Prosze o sprawdzenie loga bo juź nie daje rady
Logfile of HijackThis v1.99.1
Scan saved at 15:09:18, on 2005–11–24
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Techmal\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.encyklopedia.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O2 – BHO: (no name) – {00000000–0000–0000–0000–000000000000} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: C:\WINDOWS\adsldpbd.dll – {826B2228–BC09–49F2–B5F8–42CE26B1B711} – C:\WINDOWS\adsldpbd.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 – HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Outpost Firewall Pro Quick Tune – {44627E97–789B–40d4–B5C2–58BD171129A1} – C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 – IERESET.INF: START_PAGE_URL=http://www.encyklopedia.pl/
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129651619828
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O20 – AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O20 – Winlogon Notify: gg – C:\WINDOWS\adsldpbd.dll
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
O20 – Winlogon Notify: tcpG4T – C:\WINDOWS\SYSTEM32\tcpG4T.dll
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: Outpost Firewall Service (OutpostFirewall) – Agnitum Ltd. – C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Scan saved at 15:09:18, on 2005–11–24
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Techmal\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.encyklopedia.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O2 – BHO: (no name) – {00000000–0000–0000–0000–000000000000} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: C:\WINDOWS\adsldpbd.dll – {826B2228–BC09–49F2–B5F8–42CE26B1B711} – C:\WINDOWS\adsldpbd.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 – HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Outpost Firewall Pro Quick Tune – {44627E97–789B–40d4–B5C2–58BD171129A1} – C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 – IERESET.INF: START_PAGE_URL=http://www.encyklopedia.pl/
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129651619828
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O20 – AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O20 – Winlogon Notify: gg – C:\WINDOWS\adsldpbd.dll
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
O20 – Winlogon Notify: tcpG4T – C:\WINDOWS\SYSTEM32\tcpG4T.dll
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: Outpost Firewall Service (OutpostFirewall) – Agnitum Ltd. – C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Odpowiedzi: 3
A moze tak jakies słowo wstępu??
wywal:
Masz Look2Me, SpySheriff.
Mam nadzieje, źe dobrze je nazwałem.
wywal:
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O2 – BHO: (no name) – {00000000–0000–0000–0000–000000000000} – (no file)
O2 – BHO: C:\WINDOWS\adsldpbd.dll – {826B2228–BC09–49F2–B5F8–42CE26B1B711} – C:\WINDOWS\adsldpbd.dll
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O20 – Winlogon Notify: gg – C:\WINDOWS\adsldpbd.dll
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
O20 – Winlogon Notify: tcpG4T – C:\WINDOWS\SYSTEM32\tcpG4T.dll
Masz Look2Me, SpySheriff.
Mam nadzieje, źe dobrze je nazwałem.
A moze tak jakies słowo wstępu??
wywal:
Masz Look2Me, SpySheriff.
Mam nadzieje, źe dobrze je nazwałem.
wywal:
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O2 – BHO: (no name) – {00000000–0000–0000–0000–000000000000} – (no file)
O2 – BHO: C:\WINDOWS\adsldpbd.dll – {826B2228–BC09–49F2–B5F8–42CE26B1B711} – C:\WINDOWS\adsldpbd.dll
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O20 – Winlogon Notify: gg – C:\WINDOWS\adsldpbd.dll
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
O20 – Winlogon Notify: tcpG4T – C:\WINDOWS\SYSTEM32\tcpG4T.dll
Masz Look2Me, SpySheriff.
Mam nadzieje, źe dobrze je nazwałem.
A moze tak jakies słowo wstępu??
wywal:
Masz Look2Me, SpySheriff.
Mam nadzieje, źe dobrze je nazwałem.
wywal:
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O2 – BHO: (no name) – {00000000–0000–0000–0000–000000000000} – (no file)
O2 – BHO: C:\WINDOWS\adsldpbd.dll – {826B2228–BC09–49F2–B5F8–42CE26B1B711} – C:\WINDOWS\adsldpbd.dll
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O20 – Winlogon Notify: gg – C:\WINDOWS\adsldpbd.dll
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
O20 – Winlogon Notify: tcpG4T – C:\WINDOWS\SYSTEM32\tcpG4T.dll
Masz Look2Me, SpySheriff.
Mam nadzieje, źe dobrze je nazwałem.
Strona 1 / 1