proszę o sprawdzenie loga
Z góry dziękuje za sprawdzenie
Logfile of HijackThis v1.99.1
Scan saved at 19:46:38, on 2005–08–01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\GEARSEC.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\D–Tools\daemon.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Xfire\Xfire.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Zdanbud\Pulpit\HijackThis.exe
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: bho2gr Class – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – E:\Program Files\GetRight\xx2gr.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – E:\PROGRA~1\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – E:\PROGRA~1\FlashGet\jccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – E:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "E:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [KAVPersonal50] E:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe /minimize
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [IST Service] E:\Program Files\ISTsvc\istsvc.exe
O4 – HKLM\..\Run: [Internet Optimizer] "E:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKCU\..\Run: [Steam] "c:\steam\steam.exe" –silent
O4 – HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [iolo Utility Bar] "E:\Program Files\iolo\System Mechanic 5 Professional\SMUtilityBar.exe"
O4 – HKCU\..\Run: [Konnekt] "E:\Program Files\Konnekt\konnekt.exe" /autostart –profile=?
O4 – Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
O4 – Global Startup: Wireless PCI Card Configuration Utility.lnk = E:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O8 – Extra context menu item: Pobierz z &BitSpirit – E:\Program Files\BitSpirit\bsurl.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – E:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – E:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – E:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – E:\WINDOWS\System32\msjava.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – E:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – E:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – E:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – E:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} – https://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 – DPF: {39B0684F–D7BF–4743–B050–FDC3F48F7E3B} – http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096728532154
O16 – DPF: {68BCE50A–DC9B–4519–A118–6FDA19DB450D} – http://support.vugames.com/betasubmission/sysinfo/Si.cab
O16 – DPF: {74D05D43–3236–11D4–BDCD–00C04F9A3B61} – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FA65E95C–9B0E–11D6–9BC9–00104B0B4D56} – http://www.cdprojekt.info/unizeto.cab
O20 – Winlogon Notify: WB – E:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 – Service: GEARSecurity – GEAR Software – E:\WINDOWS\System32\GEARSEC.EXE
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – E:\Program Files\iPod\bin\iPodService.exe
O23 – Service: kavsvc – Kaspersky Lab – E:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: Macromedia Licensing Service – Unknown owner – E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – E:\WINDOWS\system32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 19:46:38, on 2005–08–01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\GEARSEC.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\D–Tools\daemon.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Xfire\Xfire.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Zdanbud\Pulpit\HijackThis.exe
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: bho2gr Class – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – E:\Program Files\GetRight\xx2gr.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – E:\PROGRA~1\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – E:\PROGRA~1\FlashGet\jccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – E:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "E:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [KAVPersonal50] E:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe /minimize
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [IST Service] E:\Program Files\ISTsvc\istsvc.exe
O4 – HKLM\..\Run: [Internet Optimizer] "E:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKCU\..\Run: [Steam] "c:\steam\steam.exe" –silent
O4 – HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [iolo Utility Bar] "E:\Program Files\iolo\System Mechanic 5 Professional\SMUtilityBar.exe"
O4 – HKCU\..\Run: [Konnekt] "E:\Program Files\Konnekt\konnekt.exe" /autostart –profile=?
O4 – Startup: Xfire.lnk = E:\Program Files\Xfire\Xfire.exe
O4 – Global Startup: Wireless PCI Card Configuration Utility.lnk = E:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O8 – Extra context menu item: Pobierz z &BitSpirit – E:\Program Files\BitSpirit\bsurl.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – E:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – E:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – E:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – E:\WINDOWS\System32\msjava.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – E:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – E:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – E:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – E:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} – https://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 – DPF: {39B0684F–D7BF–4743–B050–FDC3F48F7E3B} – http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096728532154
O16 – DPF: {68BCE50A–DC9B–4519–A118–6FDA19DB450D} – http://support.vugames.com/betasubmission/sysinfo/Si.cab
O16 – DPF: {74D05D43–3236–11D4–BDCD–00C04F9A3B61} – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FA65E95C–9B0E–11D6–9BC9–00104B0B4D56} – http://www.cdprojekt.info/unizeto.cab
O20 – Winlogon Notify: WB – E:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 – Service: GEARSecurity – GEAR Software – E:\WINDOWS\System32\GEARSEC.EXE
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – E:\Program Files\iPod\bin\iPodService.exe
O23 – Service: kavsvc – Kaspersky Lab – E:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe
O23 – Service: Macromedia Licensing Service – Unknown owner – E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – E:\WINDOWS\system32\nvsvc32.exe
Odpowiedzi: 3
To dobrze, o ile przed szukaniem wlaczyles pokazywanie plikow ukrytych i systemowych.
CLSID {00000010–6F7D–442C–93E3–4A4827C2E4C8} ktory widac u Ciebie to pozostalosc po DyFuCA Trojan a te wlasnie pliki sa rowniez z nim zwiazane. Lepiej na zimne dmuchac.
CLSID {00000010–6F7D–442C–93E3–4A4827C2E4C8} ktory widac u Ciebie to pozostalosc po DyFuCA Trojan a te wlasnie pliki sa rowniez z nim zwiazane. Lepiej na zimne dmuchac.
czy to źle, źe źadnego z tych plików nie znalazłem ??
Usuwaj w HJ, jak i rowniez caly folder Internet Optimizer z Program Files:
Ponadto sprawdz czy masz na dysku pliki a jesli tak, usun:
nem214.dll
optimize[1].exe
isetup.inf
DyFuCa Active Alert
wsem210.dll
DyFuCA
isetup.exe
nem210.dll
myDll.dll
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:2323
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – (no file)
O4 – HKLM\..\Run: [Internet Optimizer] "E:\Program Files\Internet Optimizer\optimize.exe"
Ponadto sprawdz czy masz na dysku pliki a jesli tak, usun:
nem214.dll
optimize[1].exe
isetup.inf
DyFuCa Active Alert
wsem210.dll
DyFuCA
isetup.exe
nem210.dll
myDll.dll
Strona 1 / 1