|
Cytuj:
A właśnie po skanowaniu HjT widzę, że aktywny jest proces C:\WINDOWS\system32\services***** Ale to chyba nie owntibia, bo po formatce miałem takie cuś już o.O |
Cytuj:
|
Update !
Do pliku hosts dopiszcie: 127.0.0.1 wizzard.home.pl |
Gratz For You !!
Dzięki tobie pozbyłem sie OWNTIBI z kompa. Teraz już mi nie grozi hack (mam zadzieje ). Oby takich poradnikow jak najwiecej.!!!:cup::cup::cup:
|
A może po prostu trzeba wejść do c:/windows i usunąć podejrzany plik(wystarczy raz na niego kliknac a antywirus go wykryje)przeważnie jest ostatni
|
o lol xD
dzis znalazlem proces winampa. exe ;d (winaMPA) |
@up ja tez co to jest??
aaa ja mam w windows/system32 plik services. exe a nie servicess. exe czemu?? |
@up
bo servicess***** to inny program niż ten systemowy (możliwe, że wirus) Cytuj:
zresztą, jakby owntibia się podszyła to byłby to svchost***** tylko z innej lokalizacji. |
Na wszystkie wiry itp. proponuję co jakiś czas zaglądać do katalogu c:\WINDOWS\system32 (oraz c:\WINDOWS\)trzeba kliknąć żeby pokazywało pliki według zmodyfikowanych. Nowe pliki (raczej wirus) będzie na samym dole, chyba, że wcześniej instalowałeś drivery do karty graficzej albo cos. Ja tak usunąłem kiedyś wirusa nie do wykrycia ;) . No i oczywiście jeśli się ukrywa w menadżerze urządzeń to szybko, szybko zanim się windows włączy ciągle klikać alt+ctrl+delete, obczaić nietypowe procesy (w zakładce procesy), potem w start->wyszukaj->pliki lub foldery. Wprowadzić nazwę podejrzanego procesu, a następnie po jego wykryciu usunąć (tylko przedtem sprawdzić na google.pl czy żeczywiście jest wirem!). Jak się nie da usunąć to ściągnij program Unlocker.
Zrobił się mały poradnik :) |
Pytanie
Running processes:
C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\Explorer***** C:\WINDOWS\system32\spoolsv***** C:\WINDOWS\System32\nvsvc32***** C:\WINDOWS\SOUNDMAN***** usunąć Smss***** winlogon***** :confused::confused: Pomocy |
Cytuj:
|
Prosye o odpowiedy cyz tu jest jakis keyloger??
Bardzo mi zalezy na odpowiedzi bo dzis rano pod moja nieobecnosc byl ktoas na mojej postaci :( Logfile of HijackThis v1.99.1 Scan saved at 15:25:17, on 2007-06-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\system32\spoolsv***** C:\WINDOWS\system32\nvsvc32***** C:\WINDOWS\system32\wscntfy***** C:\WINDOWS\Explorer***** C:\PROGRA~1\NEOSTR~1\CnxMon***** C:\Program Files\Thomson\SpeedTouch USB\Dragdiag***** C:\PROGRA~1\NEOSTR~1\TaskbarIcon***** C:\WINDOWS\system32\ctfmon***** C:\WINDOWS\system32\service***** C:\PROGRA~1\NEOSTR~1\NeostradaTP***** C:\PROGRA~1\NEOSTR~1\ComComp***** C:\PROGRA~1\NEOSTR~1\Watch***** C:\Program Files\Tibia\Tibia***** C:\WINDOWS\system32\wuauclt***** C:\Program Files\Internet Explorer\iexplore***** C:\WINDOWS\system32\wpabaln***** C:\Documents and Settings\Artur\Pulpit\HijackThis***** R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon***** O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch***** O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon***** O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz***** /install O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon***** O4 - Global Startup: service*****.lnk = C:\WINDOWS\system32\service***** O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O17 - HKLM\System\CCS\Services\Tcpip\..\{9879D2DC-0BEA-4342-98D9-6D994686C867}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32***** |
Do wywalenia na 100%
C:\WINDOWS\system32\service**** O4 - Global Startup: service*****.lnk = C:\WINDOWS\system32\service***** A to nie wiem czy bezpieczne. Jak wiesz co to, to zostaw a jak nei to wywal: HKLM\System\CCS\Services\Tcpip\..\{9879D2DC-0BEA-4342-98D9-6D994686C867}: NameServer = 194.204.152.34 217.98.63.164 *** Wpisy zaznaczasz "ptaszkiem" i potem dajesz "fix checked", pogrubiony plik wywalasz ręcznie z dysku. |
Poproszę o sprawdzenie także mojego raportu :) Sprawdzałem na hijackthis.de i niby nic nie ma, ale chcę być pewny na 100%
