Dodaj do ulubionych

prosze o sprawdzenie hijackthis

IP: *.neoplus.adsl.tpnet.pl 26.05.05, 16:01
Logfile of HijackThis v1.99.1
Scan saved at 15:58:48, on 2005-05-26
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\n?tdde.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Documents and Settings\basia\Pulpit\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no
file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9E189F21-5BCD-5B37-E1DD-56C0CE965EC6} -
C:\WINDOWS\System32\ypc.dll
O2 - BHO: (no name) - {AB35AF21-76FE-6E03-CCED-66EDFEA673F6} -
C:\WINDOWS\System32\ypc.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32
\mobsync.exe /logon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common
Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] E:\prhyper.exe
O4 - HKCU\..\Run: [Npwc] C:\Documents and Settings\basia\Dane
aplikacji\htao.exe
O4 - HKCU\..\Run: [Kpegdk] C:\WINDOWS\System32\n?tdde.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\DOCUME~1\basia\USTAWI~1
\Temp\zang.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
\dslmon.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
www.errorguard.com/installation/Install.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
software-dl.real.com/07d2a8d148cde450fa22/netzip/RdxIE601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA59F504-1E3C-4357-BBB2-
D0A0180A9A7F}: NameServer = 194.204.152.34 217.98.63.164
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation -
C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec
Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Obserwuj wątek
    • Gość: Kolobos Re: prosze o sprawdzenie hijackthis IP: *.icm.edu.pl / *.icm.edu.pl 26.05.05, 16:23
      W hijackthis usuwasz to:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
      TP
      R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no
      file)
      O2 - BHO: (no name) - {9E189F21-5BCD-5B37-E1DD-56C0CE965EC6} -
      C:\WINDOWS\System32\ypc.dll
      O2 - BHO: (no name) - {AB35AF21-76FE-6E03-CCED-66EDFEA673F6} -
      C:\WINDOWS\System32\ypc.dll
      O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
      O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
      O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] E:\prhyper.exe
      O4 - HKCU\..\Run: [Npwc] C:\Documents and Settings\basia\Dane
      aplikacji\htao.exe
      O4 - HKCU\..\Run: [Kpegdk] C:\WINDOWS\System32\n?tdde.exe
      O4 - HKCU\..\Run: [180ClientStubInstall] "C:\DOCUME~1\basia\USTAWI~1
      \Temp\zang.exe"
      O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
      www.errorguard.com/installation/Install.cab
      O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
      O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
      O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
      O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
      software-dl.real.com/07d2a8d148cde450fa22/netzip/RdxIE601.cab
      O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
      C:\WINDOWS\System32\vbsys2.dll

      I Fix Checked, nastepnie sciagasz:
      www.downloads.subratam.org/KillBox.zip
      Rozpakuj, zaznacz Delete file on reboot wklej sciezke do pliku (sam/a nie
      szukaj tylko wklejaj gotowa) i naciskaj czerwony przycisk ale na pytanie o
      reset odpowiadaj nie i tak zrob z tymi plikami:

      c:\ex.cab
      C:\WINDOWS\System32\vbsys2.dll
      c:\eied_s7.cab
      C:\DOCUME~1\basia\USTAWI~1\Temp\zang.exe
      C:\WINDOWS\System32\n?tdde.exe
      C:\Documents and Settings\basia\Dane aplikacji\htao.exe
      C:\WINDOWS\System32\ypc.dll
      C:\WINDOWS\System32\abasa5jrp.exe
      C:\Program Files\Media Access\MediaAccK.exe


      Pozniej Start->Uruchom->regedit
      przechodzisz do:
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
      i usuwasz:
      _{08C06D61-F1F3-4799-86F8-BE1A89362C85}

      Instalujesz aktualizacje do windowsa:
      www.windowsupdate.com
      Do tego to:
      www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
      przeskanuj i wlacz ochrone przegladarki
      www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
      ochrone przegladarki
      www.wilderssecurity.net/spywareguard.html <- SpywareGuard
      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe

      Skanujesz tym:
      housecall.trendmicro.com/housecall/start_corp.asp
      www.windowsecurity.com/trojanscan/
      www.pandasoftware.com/activescan/pol/activescan_principal.htm
      Zainstaluj tez antyvirus:
      www.free-av.com/
      albo:
      www.avast.com/eng/avast_4_home.html
      Wywal ten smiec do neostrady i zainstaluj sam modem:
      forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=15680440

      Po wszyskim wklej nowy log.

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka