Prosba o sprawdzenie loga
To znowu ja :wink:
Uprzejmie prosze o sprawdzenie loga mojej mamy bo cos narzeka ze nie tak jej komputer dziala :)
Z gory dziekuje
Logfile of HijackThis v1.99.0
Scan saved at 21:37:38, on 2005–02–04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1MYWEBS~1ar1.binmwsoemon.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:PROGRA~1SYMANT~1vptray.exe
C:program fileslue haven mediakazoommsbb.exe
C:Program FilesSrngSrng.exe
C:Program FilesHotbarin4.5.3.0HbInst.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesMeayaPopup Ad FilterPopFilter.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:Program FilesMSN Messengermsnmsgr.exe
C:PROGRA~1NORTON~1SPEEDD~1 opdb.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesEbates_MoeMoneyMakerEbatesMoeMoneyMaker1.exe
C:Program FilesHotbarin4.5.3.0HbSrv.exe
C:Program FilesEbates_MoeMoneyMakerEbatesMoeMoneyMaker0.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSystem32 svp.exe
C:Documents and SettingsAdministratorPulpitHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.shopnav.com/search/9886/search.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.looksmart.com/p/search?pi=lstb2&tv=1
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = cza
R3 – URLSearchHook: LookSmart Toolbar – {CC8C8F4F–F2E8–404B–A43D–5CC57876A008} – C:Program FilesLookSmart Toolbar oolbar.dll
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1–072E–44cf–8957–5838F569A31D} – C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
O2 – BHO: myBar BHO – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar1.binMYBAR.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – C:Program FilesMyWebSearchar1.binMWSBAR.DLL
O2 – BHO: SuperBar – {136A9D1D–1F4B–43D4–8359–6F2382449255} – C:Program FilesSUPERBARSUPERBAR.dll
O2 – BHO: SNHlprObj Class – {14b3d246–6274–40b5–8d50–6c2ade2ab29b} – C:Program FilesSrngSNHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar1.dll
O2 – BHO: Hotbar – {B195B3B3–8A05–11D3–97A4–0004ACA6948E} – C:Program FilesHotbarin4.5.3.0HbHostIE.dll
O2 – BHO: XBTB01232 – {BBBE1C1A–89F7–4AF6–ABD1–F8FBCFA47408} – C:PROGRA~1LOOKSM~1 oolbar.dll
O2 – BHO: (no name) – {FE7C1F9C–97A5–4FC9–9010–43FA5B528CC7} – C:WINDOWSSystem32appmgmtxs.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Hotbar – {B195B3B3–8A05–11D3–97A4–0004ACA6948E} – C:Program FilesHotbarin4.5.3.0HbHostIE.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: SuperBar – {9C5111CC–CFBF–4512–92BB–6338BCE27506} – C:Program FilesSUPERBARSUPERBAR.dll
O3 – Toolbar: LookSmart Toolbar – {CC8C8F4F–F2E8–404B–A43D–5CC57876A008} – C:Program FilesLookSmart Toolbar oolbar.dll
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar1.binMYBAR.DLL
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1ar1.binmwsoemon.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" –osboot
O4 – HKLM..Run: [vptray] C:PROGRA~1SYMANT~1\vptray.exe
O4 – HKLM..Run: [msbb] c:program fileslue haven mediakazoommsbb.exe
O4 – HKLM..Run: [Srng] Program FilesSrngSrng.exe
O4 – HKLM..Run: [SZDJQX] C:WINDOWSSZDJQX.exe
O4 – HKLM..Run: [EbatesMoeMoneyMaker0] "C:Program FilesEbates_MoeMoneyMakerEbatesMoeMoneyMaker0.exe"
O4 – HKLM..Run: [Hotbar] C:Program FilesHotbarin4.5.3.0HbInst.exe /Upgrade
O4 – HKCU..Run: [Popup Ad Filter] C:Program FilesMeayaPopup Ad FilterPopFilter.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background
O4 – Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchar1.binMWSOEMON.EXE
O4 – Global Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchar1.binMWSOEMON.EXE
O8 – Extra context menu item: &Google Search – res://c:program filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYPL
