hijackthis

IP: *.at / *.chello.at 22.04.05, 14:36
tak jak na forum 'internet' prosze o pomoc:

pod okienkiem z adresem zainstalowal mi sie 'toolbar ' AZE search;

moze ktos mi podpowie jakie pliki zlikwidowac

z gory wielkie dzieki za pomoc :-)
Logfile of HijackThis v1.99.1
Scan saved at 20:31:55, on 21/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\tibs5.exe
C:\WINDOWS\system32\ctfmon.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Magdalena\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
home.fra.chello.fr/ssi/welcome/welcome.php?url=search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.gazeta.pl/0,0.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer fourni par chello broadband n.v.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = proxy.chello.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 69.50.166.11 www.google.com
O1 - Hosts: 69.50.166.11 google.com
O1 - Hosts: 69.50.166.11 www.google.co.uk
O1 - Hosts: 69.50.166.11 google.co.uk
O1 - Hosts: 69.50.166.11 www.google.ca
O1 - Hosts: 69.50.166.11 google.ca
O1 - Hosts: 69.50.166.11 www.google.es
O1 - Hosts: 69.50.166.11 google.es
O1 - Hosts: 69.50.166.11 www.google.de
O1 - Hosts: 69.50.166.11 google.de
O1 - Hosts: 69.50.166.11 www.google.fr
O1 - Hosts: 69.50.166.11 google.fr
O1 - Hosts: 69.50.166.11 www.google.com.au
O1 - Hosts: 69.50.166.11 google.com.au
O1 - Hosts: 69.50.166.14 www.yahoo.com
O1 - Hosts: 69.50.166.14 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 69.50.166.12 www.msn.com
O1 - Hosts: 69.50.166.12 msn.com
O1 - Hosts: 69.50.166.12 search.msn.com
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.12 go.com
O1 - Hosts: 69.50.166.13 astalavista.com
O1 - Hosts: 69.50.166.13 www.astalavista.com
O1 - Hosts: 69.50.166.13 astalavista.box.sk
O1 - Hosts: 69.50.166.13 cracks.am
O1 - Hosts: 69.50.166.13 www.cracks.am
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program
Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} -
C:\WINDOWS\system32\azesearch3.ocx
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} -
C:\WINDOWS\system32\iasadm.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} -
C:\WINDOWS\system32\azesearch3.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1
\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32
\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32
\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05
\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital
Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\system32\tibs5.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF:
START_PAGE_URL=home.fra.chello.fr/ssi/welcome/welcome.php?
url=home&src=ie
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -
www.azebar.com/install/azesearch3.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared
    • Gość: T-800 Re: hijackthis IP: *.tpnet.pl / *.tpnet.pl 22.04.05, 14:47
      Nie zmieścił się cały log. Do usunięcia:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
      Internet Explorer fourni par chello broadband n.v.

      O1 - Hosts: 69.50.166.11 www.google.com
      O1 - Hosts: 69.50.166.11 google.com
      O1 - Hosts: 69.50.166.11 www.google.co.uk
      O1 - Hosts: 69.50.166.11 google.co.uk
      O1 - Hosts: 69.50.166.11 www.google.ca
      O1 - Hosts: 69.50.166.11 google.ca
      O1 - Hosts: 69.50.166.11 www.google.es
      O1 - Hosts: 69.50.166.11 google.es
      O1 - Hosts: 69.50.166.11 www.google.de
      O1 - Hosts: 69.50.166.11 google.de
      O1 - Hosts: 69.50.166.11 www.google.fr
      O1 - Hosts: 69.50.166.11 google.fr
      O1 - Hosts: 69.50.166.11 www.google.com.au
      O1 - Hosts: 69.50.166.11 google.com.au
      O1 - Hosts: 69.50.166.14 www.yahoo.com
      O1 - Hosts: 69.50.166.14 yahoo.com
      O1 - Hosts: 66.218.75.184 mail.yahoo.com
      O1 - Hosts: 69.50.166.12 www.msn.com
      O1 - Hosts: 69.50.166.12 msn.com
      O1 - Hosts: 69.50.166.12 search.msn.com
      O1 - Hosts: 69.50.166.12 www.go.com
      O1 - Hosts: 69.50.166.12 go.com
      O1 - Hosts: 69.50.166.13 astalavista.com
      O1 - Hosts: 69.50.166.13 www.astalavista.com
      O1 - Hosts: 69.50.166.13 astalavista.box.sk
      O1 - Hosts: 69.50.166.13 cracks.am
      O1 - Hosts: 69.50.166.13 www.cracks.am

