CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Wszystkim sprawdzaja, to ja tez bym poprosil

Wszystkim sprawdzaja, to ja tez bym poprosil

oczywiscie jesli nie sprawie zbyt wielkiego klopotu ;]

Logfile of HijackThis v1.99.0
Scan saved at 17:12:33, on 2005–02–18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTGTSoftStyleXPStyleXPService.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSsystem32cisvc.exe
C:Program FilesNorton Internet SecurityISSVC.exe
C:WINDOWSsystem32driversKodakCCS.exe
C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSMixer.exe
C:Program FilesTrustAmi Mouse Single ScrollAmoumain.exe
C:Program FilesAlcatelSpeedTouch USBDragdiag.exe
C:Program FilescFosSpeedcFosSpeed.exe
C:Program FilesJavaj2re1.4.2_06injusched.exe
C:Program FilesNavExcelNavHelperv2.0.4d avapp.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesNetPanelNetPanel.exe
C:Program FilesCommon FilesCMEIICMESys.exe
C:WINDOWSNCLAUNCH.EXe
C:Program FilesLClocklclock.exe
C:Program FilesCommon FilesGMTGMT.exe
C:Program FilesNo–IPDUC20.exe
C:Program FilesCommon FilesGMTautoupdategator_0000_6041_dll_cs_ptrk.gua
C:WINDOWSSYSTEM32cidaemon.exe
C:WINDOWSsystem32wuauclt.exe
D:emule0.44demule.exe
C:PROGRA~1MOZILL~1FIREFOX.EXE
C:WINDOWSexplorer.exe
C:Documents and SettingsIgor NiteckiPulpithijackthisHijackThis.exe
C:WINDOWSsystem32NOTEPAD.EXE

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Yo ziom! :)
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – (no file)
O2 – BHO: Idea2 SidebarBrowserMonitor Class – {45AD732C–2CE2–4666–B366–B2214AD57A49} – C:Program FilesDesktop Sidebarsbhelp.dll
O2 – BHO: Norton Internet Security – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O2 – BHO: NavHelper Class – {C1E58A84–95B3–4630–B8C2–D06B77B7A0FC} – C:Program FilesNavExcelNavHelperv2.0.4dNHelper.dll
O2 – BHO: TGTSoft Explorer Toolbar Changer – {C333CF63–767F–4831–94AC–E683D962C63C} – C:Program FilesTGTSoftStyleXPTGT_BHO.dll
O2 – BHO: WhIeHelperObj Class – {c900b400–cdfe–11d3–976a–00e02913a9e0} – C:Program FileswebHancerprogramswhiehlpr.dll
O2 – BHO: IEHlprObj Class – {CE7C3CF0–4B15–11D1–ABED–709549C10000} – C:Program FilesNetPanelIEHelper.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll
O3 – Toolbar: Norton Internet Security – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM..Run: [WheelMouse] Amoumain.exe
O4 – HKLM..Run: [CloneCDTray] "C:Program FilesSlySoftCloneCDCloneCDTray.exe" /s
O4 – HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesAlcatelSpeedTouch USBDragdiag.exe" /icon
O4 – HKLM..Run: [NetPanel] "C:Program FilesNetPanelStarter.exe" /path="C:Program FilesNetPanel"
O4 – HKLM..Run: [cFosSpeed] C:Program FilescFosSpeedcFosSpeed.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_06injusched.exe
O4 – HKLM..Run: [navapp] C:Program FilesNavExcelNavHelperv2.0.4d avapp.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [IS CfgWiz] C:Program FilesNorton Internet Securitycfgwiz.exe /GUID {257BBC47–1B26–432e–9F84–188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 – HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [CMESys] "C:Program FilesCommon FilesCMEIICMESys.exe"
O4 – HKLM..Run: [BootSkin Startup Jobs] "C:PROGRA~1STARDOCKWINCUS~1BOOTSKINBOOTSKIN.EXE" /StartupJobs
O4 – HKLM..RunServices: [Registry Checkup System32cd Monitor] Winregs32cdn.exe
O4 – HKCU..Run: [NCLaunch] C:WINDOWSNCLAUNCH.EXe
O4 – HKCU..Run: [SSS5] "C:Program FilesSteganos Security Suite 5steganos5.exe" /booting
O4 – HKCU..Run: [SSS5SAFE] "C:Program FilesSteganos Security Suite 5safe.exe" /booting
O4 – HKCU..Run: [SSS5SPM] "C:Program FilesSteganos Security Suite 5spm.exe" /booting
O4 – HKCU..Run: [LClock] C:Program FilesLClocklclock.exe
O4 – HKCU..Run: [STYLEXP] C:Program FilesTGTSoftStyleXPStyleXP.exe –Hide
O4 – HKCU..Run: [SIDEBAR] "C:Program FilesDesktop Sidebardsidebar.exe"
O4 – HKCU..Run: [Messenger] MSMSGS
O4 – Startup: Neo+.lnk = ?
O4 – Startup: No–IP DUC.lnk = C:Program FilesNo–IPDUC20.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – C:PROGRA~1INCRED~1in esourcesWebMenuImg.htm
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 – Extra context menu item: Subscribe in Desktop Sidebar – res://C:Program FilesDesktop Sidebarsbhelp.dll/menuhandler.html
O9 – Extra button: Subscribe in Desktop Sidebar – {09FE188B–6E85–479e–9411–51FB2220DF80} – C:Program FilesDesktop Sidebarsbhelp.dll
O9 – Extra 'Tools' menuitem: Subscribe in Desktop Sidebar – {09FE188B–6E85–479e–9411–51FB2220DF80} – C:Program FilesDesktop Sidebarsbhelp.dll
O9 – Extra button: GloPhone – {C9B8ABB6–1CC3–4957–9CA3–053036B2EE3A} – C:Program FilesVoicegloGlophoneglophone.exe
O9 – Extra button: (no name) – {C9B8ABB6–1CC3–4957–9CA3–053036B2EE3A}} – (no file)
O9 – Extra button: HotWhois – {CF4DA62E–8A85–4C89–8232–F555BC352B0B} – C:Program FilesHotWhoisawie.exe
O9 – Extra 'Tools' menuitem: &HotWhois – {CF4DA62E–8A85–4C89–8232–F555BC352B0B} – C:Program FilesHotWhoisawie.exe
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe
O16 – DPF: {0F9B4CA4–A30F–480A–841D–69B45C50A8F8} (SekureL0gin.SekureKontrol) – http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c: osuxxx.mht!http://www.kazaalite.pl/stats/loudklite.chm::/bridge–c46.cab
O16 – DPF: {8F2E4DC6–E858–4EF0–B596–7CD82AA94B0A} (M2AxCtl Class) – http://macikowski707.republika.pl/pliki/stream/puzzle1_s/m2axsvr.dll
O17 – HKLMSystemCCSServicesTcpip..{129F7181–2440–4B01–AA56–C2301EA75DD2}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLMSystemCS1ServicesTcpip..{129F7181–2440–4B01–AA56–C2301EA75DD2}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLMSystemCS2ServicesTcpip..{129F7181–2440–4B01–AA56–C2301EA75DD2}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Network Proxy – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccProxy.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: GIGSVR – Jgaa's Internet (www.jgaa.com) – C:Program FilesWar–ftpdwar–ftpd.exe
O23 – Service: ISSvc – Symantec Corporation – C:Program FilesNorton Internet SecurityISSVC.exe
O23 – Service: Kodak Camera Connection Software – Eastman Kodak Company – C:WINDOWSsystem32driversKodakCCS.exe
O23 – Service: Norton AntiVirus Auto–Protect Service – Symantec Corporation – C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Symantec Network Drivers Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 – Service: Symantec SPBBCSvc – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 – Service: StyleXPService – Unknown – C:Program FilesTGTSoftStyleXPStyleXPService.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
O23 – Service: WARSVR – Jgaa's Internet (www.jgaa.com) – C:Program FilesWar–ftpdwar–ftpd.exe

