Prosze o podpowiedz,log z hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 17:29:27, on 2005–09–18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp
C:\Program Files\Creative\SB Live! 24–bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\22M WLAN\WLANMON.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Programy\HijackThis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wer–mit–wem.webhop.net/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 – REG:win.ini: run=
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: (no name) – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – (no file)
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Rewolucja\kpp.exe" "C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp" /SYSTRAY
O4 – HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24–bit\Surround Mixer\CTSysVol.exe /r
O4 – HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: 22M WLAN Adapter Utility.lnk = C:\Program Files\22M WLAN\WLANMON.exe
O8 – Extra context menu item: &Download with &DAP – C:\Program Files\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\Program Files\DAP\dapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120266233718
O17 – HKLM\System\CCS\Services\Tcpip\..\{972B0949–234F–404A–972F–105BBB753264}: NameServer = 194.204.159.1,195.116.5.3
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\system32\CTsvcCDA.exe
O23 – Service: LckFldService – Unknown owner – C:\WINDOWS\system32\LckFldService.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: Kerio Personal Firewall (PersFw) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Zrobilem analize hijackthis i do usuniecia mam: O17 – HKLM\System\CCS\Services\Tcpip\..\{972B0949–234F–404A–972F–105BBB753264}: NameServer = 194.204.159.1,195.116.5.3 Possibly nasty
Possibly nasty O4 – HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Rewolucja\kpp.exe" "C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp" /SYSTRAY F3 – REG:win.ini: run= Unknown
UnknownNasty
Nasty O2 – BHO: (no name) – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – (no Unnecessary co do reszty to wiem ale nie jestem pewien czy moge usunac F3 – REG:win.ini:run? czy ktos moze mi podpowiedziec?
Scan saved at 17:29:27, on 2005–09–18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp
C:\Program Files\Creative\SB Live! 24–bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\22M WLAN\WLANMON.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Programy\HijackThis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wer–mit–wem.webhop.net/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 – REG:win.ini: run=
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: (no name) – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – (no file)
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Rewolucja\kpp.exe" "C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp" /SYSTRAY
O4 – HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24–bit\Surround Mixer\CTSysVol.exe /r
O4 – HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: 22M WLAN Adapter Utility.lnk = C:\Program Files\22M WLAN\WLANMON.exe
O8 – Extra context menu item: &Download with &DAP – C:\Program Files\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\Program Files\DAP\dapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120266233718
O17 – HKLM\System\CCS\Services\Tcpip\..\{972B0949–234F–404A–972F–105BBB753264}: NameServer = 194.204.159.1,195.116.5.3
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\system32\CTsvcCDA.exe
O23 – Service: LckFldService – Unknown owner – C:\WINDOWS\system32\LckFldService.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: Kerio Personal Firewall (PersFw) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Zrobilem analize hijackthis i do usuniecia mam: O17 – HKLM\System\CCS\Services\Tcpip\..\{972B0949–234F–404A–972F–105BBB753264}: NameServer = 194.204.159.1,195.116.5.3 Possibly nasty
Possibly nasty O4 – HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Rewolucja\kpp.exe" "C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp" /SYSTRAY F3 – REG:win.ini: run= Unknown
UnknownNasty
Nasty O2 – BHO: (no name) – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – (no Unnecessary co do reszty to wiem ale nie jestem pewien czy moge usunac F3 – REG:win.ini:run? czy ktos moze mi podpowiedziec?
Odpowiedzi: 6
juz to usunalem,jakos sie sam domyslilem,wielkie thx za pomoc i do uslyszenia he he he a raczej do napisania... :D
Nie. Strona startowa to Start Page.zaczki:
"Search Page" tzn.strona startowa?
Usun w takim razie R1 z http://wer–mit–wem.webhop.net/
"Search Page" tzn.strona startowa? bo juz sie pogubilem,jezeli tak to ja takiej nie ustawialem caly czas mam "www.onet.pl".Nie moge sprawdzic tej strony bo sie nie otwiera a nie pamietam zebym kiedys cos grzebal pod takim adresem.Chyba ze chodzi o cos innego?
W porzadku, o ile Twoja Search Page to rzeczywiscie http://wer–mit–wem.webhop.net
kurde rzeczywiscie "017– to moje dns–y,wielkie dzieki za podpowiedz!!! sorry ze zawracam ci glowe ale czy cala reszta jest w porzadku?
Wpisu "O17: nie powinienes usuwac. To Twoje DNSy a sa oznaczone jako "Possibly nasty" dlatego, ze analizator nie zna wszystkich DNSow z calego swiata. To samo z "O4" – to czesc Kazaa. Mozesz jedynie odznaczyc kazaa z uruchamiania w msconfig. Usun "F3" z win.ini – wyglada na niepelny, jakby po usunieciu czegos. "O2" rowniez nie jest syfem.Zrobilem analize hijackthis i do usuniecia mam:
O17 – HKLM\System\CCS\Services\Tcpip\..\{972B0949–234F–404A–972F–105BBB753264}: NameServer = 194.204.159.1,195.116.5.3 Possibly nasty
Possibly nasty O4 – HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Rewolucja\kpp.exe" "C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp" /SYSTRAY F3 – REG:win.ini: run= Unknown
UnknownNasty
Nasty O2 – BHO: (no name) – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – (no Unnecessary co do reszty to wiem ale nie jestem pewien czy moge usunac F3 – REG:win.ini:run? czy ktos moze mi podpowiedziec?
Strona 1 / 1