem32wucrtupd.exe
C:WINDOWSSystem32LmriZTK2.exe
C:WINDOWSSystem32wuauclt.exe
C:PROGRA~1NEOSTR~1NeostradaTP.exe
C:PROGRA~1NEOSTR~1NeostradaTP.exe
C:PROGRA~1NEOSTR~1ComComp.exe
C:PROGRA~1NEOSTR~1Watch.exe
C:WINDOWSSystem32wuauclt.exe
C:WINDOWSSystem32LmriZTK2.exe
C:Program FilesAvant Browseravant.exe
C:Documents and SettingsKamilPulpitHijackThis.exe
C:Program FilesInternet Exploreriexplore.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 – BHO: (no name) – {907B1D37–D9FD–FC56–D13A–804D80847AC5} – C:WINDOWSSystem32yiv.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetJccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O4 – HKCU..Run: [Gadu–Gadu] "D:ProgramyGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [MSAgent] C:WINDOWShhnt.exe
O4 – HKCU..Run: [Wles] C:Documents and SettingsKamilDane aplikacjicedd.exe
O4 – HKCU..Run: [Itnsx] C:WINDOWSSystem32wucrtupd.exe
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:Program FilesAvant BrowserAddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:Program FilesAvant BrowserAddToADBlackList.htm
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:Program FilesAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:Program FilesAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – C:Program FilesAvant BrowserSearch.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra 'Tools' menuitem: MaxSpeed (HKLM)
O12 – Plugin for .mp3: C:Program FilesInternet ExplorerPLUGINS pqtplugin3.dll
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{17518D7F–B8E6–4E04–9A84–B60DDBF92C45}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLMSystemCS1ServicesTcpip..{17518D7F–B8E6–4E04–9A84–B60DDBF92C45}: NameServer = 194.204.152.34 217.98.63.164

Odpowiedzi: 10

Wylaczasz przywracanie i pozbywasz sie plikow oraz fixujesz wpisy
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4746
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchcentral.cc/index.php?v=4&aff=4746
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://searchcentral.cc/index.php?v=4&aff=4746
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
O1 – Hosts file is located at: C:WINDOWS sdbhosts
O1 – Hosts: 82.179.166.164 lender–search.com
O1 – Hosts: 82.179.166.165 hot–searches.com
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..RunOnce: [tlc] C:WINDOWSupdate13.js
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O18 – Filter: text/html – {4F7681E5–6CAF–478D–9CB8–4CA593BEE7FB} – C:WINDOWSSystem32xplugin.dll
Bobi
Dodano
26.01.2005 23:04:26
formatowalem dysk i chcialbym zeby ktos mi sprawdzil rega, z gory dziekuje!

Logfile of HijackThis v1.99.0
Scan saved at 21:54:04, on 2005–01–26
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1NEOSTR~1CnxMon.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:PROGRA~1NEOSTR~1TaskbarIcon.exe
C:WINDOWSSystem32RUNDLL32.EXE
D:ProgramyWinampwinampa.exe
C:WINDOWSSystem32Fmctrl.EXE
C:Program FilesJavaj2re1.4.2_06injusched.exe
C:WINDOWSSystem32ctfmon.exe
D:ProgramyGadu–Gadugg.exe
C:WINDOWSSystem32 vsvc32.exe
D:ProgramyAvant Browseravant.exe
C:Program FilesFlashGetflashget.exe
C:Documents and SettingskamilPulpitHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4746
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchcentral.cc/index.php?v=4&aff=4746
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://searchcentral.cc/index.php?v=4&aff=4746
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O1 – Hosts file is located at: C:WINDOWS sdbhosts
O1 – Hosts: 82.179.166.164 lender–search.com
O1 – Hosts: 82.179.166.165 hot–searches.com
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll
O4 – HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe
O4 – HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [WinampAgent] d:ProgramyWinampwinampa.exe
O4 – HKLM..Run: [eMusicClient] d:ProgramyWinampeMusiceMusicClient.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [FmctrlTray] Fmctrl.EXE
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_06injusched.exe
O4 – HKLM..RunOnce: [tlc] C:WINDOWSupdate13.js
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "D:ProgramyGadu–Gadugg.exe" /tray
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – D:ProgramyAvant BrowserAddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – D:ProgramyAvant BrowserAddToADBlackList.htm
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – D:ProgramyAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – D:ProgramyAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – D:ProgramyAvant BrowserSearch.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O18 – Filter: text/html – {4F7681E5–6CAF–478D–9CB8–4CA593BEE7FB} – C:WINDOWSSystem32xplugin.dll
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
–=MC=–
Dodano
26.01.2005 22:54:57
Sprobuj odtworzyc wpisy z backupa

