Prosze o sprawdzenie loga
prosze o sprawdzenie loga :
dodatkowo winpatrol co chwilę pyta o zmianę ustawień WebCheck.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
[/url]
Logfile of HijackThis v1.99.1
Scan saved at 16:09:45, on 2006–04–30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\OpenOffice.org 2.0.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0.2\program\soffice.BIN
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe
C:\DOCUME~1\tat\USTAWI~1\Temp\Rar$EX00.125\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 – HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 – HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 – HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 – HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" –nosplash –minimized
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – Startup: OpenOffice.org 2.0.2.lnk = C:\Program Files\OpenOffice.org 2.0.2\program\quickstart.exe
O4 – Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 – Trusted Zone: http://bezpieczenstwo.onet.pl
O16 – DPF: {3D8700FB–86A4–4CB4–B738–6F0FC016AC7D} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{67F6DBFE–0E8C–4D21–A81A–5E7FED214686}: NameServer = 213.241.79.38 195.114.181.130
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\system32\CTsvcCDA.exe
O23 – Service: InCD Helper (InCDsrv) – Nero AG – C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 – Service: Sunbelt Kerio Personal Firewall 4 (KPF4) – Sunbelt Software – C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 – Service: LightScribeService Direct Disc Labeling Service (LightScribeService) – Hewlett–Packard Company – C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 – Service: NOD32 Kernel Service (NOD32krn) – Eset – C:\Program Files\Eset\nod32krn.exe
dodatkowo winpatrol co chwilę pyta o zmianę ustawień WebCheck.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
[/url]
Odpowiedzi: 8
To trzeba koniecznie usunąć:
Natomiast jest jeszcze kilka innych rzeczy, które nie wiadomo czy sam instalowałeś. Mówie tu o toolbarach, kontrolkach w plikach *.cab i *.ocx i WinPcap do śledzena/podglądania pakietów.
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – (no file)
O4 – HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O21 – SSODL: SystemCheck2 – {54645654–2225–4455–44A1–9F4543D34546} – (no file)
Natomiast jest jeszcze kilka innych rzeczy, które nie wiadomo czy sam instalowałeś. Mówie tu o toolbarach, kontrolkach w plikach *.cab i *.ocx i WinPcap do śledzena/podglądania pakietów.
Panie El NINO jest Pan WIELKI wszystko wróciło do normy a tu log po oczyszczeniu POZDRO . Pomogłeś mi po raz drugi bo raz sam sobie dałem rade ;p jeszcze raz dzieki
Logfile of HijackThis v1.99.1
Scan saved at 00:10:38, on 2006–05–02
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft IntelliPoint\Point32.exe
D:\Gadu–Gadu2\Gadu–Gadu2\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
E:\hijackthis_199\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O2 – BHO: FiltrateIE Class – {B5D4581D–ED6A–4905–A267–25BAF7BE79C1} – C:\WINDOWS\System32\safeie.dll
O2 – BHO: IEHelperObject – {C68AE9C0–0909–4DDC–B661–C1AFB9F5AE53} – C:\WINDOWS\Downloaded Program Files\avicodec.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: 3DNA Toolbar – {2ECB7FB2–0333–416F–92FD–4904AD49252B} – C:\WINDOWS\system32\3DNATO~1.DLL
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe –startgui
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Download with &Shareaza – res://E:\Program Files\Programy\Nowy folder (2)\ShareazaPlus\Plugins\RazaWebHook.dll/3000
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Subscribe in Desktop Sidebar – res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 – Extra button: Subscribe in Desktop Sidebar – {09FE188B–6E85–479e–9411–51FB2220DF80} – C:\WINDOWS\System32\shdocvw.dll
O9 – Extra 'Tools' menuitem: Subscribe in Desktop Sidebar – {09FE188B–6E85–479e–9411–51FB2220DF80} – C:\WINDOWS\System32\shdocvw.dll
O9 – Extra button: (no name) – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {112857FE–03FF–11D5–9A3F–0080C8D85044} (GameDesire Solitaires) – http://67.15.101.3/g_bin/pl/solitaire_2_0_0_20.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_66.cab
O16 – DPF: {5D86DDB5–BDF9–441B–9E9E–D4730F4EE499} (BDSCANONLINE Control) – http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/pl/slots70_2_0_0_26.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_23.cab
O16 – DPF: {BB21F850–63F4–4EC9–BF9D–565BD30C9AE9} (ASquaredScanForm Element) – http://www.windowsecurity.com/trojanscan/axscan.cab
O16 – DPF: {C68AE9C0–0909–4DDC–B661–C1AFB9F5AE53} (IEHelperObject) – http://dd.xo.pl/avicodec.ocx
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{456846CA–D050–4E9A–B119–9D399743E39E}: NameServer = 194.204.152.34 217.98.63.164
O18 – Protocol: msnim – {828030A1–22C1–4009–854F–8E305202313F} – "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 – SSODL: SystemCheck2 – {54645654–2225–4455–44A1–9F4543D34546} – (no file)
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – d:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 – Service: Sygate Personal Firewall Pro (SmcService) – Sygate Technologies, Inc. – D:\Program Files\Sygate\SPF\smc.exe
Rzeczywiscie syfu mnostwo. Lacznie z svchostem w folderze \Windows\System, odpalanym z klucza Run – svchost systemowy jest w \System32.
