prosze o sprawdzenie loga, dzieki

IP: *.arcor-ip.net 25.03.05, 12:54
Logfile of HijackThis v1.99.1
Scan saved at 12:43:20, on 25.03.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\SOINTGR.EXE
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Programme\CyberLink\PowerDVD\PowerDVD.exe
C:\Programme\AVPersonal\AVSCHED32.EXE
C:\Programme\Netropa\Onscreen Display\OSD.exe
C:\LifeView FlyVideo\RecSche.exe
C:\Programme\QuickTime\qttask.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system32\lbbascd.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\?hkntfs.exe
C:\Dokumente und Einstellungen\Chromik\Anwendungsdaten\esam.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\windows\system32\calc.exe
C:\Programme\Mouse\Mouse Control\Panel.exe
C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Dokumente und Einstellungen\Chromik\Eigene
Dateien\Hanja\€hania\HijackThis.exe
C:\Programme\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.gazeta.pl/0,0.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
www.arcor.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} -
C:\WINDOWS\ceres.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {47149BEF-2A73-74A9-2BB1-7195CEA1DCC2} -
C:\WINDOWS\System32\dmif.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F308EE17-0E8E-5057-879B-03A2DDA26D96} -
C:\WINDOWS\System32\vhffgkg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe
SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programme\Netropa\Multimedia
Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [PowerDVD]
C:\Programme\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [RecSche] C:\LifeView FlyVideo\RecSche.exe /Startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows
ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [hdaq7zzy] C:\Programme\hdaq7zzy\hdaq7zzy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02
\bin\jusched.exe
O4 - HKLM\..\Run: [lbbascd] c:\windows\system32\lbbascd.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [B0A047EC] C:\WINDOWS\System32\hsfljlvcej.exe
O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programme\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Sfhn] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [Sdrl] C:\Dokumente und
Einstellungen\Chromik\Anwendungsdaten\esam.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - Global Startup: Mouse Control Center.lnk = C:\Programme\Mouse\Mouse
Control\Panel.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak
EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programme\Kodak\KODAK
Software Updater\7288971\Program\backWeb-7288971.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} -
freeload.cc/secure/ieloader.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -
www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) -
www1.pc-sicherheit.web.de/ols/fscax.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB}
(VacPro.internazionale_ver4) -
advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {9EAC0186-5F5A-4362-B120-15C312CE012D} -
www.awmdabest.com/cabl/319/tb.cab
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D}
(VacPro.internazionale_ver10) -
<a href="advnt01.com/dialer/
    • Gość: Kolobos Re: prosze o sprawdzenie loga, dzieki IP: *.warszawa.sdi.tpnet.pl 25.03.05, 13:12
      Uruchom hijackthis i zaznacz te wpisy:

      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      www.exactsearch.net/sidesearch
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
      red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*www.yahoo.com
      R3 - Default URLSearchHook is missing
      O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} -
      C:\WINDOWS\ceres.dll
      O2 - BHO: (no name) - {47149BEF-2A73-74A9-2BB1-7195CEA1DCC2} -
      C:\WINDOWS\System32\dmif.dll (file missing)
      O2 - BHO: (no name) - {F308EE17-0E8E-5057-879B-03A2DDA26D96} -
      C:\WINDOWS\System32\vhffgkg.dll
      O4 - HKLM\..\Run: [ScanRegistry] C:\W <- to sie chyba obcielo? jezeli nie i tak
      wyglada ten wpis to tez zaznacz
      O4 - HKLM\..\Run: [Microsoft Restore] scrgrd.exe
      Tego poszukaj w dodaj-usun programy, jak tam jest to odinstaluj:
      O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows
      ControlAd\WinCtlAd.exe
      O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
      O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
      O4 - HKLM\..\Run: [hdaq7zzy] C:\Programme\hdaq7zzy\hdaq7zzy.exe
      O4 - HKLM\..\Run: [lbbascd] c:\windows\system32\lbbascd.exe
      O4 - HKLM\..\RunServices: [B0A047EC] C:\WINDOWS\System32\hsfljlvcej.exe
      O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
      O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
      O4 - HKCU\..\Run: [Sfhn] C:\WINDOWS\System32\?hkntfs.exe
      O4 - HKCU\..\Run: [Sdrl] C:\Dokumente und
      Einstellungen\Chromik\Anwendungsdaten\esam.exe <- nie wiem co to jest, jak
      wiesz to zostaw, jak tez nie to zaznacz
      O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
      O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} -
      freeload.cc/secure/ieloader.cab
      O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -
      www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
      O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) -
      dvnt01.com/dialer/internazionale_ver4.CAB