Logfile of HijackThis v1.99.1 Scan saved at 18:44:57, on 2007-06-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\Program Files\Alwil Software\Avast4\aswUpdSv***** C:\Program Files\Alwil Software\Avast4\ashServ***** C:\WINDOWS\Explorer***** C:\WINDOWS\system32\spoolsv***** C:\WINDOWS\TBPanel***** C:\WINDOWS\system32\RUNDLL32***** C:\Program Files\Java\jre1.6.0_01\bin\jusched***** C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2***** C:\Program Files\QuickTime\qttask***** C:\PROGRA~1\ALWILS~1\Avast4\ashDisp***** C:\WINDOWS\system32\rundll32***** C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall***** C:\WINDOWS\system32\ctfmon***** C:\Program Files\Eraser\eraser***** C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM***** C:\WINDOWS\system32\nvsvc32***** C:\WINDOWS\system32\svchost***** C:\Program Files\Alwil Software\Avast4\ashMaiSv***** C:\Program Files\Alwil Software\Avast4\ashWebSv***** C:\WINDOWS\system32\wuauclt***** F:\Milu\PowerMenu_1_5_1\PowerMenu***** E:\xXx\Tlen.pl\tlen-nowy***** C:\Program Files\Microsoft Office\OFFICE11\OIS***** C:\Program Files\Tibia\Tibia***** C:\Program Files\Mozilla Firefox\firefox***** F:\Milu\Programy\Antyviry & nietylko\hijackthis\HijackThis***** R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel***** /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz***** /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched*****" O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2***** /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask*****" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp***** O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32***** bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall*****" -TRAY O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon***** O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser***** -hide O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL*****/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{1B44C090-7729-4D20-B303-9BBD03583F9A}: NameServer = 194.204.159.1,194.204.152.34 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv***** O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ***** O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv*****" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv*****" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT***** O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService***** O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32***** Z góry thx |
Czysto, ewentualnie przyczepiłbym się do tego:
Kod:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B44C090-7729-4D20-B303-9BBD03583F9A}: NameServer = 194.204.159.1,194.204.152.34 |
Prosze sprawdz mi :):baby:
Logfile of HijackThis v1.99.1 Scan saved at 19:36:35, on 2007-06-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\Ati2evxx***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\system32\spoolsv***** C:\Program Files\AntiVir PersonalEdition Classic\avguard***** C:\Program Files\AntiVir PersonalEdition Classic\sched***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\system32\wscntfy***** C:\WINDOWS\system32\Ati2evxx***** C:\WINDOWS\Explorer***** C:\Program Files\ATI Technologies\ATI.ACE\cli***** C:\WINDOWS\system32\RunDll32***** D:\Programy\mouse driver\MouseDrv***** C:\Program Files\AntiVir PersonalEdition Classic\avgnt***** D:\Programy\sony\SsAAD***** D:\Programy\Logitech kierownica\lwemon***** C:\Program Files\Messenger\msmsgs***** C:\Program Files\ATI Technologies\ATI.ACE\CLI***** D:\Programy\Mozilla\firefox***** C:\Documents and Settings\ABUS\Pulpit\HijackThis\HijackThis***** R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli*****" runtime O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CreativeMouse ] D:\Programy\mouse driver\MouseDrv***** O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt*****" /min O4 - HKLM\..\Run: [SsAAD*****] D:\Programy\sony\SsAAD***** O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtim e.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg*****" /tray O4 - HKCU\..\Run: [Start WingMan Profiler] "D:\Programy\Logitech kierownica\lwemon*****" /noui O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI***** O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5CBF62E0-227F-470B-8809-5304E1B704AD}: NameServer = 194.204.152.34,217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{5CBF62E0-227F-470B-8809-5304E1B704AD}: NameServer = 194.204.152.34,217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip\..\{5CBF62E0-227F-470B-8809-5304E1B704AD}: NameServer = 194.204.152.34,217.98.63.164 O17 - HKLM\System\CS3\Services\Tcpip\..\{5CBF62E0-227F-470B-8809-5304E1B704AD}: NameServer = 194.204.152.34,217.98.63.164 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched***** O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard***** O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx***** O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag***** O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT***** O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms***** O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV***** O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR***** O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd*****" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02***** O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV***** O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV***** |
Kod:
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab UWAGAKod:
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd*****" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) |
Kod:
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd*****" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)ale te inne to nie wiem co to jest i napewno wywale :) DZieki Usunolem to co napisales i niewiem dlaczego ale po resecie usunelo mi z ustawien internetowych kody DNS :/ Ale juz wszystko si ;] |
Znalazłem u siebie
O4 - HKLM\..\Run: [orcToByloLatwe] C:\WINDOWS\services. exe Usunąłem. Wywaliłem services. exe (prawy przycisk usun). Daje jeszcze loga. Czy nic mi już nei grozi? Logfile of HijackThis v1.99.1 Scan saved at 20:00:47, on 2007-06-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\SYSTEM32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\Program Files\Alwil Software\Avast4\aswUpdSv***** C:\Program Files\Alwil Software\Avast4\ashServ***** C:\WINDOWS\Explorer***** C:\PROGRA~1\A4Tech\Mouse\Amoumain***** C:\PROGRA~1\ALWILS~1\Avast4\ashDisp***** C:\PROGRA~1\NEOSTR~2\CnxMon***** C:\WINDOWS\system32\spoolsv***** C:\Program Files\AutoConnect\AutoConnect***** C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM***** C:\WINDOWS\system32\oodag***** C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon***** C:\WINDOWS\system32\svchost***** C:\Program Files\Alwil Software\Avast4\ashMaiSv***** C:\Program Files\Alwil Software\Avast4\ashWebSv***** C:\WINDOWS\system32\wuauclt***** C:\Program Files\Opera\Opera***** C:\DOCUME~1\aaa\USTAWI~1\Temp\Rar$EX01.846\HijackT his***** R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~2\SEARCH~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit***** O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4289bcbe-e100-4999-a98b-dd6b3e9586ac} - C:\WINDOWS\SYSTEM32\usrenh.dll O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32\tmp132.tmp.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain***** O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp***** O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~2\CnxMon***** O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~2\Watch***** O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE***** /AUTORUN O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN***** /logon O4 - HKLM\..\Run: [setup] rundll32***** "C:\WINDOWS\tuvvwu.dll",realset O4 - HKLM\..\Run: [Windows] C:\WINDOWS\services***** O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect***** O4 - Global Startup: DSLMON .lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon***** O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra button: Download this Web Site's Images - {2D0DA413-B24C-4C23-87D5-9F66DAAE02DB} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Download this Web Site's Images - {2D0DA413-B24C-4C23-87D5-9F66DAAE02DB} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget***** O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget***** O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BF76839B-042C-42C2-912A-791A6ACA46D6}: NameServer = 194.204.152.34 217.98.63.164 O20 - AppInit_DLLs: c:\windows\system32\byvturo.dll O20 - Winlogon Notify: usrenh - C:\WINDOWS\SYSTEM32\usrenh.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv***** O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ***** O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv*****" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv*****" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT***** O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD***** O23 - Service: MySql - Unknown owner - c:\krasnal/MYSQL/bin/mysqld***** (file missing) O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag***** |
Kod:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit*****Poza tym czysto. |
Cytuj:
@down Sam nie wiem, ale bez niego do Tibii nie wejde... Pewnie tak, więc nie wywale, ale to chyba nic groźnego, bo dużo razy skanowałem kompa hijackiem i na stronie zawsze był ten wpis. Po za tym ani jednego hacka nie miałem jeszcze :) |
Eee...mały błąd...to łączy twój komputer z 194.204.159.1 i 194.204.152.34, więc może coś związanego z dostawca ?