Tego cedd.exe wywaliłbym bo wpisuje sie do RUNa a dwa to w ogole go nie znasz, google tez
Przeskanuj system CWShredderem
Bobi
Dodano
22.01.2005 10:35:59
czyli usuwalem regi, ktorych nie powinienien?? szczeze to nie wiem co to C:Documents and SettingsKamilDane aplikacjicedd.exe
–=MC=–
Dodano
22.01.2005 10:09:03
To zostaw:
16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O12 – Plugin for .mp3: C:Program FilesInternet ExplorerPLUGINS pqtplugin3.dll


A tego to juz na pewno nie usuwaj bo stracisz dostep do neta:
O17 – HKLMSystemCCSServicesTcpip..{17518D7F–B8E6–4E04–9A84–B60DDBF92C45}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLMSystemCS1ServicesTcpip..{17518D7F–B8E6–4E04–9A84–B60DDBF92C45}: NameServer = 194.204.152.34 217.98.63.164


Nie rozumiem jeszcze czemu ma usuwac:
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:Program FilesAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:Program FilesAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – C:Program FilesAvant BrowserSearch.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm


–=MC=– znasz to: C:Documents and SettingsKamilDane aplikacjicedd.exe ??
Bobi
Dodano
22.01.2005 09:52:38
Jeźeli wyłączyłeś przywracanie ,usuń go ręcznie (scieźka podana),ewentualnie w trybie awaryjnym..
MarcinX
Dodano
22.01.2005 02:30:43
kurde ale mam jeszcze jeden problem bo jak usuwam w tego rega z buldog–search.com to jak dam skana jeszcze raz to znow go wykrywa i tak caly czac...!! ;/
–=MC=–
Dodano
22.01.2005 02:24:24
of course! dzieki!
–=MC=–
Dodano
22.01.2005 02:14:59

C:WINDOWShhnt.exe
C:Documents and SettingsKamilDane aplikacjicedd.exe
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:Program FilesAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:Program FilesAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – C:Program FilesAvant BrowserSearch.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O12 – Plugin for .mp3: C:Program FilesInternet ExplorerPLUGINS pqtplugin3.dll



Wyłączyłeś przywracanie systemu ?
MarcinX
Dodano
22.01.2005 02:11:38
sory ale jescze jedno, co mam usunac, bo wyskakuje mi ciagle ta stronka...
http://search.oxide.com/fma.main1/search/web/cool



Logfile of HijackThis v1.97.7
Scan saved at 00:53:19, on 2005–01–22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
C:Program FilesNorton SystemWorksNorton AntiVirusIWPNPFMntor.exe
C:PROGRA~1NORTON~1NORTON~2NPROTECT.EXE
C:PROGRA~1NORTON~1NORTON~2SPEEDD~1NOPDB.EXE
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:Program FilesJavaj2re1.4.2_05injusched.exe
C:PROGRA~1NEOSTR~1TaskbarIcon.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
D:ProgramyGadu–Gadugg.exe
C:WINDOWShhnt.exe
C:Documents and SettingsKamilDane aplikacjicedd.exe
C:WINDOWSSystem32wucrtupd.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:PROGRA~1NEOSTR~1NeostradaTP.exe
C:PROGRA~1NEOSTR~1ComComp.exe
C:PROGRA~1NEOSTR~1Watch.exe
D:ProgramyPopTrayPopTray.exe
D:ProgramyeMuleemule.exe
C:Program FilesAvant Browseravant.exe
C:WINDOWSsystem32 undll32.exe
C:Documents and SettingsKamilPulpitHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://szukaj.wp.pl
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetJccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O4 – HKCU..Run: [Gadu–Gadu] "D:ProgramyGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Itnsx] C:WINDOWSSystem32wucrtupd.exe
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:Program FilesAvant BrowserAddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:Program FilesAvant BrowserAddToADBlackList.htm
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:Program FilesAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:Program FilesAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – C:Program FilesAvant BrowserSearch.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra 'Tools' menuitem: MaxSpeed (HKLM)
O12 – Plugin for .mp3: C:Program FilesInternet ExplorerPLUGINS pqtplugin3.dll
–=MC=–
Dodano
22.01.2005 01:54:09
–=MC=–
Dodano:
22.01.2005 01:20:22
Komentarzy:
10
Strona 1 / 1