      I nacisnij Fix Checked, nastepnie uruchom ponownie komputer i wklej nowy log z
      hijackthis.
      • Gość: hania Re: nowy log IP: *.arcor-ip.net 25.03.05, 16:30
        Logfile of HijackThis v1.99.1
        Scan saved at 16:27:28, on 25.03.2005
        Platform: Windows XP SP1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\LEXBCES.EXE
        C:\WINDOWS\system32\LEXPPS.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Programme\AVPersonal\AVGUARD.EXE
        C:\Programme\AVPersonal\AVWUPSRV.EXE
        C:\WINDOWS\system32\drivers\KodakCCS.exe
        C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\ScsiAccess.EXE
        C:\WINDOWS\System32\tcpsvcs.exe
        C:\WINDOWS\system32\slserv.exe
        C:\WINDOWS\System32\snmp.exe
        C:\WINDOWS\wanmpsvc.exe
        C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
        C:\WINDOWS\Explorer.EXE
        C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
        C:\WINDOWS\SOINTGR.EXE
        C:\Programme\Real\RealPlayer\RealPlay.exe
        C:\Programme\Netropa\Multimedia Keyboard\MMKeybd.exe
        C:\Programme\CyberLink\PowerDVD\PowerDVD.exe
        C:\Programme\AVPersonal\AVSCHED32.EXE
        C:\LifeView FlyVideo\RecSche.exe
        C:\Programme\QuickTime\qttask.exe
        C:\Programme\Netropa\Onscreen Display\OSD.exe
        C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
        C:\Programme\AVPersonal\AVGNT.EXE
        C:\windows\system32\lbbascd.exe
        C:\Programme\Gadu-Gadu\gg.exe
        C:\windows\system32\calc.exe
        C:\Programme\Mouse\Mouse Control\Panel.exe
        C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
        C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\Dokumente und Einstellungen\Chromik\Eigene
        Dateien\Hanja\€hania\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        search.offeroptimizer.com/sidebar.htm
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.gazeta.pl/0,0.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        about:blank
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
        www.arcor.de/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
        Internet Explorer
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        Settings,ProxyOverride = localhost
        O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} -
        C:\WINDOWS\ceres.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
        \SPYBOT~1\SDHelper.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
        \NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
        O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe
        SYSTEMBOOTHIDEPLAYER
        O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programme\Netropa\Multimedia
        Keyboard\MMKeybd.exe
        O4 - HKLM\..\Run: [PowerDVD]
        C:\Programme\CyberLink\PowerDVD\PowerDVD.exe /autostart
        O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSCHED32.EXE /min
        O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
        O4 - HKLM\..\Run: [RecSche] C:\LifeView FlyVideo\RecSche.exe /Startup
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -
        atboottime
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02
        \bin\jusched.exe
        O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
        O4 - HKLM\..\Run: [lbbascd] c:\windows\system32\lbbascd.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programme\Gadu-Gadu\gg.exe" /tray
        O4 - Global Startup: Mouse Control Center.lnk = C:\Programme\Mouse\Mouse
        Control\Panel.exe
        O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak
        EasyShare software\bin\EasyShare.exe
        O4 - Global Startup: Kodak software updater.lnk = C:\Programme\Kodak\KODAK
        Software Updater\7288971\Program\backWeb-7288971.exe
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
        O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
        C:\WINDOWS\System32\Shdocvw.dll
        O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
        O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
        O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
        O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
        O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) -
        www1.pc-sicherheit.web.de/ols/fscax.cab
        O16 - DPF: {9EAC0186-5F5A-4362-B120-15C312CE012D} -
        www.awmdabest.com/cabl/319/tb.cab
        O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D}
        (VacPro.internazionale_ver10) -
        advnt01.com/dialer/internazionale_ver10.CAB
        O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} -
        www.alwaysupdatednews.com/install/aun_0033.exe
        O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
        games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
        O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
        game19.zylomgames.com/activex/zylomgamesplayer.cab
        O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) -
        game17.zylomgames.com/activex/zylomloader.cab
        O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} (HDPluginCtrl Class) -
        dist.belnk.com/4/download/hdplugin_1101_bundle43v5d43.cab
        O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) -
        install.download-url.de/InstallationsAssistent.ocx
        O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
        download.spyspotter.com/spyspotter/SpSp29952.40opt/SpySpotterCabInstall.cab
        O16 - DPF: {FDE6B956-B80A-4578-9A10-4C24609412F1} -
        access.gamesplayground.com/output/100067/de/fullgames/fullgames.exe
        O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
        C:\Programme\AVPersonal\AVGUARD.EXE
        O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
        C:\Programme\AVPersonal\AVWUPSRV.EXE
        O23 - Service: Kodak Cam
        • Gość: Kolobos Re: nowy log IP: *.warszawa.sdi.tpnet.pl 25.03.05, 16:53
          Sciagnij killbox:
          www.bleepingcomputer.com/files/spyware/KillBox.zip
          rozpakuj, uruchom, wklej do niego sciezke do tego pliku:
          C:\WINDOWS\ceres.dll
          zaznacz delete on reboot i nacisnij czerwony przycisk
          nastepnie zrob to samo z:
          c:\windows\system32\lbbascd.exe

          Jak juz to zrobisz to uruchom hijackthis i usun te wpisy:
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
          search.offeroptimizer.com/sidebar.htm
          O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} -
          C:\WINDOWS\ceres.dll
          O4 - HKLM\..\Run: [lbbascd] c:\windows\system32\lbbascd.exe
          Oraz wszystkie wpisy
          O16 - DPF

          Fix Checked, uruchom ponownie komputer i wklej nowy log.


