Cytuj:
A właśnie po skanowaniu HjT widzę, że aktywny jest proces C:\WINDOWS\system32\services***** Ale to chyba nie owntibia, bo po formatce miałem takie cuś już o.O |
Cytuj:
|
Update !
Do pliku hosts dopiszcie: 127.0.0.1 wizzard.home.pl |
Gratz For You !!
Dzięki tobie pozbyłem sie OWNTIBI z kompa. Teraz już mi nie grozi hack (mam zadzieje ). Oby takich poradnikow jak najwiecej.!!!:cup::cup::cup:
|
A może po prostu trzeba wejść do c:/windows i usunąć podejrzany plik(wystarczy raz na niego kliknac a antywirus go wykryje)przeważnie jest ostatni
|
o lol xD
dzis znalazlem proces winampa. exe ;d (winaMPA) |
@up ja tez co to jest??
aaa ja mam w windows/system32 plik services. exe a nie servicess. exe czemu?? |
@up
bo servicess***** to inny program niż ten systemowy (możliwe, że wirus) Cytuj:
zresztą, jakby owntibia się podszyła to byłby to svchost***** tylko z innej lokalizacji. |
Na wszystkie wiry itp. proponuję co jakiś czas zaglądać do katalogu c:\WINDOWS\system32 (oraz c:\WINDOWS\)trzeba kliknąć żeby pokazywało pliki według zmodyfikowanych. Nowe pliki (raczej wirus) będzie na samym dole, chyba, że wcześniej instalowałeś drivery do karty graficzej albo cos. Ja tak usunąłem kiedyś wirusa nie do wykrycia ;) . No i oczywiście jeśli się ukrywa w menadżerze urządzeń to szybko, szybko zanim się windows włączy ciągle klikać alt+ctrl+delete, obczaić nietypowe procesy (w zakładce procesy), potem w start->wyszukaj->pliki lub foldery. Wprowadzić nazwę podejrzanego procesu, a następnie po jego wykryciu usunąć (tylko przedtem sprawdzić na google.pl czy żeczywiście jest wirem!). Jak się nie da usunąć to ściągnij program Unlocker.
Zrobił się mały poradnik :) |
Pytanie
Running processes:
C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\Explorer***** C:\WINDOWS\system32\spoolsv***** C:\WINDOWS\System32\nvsvc32***** C:\WINDOWS\SOUNDMAN***** usunąć Smss***** winlogon***** :confused::confused: Pomocy |
Cytuj:
|
Prosye o odpowiedy cyz tu jest jakis keyloger??
Bardzo mi zalezy na odpowiedzi bo dzis rano pod moja nieobecnosc byl ktoas na mojej postaci :( Logfile of HijackThis v1.99.1 Scan saved at 15:25:17, on 2007-06-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\system32\spoolsv***** C:\WINDOWS\system32\nvsvc32***** C:\WINDOWS\system32\wscntfy***** C:\WINDOWS\Explorer***** C:\PROGRA~1\NEOSTR~1\CnxMon***** C:\Program Files\Thomson\SpeedTouch USB\Dragdiag***** C:\PROGRA~1\NEOSTR~1\TaskbarIcon***** C:\WINDOWS\system32\ctfmon***** C:\WINDOWS\system32\service***** C:\PROGRA~1\NEOSTR~1\NeostradaTP***** C:\PROGRA~1\NEOSTR~1\ComComp***** C:\PROGRA~1\NEOSTR~1\Watch***** C:\Program Files\Tibia\Tibia***** C:\WINDOWS\system32\wuauclt***** C:\Program Files\Internet Explorer\iexplore***** C:\WINDOWS\system32\wpabaln***** C:\Documents and Settings\Artur\Pulpit\HijackThis***** R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon***** O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch***** O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon***** O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz***** /install O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon***** O4 - Global Startup: service*****.lnk = C:\WINDOWS\system32\service***** O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O17 - HKLM\System\CCS\Services\Tcpip\..\{9879D2DC-0BEA-4342-98D9-6D994686C867}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32***** |
Do wywalenia na 100%
C:\WINDOWS\system32\service**** O4 - Global Startup: service*****.lnk = C:\WINDOWS\system32\service***** A to nie wiem czy bezpieczne. Jak wiesz co to, to zostaw a jak nei to wywal: HKLM\System\CCS\Services\Tcpip\..\{9879D2DC-0BEA-4342-98D9-6D994686C867}: NameServer = 194.204.152.34 217.98.63.164 *** Wpisy zaznaczasz "ptaszkiem" i potem dajesz "fix checked", pogrubiony plik wywalasz ręcznie z dysku. |
Poproszę o sprawdzenie także mojego raportu :) Sprawdzałem na hijackthis.de i niby nic nie ma, ale chcę być pewny na 100%