      O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} -
      C:\WINDOWS\system32\azesearch3.ocx
      O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} -
      C:\WINDOWS\system32\iasadm.dll
      O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} -
      C:\WINDOWS\system32\azesearch3.ocx

      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05
      \bin\jusched.exe

      4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe

      O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\system32\tibs5.exe

      O14 - IERESET.INF:
      START_PAGE_URL=home.fra.chello.fr/ssi/welcome/welcome.php?
      url=home&src=ie
      O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
      www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab
      O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -
      www.azebar.com/install/azesearch3.cab

      Potem wygeneruj i wklej nowego loga.
    • Gość: barracuda7110 Re: hijackthis IP: *.dsl.telepac.pt 22.04.05, 14:52
      1. Przestań używać ie. Zainstaluj sobie firefoxa albo operę. Skończą się Twoje
      problemy ze samoinstalującymi się śmieciami.
      2. Wywal to:
      > O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} -
      > C:\WINDOWS\system32\azesearch3.ocx
      > O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32
      > \IME\TINTLGNT\TINTSETP.EXE /SYNC
      > O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32
      > \IME\TINTLGNT\TINTSETP.EXE /IMEName

      Zainstaluj sobie nowszą javę: www.java.com
      • Gość: meg Re: hijackthis IP: *.at / *.chello.at 22.04.05, 15:28
        dzieki dzieki !!!!!
        po wykasowaniu zostaje to:
        Logfile of HijackThis v1.99.1
        Scan saved at 15:28:01, on 22/04/2005
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
        C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
        C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
        c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
        c:\APPS\Powercinema\Kernel\TV\CLSched.exe
        C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
        c:\APPS\HIDSERVICE\HIDSERVICE.exe
        C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
        C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
        C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
        C:\WINDOWS\system32\slserv.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
        C:\WINDOWS\Explorer.EXE
        C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
        C:\Apps\Powercinema\PCMService.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
        C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
        C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\system32\WISPTIS.EXE
        C:\Program Files\Messenger\msmsgs.exe
        C:\Documents and Settings\Magdalena\Bureau\hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        forum.gazeta.pl/forum/0,0.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
        Internet Explorer fourni par chello broadband n.v.
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        Settings,ProxyServer = proxy.chello.fr:8080
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program
        Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
        Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
        O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1
        \IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
        O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32
        \IME\TINTLGNT\TINTSETP.EXE /SYNC
        O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32
        \IME\TINTLGNT\TINTSETP.EXE /IMEName
        O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec
        Shared\ccApp.exe"
        O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
        Security\UrlLstCk.exe
        O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
        O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital
        Imaging\\Unload\hpqcmon.exe
        O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
        Packard\HP Share-to-Web\hpgs2wnd.exe
        O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
        AntiSpyware\gcasServ.exe"
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1
        \MICROS~3\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
        C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
        C:\WINDOWS\system32\Shdocvw.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
        C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
        C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
        C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
        C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
        C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
        O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown
        owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
        O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner -
        c:\APPS\Powercinema\Kernel\TV\CLSched.exe
        O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program
        Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
        O23 - Service: Generic Service for HID Keyboard Input Collections
        (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
        O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
        O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec
        Corporation - C:\Program Files\Norton Internet Security\Norton
        AntiVirus\navapsvc.exe
        O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
        Internet Security\Norton AntiVirus\SAVScan.exe
        O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
        C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
        O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
        Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
        O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
        Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
        • Gość: T-800 Re: hijackthis IP: *.tpnet.pl / *.tpnet.pl 22.04.05, 15:37
          Czysto, tylko nie wiem, co to za cudo:

          > O23 - Service: Generic Service for HID Keyboard Input Collections
          > (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

          Google praktycznie milczy. Usuń, a jeśli będą jakieś problemy, przywróć wpis (w
          HijackThis jest opcja Backup).

          Przeskanuj system Ad-Aware'em:
          ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe
          i usuń wszystko, co znajdzie.
          • Gość: meg Re: hijackthis IP: *.at / *.chello.at 22.04.05, 15:44
            dzieki za szybka odpowiedz.....ale ja ciagle mam ten toolbar!!!!!

            pozdr
            • Gość: T-800 Re: hijackthis IP: *.tpnet.pl / *.tpnet.pl 22.04.05, 15:51
              Uruchom ponownie system, przeskanuj Ad-Aware'em i wklej nowego loga.
              • Gość: meg Re: hijackthis IP: *.at / *.chello.at 22.04.05, 16:00
                nie chce naduzywac twojej zyczliwosci ale mam tez problem ze scaganiem plikow z
                internetu,
                po otworzeniu twojego linku mam wiadomosc: cauld not installation. file size
                expected=2636408, size returned = 307791.

