Prosze o sprawdzenie loga
Logfile of HijackThis v1.99.1
Scan saved at 17:28:15, on 2006–03–01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Programy\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
D:\Programy\Power DVD\PDVDServ.exe
D:\Programy\AntiSpryware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Programy\AntiSpryware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Programy\Winrar.Pl\WinRAR.exe
C:\DOCUME~1\Darek\USTAWI~1\Temp\Rar$EX00.828\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wp.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 – REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – d:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – d:\Program Files\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [RemoteControl] "D:\Programy\Power DVD\PDVDServ.exe"
O4 – HKLM\..\Run: [gcasServ] "D:\Programy\AntiSpryware\gcasServ.exe"
O4 – HKLM\..\Run: [WinampAgent] D:\Programy\Winamp 5.1\Winamp\winampa.exe
O4 – HKLM\..\Run: [BearShare] "D:\Programy\BerSher\BearShare.exe" /pause
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (Ganymede Board Games) – http://67.15.101.3/g_bin/pl/boards_2_0_0_24.cab
O16 – DPF: {4539348E–01D7–11D5–9A39–0080C8D85044} (GameDesire Slots 90th) – http://67.15.101.3/g_bin/pl/slots90_2_0_0_26.cab
O16 – DPF: {4B4513E2–4E57–43DF–9496–FCD37E9DFA64} (GameDesire Sea Battle) – http://67.15.101.3/g_bin/pl/navy_2_0_0_20.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/pl/slots70_2_0_0_26.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C4} (GameDesire Pool Training) – http://67.15.101.3/g_bin/pl/billardt_2_0_0_24.cab
O20 – Winlogon Notify: igfxcui – C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) – Symantec Corporation – d:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: SAVScan – Symantec Corporation – d:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – D:\Programy\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
Scan saved at 17:28:15, on 2006–03–01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Programy\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
D:\Programy\Power DVD\PDVDServ.exe
D:\Programy\AntiSpryware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Programy\AntiSpryware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Programy\Winrar.Pl\WinRAR.exe
C:\DOCUME~1\Darek\USTAWI~1\Temp\Rar$EX00.828\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wp.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 – REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – d:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – d:\Program Files\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [RemoteControl] "D:\Programy\Power DVD\PDVDServ.exe"
O4 – HKLM\..\Run: [gcasServ] "D:\Programy\AntiSpryware\gcasServ.exe"
O4 – HKLM\..\Run: [WinampAgent] D:\Programy\Winamp 5.1\Winamp\winampa.exe
O4 – HKLM\..\Run: [BearShare] "D:\Programy\BerSher\BearShare.exe" /pause
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (Ganymede Board Games) – http://67.15.101.3/g_bin/pl/boards_2_0_0_24.cab
O16 – DPF: {4539348E–01D7–11D5–9A39–0080C8D85044} (GameDesire Slots 90th) – http://67.15.101.3/g_bin/pl/slots90_2_0_0_26.cab
O16 – DPF: {4B4513E2–4E57–43DF–9496–FCD37E9DFA64} (GameDesire Sea Battle) – http://67.15.101.3/g_bin/pl/navy_2_0_0_20.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/pl/slots70_2_0_0_26.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C4} (GameDesire Pool Training) – http://67.15.101.3/g_bin/pl/billardt_2_0_0_24.cab
O20 – Winlogon Notify: igfxcui – C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) – Symantec Corporation – d:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: SAVScan – Symantec Corporation – d:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – D:\Programy\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
Odpowiedzi: 16
octron:
pomoźecie mi czy mam to usunąć bo naprawdę niewiem :roll:
zostaw – to adresy DNS od Tepsy. Sprawdź zresztą sam. 194.204.152.34 i 217.98.63.164
pomoźecie mi czy mam to usunąć bo naprawdę niewiem :roll:
A to mój dokładny log:
O17 – HKLM\System\CCS\Services\Tcpip\..\{08BCF50C–EE41–440F–A607–D6D0DF661678}: NameServer = 194.204.152.34 217.98.63.164 Possibly nasty
Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.
