Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    log

    IP: *.tarman.pl / 217.117.128.* 05.10.04, 18:47
    Prosze o sprawdzenie
    Logfile of HijackThis v1.97.7
    Scan saved at 18:38:52, on 2004-10-05
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common files\WinTools\WToolsS.exe
    C:\Program Files\Common files\updater\wupdater.exe
    C:\Program Files\Common files\WinTools\WToolsA.exe
    C:\Program Files\Common files\WinTools\WSup.exe
    C:\sp.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\MYIE2\MyIE.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE
    C:\Documents and Settings\Plewa\Pulpit\Danel\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    www.websearch.com/ie.aspx?tb_id=50135
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.onet.pl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    www.websearch.com/ie.aspx?tb_id=50135
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,AutoConfigURL = w3cache.tarman.pl/auto.pac
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    www.websearch.com/ie.aspx?tb_id=50135
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -
    C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
    sitefinder.verisign.com
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} -
    C:\WINDOWS\twaintec.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} -
    C:\WINDOWS\System32\mskhhe.dll
    O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} -
    C:\WINDOWS\System32\msdaim.dll
    O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} -
    C:\WINDOWS\System32\msibkd.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
    C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1
    \COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} -
    C:\WINDOWS\System32\msjfbl.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -
    C:\WINDOWS\System32\bridge.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} -
    C:\Program Files\zSearch\zSearch.dll
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common
    files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-
    aware.exe" +c
    O4 - HKLM\..\Run: [MSConfig]
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: komentator - sport.onet.pl/komentator.cab
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-
    its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
    bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
    Obserwuj wątek
      • Gość: bart Re: log IP: *.tarman.pl / 217.117.128.* 05.10.04, 23:19
        No niech mi ktoś odpisze, prosze. Piecyku??
      • kalinowski11 Re: log 06.10.04, 06:09
        Masz trochę tego syfu :)

        > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        > www.websearch.com/ie.aspx?tb_id=50135
        > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        > www.websearch.com/ie.aspx?tb_id=50135
        > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
        > www.websearch.com/ie.aspx?tb_id=50135
        > R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -
        > C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
        > O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} -
        > C:\WINDOWS\twaintec.dll
        > O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} -
        > C:\WINDOWS\System32\mskhhe.dll
        > O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} -
        > C:\WINDOWS\System32\msdaim.dll
        > O2 - BHO: (no name) - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} -
        > C:\WINDOWS\System32\msibkd.dll
        > O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
        > C:\WINDOWS\2_0_1browserhelper2.dll
        > O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1
        > \COMMON~1\WinTools\WToolsB.dll
        > O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} -
        > C:\WINDOWS\System32\msjfbl.dll
        > O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -
        > C:\WINDOWS\System32\bridge.dll
        > O3 - Toolbar: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} -
        > C:\Program Files\zSearch\zSearch.dll
        > O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
        > O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common
        > files\WinTools\WToolsA.exe
        > O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
        > O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-
        > its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe

        To do wyrzucenia .

        A tego co poniżej pewien nie jestem :

        > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        > Settings,AutoConfigURL = w3cache.tarman.pl/auto.pac
        > O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
        > sitefinder.verisign.com

        Pozdrawiam .

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.
    Wybrane treści z serwisu Sport.pl są dostępne po wykupieniu płatnej subskrypcji