Logfile of HijackThis v1.99.1 Scan saved at 18:44:57, on 2007-06-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\Program Files\Alwil Software\Avast4\aswUpdSv***** C:\Program Files\Alwil Software\Avast4\ashServ***** C:\WINDOWS\Explorer***** C:\WINDOWS\system32\spoolsv***** C:\WINDOWS\TBPanel***** C:\WINDOWS\system32\RUNDLL32***** C:\Program Files\Java\jre1.6.0_01\bin\jusched***** C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2***** C:\Program Files\QuickTime\qttask***** C:\PROGRA~1\ALWILS~1\Avast4\ashDisp***** C:\WINDOWS\system32\rundll32***** C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall***** C:\WINDOWS\system32\ctfmon***** C:\Program Files\Eraser\eraser***** C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM***** C:\WINDOWS\system32\nvsvc32***** C:\WINDOWS\system32\svchost***** C:\Program Files\Alwil Software\Avast4\ashMaiSv***** C:\Program Files\Alwil Software\Avast4\ashWebSv***** C:\WINDOWS\system32\wuauclt***** F:\Milu\PowerMenu_1_5_1\PowerMenu***** E:\xXx\Tlen.pl\tlen-nowy***** C:\Program Files\Microsoft Office\OFFICE11\OIS***** C:\Program Files\Tibia\Tibia***** C:\Program Files\Mozilla Firefox\firefox***** F:\Milu\Programy\Antyviry & nietylko\hijackthis\HijackThis***** R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel***** /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz***** /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched*****" O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2***** /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask*****" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp***** O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32***** bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall*****" -TRAY O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon***** O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser***** -hide O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL*****/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{1B44C090-7729-4D20-B303-9BBD03583F9A}: NameServer = 194.204.159.1,194.204.152.34 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv***** O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ***** O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv*****" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv*****" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT***** O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService***** O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32***** Z góry thx |
Czysto, ewentualnie przyczepiłbym się do tego:
Kod:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B44C090-7729-4D20-B303-9BBD03583F9A}: NameServer = 194.204.159.1,194.204.152.34 |
Prosze sprawdz mi :):baby:
Logfile of HijackThis v1.99.1 Scan saved at 19:36:35, on 2007-06-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\Ati2evxx***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\system32\spoolsv***** C:\Program Files\AntiVir PersonalEdition Classic\avguard***** C:\Program Files\AntiVir PersonalEdition Classic\sched***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\system32\wscntfy***** C:\WINDOWS\system32\Ati2evxx***** C:\WINDOWS\Explorer***** C:\Program Files\ATI Technologies\ATI.ACE\cli***** C:\WINDOWS\system32\RunDll32***** D:\Programy\mouse driver\MouseDrv***** C:\Program Files\AntiVir PersonalEdition Classic\avgnt***** D:\Programy\sony\SsAAD***** D:\Programy\Logitech kierownica\lwemon***** C:\Program Files\Messenger\msmsgs***** C:\Program Files\ATI Technologies\ATI.ACE\CLI***** D:\Programy\Mozilla\firefox***** C:\Documents and Settings\ABUS\Pulpit\HijackThis\HijackThis***** R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli*****" runtime O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CreativeMouse ] D:\Programy\mouse driver\MouseDrv***** O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt*****" /min O4 - HKLM\..\Run: [SsAAD*****] D:\Programy\sony\SsAAD***** O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtim e.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg*****" /tray O4 - HKCU\..\Run: [Start WingMan Profiler] "D:\Programy\Logitech kierownica\lwemon*****" /noui O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI***** O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5CBF62E0-227F-470B-8809-5304E1B704AD}: NameServer = 194.204.152.34,217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{5CBF62E0-227F-470B-8809-5304E1B704AD}: NameServer = 194.204.152.34,217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip\..\{5CBF62E0-227F-470B-8809-5304E1B704AD}: NameServer = 194.204.152.34,217.98.63.164 O17 - HKLM\System\CS3\Services\Tcpip\..\{5CBF62E0-227F-470B-8809-5304E1B704AD}: NameServer = 194.204.152.34,217.98.63.164 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched***** O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard***** O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx***** O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag***** O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT***** O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms***** O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV***** O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR***** O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd*****" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02***** O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV***** O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV***** |