Usuwaj:
Szukaj na dysku pliki widoczne powyzej i usuwaj. Niech system pokaze pliki ukryte i systemowe.
Usuwaj:
C:\WINDOWS\System32\kernels8.exe
C:\WINDOWS\sysldr32.exe
C:\WINDOWS\system32\itunesff.exe
C:\WINDOWS\System32\dlh9jkdq6.exe
C:\WINDOWS\System32\dlh9jkdq7.exe
C:\WINDOWS\System32\dlh9jkdq7.exe
C:\WINDOWS\System32\vxgamet3.exe
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – (no file)
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 – HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 – HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe –go –c200 –w
O4 – HKLM\..\RunServices: [Services] C:\WINDOWS\System32\Services.exe
O4 – HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 – HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540000} (CInstall Class) – http://www.spywarestormer.com/files2/Install.cab
O16 – DPF: {33331111–1111–1111–1111–611111193423} –
O16 – DPF: {33331111–1111–1111–1111–611111193429} –
O16 – DPF: {33331111–1111–1111–1111–615111193427} –
O16 – DPF: {64311111–1111–1121–1111–111191113457} – file://c:\eied_s7.cab
O21 – SSODL: SystemCheck2 – {54645654–2225–4455–44A1–9F4543D34546} – C:\WINDOWS\System32\vbsys2.dll
Szukaj na dysku pliki widoczne powyzej i usuwaj. Niech system pokaze pliki ukryte i systemowe.
witam ja juź nie mam siły do tego loga wkleiłem go i przeanalizowało mi na tej stronie którą podanow w przyklejonym jednak coś musi być jeszcze bo wszystko wraca i jest ciągle to samo(wyłączyłem przywracenie systemu),zaczeło sie to 2 dni temu oczywiście mój kochany braciszek wyłączył na pare minut awasta i firewalla i naściągało pełno trojanów tak źe ledwo moge pisać na kompie bo co chwila wyskakują info z awasta źe mój komp jest zaraźony, oczywiście po jakimś czasia zaczeły się pokazywać ikonki do stron porno i zaczelo sie wszystko stopniowo sypać poproszę o fachową pomoc i z góry dzięki wklejam loga
Logfile of HijackThis v1.99.1
Scan saved at 20:24:18, on 2006–05–01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\cFosS\spd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\kernels8.exe
C:\WINDOWS\sysldr32.exe
C:\WINDOWS\system32\itunesff.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\dlh9jkdq6.exe
C:\WINDOWS\System32\dlh9jkdq7.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\dlh9jkdq7.exe
C:\WINDOWS\System32\vxgamet3.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\hijackthis_199\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – (no file)
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O2 – BHO: FiltrateIE Class – {B5D4581D–ED6A–4905–A267–25BAF7BE79C1} – C:\WINDOWS\System32\safeie.dll
O2 – BHO: IEHelperObject – {C68AE9C0–0909–4DDC–B661–C1AFB9F5AE53} – C:\WINDOWS\Downloaded Program Files\avicodec.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: 3DNA Toolbar – {2ECB7FB2–0333–416F–92FD–4904AD49252B} – C:\WINDOWS\system32\3DNATO~1.DLL
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe –startgui
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 – HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 – HKLM\..\Run: [itunesff] C:\WINDOWS\system32\itunesff.exe –go –c200 –w
O4 – HKLM\..\RunServices: [Services] C:\WINDOWS\System32\Services.exe
O4 – HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Download with &Shareaza – res://E:\Program Files\Programy\Nowy folder (2)\ShareazaPlus\Plugins\RazaWebHook.dll/3000