          • Gość: hania Re: juz widac efekty :) IP: *.arcor-ip.net 25.03.05, 17:51
            Logfile of HijackThis v1.99.1
            Scan saved at 17:50:06, on 25.03.2005
            Platform: Windows XP SP1 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\LEXBCES.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\LEXPPS.EXE
            C:\Programme\AVPersonal\AVGUARD.EXE
            C:\Programme\AVPersonal\AVWUPSRV.EXE
            C:\WINDOWS\system32\drivers\KodakCCS.exe
            C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\WINDOWS\System32\ScsiAccess.EXE
            C:\WINDOWS\System32\tcpsvcs.exe
            C:\WINDOWS\system32\slserv.exe
            C:\WINDOWS\System32\snmp.exe
            C:\WINDOWS\wanmpsvc.exe
            C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
            C:\WINDOWS\Explorer.EXE
            C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
            C:\WINDOWS\SOINTGR.EXE
            C:\Programme\Real\RealPlayer\RealPlay.exe
            C:\Programme\Netropa\Multimedia Keyboard\MMKeybd.exe
            C:\Programme\CyberLink\PowerDVD\PowerDVD.exe
            C:\Programme\AVPersonal\AVSCHED32.EXE
            C:\LifeView FlyVideo\RecSche.exe
            C:\Programme\QuickTime\qttask.exe
            C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
            C:\Programme\AVPersonal\AVGNT.EXE
            C:\Programme\Gadu-Gadu\gg.exe
            C:\Programme\Netropa\Onscreen Display\OSD.exe
            C:\Programme\Mouse\Mouse Control\Panel.exe
            C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
            C:\Programme\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
            C:\WINDOWS\System32\wuauclt.exe
            C:\Dokumente und Einstellungen\Chromik\Eigene
            Dateien\Hanja\€hania\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.gazeta.pl/0,0.html
            R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
            about:blank
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
            www.arcor.de/
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
            Internet Explorer
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
            Settings,ProxyOverride = localhost
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
            O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
            \SPYBOT~1\SDHelper.dll
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
            \NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
            O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
            O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe
            SYSTEMBOOTHIDEPLAYER
            O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programme\Netropa\Multimedia
            Keyboard\MMKeybd.exe
            O4 - HKLM\..\Run: [PowerDVD]
            C:\Programme\CyberLink\PowerDVD\PowerDVD.exe /autostart
            O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSCHED32.EXE /min
            O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
            O4 - HKLM\..\Run: [RecSche] C:\LifeView FlyVideo\RecSche.exe /Startup
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -
            atboottime
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02
            \bin\jusched.exe
            O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
            O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programme\Gadu-Gadu\gg.exe" /tray
            O4 - Global Startup: Mouse Control Center.lnk = C:\Programme\Mouse\Mouse
            Control\Panel.exe
            O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak
            EasyShare software\bin\EasyShare.exe
            O4 - Global Startup: Kodak software updater.lnk = C:\Programme\Kodak\KODAK
            Software Updater\7288971\Program\backWeb-7288971.exe
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
            O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-
            00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
            C:\WINDOWS\web\related.htm
            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
            00aa003c157a} - C:\WINDOWS\web\related.htm
            O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
            C:\WINDOWS\System32\Shdocvw.dll
            O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
            O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
            O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
            O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
            O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
            C:\Programme\AVPersonal\AVGUARD.EXE
            O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
            C:\Programme\AVPersonal\AVWUPSRV.EXE
            O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak
            Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
            O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
            C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
            O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
            C:\WINDOWS\system32\LEXBCES.EXE
            O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner -
            C:\Programme\Netropa\Multimedia Keyboard\nhksrv.exe (file missing)
            O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
            C:\WINDOWS\System32\nvsvc32.exe
            O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
            O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
            O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH,
            Germany - C:\DOKUME~1\CHROMIK\LOKALE~1\TEMP\_VWUPSRV.EXE
            O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America
            Online, Inc. - C:\WINDOWS\wanmpsvc.exe

            • Gość: Kolobos Re: juz widac efekty :) IP: *.warszawa.sdi.tpnet.pl 25.03.05, 20:05
              Log jest czysty :-)
              • hania261 Re: juz widac efekty :) 26.03.05, 16:24
                Bardzo dziekuje i WESOLYCH SWIAT :)
Pełna wersja