Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    sprawdzenie loga z hijackthis

    IP: *.ip.WRO.Korbank.PL 16.05.05, 18:01
    Logfile of HijackThis v1.99.1
    Scan saved at 17:55:52, on 2005-05-16
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
    C:\Program Files\Common Files\CMEII\CMESys.exe
    C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE
    C:\Program Files\Media Access\MediaAccK.exe
    C:\Program Files\Media Access\MediaAccess.exe
    C:\temp\salm.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\Program Files\Spcue\Yowark.exe
    C:\WINDOWS\System32\gah95on6.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Program Files\Common Files\GMT\GMT.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hotbar\Bin\4.6.1.0\HbSrv.exe
    C:\Documents and Settings\Marcin\Pulpit\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    results.dashbar.com/search?c=27440&b=17862&t=0&ce=DI&m=NDMxMTkzMTc0&ver=2.1.0.0
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.onet.pl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program
    Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
    O2 - BHO: IE 4.x-5.x BHO in ObjectPascal - {49E0E0F0-5C30-11D4-945D-
    000000000000} - C:\PROGRA~1\MarBit\TOOLS\IEHelper.dll (file missing)
    O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} -
    C:\WINDOWS\system32\kzk0c.dll
    O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
    Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
    Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [myfastupdate] C:\WINDOWS\system32\myfastupdate.exe
    O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32
    \spool\DRIVERS\W32X86\3\fppdis2a.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
    atboottime
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\Bin\4.6.1.0
    \WeatherOnTray.exe
    O4 - HKLM\..\Run: [mzouuums] C:\WINDOWS\System32\voiotaox.exe
    O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
    O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1
    \MW1HEL~1.EXE /partner MW1
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
    Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [sbmtwvyj] C:\WINDOWS\sbmtwvyj.exe
    O4 - HKLM\..\Run: [Fsjnk] C:\Program Files\Spcue\Yowark.exe
    O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
    O4 - HKLM\..\RunOnce: [gvuijnf.exe] C:\WINDOWS\System32\gvuijnf.exe /k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: Download with Internet TOOLS - C:\Program
    Files\MarBit\TOOLS\MBdownload.htm
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-
    49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0
    \ShprRprt.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
    00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-
    4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0
    \ShprRprt.dll
    O12 - Plugin for .spop: C:\Program Files\Internet
    Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00000000-0000-0000-0000-000020030000} -
    xxxtrayicon.com/xtrayinst.exe
    O16 - DPF: {11111111-1111-1111-1111-111111111111} -
    fotosex.pl/msuser32.exe
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
    static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c6.cab
    O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) -
    advnt01.com/dialer/russia.CAB
    O16 - DPF: {54E7E082-1DA6-412E-96B5-C290FCEF5329} -
    install.serwis.pl/install2.exe
    O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
    www.bph.pl/pi/components/SignActivX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{06AF8EAA-F0D8-4067-91B3-
    9B984671A557}: NameServer = 195.117.162.129,195.117.162.253
    O17 - HKLM\System\CS1\Services\Tcpip\..\{06AF8EAA-F0D8-4067-91B3-
    9B984671A557}: NameServer = 195.117.162.129,195.117.162.253
    O17 - HKLM\System\CS2\Services\Tcpip\..\{06AF8EAA-F0D8-4067-91B3-
    9B984671A557}: NameServer = 195.117.162.129,195.117.162.253
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe

    Obserwuj wątek
      • Gość: Kolobos Re: sprawdzenie loga z hijackthis IP: *.warszawa.sdi.tpnet.pl 16.05.05, 18:20
        I po co bylo instalowac te smiecie? Przeciez ten log to jeden wielki syf, na
        przyszlosc powstrzymaj sie przed instalacja tego spyware'u! Brak aktualizacji
        pewnie piracki windows, do tego brak antyvirusa, firewall.


        To do kasacji:

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        results.dashbar.com/search?c=27440&b=17862&t=0&ce=DI&m=NDMxMTkzMTc0&ver=2.1.0.0
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
        red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*www.yahoo.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.h
        tm
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
        red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*www.yahoo.com
        O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program
        Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll <- odinstaluj, zaznacz, skasuj
        plik z dysku oraz katalog ShopperReports
        O2 - BHO: IE 4.x-5.x BHO in ObjectPascal - {49E0E0F0-5C30-11D4-945D-
        000000000000} - C:\PROGRA~1\MarBit\TOOLS\IEHelper.dll (file missing)
        O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} -
        C:\WINDOWS\system32\kzk0c.dll <- plik do kasacji po usunieciu w hijackthis
        O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
        Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll <- to samo
        O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
        Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll <- to samo
        tak samo te:
        O4 - HKLM\..\Run: [myfastupdate] C:\WINDOWS\system32\myfastupdate.exe
        O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\Bin\4.6.1.0
        \WeatherOnTray.exe
        O4 - HKLM\..\Run: [mzouuums] C:\WINDOWS\System32\voiotaox.exe
        O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
        O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1
        \MW1HEL~1.EXE /partner MW1
        O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
        O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
        O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
        Optimizer\optimize.exe"
        O4 - HKLM\..\Run: [sbmtwvyj] C:\WINDOWS\sbmtwvyj.exe
        O4 - HKLM\..\Run: [Fsjnk] C:\Program Files\Spcue\Yowark.exe
        O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
        O4 - HKLM\..\RunOnce: [gvuijnf.exe] C:\WINDOWS\System32\gvuijnf.exe /k
        O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
        O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-
        49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0
        \ShprRprt.dll
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-
        4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0
        \ShprRprt.dll
        O16 - DPF: {00000000-0000-0000-0000-000020030000} -
        xxxtrayicon.com/xtrayinst.exe
        O16 - DPF: {11111111-1111-1111-1111-111111111111} -
        fotosex.pl/msuser32.exe
        O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
        static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c6.cab
        O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) -
        advnt01.com/dialer/russia.CAB
        O16 - DPF: {54E7E082-1DA6-412E-96B5-C290FCEF5329} -
        install.serwis.pl/install2.exe


        Wszystkie te pliki kasujesz z dysku wczesniej szukasz w dodaj-usun jak sa to
        odinstaluj najpierw, jak cos nie bedzie sie chcialo skasowac to uzyj tego:
        www.downloads.subratam.org/KillBox.zip
        I Delete file on reboot.

        Jak juz skasujesz itd to po resecie wklej nowy log.

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.
    Wybrane treści z serwisu Sport.pl są dostępne po wykupieniu płatnej subskrypcji