Currently there is no visitor's assessment! Do you know the IP or Domain '194.204.152.34 217.98.63.164'? If not, fix this entry.
O17 – HKLM\System\CS1\Services\Tcpip\..\{08BCF50C–EE41–440F–A607–D6D0DF661678}: NameServer = 194.204.152.34 217.98.63.164 Possibly nasty
Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.
Currently there is no visitor's assessment! Do you know the IP or Domain '194.204.152.34 217.98.63.164'? If not, fix this entry.
A to mój dokładny log:
Logfile of HijackThis v1.99.1
Scan saved at 23:10:25, on 2006–03–11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
f:\krasnal\MYSQL\bin\mysqld.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kalendarz XP\kalendarz.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\budzik\Moje dokumenty\DOWNLOAD\download\hijackthis_199\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 – HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti–Virus Personal\kav.exe" /minimize
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – Startup: Neostrada TP.lnk = ?
O4 – Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O9 – Extra button: Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{08BCF50C–EE41–440F–A607–D6D0DF661678}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLM\System\CS1\Services\Tcpip\..\{08BCF50C–EE41–440F–A607–D6D0DF661678}: NameServer = 194.204.152.34 217.98.63.164
O18 – Protocol: ms–help – {314111C7–A502–11D2–BBCA–00C04F8EC294} – C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: MySql – Unknown owner – f:\krasnal/MYSQL/bin/mysqld.exe
Dzięki wielkie bo nie wiedziałem gdzie dokładnie tego szukać, niestety nie wszystko udało mi się usunąć ale juź wiem jak to robić ;p
Kolego, masz tu troche smieci. Napisalbym dokladnie co i gdzie, ale przeciez mozesz wziasc sie za to samodzielnie. Ambitny chyba jestes ?
Tutaj dowiesz sie troche na temat loga –> http://forum.centrumxp.pl/viewtopic.php?t=37513
Sprawdz, zastanow sie dokladnie nad wynikami, usun niepotrzebne rzeczy. Po wszystkim mozesz sie znowu pochwalic logiem.
P.S. Nie usuwaj O17, mimo pokazanego "Possibly nasty", nie usuwaj wpisow z plikami Avasta, oznaczonymi "file missing". Z O16 do usuniecia wpis posiadajacy w adresie ciąg "180solutions".
Tutaj dowiesz sie troche na temat loga –> http://forum.centrumxp.pl/viewtopic.php?t=37513
Sprawdz, zastanow sie dokladnie nad wynikami, usun niepotrzebne rzeczy. Po wszystkim mozesz sie znowu pochwalic logiem.
P.S. Nie usuwaj O17, mimo pokazanego "Possibly nasty", nie usuwaj wpisow z plikami Avasta, oznaczonymi "file missing". Z O16 do usuniecia wpis posiadajacy w adresie ciąg "180solutions".
Proszę ładnie o sprawdzenie, loga, poniewaź po włączeniu kompa pokazuje mi się komunikat: System windows nie mógł znaleźć ibm00001.exe sprawdź czy ścieźka jest poprawna – i to jest denerwujące trochę!!! Czytałem temat "ibm00001.exe, ale tak tam zamieszali, źe nie wiem, co dokładne mam zrobić a sam nie potrafię tego przeanalizować. Komunikat ten zaczął wyskakiwać po tym jak juź raz pousuwałem śmieci, które mi kazano po sprawdzeniu loga – pewnie nie usunąłem wszystkiego i albo moźe za duźo. To jest tylko jeden problem a jest ich troszkę więcej, ale na ich rozwiązanie poczekam później i najpierw sam poszukam.
