do netseca jeszce raz...

28.01.05, 11:22
Logfile of HijackThis v1.99.0
Scan saved at 08:57:13, on 2005-01-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.ex e
C:\WINDOWS\system32\services.ex e
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RunDll32.ex e
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Bankrut\bankrut.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\witya\Moje dokumenty\Z SIECI WZIETE\HijackThis.exe

R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page =
www.gazeta.pl/
R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper .ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B 084872} - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9 082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF 00B1D6} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.e xe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton
SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06
\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Bankrut.lnk = C:\Program Files\Bankrut\bankrut.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C 608501} -
C:\Program Files\Java\j2re1.4.2_06\bin\npj pi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npj pi142_06.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11111111-1111-1111-1111-111191 113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111 193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111 193458} - file://c:\x.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E09916 2EEEC5} (Symantec RuFSI Utility
Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\ ..\{2FF67257-C2AB-45AD-A08A-
451280B3BA41}: NameServer = 195.114.161.61 195.114.181.130
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program
Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany -
C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program
Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program
Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1
\COMMON~1\SYMANT~1\SCRIPT~1\SBS erv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1
\NORTON~1\SPEEDD~1\nopdb.exe

jakbyś mógł do nóg ci bede padać
    • Gość: Kolobos Re: do netseca jeszce raz... IP: *.warszawa.sdi.tpnet.pl 28.01.05, 11:38
      Co prawda nie jestem nim, ale usun:
      O16 - DPF: {11111111-1111-1111-1111-111191 113457} - file://c:\ied_s7.cab
      O16 - DPF: {11111111-1111-1111-1111-511111 193457} - file://c:\x.cab
      O16 - DPF: {11111111-1111-1111-1111-511111 193458} - file://c:\x.cab

      Zreszta zobacz sama tutaj:
      www.hijackthis.de/logfiles/e9a12630f9123b092adc1bd626ec04f9.html
      :-)
      I koniecznie odwiedz www.windowsupdate.com w celu sciagniecia latek do Internet
      Explroera itd :-)
    • netsec Re: do netseca jeszce raz... 28.01.05, 11:56
      O16 - DPF: {11111111-1111-1111-1111-111191 113457} - file://c:\ied_s7.cab
      O16 - DPF: {11111111-1111-1111-1111-511111 193457} - file://c:\x.cab
      O16 - DPF: {11111111-1111-1111-1111-511111 193458} - file://c:\x.cab

      To są dialery do usunięcia :)
      Jednak pewnie masz klucz FCKGW to o WindowsUpdate zapomnij.
      Poczytaj ten wątek:
      forum.gazeta.pl/forum/72,2.html?f=430&w=19749481&wv.x=2&a=19837920
Pełna wersja