Nie wiem sam... |
Cześć, mógłbys pomóc? :>
Logfile of HijackThis v1.99.1 Scan saved at 20:52:36, on 2007-06-17 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\SYSTEM32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** d:\Program Files\Alwil Software\Avast4\aswUpdSv***** d:\Program Files\Alwil Software\Avast4\ashServ***** C:\WINDOWS\Explorer***** C:\Program Files\Analog Devices\SoundMAX\Smtray***** D:\Program Files\HP\HP Software Update\HPWuSchd2***** D:\PROGRA~1\ALWILS~1\Avast4\ashDisp***** D:\Program Files\Java\jre1.6.0_01\bin\jusched***** D:\Program Files\Creative\Mouse Optical\mouse_2k***** D:\Program Files\Zone Labs\ZoneAlarm\zlclient***** D:\Program Files\Google\Gmail Notifier\gnotify***** C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier***** D:\Program Files\Advanced Registry Doctor\RegDfrgSch***** D:\Program Files\Gadu-Gadu\gg***** D:\Program Files\HP\Digital Imaging\bin\hpqtra08***** C:\WINDOWS\system32\spoolsv***** D:\Program Files\HP\Digital Imaging\bin\hpqimzone***** C:\WINDOWS\System32\nvsvc32***** C:\WINDOWS\System32\HPZipm12***** d:\Program Files\Advanced Registry Doctor\RegManServ***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\system32\ZoneLabs\vsmon***** D:\Program Files\HP\Digital Imaging\bin\hpqSTE08***** d:\Program Files\Alwil Software\Avast4\ashWebSv***** d:\Program Files\Alwil Software\Avast4\ashMaiSv***** C:\WINDOWS\System32\WgaTray***** D:\Program Files\Tibia\Tibia***** D:\Winamp\winamp***** C:\Program Files\firefox***** C:\Documents and Settings\Przemek\Pulpit\HijackThis***** R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray***** O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck***** O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2***** O4 - HKLM\..\Run: [DrvListnr] C:\Program Files\Analog Devices\SoundMAX\DrvListnr***** O4 - HKLM\..\Run: [AVPDWIN] "C:\Program Files\Panda Software\Panda Demo\pandasft*****" O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake***** /h O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp***** O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ*****" O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched*****" O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare*****" /pause O4 - HKLM\..\Run: [CreativeMouse ] d:\Program Files\Creative\Mouse Optical\mouse_2k***** O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient*****" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] d:\Program Files\Google\Gmail Notifier\gnotify***** O4 - HKLM\..\Run: [nwiz] nwiz***** /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [BPS Spyware Remover] d:\Program Files\BulletProofSoft.com\BPS Spyware Remover\SpyRem***** O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\Go ogleToolbarNotifier***** O4 - HKCU\..\Run: ["C:\WINDOWS\SoftwareDistribution\Download\6365088f 85b501588ee599470d0e71a8\msmsgs*****" /background] "C:\Program Files\Messenger\msmsgs*****" /background O4 - HKCU\..\Run: [RegDfrgSch] D:\Program Files\Advanced Registry Doctor\RegDfrgSch***** /tray O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg*****" /tray O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08***** O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08***** O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA***** O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet*****/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet*****/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet*****/AddLink.htm O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL*****/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget***** O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget***** O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS***** (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS***** (file missing) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Program Files\Alwil Software\Avast4\aswUpdSv***** O23 - Service: avast! Antivirus - ALWIL Software - d:\Program Files\Alwil Software\Avast4\ashServ***** O23 - Service: avast! Mail Scanner - Unknown owner - d:\Program Files\Alwil Software\Avast4\ashMaiSv*****" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - d:\Program Files\Alwil Software\Avast4\ashWebSv*****" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32***** O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12***** O23 - Service: Registry Management Service (RegManServ) - Unknown owner - d:\Program Files\Advanced Registry Doctor\RegManServ***** O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon***** Z góry dzięki, prosiłbym o PW |
Jakby ktoś sprawdzając swój log nie był pewien co do jakiegoś procesu to an stronach:
www.processlibrary.com www.fbmsoftware.com/spyware-net www.pcpitstop.com/spycheck/known.asp można sprawdzić dany proces. |
@topic
wszystko ladnie pieknie ale gdzie te porty wstawic? w którym miejscu zabezpieczyc sie chce bo ofiarą juz byłem.. |
Cytuj:
to samo tez usunolem i tez mi z netem nie chcialo sie loczyc dopiero jak wszedlrem na ustawienia internetowe i zobaczylem ze brakuje tych nr to je wpisalem od nowa i juz wszystko si ps. oczywiscie te nr nie sa takie same co moje ale jest ta sama "sciezka" O17 - HKLM\System\CCS\Services\Tcpip\..\{1B44C090-7729-4D20-B303-9BBD03583F9A}: NameServer = Tu amm inne numery ;) |
Cytuj:
@Edit Zapraszam na moją nową stronę o bezpieczeństwie Tibijskim. Jak ktoś chce link to pisać na PW bo reklamy nie chce robić ;) |
wszystko piekne ^^ postarales sie.