O8 – Extra context menu item: Allow Popups – C:Program FilesMeayaPopup Ad FilterWhiteGetUrl.js
O8 – Extra context menu item: Backward Links – res://c:program filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Ebates – file://C:Program FilesEbates_MoeMoneyMakerSy350Tp350scri350a.htm
O8 – Extra context menu item: Similar Pages – res://c:program filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:program filesgoogleGoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_02in pjpi142_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_02in pjpi142_02.dll
O9 – Extra button: Ebates – {6685509E–B47B–4f47–8E16–9A5F3A62F683} – file://C:Program FilesEbates_MoeMoneyMakerSy350Tp350scri350a.htm (HKCU)
O9 – Extra button: Ebates – {7F241C00–DAB6–11d5–AAA8–0001028DF1BC} – C:WINDOWSSystem32shdocvw.dll (HKCU)
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.exe
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 – HKLMSystemCCSServicesTcpip..{BECC21CA–99ED–408E–BBF9–B586AAEB2BB2}: NameServer = 217.30.129.149,217.30.137.200
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: Symantec AntiVirus Definition Watcher – Symantec Corporation – C:Program FilesSymantec AntiVirusDefWatch.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O23 – Service: SAVRoam – symantec – C:Program FilesSymantec AntiVirusSavRoam.exe
O23 – Service: Symantec Network Drivers Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:PROGRA~1NORTON~1SPEEDD~1 opdb.exe
O23 – Service: Symantec AntiVirus – Symantec Corporation – C:Program FilesSymantec AntiVirusRtvscan.exe
Uprzejmie prosze o sprawdzenie loga mojej mamy bo cos narzeka ze nie tak jej komputer dziala :)
Z gory dziekuje
Logfile of HijackThis v1.99.0
Scan saved at 21:37:38, on 2005–02–04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1MYWEBS~1ar1.binmwsoemon.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:PROGRA~1SYMANT~1vptray.exe
C:program fileslue haven mediakazoommsbb.exe
C:Program FilesSrngSrng.exe
C:Program FilesHotbarin4.5.3.0HbInst.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesMeayaPopup Ad FilterPopFilter.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:Program FilesMSN Messengermsnmsgr.exe
C:PROGRA~1NORTON~1SPEEDD~1 opdb.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesEbates_MoeMoneyMakerEbatesMoeMoneyMaker1.exe
C:Program FilesHotbarin4.5.3.0HbSrv.exe
C:Program FilesEbates_MoeMoneyMakerEbatesMoeMoneyMaker0.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSystem32 svp.exe
C:Documents and SettingsAdministratorPulpitHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.shopnav.com/search/9886/search.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.looksmart.com/p/search?pi=lstb2&tv=1
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = cza
R3 – URLSearchHook: LookSmart Toolbar – {CC8C8F4F–F2E8–404B–A43D–5CC57876A008} – C:Program FilesLookSmart Toolbar oolbar.dll
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1–072E–44cf–8957–5838F569A31D} – C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
O2 – BHO: myBar BHO – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar1.binMYBAR.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – C:Program FilesMyWebSearchar1.binMWSBAR.DLL
O2 – BHO: SuperBar – {136A9D1D–1F4B–43D4–8359–6F2382449255} – C:Program FilesSUPERBARSUPERBAR.dll
O2 – BHO: SNHlprObj Class – {14b3d246–6274–40b5–8d50–6c2ade2ab29b} – C:Program FilesSrngSNHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar1.dll
O2 – BHO: Hotbar – {B195B3B3–8A05–11D3–97A4–0004ACA6948E} – C:Program FilesHotbarin4.5.3.0HbHostIE.dll
