Prosze o sprawdzenie loga .
Logfile of HijackThis v1.99.1
Scan saved at 16:15:19, on 2005–11–11
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitComet\BitComet.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Sin\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: BitComet Toolbar – {2E608F70–C430–4bc5–96F6–608E02EBA5B2} – C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O20 – Winlogon Notify: MSSYCLM – C:\WINDOWS\system32\ktn2l75o1.dll
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Command Service (cmdService) – Unknown owner – C:\WINDOWS\U2lu\command.exe (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Scan saved at 16:15:19, on 2005–11–11
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitComet\BitComet.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Sin\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: BitComet Toolbar – {2E608F70–C430–4bc5–96F6–608E02EBA5B2} – C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O20 – Winlogon Notify: MSSYCLM – C:\WINDOWS\system32\ktn2l75o1.dll
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Command Service (cmdService) – Unknown owner – C:\WINDOWS\U2lu\command.exe (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Odpowiedzi: 4
Wydaje mi sie źe Spy Sweeper wpełni pomógł .
Hijack tu nic nie da, w systemie jest VX2. Sciągnij sobie najnowszą wersję programiku L2MFIX, wygeneruj log i wklej go tutaj.
Ponadto w logu wyhaczasz i ubijasz wszystkie wpisy about:blank, uruchamiasz wiersz poleceń (cmd) i wpisujesz:
sc stop cmdService
sc delete cmdService
Katalog C:\WINDOWS\U2lu wylatuje z dysku
Ponadto w logu wyhaczasz i ubijasz wszystkie wpisy about:blank, uruchamiasz wiersz poleceń (cmd) i wpisujesz:
sc stop cmdService
sc delete cmdService
Katalog C:\WINDOWS\U2lu wylatuje z dysku
Logfile of HijackThis v1.99.1
Scan saved at 19:40:37, on 2005–11–11
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Sin\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: BitComet Toolbar – {2E608F70–C430–4bc5–96F6–608E02EBA5B2} – C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O20 – Winlogon Notify: Controls Folder – C:\WINDOWS\system32\s6pu0g79e6.dll
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Command Service (cmdService) – Unknown owner – C:\WINDOWS\U2lu\command.exe (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Loga wyczyszczone a strona dalej sie włancza ;/
Nie wiem czemu sie nie pokazuje tresc tych dziwnych stron kture mi sie same włanczają , moze Kiero je blokuje .
Zastanawiam sie nad zaznaczonymi logami gdyź wyszły ze sa Unnecessarily .
HELP , jakies rady mile widziane ;)
Scan saved at 19:40:37, on 2005–11–11
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Sin\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: BitComet Toolbar – {2E608F70–C430–4bc5–96F6–608E02EBA5B2} – C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O20 – Winlogon Notify: Controls Folder – C:\WINDOWS\system32\s6pu0g79e6.dll
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Command Service (cmdService) – Unknown owner – C:\WINDOWS\U2lu\command.exe (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Loga wyczyszczone a strona dalej sie włancza ;/
Nie wiem czemu sie nie pokazuje tresc tych dziwnych stron kture mi sie same włanczają , moze Kiero je blokuje .
Zastanawiam sie nad zaznaczonymi logami gdyź wyszły ze sa Unnecessarily .
HELP , jakies rady mile widziane ;)
http://forum.centrumxp.pl/viewtopic.php?t=37513
Strona 1 / 1