Odpowiedzi: 3

gigoro:
...przywracanie systemu na wszystkich dyskach?
Bobi
Dodano
18.02.2005 22:31:18
Bobi_robert:

Wylacz przywracanie


Ale chodzi o przywracanie plikow w Windowsie czy przywracanie systemu na wszystkich dyskach?
gigoro
Dodano
18.02.2005 20:47:57
Wiec lecimy:
Uzywasz tego >> C:WINDOWSNCLAUNCH.EXe ??
SWF Studio, jesli nie to kibel
fix: O4 – HKCU..Run: [NCLaunch] C:WINDOWSNCLAUNCH.EXe

Wylacz przywracanie

Usun w awaryjnym razem z plikami/całymi katalogami:
O2 – BHO: (no name) – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – (no file)
O2 – BHO: NavHelper Class – {C1E58A84–95B3–4630–B8C2–D06B77B7A0FC} – C:Program FilesNavExcelNavHelperv2.0.4dNHelper.dll
O2 – BHO: WhIeHelperObj Class – {c900b400–cdfe–11d3–976a–00e02913a9e0} – C:Program FileswebHancerprogramswhiehlpr.dll
O4 – HKLM..Run: [navapp] C:Program FilesNavExcelNavHelperv2.0.4d avapp.exe
O4 – HKLM..Run: [CMESys] "C:Program FilesCommon FilesCMEIICMESys.exe"
O4 – HKLM..RunServices: [Registry Checkup System32cd Monitor] Winregs32cdn.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O9 – Extra button: (no name) – {C9B8ABB6–1CC3–4957–9CA3–053036B2EE3A}} – (no file)
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c: osuxxx.mht!http://www.kazaalite.pl/stats/loudklite.chm::/bridge–c46.cab
O16 – DPF: {0F9B4CA4–A30F–480A–841D–69B45C50A8F8} (SekureL0gin.SekureKontrol) – http://secure2.comned.com/signuptemplates/AktiveSekurity.cab

Dorzuc do tego jeszcze C:Program FilesCommon FilesGMT bo nie widze w logu a w procesach jest

To cos wyglada na Messengera: O4 – HKCU..Run: [Messenger] MSMSGS
Nic bardziej mylnego, wyszukaj ten plik i wywal
Prawidłowy jest w C:Program FilesMessenger kazdego innego usuwasz
Bobi
Dodano
18.02.2005 19:14:56
gigoro
Dodano:
18.02.2005 18:14:19
Komentarzy:
3
Strona 1 / 1