O2 – BHO: XBTB01232 – {BBBE1C1A–89F7–4AF6–ABD1–F8FBCFA47408} – C:PROGRA~1LOOKSM~1 oolbar.dll
O2 – BHO: (no name) – {FE7C1F9C–97A5–4FC9–9010–43FA5B528CC7} – C:WINDOWSSystem32appmgmtxs.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Hotbar – {B195B3B3–8A05–11D3–97A4–0004ACA6948E} – C:Program FilesHotbarin4.5.3.0HbHostIE.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: SuperBar – {9C5111CC–CFBF–4512–92BB–6338BCE27506} – C:Program FilesSUPERBARSUPERBAR.dll
O3 – Toolbar: LookSmart Toolbar – {CC8C8F4F–F2E8–404B–A43D–5CC57876A008} – C:Program FilesLookSmart Toolbar oolbar.dll
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar1.binMYBAR.DLL
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1ar1.binmwsoemon.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" –osboot
O4 – HKLM..Run: [vptray] C:PROGRA~1SYMANT~1\vptray.exe
O4 – HKLM..Run: [msbb] c:program fileslue haven mediakazoommsbb.exe
O4 – HKLM..Run: [Srng] Program FilesSrngSrng.exe
O4 – HKLM..Run: [SZDJQX] C:WINDOWSSZDJQX.exe
O4 – HKLM..Run: [EbatesMoeMoneyMaker0] "C:Program FilesEbates_MoeMoneyMakerEbatesMoeMoneyMaker0.exe"
O4 – HKLM..Run: [Hotbar] C:Program FilesHotbarin4.5.3.0HbInst.exe /Upgrade
O4 – HKCU..Run: [Popup Ad Filter] C:Program FilesMeayaPopup Ad FilterPopFilter.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background
O4 – Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchar1.binMWSOEMON.EXE
O4 – Global Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchar1.binMWSOEMON.EXE
O8 – Extra context menu item: &Google Search – res://c:program filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYPL
O8 – Extra context menu item: Allow Popups – C:Program FilesMeayaPopup Ad FilterWhiteGetUrl.js
O8 – Extra context menu item: Backward Links – res://c:program filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Ebates – file://C:Program FilesEbates_MoeMoneyMakerSy350Tp350scri350a.htm
O8 – Extra context menu item: Similar Pages – res://c:program filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:program filesgoogleGoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_02in pjpi142_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_02in pjpi142_02.dll
O9 – Extra button: Ebates – {6685509E–B47B–4f47–8E16–9A5F3A62F683} – file://C:Program FilesEbates_MoeMoneyMakerSy350Tp350scri350a.htm (HKCU)
O9 – Extra button: Ebates – {7F241C00–DAB6–11d5–AAA8–0001028DF1BC} – C:WINDOWSSystem32shdocvw.dll (HKCU)
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.exe
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 – HKLMSystemCCSServicesTcpip..{BECC21CA–99ED–408E–BBF9–B586AAEB2BB2}: NameServer = 217.30.129.149,217.30.137.200
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: Symantec AntiVirus Definition Watcher – Symantec Corporation – C:Program FilesSymantec AntiVirusDefWatch.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O23 – Service: SAVRoam – symantec – C:Program FilesSymantec AntiVirusSavRoam.exe
O23 – Service: Symantec Network Drivers Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:PROGRA~1NORTON~1SPEEDD~1 opdb.exe
O23 – Service: Symantec AntiVirus – Symantec Corporation – C:Program FilesSymantec AntiVirusRtvscan.exe
Odpowiedzi: 3
Jest OK, ale na wszelki wypadek sprawdz w rejestrze klucze o ktorych pisza w Symantecu – http://www.symantec.com/avcenter/venc/data/backdoor.spotcom.html
Dotyczy to tego pliku:
C:WINDOWSSystem32 svp.exe
Normalnie plik rsvp.exe ma zwiazek z QoS RSVP Service, ale czasami trzeba na zimne dmuchac.
Dotyczy to tego pliku:
C:WINDOWSSystem32 svp.exe
Normalnie plik rsvp.exe ma zwiazek z QoS RSVP Service, ale czasami trzeba na zimne dmuchac.
