Dodaj do ulubionych

Fachowcy potrzebna rada-co tu jest zbedne..

IP: *.adsl.alicedsl.de 11.06.05, 19:52
Logfile of HijackThis v1.99.1
Scan saved at 19:43:50, on 11.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Programme\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Programme\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Programme\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Programme\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Programme\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Programme\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Programme\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\Programme\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
c:\windows\system32\eqmcfsx.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Programme\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Winamp\winamp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Besitzer\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} -
C:\WINDOWS\system32\vbrundll.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} -
C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} -
C:\WINDOWS\system32\nsc59F.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} -
C:\Programme\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\Programme\Magic Waterfall
Screensaver\MW1Helper.exe /partner MW1
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\system32\regsync.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iuyfri] c:\windows\system32\eqmcfsx.exe r
O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay
Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search -
bar.mywebsearch.com/menusearch.html?p=ZRfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} -
www.emusic.com?fref=149133 (file missing)
O9 - Extra button: ShopperReports - Compare travel rates -
{946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices -
{E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112973132093
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{6FD3711F-56FB-49CB-8E08-2183A4EE5C86}:
NameServer = 213.191.92.84 213.191.74.12
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. -
C:\Programme\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
Corporation - C:\Programme\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation -
C:\Programme\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner -
C:\WINDOWS\svcproc.exe (file missing)

Obserwuj wątek
    • Gość: Kolobos Re: Fachowcy potrzebna rada-co tu jest zbedne.. IP: *.warszawa.sdi.tpnet.pl 11.06.05, 20:47
      Masz dwa antyvirusy? Co to za jakas mania? Nie moga byc dwa! Odinstaluj jeden.






      c:\windows\system32\eqmcfsx.exe




      W hijackthis to:

      R3 - Default URLSearchHook is missing
      O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} -
      C:\WINDOWS\system32\vbrundll.dll
      O2 - BHO: (no name) - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - (no file)
      O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
      O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} -
      C:\WINDOWS\system32\nsc59F.dll
      O4 - HKLM\..\Run: [regsync] C:\WINDOWS\system32\regsync.exe
      O4 - HKLM\..\Run: [iuyfri] c:\windows\system32\eqmcfsx.exe r
      O8 - Extra context menu item: &Search -
      bar.mywebsearch.com/menusearch.html?p=ZRfox000
      O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} -
      www.emusic.com?fref=149133 (file missing)
      O9 - Extra button: ShopperReports - Compare travel rates -
      {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\System32\shdocvw.dll
      O9 - Extra button: ShopperReports - Compare product prices -
      {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\System32\shdocvw.dll
      O23 - Service: System Startup Service (SvcProc) - Unknown owner -
      C:\WINDOWS\svcproc.exe (file missing)

      I Fix Checked.

      Nastepnie po resecie kasujesz z dysku:
      c:\windows\system32\eqmcfsx.exe
      C:\WINDOWS\system32\nsc59F.dll
      C:\WINDOWS\system32\vbrundll.dll
      C:\WINDOWS\system32\regsync.exe
      Jakby cos nie chcialo sie skasowac to uzyj killbox (znajdziesz na google albo
      na forum)

      Co to jest:
      O4 - HKLM\..\Run: [MW1HelperStartUp] C:\Programme\Magic Waterfall
      Screensaver\MW1Helper.exe /partner MW1
      Nazwa nie wyglada na nic potrzebnego wiec odinstaluj ten Magic Waterfall
      Screensaver.


      Przeskanuj tez system tym i usun co znajdzie:
      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe

      Po wszystkim wklej nowy log.
    • Gość: loczek902 Re: Fachowcy potrzebna rada-co tu jest zbedne.. IP: *.adsl.alicedsl.de 12.06.05, 00:26
      Staralem sie robic wszystko wedlug wskazowek chodz moje umiejetnosci" nie na
      wszystko mi pozwalaja..
      Logfile of HijackThis v1.99.1
      Scan saved at 00:16:17, on 12.06.2005
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.exe
      c:\windows\system32\byvjkm.exe
      C:\Programme\AVPersonal\AVGNT.EXE
      C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\PROGRA~1\INCRED~1\bin\IMApp.exe
      C:\Programme\AVPersonal\AVGUARD.EXE
      C:\Programme\AVPersonal\AVWUPSRV.EXE
      C:\Programme\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
      C:\Programme\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
      C:\Programme\F-Secure Anti-Virus\Common\FSMA32.EXE
      C:\Programme\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
      C:\Programme\F-Secure Anti-Virus\Common\FSMB32.EXE
      C:\Programme\F-Secure Anti-Virus\Common\FCH32.EXE
      C:\Programme\F-Secure Anti-Virus\Common\FAMEH32.EXE
      C:\Programme\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
      C:\Programme\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
      C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
      C:\Programme\Microsoft AntiSpyware\gcasServ.exe
      C:\DOKUME~1\Besitzer\LOKALE~1\Temp\11.tmp\thnall1a.exe
      C:\Programme\AVPersonal\GUARDGUI.EXE
      C:\WINDOWS\explorer.exe
      C:\Dokumente und Einstellungen\Besitzer\Desktop\HijackThis.exe

      F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
      O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
      O4 - HKLM\..\Run: [Kerio VPN Client] C:\Programme\Kerio\VPN
      Client\kvpnclient.exe /tryauto
      O4 - HKLM\..\Run: [afuzmdr] c:\windows\system32\byvjkm.exe r
      O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
      O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
      C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
      O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay
      Toolbar2\eBayTb.dll/RCSearch.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra 'Tools' menuitem: Sun Java Konsole -
      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra button: ShopperReports - Compare travel rates -
      {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\System32\shdocvw.dll
      O9 - Extra button: ShopperReports - Compare product prices -
      {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\System32\shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Programme\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger -
      {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
      Validation Tool) - go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
      v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112973132093
      O17 - HKLM\System\CCS\Services\Tcpip\..\{6FD3711F-56FB-49CB-8E08-2183A4EE5C86}:
      NameServer = 213.191.92.84 213.191.74.12
      O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
      C:\Programme\AVPersonal\AVGUARD.EXE
      O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
      C:\Programme\AVPersonal\AVWUPSRV.EXE
      O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. -
      C:\Programme\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
      O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
      Corporation - C:\Programme\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
      O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation -
      C:\Programme\F-Secure Anti-Virus\Common\FSMA32.EXE
      O23 - Service: System Startup Service (SvcProc) - Unknown owner -
      C:\WINDOWS\svcproc.exe

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka