Prośba o sprawdzenia log'a
Logfile of HijackThis v1.99.1
Scan saved at 17:20:26, on 2005–05–18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
F:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\HpMmKbd.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Opera\Opera.exe
F:\Program Files\Tlen.pl\tlen.exe
F:\Program Files\FreshDevices\FreshDownload\fd.exe
C:\DOCUME~1\Rafik\USTAWI~1\Temp\Rar$EX00.485\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bankmacieja.com/pages/rotator.php?user=coldphate
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe
O1 – Hosts: 68.229.137.19 L2testauthd.lineage2.com
O2 – BHO: Yahoo! Companion BHO – {02478D38–C3F9–4efb–9B51–7695ECA05670} – F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – F:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {206E52E0–D52E–11D4–AD54–0000E86C26F6} – F:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O3 – Toolbar: Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 – Toolbar: Search Bar – {0A8CE102–FA03–4612–9BEE–7FE5452F4CB1} – C:\WINDOWS\system32\srchbar.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe –startgui
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 – HKLM\..\Run: [HpMmKbd] HpMmKbd.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102713756312
O17 – HKLM\System\CCS\Services\Tcpip\..\{6F34F6B2–1750–4AB1–9CC7–B5A0F7A44E9A}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: NavLogon – C:\WINDOWS\system32\NavLogon.dll
O23 – Service: Adobe Active File Monitor (AdobeActiveFileMonitor) – Unknown owner – F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Autodesk Licensing Service – Autodesk, Inc. – C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Symantec AntiVirus Definition Watcher (DefWatch) – Symantec Corporation – F:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) – Unknown owner – F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 – Service: RadClock – Unknown owner – C:\WINDOWS\system32\RadClock.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 – Service: SAVRoam (SavRoam) – symantec – F:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 – Service: Sygate Personal Firewall Pro (SmcService) – Sygate Technologies, Inc. – F:\Program Files\Sygate\SPF\smc.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec AntiVirus – Symantec Corporation – F:\Program Files\Symantec AntiVirus\Rtvscan.exe
Scan saved at 17:20:26, on 2005–05–18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
F:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
F:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\HpMmKbd.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Opera\Opera.exe
F:\Program Files\Tlen.pl\tlen.exe
F:\Program Files\FreshDevices\FreshDownload\fd.exe
C:\DOCUME~1\Rafik\USTAWI~1\Temp\Rar$EX00.485\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bankmacieja.com/pages/rotator.php?user=coldphate
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe
O1 – Hosts: 68.229.137.19 L2testauthd.lineage2.com
O2 – BHO: Yahoo! Companion BHO – {02478D38–C3F9–4efb–9B51–7695ECA05670} – F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – F:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {206E52E0–D52E–11D4–AD54–0000E86C26F6} – F:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O3 – Toolbar: Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – F:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 – Toolbar: Search Bar – {0A8CE102–FA03–4612–9BEE–7FE5452F4CB1} – C:\WINDOWS\system32\srchbar.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe –startgui
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [vptray] F:\PROGRA~1\SYMANT~1\VPTray.exe
O4 – HKLM\..\Run: [HpMmKbd] HpMmKbd.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102713756312
O17 – HKLM\System\CCS\Services\Tcpip\..\{6F34F6B2–1750–4AB1–9CC7–B5A0F7A44E9A}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: NavLogon – C:\WINDOWS\system32\NavLogon.dll
O23 – Service: Adobe Active File Monitor (AdobeActiveFileMonitor) – Unknown owner – F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Autodesk Licensing Service – Autodesk, Inc. – C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Symantec AntiVirus Definition Watcher (DefWatch) – Symantec Corporation – F:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) – Unknown owner – F:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 – Service: RadClock – Unknown owner – C:\WINDOWS\system32\RadClock.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 – Service: SAVRoam (SavRoam) – symantec – F:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 – Service: Sygate Personal Firewall Pro (SmcService) – Sygate Technologies, Inc. – F:\Program Files\Sygate\SPF\smc.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec AntiVirus – Symantec Corporation – F:\Program Files\Symantec AntiVirus\Rtvscan.exe
Odpowiedzi: 1
A gdzie jakis opis problemu ??
Pozbadz sie:
Sam instalowals WinPcap ?? :
Zostaje jeszcze Yahoo, ktorego nie wiem czy sam instalowałes
Pozbadz sie:
F2 – REG:system.ini: Shell=explorer.exe
O1 – Hosts: 68.229.137.19 L2testauthd.lineage2.com
O3 – Toolbar: Search Bar – {0A8CE102–FA03–4612–9BEE–7FE5452F4CB1} – C:\WINDOWS\system32\srchbar.dll
Sam instalowals WinPcap ?? :
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Zostaje jeszcze Yahoo, ktorego nie wiem czy sam instalowałes
Strona 1 / 1