Forum Tibia.pl - Zobacz pojedynczy post

Emil1 · 14-04-2005, 19:35

@up, up
2. Nie jestem pewien ale logi to chyba coś takiego:

Logfile of HijackThis v1.99.1
Scan saved at 16:58:18, on 2005-04-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\Explorer*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Common Files\CMEII\CMESys*****
C:\Program Files\Java\jre1.5.0_01\bin\jusched*****
C:\Program Files\ISTsvc\istsvc*****
C:\Program Files\OutLaster\shhost*****
C:\PROGRA~1\COMMON~1\WinTools\WToolsA*****
C:\Program Files\webHancer\Programs\whAgent*****
C:\WINDOWS\system32\rundll32*****
C:\WINDOWS\tcdeva*****
C:\Program Files\Messenger\msmsgs*****
C:\Program Files\Common Files\GMT\GMT*****
C:\WINDOWS\system32\nvsvc32*****
C:\WINDOWS\system32\wscntfy*****
C:\Program Files\Common Files\WinTools\WSup*****
C:\PROGRA~1\Toolbar\PIB*****
C:\PROGRA~1\Toolbar\TBPS*****
C:\WINDOWS\system32\wuauclt*****
C:\Program Files\WinRAR\WinRAR*****
C:\DOCUME~1\Dany\USTAWI~1\Temp\Rar$EX00.743\Hijack This*****

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38-1.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon*****" -lang 1033
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys*****"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched*****
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc*****
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa*****
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz***** /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [shhost] C:\Program Files\OutLaster\shhost*****
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA*****
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent*****"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey*****"
O4 - HKLM\..\Run: [eDonkey2000] C:\eDonkey2000\eDonkey2000***** -t
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS*****
O4 - HKLM\..\Run: [<°‡@ˇ±§Tlç˙[Ě…*čgËC:\Program Files\ISTsvc\istsvc*****] C:\WINDOWS\tcdeva*****
O4 - HKLM\..\Run: [zango] c:\program files\zango\zango*****
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen*****
O4 - HKCU\..\Run: [eMuleAutoStart] D:\P - programy\eMule\eMule\emule***** -AutoStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader*****
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT*****
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL*****/3000
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget*****
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget*****
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.zango.com/GetZango/Download/zangoax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A3D7DDD-935A-4091-8C97-F9BC4DE51E01}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32*****

Wykonane hackjackthis czy coś takiego.

14-04-2005, 19:35	#7
Emil1 Użytkownik Forum Data dołączenia: 09 11 2003 Wiek: 35 Posty: 160	@up, up 2. Nie jestem pewien ale logi to chyba coś takiego: Logfile of HijackThis v1.99.1 Scan saved at 16:58:18, on 2005-04-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss*** C:\WINDOWS\system32\winlogon* C:\WINDOWS\system32\services* C:\WINDOWS\system32\lsass* C:\WINDOWS\system32\svchost* C:\WINDOWS\System32\svchost* C:\WINDOWS\Explorer* C:\WINDOWS\system32\spoolsv* C:\Program Files\Common Files\CMEII\CMESys* C:\Program Files\Java\jre1.5.0_01\bin\jusched* C:\Program Files\ISTsvc\istsvc* C:\Program Files\OutLaster\shhost* C:\PROGRA~1\COMMON~1\WinTools\WToolsA* C:\Program Files\webHancer\Programs\whAgent* C:\WINDOWS\system32\rundll32* C:\WINDOWS\tcdeva* C:\Program Files\Messenger\msmsgs* C:\Program Files\Common Files\GMT\GMT* C:\WINDOWS\system32\nvsvc32* C:\WINDOWS\system32\wscntfy* C:\Program Files\Common Files\WinTools\WSup* C:\PROGRA~1\Toolbar\PIB* C:\PROGRA~1\Toolbar\TBPS* C:\WINDOWS\system32\wuauclt* C:\Program Files\WinRAR\WinRAR* C:\DOCUME~1\Dany\USTAWI~1\Temp\Rar$EX00.743\Hijack This* R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38-1.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon*" -lang 1033 O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys*" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched* O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc* O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa* O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32* C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz* /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32* C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shhost] C:\Program Files\OutLaster\shhost* O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA* O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent*" O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey*" O4 - HKLM\..\Run: [eDonkey2000] C:\eDonkey2000\eDonkey2000* -t O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS*** O4 - HKLM\..\Run: [<°‡@ˇ±§Tlç˙[Ě…čgËC:\Program Files\ISTsvc\istsvc**] C:\WINDOWS\tcdeva* O4 - HKLM\..\Run: [zango] c:\program files\zango\zango* O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*" /tray O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen* O4 - HKCU\..\Run: [eMuleAutoStart] D:\P - programy\eMule\eMule\emule* -AutoStart O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader* O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT* O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL*/3000 O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget* O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget* O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs* O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs* O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by WebHancer O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.zango.com/GetZango/Download/zangoax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6A3D7DDD-935A-4091-8C97-F9BC4DE51E01}: NameServer = 194.204.159.1,194.204.152.34 O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32*** Wykonane hackjackthis czy coś takiego. __________________ Nie każde złoto blask odkrywa, Ani wędrowiec myli drogi, Starość dojrzała siłą bywa, Korzeni mróz nie sięga srogi. (czy ciebie chlopie cos pokopalo zeby sobie wsadzac 120kb animacje do podpisu?)