nic nowego czyli log do sprawdzenia
najwiecej watpliwosci mam co do tych ston internetowych przy O1 oraz dll'a O3
Logfile of HijackThis v1.99.0
Scan saved at 16:47:11, on 2005–02–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
D:ProgramyBrowser Mouselwbwheel.exe
D:Programyavast!ashDisp.exe
D:ProgramyGadu–Gadugg.exe
D:Programyavast!aswUpdSv.exe
D:Programyavast!ashServ.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32svchost.exe
D:Programyavast!ashWebSv.exe
D:Programyavast!ashMaiSv.exe
D:ProgramyAvant Browseravant.exe
D:ProgramyHijackThisHijackThis.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O1 – Hosts: 3466709097 sea.search.msn.com
O1 – Hosts: 3466709097 www.your.com your.com
O1 – Hosts: 3466709097 com.org
O1 – Hosts: 3466690378 ad.doubleclick.net
O1 – Hosts: 3466690378 view.atdmt.com
O1 – Hosts: 3466690378 click.atdmt.com
O1 – Hosts: 3466690378 leader.linkexchange.comO2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:ProgramyAdobe Reader 6ReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – D:ProgramySPYBOT~1SDHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [LWBMOUSE] D:ProgramyBrowser Mouselwbwheel.exe
O4 – HKLM..Run: [avast!] D:Programyavast!ashDisp.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKCU..Run: [Gadu–Gadu] "D:ProgramyGadu–Gadugg.exe" /tray
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – D:ProgramyAvant BrowserAddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – D:ProgramyAvant BrowserAddToADBlackList.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:ProgramyOFFICE~1Office10EXCEL.EXE/3000
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – D:ProgramyAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – D:ProgramyAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – D:ProgramyAvant BrowserSearch.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {54B52E52–8000–4413–BD67–FC7FE24B59F2} (EARTPatchX Class) – http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: avast! iAVS4 Control Service – Unknown – D:Programyavast!aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown – D:Programyavast!ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – D:Programyavast!ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – D:Programyavast!ashWebSv.exe
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
Logfile of HijackThis v1.99.0
Scan saved at 16:47:11, on 2005–02–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
D:ProgramyBrowser Mouselwbwheel.exe
D:Programyavast!ashDisp.exe
D:ProgramyGadu–Gadugg.exe
D:Programyavast!aswUpdSv.exe
D:Programyavast!ashServ.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32svchost.exe
D:Programyavast!ashWebSv.exe
D:Programyavast!ashMaiSv.exe
D:ProgramyAvant Browseravant.exe
D:ProgramyHijackThisHijackThis.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O1 – Hosts: 3466709097 sea.search.msn.com
O1 – Hosts: 3466709097 www.your.com your.com
O1 – Hosts: 3466709097 com.org
O1 – Hosts: 3466690378 ad.doubleclick.net
O1 – Hosts: 3466690378 view.atdmt.com
O1 – Hosts: 3466690378 click.atdmt.com
O1 – Hosts: 3466690378 leader.linkexchange.comO2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:ProgramyAdobe Reader 6ReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – D:ProgramySPYBOT~1SDHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [LWBMOUSE] D:ProgramyBrowser Mouselwbwheel.exe
O4 – HKLM..Run: [avast!] D:Programyavast!ashDisp.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKCU..Run: [Gadu–Gadu] "D:ProgramyGadu–Gadugg.exe" /tray
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – D:ProgramyAvant BrowserAddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – D:ProgramyAvant BrowserAddToADBlackList.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:ProgramyOFFICE~1Office10EXCEL.EXE/3000
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – D:ProgramyAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – D:ProgramyAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – D:ProgramyAvant BrowserSearch.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {54B52E52–8000–4413–BD67–FC7FE24B59F2} (EARTPatchX Class) – http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: avast! iAVS4 Control Service – Unknown – D:Programyavast!aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown – D:Programyavast!ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – D:Programyavast!ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – D:Programyavast!ashWebSv.exe
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
Odpowiedzi: 1
Tyran:
najwiecej watpliwosci mam co do tych ston internetowych przy O1 oraz dll'a O3
Co do 01 to słusznie natomiast 03 jest okey
http://www.sophos.com/virusinfo/analyses/trojfavaddf.html
Strona 1 / 1