Logfile of HijackThis v1.99.1
Scan saved at 14:46:57, on 2006–03–03
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Windows\MicrosoftNet.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft IntelliPoint\Point32.exe
d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
d:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
d:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\WINDOWS\System32\rundll32.exe
D:\Program Files\eMule\emule.exe
C:\WINDOWS\explorer.exe
D:\Gadu–Gadu2\Gadu–Gadu2\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\hijackthis_199\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – (no file)
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O2 – BHO: FiltrateIE Class – {B5D4581D–ED6A–4905–A267–25BAF7BE79C1} – C:\WINDOWS\System32\safeie.dll
O2 – BHO: IEHelperObject – {C68AE9C0–0909–4DDC–B661–C1AFB9F5AE53} – C:\WINDOWS\Downloaded Program Files\avicodec.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: 3DNA Toolbar – {2ECB7FB2–0333–416F–92FD–4904AD49252B} – C:\WINDOWS\system32\3DNATO~1.DLL
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe –startgui
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [MicrosoftNet] C:\Windows\MicrosoftNet.exe
O4 – HKLM\..\RunServices: [Services] C:\WINDOWS\System32\Services.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Download with &Shareaza – res://E:\Program Files\Programy\Nowy folder (2)\ShareazaPlus\Plugins\RazaWebHook.dll/3000
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Subscribe in Desktop Sidebar – res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 – Extra button: Subscribe in Desktop Sidebar – {09FE188B–6E85–479e–9411–51FB2220DF80} – C:\WINDOWS\System32\shdocvw.dll
O9 – Extra 'Tools' menuitem: Subscribe in Desktop Sidebar – {09FE188B–6E85–479e–9411–51FB2220DF80} – C:\WINDOWS\System32\shdocvw.dll
O9 – Extra button: WellGet – {35980F6E–A258–4E50–953D–813BB8556899} – C:\WINDOWS\System32\shdocvw.dll
O9 – Extra button: (no name) – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {112857FE–03FF–11D5–9A3F–0080C8D85044} (GameDesire Solitaires) – http://67.15.101.3/g_bin/pl/solitaire_2_0_0_20.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_66.cab
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (Ganymede Board Games) – http://67.15.101.3/g_bin/pl/boards_2_0_0_24.cab
O16 – DPF: {4B4513E2–4E57–43DF–9496–FCD37E9DFA64} (GameDesire Sea Battle) – http://67.15.101.3/g_bin/pl/navy_2_0_0_19.cab
O16 – DPF: {5D86DDB5–BDF9–441B–9E9E–D4730F4EE499} (BDSCANONLINE Control) – http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 – DPF: {8FCDF9D9–A28B–480F–8C3D–581F119A8AB8} – http://static.zangocash.com/cab/180solutions/ie/bridge–c567.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/pl/slots70_2_0_0_26.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_23.cab
O16 – DPF: {BB21F850–63F4–4EC9–BF9D–565BD30C9AE9} (ASquaredScanForm Element) – http://www.windowsecurity.com/trojanscan/axscan.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–983219421AEF} (GameDesire 1Player Word Games) – http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_36.cab
O16 – DPF: {C68AE9C0–0909–4DDC–B661–C1AFB9F5AE53} (IEHelperObject) – http://dd.xo.pl/avicodec.ocx
O16 – DPF: {E23FABEE–12E3–33DA–DA12–195DAC123984} (GameDesire Mahjong) – http://67.15.101.3/g_bin/pl/mahjong_2_0_0_20.cab
O16 – DPF: {E95CF138–A587–4C54–8175–3AD80997CB14} (GameDesire Soccer) – http://67.15.101.3/g_bin/pl/soccer_2_0_0_10.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{456846CA–D050–4E9A–B119–9D399743E39E}: NameServer = 194.204.152.34 217.98.63.164
O18 – Protocol: msnim – {828030A1–22C1–4009–854F–8E305202313F} – "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – d:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – d:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 – Service: Sygate Personal Firewall Pro (SmcService) – Sygate Technologies, Inc. – D:\Program Files\Sygate\SPF\smc.exe
sory EL NINO tego loga wstawiałem po nieprzespanej nocy bo komunikatory działały a strony otwierały sie prawie 5 min. następnym razem postaram się byc bardziej kumaty :D . Narazie wszystko jest oki bo poprawiłem zapore.
