CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo PROSZE O ANALIZE LOGA!

PROSZE O ANALIZE LOGA!

Logfile of HijackThis v1.99.0
Scan saved at 14:26:12, on 2005–02–02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program Filesone LabsoneAlarmzlclient.exe
D:Program FilesGadu–Gadugg.exe
C:Program FilesCommon FilesEPSONEBAPISAgent2.exe
C:WINDOWSsystem32GStartUp.exe
C:WINDOWSsystem32driversKodakCCS.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32ScsiAccess.EXE
C:WINDOWSsystem32oneLabsvsmon.exe
D:Program FileseXeemeXeem.exe
D:Program FilesAzureusAzureus.exe
C:Program FilesJavaj2re1.4.2_03injavaw.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSexplorer.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsPelaśkaPulpitHijackThis.exe

R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:Program FilesAdobe Reader 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: Local Spool Net support DLL – {41943050–65CC–454B–81E4–9C8A9D7CBAEA} – C:WINDOWSsystem32localsplnet.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:PROGRA~1FlashGetjccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:PROGRA~1FlashGetfgiebar.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 – HKCU..Run: [Kaspersky] C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe
O4 – HKCU..Run: [ZoneAlarm] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKCU..Run: [Gadu–Gadu] "D:Program FilesGadu–GaduPowergg.exe" /tray
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – D:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – D:Program FilesFlashGetjc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:PROGRA~1FlashGetflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:PROGRA~1FlashGetflashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe (file missing)
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe (file missing)
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_50.cab
O16 – DPF: {881290B9–F53C–4676–8DAF–3DBEFC297308} (GameDesire Makao) – http://67.15.101.3/g_bin/pl/makao_2_0_0_15.cab
O16 – DPF: {8AD9C840–044E–11D1–B3E9–00805F499D93} (Java Runtime Environment 1.4.2) –
O16 – DPF: {CAFEEFAC–0014–0001–0005–ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_05) –
O23 – Service: EPSON Printer Status Agent2 – SEIKO EPSON CORPORATION – C:Program FilesCommon FilesEPSONEBAPISAgent2.exe
O23 – Service: StartUp Service – G DATA Software Sp. z o.o. – C:WINDOWSsystem32GStartUp.exe
O23 – Service: kavsvc – Kaspersky Lab – C:Program FilesKaspersky LabKaspersky Anti–Virus Personalkavsvc.exe
O23 – Service: Kodak Camera Connection Software – Eastman Kodak Company – C:WINDOWSsystem32driversKodakCCS.exe
O23 – Service: Norman API–hooking helper – Unknown – C:NORMANNvcBIN ipsvc.exe (file missing)
O23 – Service: Norman NJeeves – Unknown – C:NORMANNvcBINNJEEVES.EXE (file missing)
O23 – Service: Norman ZANDA – Unknown – C:NormanNvcBINanda.exe (file missing)
O23 – Service: Norman Virus Control on–access component – Unknown – C:NORMANNvcBIN vcoas.exe (file missing)
O23 – Service: Norman Virus Control Scheduler – Unknown – C:NORMANNvcBINNVCSCHED.EXE (file missing)
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
O23 – Service: ScsiAccess – Unknown – C:WINDOWSSystem32ScsiAccess.EXE
O23 – Service: TrueVector Internet Monitor – Zone Labs Inc. – C:WINDOWSsystem32oneLabsvsmon.exe


Z góry dziękuje ! :) Aga

Odpowiedzi: 1

Mamy tutaj lewa biblioteke od trojana CWS >> localsplnet.dll
Usun ja i wyrejestruj

Wylacz wczesniej przywracanie

FIX:
R3 – Default URLSearchHook is missing
O2 – BHO: Local Spool Net support DLL – {41943050–65CC–454B–81E4–9C8A9D7CBAEA} – C:WINDOWSsystem32localsplnet.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe (file missing)
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe (file missing)
O23 – Service: Norman API–hooking helper – Unknown – C:NORMANNvcBIN ipsvc.exe (file missing)
O23 – Service: Norman NJeeves – Unknown – C:NORMANNvcBINNJEEVES.EXE (file missing)
O23 – Service: Norman ZANDA – Unknown – C:NormanNvcBINanda.exe (file missing)
O23 – Service: Norman Virus Control on–access component – Unknown – C:NORMANNvcBIN vcoas.exe (file missing)
O23 – Service: Norman Virus Control Scheduler – Unknown – C:NORMANNvcBINNVCSCHED.EXE (file missing)
Bobi
Dodano
02.02.2005 15:46:09
gusia_3
Dodano:
02.02.2005 15:28:45
Komentarzy:
1
Strona 1 / 1