|
Poproszę o sprawdzenie także mojego raportu ;) Przepraszam ze pisze już 2 raz :(
Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\system32\spoolsv***** C:\WINDOWS\Explorer***** C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard***** C:\WINDOWS\System32\nvsvc32***** C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss***** C:\WINDOWS\SOUNDMAN***** C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas***** C:\Program Files\Gadu-Gadu\gg***** C:\Program Files\AutoConnect\AutoConnect***** C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon***** C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui***** C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui***** C:\Program Files\Mozilla Firefox\firefox***** C:\Program Files\Winamp\winampa***** C:\Program Files\Winamp\winamp***** D:\Tomuss\HijackThis\HijackThis***** R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit***** O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN***** O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas*****" /minimized O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare*****" /pause O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa***** O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect***** O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine***** O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl***** O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon***** O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL*****/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{0B4482F1-E814-40EA-BCA0-69B43F071F5D}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{0B4482F1-E814-40EA-BCA0-69B43F071F5D}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard***** O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService***** O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32***** O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal |
@Up
Czysto. |
ema zamieszcze tu loga od hijacka powie mi ktos czy mam cos zjebane? bo ja sien ie lapie ^.^ :<
Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 17:10:31, on 2007-06-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\Program Files\Alwil Software\Avast4\aswUpdSv***** C:\Program Files\Alwil Software\Avast4\ashServ***** C:\WINDOWS\system32\spoolsv***** C:\WINDOWS\Explorer***** C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc***** C:\WINDOWS\system32\RUNDLL32***** C:\Program Files\Common Files\Symantec Shared\ccSvcHst***** C:\WINDOWS\System32\nvsvc32***** C:\Program Files\BearShare\BearShare***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\RTHDCPL***** C:\Program Files\Winamp\winampa***** C:\PROGRA~1\ALWILS~1\Avast4\ashDisp***** C:\WINDOWS\system32\ctfmon***** C:\Program Files\Messenger\msmsgs***** C:\Program Files\Alwil Software\Avast4\ashMaiSv***** C:\Program Files\Alwil Software\Avast4\ashWebSv***** C:\WINDOWS\system32\wuauclt***** C:\Program Files\Tlen.pl\tlen***** C:\Documents and Settings\ffffff\Pulpit\movie***** C:\Documents and Settings\ffffff\Pulpit\movie***** C:\Program Files\Internet Explorer\iexplore***** C:\Program Files\Internet Explorer\iexplore***** C:\WINDOWS\system32\rundll32***** C:\Program Files\Mozilla Firefox\firefox***** C:\Documents and Settings\ffffff\Pulpit\movie***** C:\Documents and Settings\ffffff\Pulpit\movie***** C:\Documents and Settings\ffffff\Pulpit\movie***** C:\Documents and Settings\ffffff\Pulpit\movie***** C:\Program Files\Tibia\Tibia***** C:\Program Files\Internet Explorer\iexplore***** C:\Program Files\Internet Explorer\iexplore***** C:\Program Files\Internet Explorer\iexplore***** C:\Program Files\Internet Explorer\iexplore***** C:\Program Files\Internet Explorer\iexplore***** C:\Program Files\Internet Explorer\iexplore***** C:\Documents and Settings\ffffff\Pulpit\Programy\HiJackThis_v2***** R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck***** O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz***** /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare*****" /pause O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL***** O4 - HKLM\..\Run: [Alcmtr] ALCMTR***** O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa***** O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN***** /logon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp***** O4 - HKLM\..