Gość: Złośnica
IP: *.neoplus.adsl.tpnet.pl
12.10.04, 01:35
dzieja mi sie cuda wianki na moim komputerze jedno wiem ze mam Trojana.Istbar
i MKS nie moze sie go pozbyc mam jakis dziki programik to jest log z
niego...help...:)
Logfile of HijackThis v1.97.7
Scan saved at 01:34:53, on 2004-10-12
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINDOWS\System32\nnjqwi.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe
C:\Program Files\MKS\Bin\NetMonSv.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\wrrrrrrr\Pulpit\CWShredder.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\wrrrrrrr\Pulpit\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.y
ahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.y
ahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.wp.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.y
ahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-
6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
sitefinder.verisign.com
O2 - BHO: (no name) - {002EB272-2590-4693-B166-FBD5D9B6FEA6} -
C:\WINDOWS\multimpp.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} -
C:\WINDOWS\DOWNLO~1\megasear.dll
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program
Files\QuickSearch\QuickSearchBar1_27.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} -
C:\Program Files\DashBar\DashBar17.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-
90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar1_27.dll
O3 - Toolbar: MEGASEAR - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} -
C:\WINDOWS\DOWNLO~1\megasear.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec
Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [zjjpautjdyfb] C:\WINDOWS\System32\nnjqwi.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: Web Rebates - file://C:\Program
Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
http://www.addictivetechnologies.net/DM0/cab/60wu82rd.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
http://67.15.101.3/g_bin/eng/cards_2_0_0_52.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) -
http://67.15.101.3/g_bin/pl/boards_2_0_0_10.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) -
http://67.15.101.3/g_bin/pl/navy_2_0_0_16.cab
O16 - DPF: {4BDAF1F5-6D21-42F9-AAB9-CE0050407803} (GameDesire Uninstaller) -
http://gryonline.wp.pl/g_bin/ginuser_pl_2_0_0_3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuwe
b_site.cab?1093892306562
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3}
(VacPro.internazionale_ver3) -
http://www.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {70B410C0-BADA-11D4-8308-0080C8D7ED4A} (GameDesire Bridge) -
http://67.15.101.3/g_bin/pl/bridge_2_0_0_15.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.es/activescan/as/asinst.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) -
http://67.15.101.3/g_bin/pl/domino_2_0_0_22.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire
Marbies&Diamonds) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_18.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) -
http://67.15.101.3/g_bin/pl/darts_2_0_0_28.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) -
http://67.15.101.3/g_bin/pl/words_2_0_0_26.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word
Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_30.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
http://skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{374408D2-116E-4577-9F82-
F802180D848D}: NameServer = 194.204.152.34 217.98.63.164
