prosba o sprawdzenie L O G A i instrukcje...

IP: *.wroclaw.mm.pl 18.01.05, 17:53
Logfile of HijackThis v1.98.2
Scan saved at 17:50:56, on 2005-01-18
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.ex e
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\j2re1.4.2_05\bin\jus ched.exe
C:\WINDOWS\System32\CTHELPER.EX E
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dom\Dane aplikacji\SysDown\sys00376.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\webx1.exe
D:\MAGDZIE\HijackThis19802.exe

R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
horseserver.net/redir.html
R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page =
www.web--search.com
R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
horseserver.net/redir.html
R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page =
horseserver.net/redir.html
R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,First Home Page =
horseserver.net/redir.html
R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Local Page =
horseserver.net/redir.html
R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,First Home Page =
horseserver.net/redir.html
R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Local Page =
horseserver.net/redir.html
R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e =
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD3 9AC959} -
C:\WINDOWS\system32\webdlg32.dl l
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} -
D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper .ocx
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD3 9AC959} -
C:\WINDOWS\system32\webdlg32.dl l
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC 94A183} - C:\PROGRA~1
\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB 9A6606} -
C:\WINDOWS\System32\DSMANA~1.DL L
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-009027 1D075B} -
D:\PROGRA~1\FlashGet\jccatch.dl l
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650 CC2175} -
C:\WINDOWS\winsx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9 082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA 6940E3} -
D:\PROGRA~1\FlashGet\fgiebar.dl l
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC 2EED3B} -
C:\WINDOWS\system32\webdlg32.dl l
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_05
\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program
Files\Creative\SBLive\PROGRAM\A DGJDet.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.e xe
O4 - Startup: winupdate64685865[1].exe
O8 - Extra context menu item: Download All by FlashGet - D:\PROGRA~1
\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\PROGRA~1
\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://D:\PROGRA~1\MICROS~1\OFFI CE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C 608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C57 1A8263} -
D:\PROGRA~1\MICROS~1\OFFICE11\R EFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa00 3c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA 6940E3} -
D:\PROGRA~1\FlashGet\flashget.e xe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.e xe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\ ..\{C2C00A51-1323-4C37-A023-
02CF15124577}: NameServer = 192.168.111.100

    • m.gregor Re: prosba o sprawdzenie L O G A i instrukc 18.01.05, 18:07
      Sciagnij nowszego HiJackThis i wklej calego loga (ten ktory wkleilas nie jest caly)
      • Gość: madzia Re: prosba o sprawdzenie L O G A i instrukc IP: *.wroclaw.mm.pl 18.01.05, 18:10
        jestem kompletna amatorka komputerowa, wlasciwie musze zmagac sie z komputerem
        po wizycie mojego braciszka i totalnie sie podlamalam.

        moglbys napisac skad moge sciagnac najnowszego HiJackThis? bylabym stokrotnie
        wdzieczna...
        • m.gregor Re: prosba o sprawdzenie L O G A i instrukc 18.01.05, 19:03
          spywareinfo.globalservers.com/~merijn/files/HijackThis.exe
          • Gość: madzia Szanowny m.gregor'ze IP: *.wroclaw.mm.pl 18.01.05, 19:31
            Logfile of HijackThis v1.99.0
            Scan saved at 19:30:36, on 2005-01-18
            Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\services.ex e
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\spoolsv.exe
            D:\Program Files\Java\j2re1.4.2_05\bin\jus ched.exe
            C:\WINDOWS\System32\CTHELPER.EX E
            C:\Documents and Settings\Dom\Menu Start\Programy\Autostart\winupd ate64685865
            [1].exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            C:\WINDOWS\System32\nvsvc32.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Documents and Settings\Dom\Ustawienia lokalne\Temporary Internet
            Files\Content.IE5\OXYZSDQZ\Hija ckThis[1].exe

            R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
            horseserver.net/redir.html
            R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page = www.web-
            -search.com
            R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
            horseserver.net/redir.html
            R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page =
            horseserver.net/redir.html
            R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Local Page =
            horseserver.net/redir.html
            R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Local Page =
            horseserver.net/redir.html
            R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e =
            R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD3 9AC959} -
            C:\WINDOWS\system32\webdlg32.dl l
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} -
            D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper .ocx
            O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD3 9AC959} -
            C:\WINDOWS\system32\webdlg32.dl l
            O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC 94A183} - C:\PROGRA~1
            \COMMON~1\WinTools\WToolsB.dll (file missing)
            O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB 9A6606} -
            C:\WINDOWS\System32\DSMANA~1.DL L
            O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-009027 1D075B} - D:\PROGRA~1
            \FlashGet\jccatch.dll
            O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650 CC2175} -
            C:\WINDOWS\winsx.dll
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9 082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA 6940E3} -
            D:\PROGRA~1\FlashGet\fgiebar.dl l
            O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC 2EED3B} -
            C:\WINDOWS\system32\webdlg32.dl l
            O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_05
            \bin\jusched.exe
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
            \NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
            \NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
            O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
            O4 - HKLM\..\Run: [Jet Detection] "C:\Program
            Files\Creative\SBLive\PROGRAM\A DGJDet.exe"
            O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
            \spool\drivers\w32x86\3\hpztsb0 4.exe
            O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.e xe
            O4 - HKLM\..\Run: [loader32] C:\Program Files\Internet Explorer\IEXPLORE.EXE
            O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !!
            O4 - Startup: winupdate64685865[1].exe
            O8 - Extra context menu item: Download All by FlashGet - D:\PROGRA~1
            \FlashGet\jc_all.htm
            O8 - Extra context menu item: Download using FlashGet - D:\PROGRA~1
            \FlashGet\jc_link.htm
            O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
            res://D:\PROGRA~1\MICROS~1\OFFI CE11\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C 608501} -
            C:\WINDOWS\System32\msjava.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
            00401C608501} - C:\WINDOWS\System32\msjava.dll
            O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C57 1A8263} -
            D:\PROGRA~1\MICROS~1\OFFICE11\R EFIEBAR.DLL
            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa00 3c157a} -
            C:\WINDOWS\web\related.htm
            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
            00aa003c157a} - C:\WINDOWS\web\related.htm
            O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA 6940E3} -
            D:\PROGRA~1\FlashGet\flashget.e xe
            O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
            0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.e xe
            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
            O17 - HKLM\System\CCS\Services\Tcpip\ ..\{C2C00A51-1323-4C37-A023-02C F15124577}:
            NameServer = 192.168.111.100
            O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
            C:\WINDOWS\System32\nvsvc32.exe
            • Gość: piecyk gazowy Re: Szanowny m.gregor'ze IP: *.tpnet.pl / *.tpnet.pl 18.01.05, 19:41
              Do usunięcia zaznacz poniższe pozycje i wciśnij Fix Checked (wpisy z gwiazdką
              poprawne, ale według mnie zbędne - decyzja należy do Ciebie):

              > R1 - HKCU\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
              > horseserver.net/redir.html
              > R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page = www.web-
              > -search.com
              > R1 - HKLM\Software\Microsoft\Interne t Explorer\Main,Default_Page_URL =
              > horseserver.net/redir.html
              > R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Start Page =
              > horseserver.net/redir.html
              > R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Local Page =
              > horseserver.net/redir.html
              > R0 - HKLM\Software\Microsoft\Interne t Explorer\Main,Local Page =
              > horseserver.net/redir.html
              > R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e =
              > R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD3 9AC959} -

              > C:\WINDOWS\system32\webdlg32.dl l

              > O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD3 9AC959} -
              > C:\WINDOWS\system32\webdlg32.dl l
              > O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC 94A183} - C:\PROGRA~1
              > \COMMON~1\WinTools\WToolsB.dll (file missing)
              > O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB 9A6606} -
              > C:\WINDOWS\System32\DSMANA~1.DL L

              > O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650 CC2175} -
              > C:\WINDOWS\winsx.dll

              > O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC 2EED3B} -
              > C:\WINDOWS\system32\webdlg32.dl l
              *> O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_05
              > \bin\jusched.exe

              > O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
              > O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
              *> O4 - HKLM\..\Run: [Jet Detection] "C:\Program
              > Files\Creative\SBLive\PROGRAM\A DGJDet.exe"
              *> O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
              > \spool\drivers\w32x86\3\hpztsb0 4.exe
              *> O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.e xe
              > O4 - HKLM\..\Run: [loader32] C:\Program Files\Internet Explorer\IEXPLORE.EXE
              > O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !!
              > O4 - Startup: winupdate64685865[1].exe
Pełna wersja