Kod:
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab UWAGA Kod:
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd*****" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) |
Kod:
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd*****" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) ale te inne to nie wiem co to jest i napewno wywale :) DZieki Usunolem to co napisales i niewiem dlaczego ale po resecie usunelo mi z ustawien internetowych kody DNS :/ Ale juz wszystko si ;] |
Znalazłem u siebie
O4 - HKLM\..\Run: [orcToByloLatwe] C:\WINDOWS\services. exe Usunąłem. Wywaliłem services. exe (prawy przycisk usun). Daje jeszcze loga. Czy nic mi już nei grozi? Logfile of HijackThis v1.99.1 Scan saved at 20:00:47, on 2007-06-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\SYSTEM32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\Program Files\Alwil Software\Avast4\aswUpdSv***** C:\Program Files\Alwil Software\Avast4\ashServ***** C:\WINDOWS\Explorer***** C:\PROGRA~1\A4Tech\Mouse\Amoumain***** C:\PROGRA~1\ALWILS~1\Avast4\ashDisp***** C:\PROGRA~1\NEOSTR~2\CnxMon***** C:\WINDOWS\system32\spoolsv***** C:\Program Files\AutoConnect\AutoConnect***** C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM***** C:\WINDOWS\system32\oodag***** C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon***** C:\WINDOWS\system32\svchost***** C:\Program Files\Alwil Software\Avast4\ashMaiSv***** C:\Program Files\Alwil Software\Avast4\ashWebSv***** C:\WINDOWS\system32\wuauclt***** C:\Program Files\Opera\Opera***** C:\DOCUME~1\aaa\USTAWI~1\Temp\Rar$EX01.846\HijackT his***** R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~2\SEARCH~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit***** O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4289bcbe-e100-4999-a98b-dd6b3e9586ac} - C:\WINDOWS\SYSTEM32\usrenh.dll O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32\tmp132.tmp.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain***** O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp***** O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~2\CnxMon***** O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~2\Watch***** O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE***** /AUTORUN O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN***** /logon O4 - HKLM\..\Run: [setup] rundll32***** "C:\WINDOWS\tuvvwu.dll",realset O4 - HKLM\..\Run: [Windows] C:\WINDOWS\services***** O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect***** O4 - Global Startup: DSLMON .lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon***** O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra button: Download this Web Site's Images - {2D0DA413-B24C-4C23-87D5-9F66DAAE02DB} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Download this Web Site's Images - {2D0DA413-B24C-4C23-87D5-9F66DAAE02DB} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget***** O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget***** O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BF76839B-042C-42C2-912A-791A6ACA46D6}: NameServer = 194.204.152.34 217.98.63.164 O20 - AppInit_DLLs: c:\windows\system32\byvturo.dll O20 - Winlogon Notify: usrenh - C:\WINDOWS\SYSTEM32\usrenh.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv***** O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ***** O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv*****" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv*****" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT***** O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD***** O23 - Service: MySql - Unknown owner - c:\krasnal/MYSQL/bin/mysqld***** (file missing) O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag***** |
Kod:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit***** Poza tym czysto. |
Wszystkie czasy podano w strefie GMT +2. Teraz jest 07:46. |
Powered by vBulletin 3