KTO MI NAPISZ CO TU JEST NIE TAK

IP: *.poznan.sdi.tpnet.pl 14.12.04, 15:22
Logfile of HijackThis v1.97.7
Scan saved at 15:23:33, on 2004-12-14
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\X\USTAWI~1\Temp\Rar$EX00.968\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CoffeeCup Spam Blocker] "C:\Program Files\CoffeeCup
Software\Spam Blocker\SpamBlocker.exe" -min
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program
Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) -
www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC708A1C-A87B-4094-ADF1-
C4C1191951B6}: NameServer = 194.204.152.34 194.204.159.1

    • netsec Re: KTO MI NAPISZ CO TU JEST NIE TAK 14.12.04, 15:24
      Po co ten krzyk, wykonaj log, ale nową wersją HiJack:
      www.searchengines.pl/phpbb203/pliki/picasso/downloads/hijackthis.zip
    • Gość: kier Re: KTO MI NAPISZ CO TU JEST NIE TAK IP: *.poznan.sdi.tpnet.pl 14.12.04, 15:37
      Logfile of HijackThis v1.98.2
      Scan saved at 15:38:22, on 2004-12-14
      Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\InterMute\SpySubtract\SpySub.exe
      C:\Program Files\Norton AntiVirus\SAVScan.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\WinRAR\WinRAR.exe
      C:\DOCUME~1\X\USTAWI~1\Temp\Rar$EX00.375\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.onet.pl/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
      Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
      C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [CoffeeCup Spam Blocker] "C:\Program Files\CoffeeCup
      Software\Spam Blocker\SpamBlocker.exe" -min
      O4 - Startup: PowerReg Scheduler.exe
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
      Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office\OSA9.EXE
      O4 - Global Startup: SpySubtract.lnk = C:\Program
      Files\InterMute\SpySubtract\SpySub.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\WINDOWS\System32\msjava.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
      00401C608501} - C:\WINDOWS\System32\msjava.dll
      O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
      O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
      O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
      O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) -
      www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{CC708A1C-A87B-4094-ADF1-C4C1191951B6}:
      NameServer = 194.204.152.34 194.204.159.1
      O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
      C:\WINDOWS\System32\vbsys2 (file missing)

      Zrobiłem nowego loga i co jak myślicie?
    • Gość: kier Re: KTO MI NAPISZ CO TU JEST NIE TAK IP: *.poznan.sdi.tpnet.pl 14.12.04, 19:38
      I co wie kttosik
Pełna wersja