włamani do komputera
jakis koles wlamal sie do mojej kolezanki i od niej wyslal mi plik ktory sie okazal wirusem!!!
mowi mi jakie pliki mam i moze kontrolowac moje gg. podaje log z hijacka :
Logfile of HijackThis v1.99.1
Scan saved at 16:04:28, on 2006–03–01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\services.exe
c:\windows\system32\win32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\hijack\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 – Toolbar: Easy–WebPrint – {327C2873–E90D–4c37–AA9D–10AC9BABA46C} – C:\Program Files\Canon\Easy–WebPrint\Toolband.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Easy–PrintToolBox] C:\Program Files\Canon\Easy–PrintToolBox\BJPSMAIN.EXE /logon
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msvcp.exe
O4 – HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Easy–WebPrint Add To Print List – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_AddToList.html
O8 – Extra context menu item: Easy–WebPrint High Speed Print – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_HSPrint.html
O8 – Extra context menu item: Easy–WebPrint Preview – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_Preview.html
O8 – Extra context menu item: Easy–WebPrint Print – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_Print.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_17.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/pl/slots70_2_0_0_26.cab
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
mowi mi jakie pliki mam i moze kontrolowac moje gg. podaje log z hijacka :
Logfile of HijackThis v1.99.1
Scan saved at 16:04:28, on 2006–03–01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\services.exe
c:\windows\system32\win32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\hijack\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 – Toolbar: Easy–WebPrint – {327C2873–E90D–4c37–AA9D–10AC9BABA46C} – C:\Program Files\Canon\Easy–WebPrint\Toolband.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Easy–PrintToolBox] C:\Program Files\Canon\Easy–PrintToolBox\BJPSMAIN.EXE /logon
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msvcp.exe
O4 – HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Easy–WebPrint Add To Print List – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_AddToList.html
O8 – Extra context menu item: Easy–WebPrint High Speed Print – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_HSPrint.html
O8 – Extra context menu item: Easy–WebPrint Preview – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_Preview.html
O8 – Extra context menu item: Easy–WebPrint Print – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_Print.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_17.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/pl/slots70_2_0_0_26.cab
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
Odpowiedzi: 9
oki juz wszystko jest oki. dzieki wszystkim z pomoc
Zainstalowałes sterowniki do karty dzwiękowej? Zajrzyj do menedzera Urzadzeń czy nie masz jakiś wykrzykników.
dzieki bardzo . a wiesz moze co z tymi glosnikami ???
Tak log jest czysty.
juz jest oki ale po formacie nie wykrylo mi glosnikow i mikrofonu moze wie ktos o co chodzi ??? tak to wszystko zainstalowalem i chodzi juz dobrze. jednak dla pewnosci wklejam loga z hijacka.z gory dzieki.:
Logfile of HijackThis v1.99.1
Scan saved at 19:02:39, on 2006–03–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Easy–WebPrint – {327C2873–E90D–4c37–AA9D–10AC9BABA46C} – C:\Program Files\Canon\Easy–WebPrint\Toolband.dll
O4 – HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 – HKLM\..\Run: [Easy–PrintToolBox] C:\Program Files\Canon\Easy–PrintToolBox\BJPSMAIN.EXE /logon
O4 – HKLM\..\Run: [InvalidDelete] C:\DOCUME~1\BIELES~1\USTAWI~1\Temp\KYE\Setup.exe /Delete C:\Program Files\Genius NetScroll+ Traveler Mouse
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Easy–WebPrint Add To Print List – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_AddToList.html
O8 – Extra context menu item: Easy–WebPrint High Speed Print – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_HSPrint.html
O8 – Extra context menu item: Easy–WebPrint Preview – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_Preview.html
O8 – Extra context menu item: Easy–WebPrint Print – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_Print.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O23 – Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) – H+BEDV Datentechnik GmbH – C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 – Service: AntiVir PersonalEdition Classic Guard (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 19:02:39, on 2006–03–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Easy–WebPrint – {327C2873–E90D–4c37–AA9D–10AC9BABA46C} – C:\Program Files\Canon\Easy–WebPrint\Toolband.dll
O4 – HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 – HKLM\..\Run: [Easy–PrintToolBox] C:\Program Files\Canon\Easy–PrintToolBox\BJPSMAIN.EXE /logon
O4 – HKLM\..\Run: [InvalidDelete] C:\DOCUME~1\BIELES~1\USTAWI~1\Temp\KYE\Setup.exe /Delete C:\Program Files\Genius NetScroll+ Traveler Mouse
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Easy–WebPrint Add To Print List – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_AddToList.html
O8 – Extra context menu item: Easy–WebPrint High Speed Print – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_HSPrint.html
O8 – Extra context menu item: Easy–WebPrint Preview – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_Preview.html
O8 – Extra context menu item: Easy–WebPrint Print – res://C:\Program Files\Canon\Easy–WebPrint\Resource.dll/RC_Print.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O23 – Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) – H+BEDV Datentechnik GmbH – C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 – Service: AntiVir PersonalEdition Classic Guard (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Czasem nie uciąłeś loga? :P Na razie nic podejrzanego, ale brakuje reszty...
zrobilem formatai nie wiem co dalej bo nadal strasznie wolno chodzi ten komp !!! skanuje ad–aware i nic nie skutkuje!!! caly czas ledwie sie rusza!!!
prosze doradcie cos. podaje log z hijacka:
Logfile of HijackThis v1.99.1
Scan saved at 22:20:59, on 2006–03–02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\bieleszczuk\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
prosze doradcie cos. podaje log z hijacka:
Logfile of HijackThis v1.99.1
Scan saved at 22:20:59, on 2006–03–02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\bieleszczuk\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
Tego juź nie trzeba ubić?
Kolega hakier Ci Telneta uruchomił, zakończ tlntsvr.exe
O4 – HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msvcp.exe
Kolega hakier Ci Telneta uruchomił, zakończ tlntsvr.exe
Usuń to:
C:\WINDOWS\services.exe
c:\windows\system32\win32.exe
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
Znasz to, jak nie to wywal:
DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_17.cabZnasz to, jak nie to
C:\WINDOWS\services.exe
c:\windows\system32\win32.exe
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
Znasz to, jak nie to wywal:
DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_17.cabZnasz to, jak nie to
Strona 1 / 1