Arias, piszac "NIC", mialem na mysli smieci. Gdyby bylo inaczej, napisalbym o tym.
Poza tym, jesli juz zamieszczasz log, wypadaloby napisac po co to robisz, co sie dzieje, co juz zrobiles. Sformulowanie "rzuci ktos okiem" zasluguje na odpowiedz taka, jaka dostales.
Poza tym, jesli juz zamieszczasz log, wypadaloby napisac po co to robisz, co sie dzieje, co juz zrobiles. Sformulowanie "rzuci ktos okiem" zasluguje na odpowiedz taka, jaka dostales.
Nic to znaczy źe ok, czy nic bo nic??
Nic.
I co zobaczyłeś??
Rzucilem.Rzuci ktoś okiem na ten log
Rzucilem.Rzuci ktoś okiem na ten log
Rzuci ktoś okiem na ten log
Logfile of HijackThis v1.97.7
Scan saved at 23:01:24, on 2006–03–01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Gadu–Gadu\gg.exe
E:\Driwer\mm\Ochrona\HijackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: NetXfer – {83B80A9C–D91A–4F22–8DCF–EA7204039F79} – C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O3 – Toolbar: McAfee VirusScan – {BA52B914–B692–46c4–B683–905236F6F655} – c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 – Toolbar: NetXfer – {C16CBAAC–A75C–4DB5–A0DD–CDF5CAFCDD3A} – C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 – HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 – HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 – HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 – HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 – HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O8 – Extra context menu item: Pobierz przez NetXfer – C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 – Extra context menu item: Pobierz wszystko przez NetXfer – C:\Program Files\Xi\NetXfer\NXAddList.html
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O17 – HKLM\System\CCS\Services\Tcpip\..\{7D4CE460–FE44–45AA–8498–281E80898BBF}: NameServer = 80.51.179.252
O17 – HKLM\System\CCS\Services\Tcpip\..\{AFAB9F0C–7B89–4287–976A–FB9AD611712C}: NameServer = 80.51.179.252
Logfile of HijackThis v1.97.7
Scan saved at 23:01:24, on 2006–03–01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Gadu–Gadu\gg.exe
E:\Driwer\mm\Ochrona\HijackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: NetXfer – {83B80A9C–D91A–4F22–8DCF–EA7204039F79} – C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O3 – Toolbar: McAfee VirusScan – {BA52B914–B692–46c4–B683–905236F6F655} – c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 – Toolbar: NetXfer – {C16CBAAC–A75C–4DB5–A0DD–CDF5CAFCDD3A} – C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 – HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 – HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 – HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 – HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 – HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O8 – Extra context menu item: Pobierz przez NetXfer – C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 – Extra context menu item: Pobierz wszystko przez NetXfer – C:\Program Files\Xi\NetXfer\NXAddList.html
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O17 – HKLM\System\CCS\Services\Tcpip\..\{7D4CE460–FE44–45AA–8498–281E80898BBF}: NameServer = 80.51.179.252
O17 – HKLM\System\CCS\Services\Tcpip\..\{AFAB9F0C–7B89–4287–976A–FB9AD611712C}: NameServer = 80.51.179.252
F3 – REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
Usuń ręcznie folder (pliki) inet20003
PS.Grasz w jakies gierki online(poker itp.)? :)
Pytam sie dlatego ze tam są jakies pliki cab z plikami do gier online.Jak cos to napisz tutaj
Tak gram w gry online.
Bardzo dziekuje za pomoc.
A jezeli chodzi o gry ,to tak gram
A jezeli chodzi o gry ,to tak gram
F3 – REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
Usuń ręcznie folder (pliki) inet20003
PS.Grasz w jakies gierki online(poker itp.)? :)
Pytam sie dlatego ze tam są jakies pliki cab z plikami do gier online.Jak cos to napisz tutaj
Strona 1 / 1