                scanowalam system z 'microsoft Antispyware' i znalazl mi 6 plikow, ktore
                wyrzucilam.......i nadal mam ten toolbar.....

                dzieki za pomoc
                • Gość: Kolobos Re: hijackthis IP: *.warszawa.sdi.tpnet.pl 22.04.05, 16:06
                  Wklej nowy log z hijackthis.
                  • Gość: meg Re: hijackthis IP: *.at / *.chello.at 22.04.05, 16:10
                    Logfile of HijackThis v1.99.1
                    Scan saved at 16:10:39, on 22/04/2005
                    Platform: Windows XP SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\system32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
                    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
                    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
                    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
                    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
                    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
                    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                    c:\APPS\HIDSERVICE\HIDSERVICE.exe
                    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
                    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
                    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
                    C:\WINDOWS\system32\slserv.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
                    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
                    C:\Apps\Powercinema\PCMService.exe
                    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
                    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
                    C:\WINDOWS\SOUNDMAN.EXE
                    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
                    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                    C:\WINDOWS\system32\ctfmon.exe
                    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\Messenger\msmsgs.exe
                    C:\Documents and Settings\Magdalena\Bureau\hijackthis\HijackThis.exe

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                    www.gazeta.pl/0,0.html
                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
                    Internet Explorer fourni par chello broadband n.v.
                    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
                    Settings,ProxyServer = proxy.chello.fr:8080
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program
                    Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
                    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
                    Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                    O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} -
                    C:\WINDOWS\system32\azesearch3.ocx
                    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1
                    \IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
                    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32
                    \IME\TINTLGNT\TINTSETP.EXE /SYNC
                    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32
                    \IME\TINTLGNT\TINTSETP.EXE /IMEName
                    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
                    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec
                    Shared\ccApp.exe"
                    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
                    Security\UrlLstCk.exe
                    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
                    O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital
                    Imaging\\Unload\hpqcmon.exe
                    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
                    Packard\HP Share-to-Web\hpgs2wnd.exe
                    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
                    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                    AntiSpyware\gcasServ.exe"
                    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1
                    \MICROS~3\OFFICE11\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
                    C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
                    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-
                    00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
                    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
                    C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
                    C:\WINDOWS\system32\Shdocvw.dll
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                    C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
                    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
                    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
                    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
                    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
                    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
                    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
                    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
                    C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
                    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
                    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
                    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown
                    owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
                    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner -
                    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
                    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program
                    Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                    O23 - Service: Generic Service for HID Keyboard Input Collections
                    (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
                    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
                    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec
                    Corporation - C:\Program Files\Norton Internet Security\Norton
                    AntiVirus\navapsvc.exe
                    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
                    Internet Security\Norton AntiVirus\SAVScan.exe
                    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
                    C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
                    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
                    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
                    Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
                    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
                    Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
                    • Gość: Kolobos Re: hijackthis IP: *.warszawa.sdi.tpnet.pl 22.04.05, 16:25
                      W hijackthis zaznacz te wpisy:

                      O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} -
                      C:\WINDOWS\system32\azesearch3.ocx

                      Fix Checked, nastepnie sciagasz:
                      www.downloads.subratam.org/KillBox.zip
                      Rozpakuj, zaznacz Delete file on reboot wklej sciezke do pliku (sama nie szukaj
                      tylko wklejaj gotowa) i nacisnij czerwony przycik:
                      C:\WINDOWS\system32\azesearch3.ocx
                      Na pytanie czy chcesz zresetowac odpowiedz tak i po resecie juz go nie powinno
                      byc.

                      Przeskanuj tez system tym:
                      housecall.trendmicro.com/housecall/start_corp.asp
                      www.windowsecurity.com/trojanscan/
                      www.pandasoftware.com/activescan/pol/activescan_principal.htm
                      Nie zaszkodzi tez jak zainstalujesz:
                      www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D
                      www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster
                      www.wilderssecurity.net/spywareguard.html <- SpywareGuard
                      W dwoch pierwszych wlacz ochrone przegladarki.

                      Po tym wszystkim wklej nowy log z hijackthis.

                      • Gość: barracuda7110 Re: hijackthis(ps) IP: *.dsl.telepac.pt 22.04.05, 16:28
                        www.opera.com lub www.firefox.com :)
                        • Gość: meg Re: hijackthis IP: *.at / *.chello.at 22.04.05, 16:44
                          nie ma go juz!!!!!!! dzieki!!!!naprawde bardzo bardzo dziekuje:-))))))))
Pełna wersja