\Run: [orcToByloLatwe] C:\WINDOWS\mandr***** O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon***** O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen***** O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] C:\WINDOWS\System32\CTFMON***** (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] C:\WINDOWS\System32\CTFMON***** (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] C:\WINDOWS\System32\CTFMON***** (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] C:\WINDOWS\System32\CTFMON***** (User 'Default user') O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32***** O4 - Global Startup: D-Link AirPlus.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk789YYPL O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs***** O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak*****.imgfarm.com/images/no...1.0.0.15-3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{90016C3B-4223-4CB4-9D14-9FCD525E7CDF}: NameServer = 213.199.197.214,82.160.1.1 O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv***** O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc***** O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ***** O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv***** O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv***** O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst***** (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1***** O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32***** EDIT: ey a jak mam na pulpicie taki folder co sie go nie da wyjebac a jak go przeskanuje na online malware scan to ma pelno trojanow wie ktos co z tym zrobic ? ; o |
syfu tu jest bardzooo dużo :O
Daj to an forum idg.pl-tam są ludzie bardziej kompetentni ;) |
chyba formata jebne ^^
|
Chciałbym prosić o wzgląd w ten log ^^
Kod:
Logfile of Trend Micro HijackThis v2.0.0 (BETA) |
PHP Kod:
PHP Kod:
|
Oto moj log, plz sprawdzcie go 8o
Kod:
Logfile of HijackThis v1.99.1 |
@Up
Groźnych rzeczy tu nie ma, ale przeczyść autostart i dodatki do przeglądarek ;) |
Log
Jesli to nie problem mozesz mi sprawdzic to:
a tak na boku wczoraj pozbylem sie C:\WINDOWS\services. exe to owntibia? Logfile of HijackThis v1.99.1 Scan saved at 13:37:33, on 2007-06-20 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss***** C:\WINDOWS\system32\winlogon***** C:\WINDOWS\system32\services***** C:\WINDOWS\system32\lsass***** C:\WINDOWS\system32\svchost***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\system32\spoolsv***** C:\Program Files\AntiVir PersonalEdition Classic\sched***** C:\Program Files\AntiVir PersonalEdition Classic\avguard***** C:\WINDOWS\System32\nvsvc32***** C:\WINDOWS\System32\svchost***** C:\WINDOWS\Explorer***** C:\Program Files\AntiVir PersonalEdition Classic\avgnt***** C:\WINDOWS\System32\ctfmon***** C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch***** C:\Program Files\Skype\Phone\Skype***** E:\Programy\Gadu-Gadu\gg***** C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6***** C:\WINDOWS\System32\devldr32***** C:\Program Files\Mozilla Firefox\firefox***** C:\DOCUME~1\Maciek\USTAWI~1\Temp\Rar$EX00.775\Hija ckThis***** R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz***** /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt*****" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck***** O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5***** O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\System32\ctfmon***** O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch*****" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype*****" /nosplash /minimized O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Programy\Gadu-Gadu\gg*****" /tray O4 - HKCU\..\Run: [IDMan] D:\Przyspieszacz\Internet Download Manager\IDMan***** /onboot O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl***** O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched***** O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard***** O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32***** |
Cytuj:
@NG Co prawda nigdy nie afkuje na bocie, ale gdy 1 skill wchodzi co ~12h nie mam siły na to patrzeć... |
Kod:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmowntibia bardzo często podszywa się pod c:\windows\services***** bo tamte dzieci nie potrafią zmienić. |
| Wszystkie czasy podano w strefie GMT +2. Teraz jest 03:56. |
Powered by vBulletin 3