prośba o sprawdzenie loga
Logfile of HijackThis v1.99.1
Scan saved at 09:10:26, on 2005–07–04
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\program files\konektortp\konektortp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bankrut\bankrut.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Downloads\hijackthis_199\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O1 – Hosts: 64.34.84.76 www.halifax–online.co.uk
O1 – Hosts: 64.34.84.76 ibank.barclays.co.uk
O1 – Hosts: 64.34.84.76 online.lloydstsb.co.uk
O1 – Hosts: 64.34.84.76 online–business.lloydstsb.co.uk
O1 – Hosts: 64.34.84.76 www.ukpersonal.hsbc.co.uk
O1 – Hosts: 64.34.84.76 www.nwolb.com
O1 – Hosts: 64.34.84.76 banesnet.banesto.es
O1 – Hosts: 64.34.84.76 extranet.banesto.es
O1 – Hosts: 64.34.84.76 ebanking.bccbrescia.it
O1 – Hosts: 64.34.84.76 www.bankofscotlandhalifax–online.co.uk
O1 – Hosts: 64.34.84.76 www.rbsdigital.com
O1 – Hosts: 64.34.84.76 oi.cajamadrid.es
O1 – Hosts: 64.34.84.76 bancae.caixapenedes.com
O1 – Hosts: 64.34.84.76 banking.postbank.de
O1 – Hosts: 64.34.84.76 meine.deutsche–bank.de
O1 – Hosts: 64.34.84.76 myonlineaccounts2.abbeynational.co.uk
O1 – Hosts: 64.34.84.76 ibank.cahoot.com
O1 – Hosts: 64.34.84.76 webbank.openplan.co.uk
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 – HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [KonektorTP] "c:\program files\konektortp\konektortp.exe" tray
O4 – HKLM\..\Run: [checkrun] C:\windows\system32\elitevax32.exe
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Startup: Bankrut.lnk = C:\Program Files\Bankrut\bankrut.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119802647552
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{CEAEB1E7–012E–4B1F–8A5B–EED841BF9686}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Scan saved at 09:10:26, on 2005–07–04
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\program files\konektortp\konektortp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bankrut\bankrut.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Downloads\hijackthis_199\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O1 – Hosts: 64.34.84.76 www.halifax–online.co.uk
O1 – Hosts: 64.34.84.76 ibank.barclays.co.uk
O1 – Hosts: 64.34.84.76 online.lloydstsb.co.uk
O1 – Hosts: 64.34.84.76 online–business.lloydstsb.co.uk
O1 – Hosts: 64.34.84.76 www.ukpersonal.hsbc.co.uk
O1 – Hosts: 64.34.84.76 www.nwolb.com
O1 – Hosts: 64.34.84.76 banesnet.banesto.es
O1 – Hosts: 64.34.84.76 extranet.banesto.es
O1 – Hosts: 64.34.84.76 ebanking.bccbrescia.it
O1 – Hosts: 64.34.84.76 www.bankofscotlandhalifax–online.co.uk
O1 – Hosts: 64.34.84.76 www.rbsdigital.com
O1 – Hosts: 64.34.84.76 oi.cajamadrid.es
O1 – Hosts: 64.34.84.76 bancae.caixapenedes.com
O1 – Hosts: 64.34.84.76 banking.postbank.de
O1 – Hosts: 64.34.84.76 meine.deutsche–bank.de
O1 – Hosts: 64.34.84.76 myonlineaccounts2.abbeynational.co.uk
O1 – Hosts: 64.34.84.76 ibank.cahoot.com
O1 – Hosts: 64.34.84.76 webbank.openplan.co.uk
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 – HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [KonektorTP] "c:\program files\konektortp\konektortp.exe" tray
O4 – HKLM\..\Run: [checkrun] C:\windows\system32\elitevax32.exe
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Startup: Bankrut.lnk = C:\Program Files\Bankrut\bankrut.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119802647552
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{CEAEB1E7–012E–4B1F–8A5B–EED841BF9686}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Odpowiedzi: 3
01 wystarczy ze zaznaczyc w Hjacku i FIX.
Wytłuszczony plik szukasz i usuwasz z dysku, a wpis jak wyzej.
Wytłuszczony plik szukasz i usuwasz z dysku, a wpis jak wyzej.
A moźesz mi jeszcze powiedzieć jak?
Pozbadz sie:
O1 – Hosts: 64.34.84.76 www.halifax–online.co.uk
O1 – Hosts: 64.34.84.76 ibank.barclays.co.uk
O1 – Hosts: 64.34.84.76 online.lloydstsb.co.uk
O1 – Hosts: 64.34.84.76 online–business.lloydstsb.co.uk
O1 – Hosts: 64.34.84.76 www.ukpersonal.hsbc.co.uk
O1 – Hosts: 64.34.84.76 www.nwolb.com
O1 – Hosts: 64.34.84.76 banesnet.banesto.es
O1 – Hosts: 64.34.84.76 extranet.banesto.es
O1 – Hosts: 64.34.84.76 ebanking.bccbrescia.it
O1 – Hosts: 64.34.84.76 www.bankofscotlandhalifax–online.co.uk
O1 – Hosts: 64.34.84.76 www.rbsdigital.com
O1 – Hosts: 64.34.84.76 oi.cajamadrid.es
O1 – Hosts: 64.34.84.76 bancae.caixapenedes.com
O1 – Hosts: 64.34.84.76 banking.postbank.de
O1 – Hosts: 64.34.84.76 meine.deutsche–bank.de
O1 – Hosts: 64.34.84.76 myonlineaccounts2.abbeynational.co.uk
O1 – Hosts: 64.34.84.76 ibank.cahoot.com
O1 – Hosts: 64.34.84.76 webbank.openplan.co.uk
O4 – HKLM\..\Run: [checkrun] C:\windows\system32\elitevax32.exe
Strona 1 / 1