Uff..troche to trwalo ale jak sie udziela instrukcji przez msn to nie ma dziwne trwac :)
Ale mysle ze jakos poszlo :?:
Co do odinstalowania reala jeszcze nad tym pracuje :)
Logfile of HijackThis v1.99.0
Scan saved at 14:13:26, on 2005–02–05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:PROGRA~1NORTON~1SPEEDD~1 opdb.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:PROGRA~1SYMANT~1vptray.exe
C:Program FilesMeayaPopup Ad FilterPopFilter.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:WINDOWSSystem32 svp.exe
C:Documents and SettingsAdministratorPulpitschowekHijackThis.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = cza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [vptray] C:PROGRA~1SYMANT~1\vptray.exe
O4 – HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 – HKCU..Run: [Popup Ad Filter] C:Program FilesMeayaPopup Ad FilterPopFilter.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background
O8 – Extra context menu item: Allow Popups – C:Program FilesMeayaPopup Ad FilterWhiteGetUrl.js
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_02in pjpi142_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_02in pjpi142_02.dll
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 – HKLMSystemCCSServicesTcpip..{BECC21CA–99ED–408E–BBF9–B586AAEB2BB2}: NameServer = 217.30.129.149,217.30.137.200
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: Symantec AntiVirus Definition Watcher – Symantec Corporation – C:Program FilesSymantec AntiVirusDefWatch.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O23 – Service: SAVRoam – symantec – C:Program FilesSymantec AntiVirusSavRoam.exe
O23 – Service: Symantec Network Drivers Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:PROGRA~1NORTON~1SPEEDD~1 opdb.exe
O23 – Service: Symantec AntiVirus – Symantec Corporation – C:Program FilesSymantec AntiVirusRtvscan.exe
Ale mysle ze jakos poszlo :?:
Co do odinstalowania reala jeszcze nad tym pracuje :)
Logfile of HijackThis v1.99.0
Scan saved at 14:13:26, on 2005–02–05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:PROGRA~1NORTON~1SPEEDD~1 opdb.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:PROGRA~1SYMANT~1vptray.exe
C:Program FilesMeayaPopup Ad FilterPopFilter.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:WINDOWSSystem32 svp.exe
C:Documents and SettingsAdministratorPulpitschowekHijackThis.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = cza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [vptray] C:PROGRA~1SYMANT~1\vptray.exe
O4 – HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 – HKCU..Run: [Popup Ad Filter] C:Program FilesMeayaPopup Ad FilterPopFilter.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background
O8 – Extra context menu item: Allow Popups – C:Program FilesMeayaPopup Ad FilterWhiteGetUrl.js
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_02in pjpi142_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_02in pjpi142_02.dll
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 – HKLMSystemCCSServicesTcpip..{BECC21CA–99ED–408E–BBF9–B586AAEB2BB2}: NameServer = 217.30.129.149,217.30.137.200
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: Symantec AntiVirus Definition Watcher – Symantec Corporation – C:Program FilesSymantec AntiVirusDefWatch.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O23 – Service: SAVRoam – symantec – C:Program FilesSymantec AntiVirusSavRoam.exe
O23 – Service: Symantec Network Drivers Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:PROGRA~1NORTON~1SPEEDD~1 opdb.exe
O23 – Service: Symantec AntiVirus – Symantec Corporation – C:Program FilesSymantec AntiVirusRtvscan.exe
Mama ma niestety na co narzekać
Wylacza przywracanie systemu
Wylacza procesy:
mwsoemon.exe
msbb.exe
Srng.exe
HbInst.exe
HbSrv.exe
EbatesMoeMoneyMaker0.exe
Usuwa z HDD:
C:Program FilesLookSmart Toolbar
C:Program FilesMyWebSearch
C:Program FilesMyWay
C:Program FilesSUPERBAR
SZDJQX.exe
appmgmtxs.dll
FIX:
Nie widze juz Outposta, jego szczatki:
Zostaje jeszcze Google Toolbar:
Nie wiem czy instalowało go swiadomie, jesli nie to odinstalowac z Dodaj/Usun i wywalic wpisy powyzej
+ katalog z Program Files
Na koniec taka moja mała rada
Pozbyc sie Real Playera i zainstalować Real Alternativ
Jesli pojdzie na to to usun:
Wylacza przywracanie systemu
Wylacza procesy:
mwsoemon.exe
msbb.exe
Srng.exe
HbInst.exe
HbSrv.exe
EbatesMoeMoneyMaker0.exe
Usuwa z HDD:
C:Program FilesLookSmart Toolbar
C:Program FilesMyWebSearch
C:Program FilesMyWay
C:Program FilesSUPERBAR
SZDJQX.exe
appmgmtxs.dll
FIX:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.shopnav.com/search/9886/search.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.looksmart.com/p/search?pi=lstb2&tv=1
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R3 – URLSearchHook: LookSmart Toolbar – {CC8C8F4F–F2E8–404B–A43D–5CC57876A008} – C:Program FilesLookSmart Toolbar oolbar.dll
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1–072E–44cf–8957–5838F569A31D} – C:Program FilesMyWebSearchSrchAstt1.binMWSSRCAS.DLL
O2 – BHO: myBar BHO – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar1.binMYBAR.DLL
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – C:Program FilesMyWebSearchar1.binMWSBAR.DLL
O2 – BHO: SuperBar – {136A9D1D–1F4B–43D4–8359–6F2382449255} – C:Program FilesSUPERBARSUPERBAR.dll
O2 – BHO: SNHlprObj Class – {14b3d246–6274–40b5–8d50–6c2ade2ab29b} – C:Program FilesSrngSNHelper.dll
O2 – BHO: Hotbar – {B195B3B3–8A05–11D3–97A4–0004ACA6948E} – C:Program FilesHotbarin4.5.3.0HbHostIE.dll
O2 – BHO: XBTB01232 – {BBBE1C1A–89F7–4AF6–ABD1–F8FBCFA47408} – C:PROGRA~1LOOKSM~1 oolbar.dll
O2 – BHO: (no name) – {FE7C1F9C–97A5–4FC9–9010–43FA5B528CC7} – C:WINDOWSSystem32appmgmtxs.dll
O3 – Toolbar: Hotbar – {B195B3B3–8A05–11D3–97A4–0004ACA6948E} – C:Program FilesHotbarin4.5.3.0HbHostIE.dll
O3 – Toolbar: SuperBar – {9C5111CC–CFBF–4512–92BB–6338BCE27506} – C:Program FilesSUPERBARSUPERBAR.dll
O3 – Toolbar: LookSmart Toolbar – {CC8C8F4F–F2E8–404B–A43D–5CC57876A008} – C:Program FilesLookSmart Toolbar oolbar.dll
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar1.binMYBAR.DLL
O4 – HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1ar1.binmwsoemon.exe
O4 – HKLM..Run: [msbb] c:program fileslue haven mediakazoommsbb.exe
O4 – HKLM..Run: [Srng] Program FilesSrngSrng.exe
O4 – HKLM..Run: [SZDJQX] C:WINDOWSSZDJQX.exe
O4 – HKLM..Run: [EbatesMoeMoneyMaker0] "C:Program FilesEbates_MoeMoneyMakerEbatesMoeMoneyMaker0.exe"
O4 – HKLM..Run: [Hotbar] C:Program FilesHotbarin4.5.3.0HbInst.exe /Upgrade
O4 – Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchar1.binMWSOEMON.EXE
O4 – Global Startup: MyWebSearch Email Plugin.lnk = C:Program FilesMyWebSearchar1.binMWSOEMON.EXE
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYPL
O9 – Extra button: Ebates – {6685509E–B47B–4f47–8E16–9A5F3A62F683} – file://C:Program FilesEbates_MoeMoneyMakerSy350Tp350scri350a.htm (HKCU)
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.exe
Nie widze juz Outposta, jego szczatki:
O9 – Extra button: Ebates – {7F241C00–DAB6–11d5–AAA8–0001028DF1BC} – C:WINDOWSSystem32shdocvw.dll (HKCU)
Zostaje jeszcze Google Toolbar:
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar1.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar1.dll
O8 – Extra context menu item: &Google Search – res://c:program filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:program filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Ebates – file://C:Program FilesEbates_MoeMoneyMakerSy350Tp350scri350a.htm
O8 – Extra context menu item: Similar Pages – res://c:program filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:program filesgoogleGoogleToolbar1.dll/cmtrans.html
Nie wiem czy instalowało go swiadomie, jesli nie to odinstalowac z Dodaj/Usun i wywalic wpisy powyzej
+ katalog z Program Files
Na koniec taka moja mała rada
Pozbyc sie Real Playera i zainstalować Real Alternativ
Jesli pojdzie na to to usun:
O4 – HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" –osboot
Strona 1 / 1