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Subscribe in Desktop Sidebar – res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 – Extra button: Subscribe in Desktop Sidebar – {09FE188B–6E85–479e–9411–51FB2220DF80} – C:\WINDOWS\System32\shdocvw.dll
O9 – Extra 'Tools' menuitem: Subscribe in Desktop Sidebar – {09FE188B–6E85–479e–9411–51FB2220DF80} – C:\WINDOWS\System32\shdocvw.dll
O9 – Extra button: (no name) – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {112857FE–03FF–11D5–9A3F–0080C8D85044} (GameDesire Solitaires) – http://67.15.101.3/g_bin/pl/solitaire_2_0_0_20.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_66.cab
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540000} (CInstall Class) – http://www.spywarestormer.com/files2/Install.cab
O16 – DPF: {33331111–1111–1111–1111–611111193423} –
O16 – DPF: {33331111–1111–1111–1111–611111193429} –
O16 – DPF: {33331111–1111–1111–1111–615111193427} –
O16 – DPF: {5D86DDB5–BDF9–441B–9E9E–D4730F4EE499} (BDSCANONLINE Control) – http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 – DPF: {64311111–1111–1121–1111–111191113457} – file://c:\eied_s7.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/pl/slots70_2_0_0_26.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_23.cab
O16 – DPF: {BB21F850–63F4–4EC9–BF9D–565BD30C9AE9} (ASquaredScanForm Element) – http://www.windowsecurity.com/trojanscan/axscan.cab
O16 – DPF: {C68AE9C0–0909–4DDC–B661–C1AFB9F5AE53} (IEHelperObject) – http://dd.xo.pl/avicodec.ocx
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{456846CA–D050–4E9A–B119–9D399743E39E}: NameServer = 194.204.152.34 217.98.63.164
O18 – Protocol: msnim – {828030A1–22C1–4009–854F–8E305202313F} – "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 – SSODL: SystemCheck2 – {54645654–2225–4455–44A1–9F4543D34546} – C:\WINDOWS\System32\vbsys2.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – d:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: cFosSpeed System Service (cFosSpeedS) – Unknown owner – E:\cFosS\spd.exe" –service (file missing)
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 – Service: Sygate Personal Firewall Pro (SmcService) – Sygate Technologies, Inc. – D:\Program Files\Sygate\SPF\smc.exe
Jesli nie wiesz, nic nie pisz. Zeby nie wyjsc na ignoranta.
nie wiem czy nie trzeba by się zainteresowac tym:
C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe
O17HKLM\System\CCS\Services\Tcpip\..\{67F6DBFE–0E8C–4D21–A81A–5E7FED214686}: NameServer = 213.241.79.38 195.114.181.130
poza tym to raczej czysto
C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe
O17HKLM\System\CCS\Services\Tcpip\..\{67F6DBFE–0E8C–4D21–A81A–5E7FED214686}: NameServer = 213.241.79.38 195.114.181.130
poza tym to raczej czysto
Otwórz menadzer zadan i sprawdź czy proces explorer.exe nie jest zbyt obciąźony, podrzuć równieź log wykonany skryptem Silent Runners.
W tym logu tylko to do naprawy:
A co się dzieje źe pokazujesz loga? WebCheck.dll brzmi trochę jak MyDoom... ale nie mam pewności. Ten plik jest w system32? Jeśli tak to jest poprawny i powinien tam być.
dzidek11:
F2 – REG:system.ini: Shell=explorer.exe
A co się dzieje źe pokazujesz loga? WebCheck.dll brzmi trochę jak MyDoom... ale nie mam pewności. Ten plik jest w system32? Jeśli tak to jest poprawny i powinien tam być.
Strona 1 / 1