Dodaj do ulubionych

pomózcie!! log z hijack

17.08.05, 23:26
Logfile of HijackThis v1.99.1
Scan saved at 23:24:36, on 2005-08-17
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\shttps\http.exe
C:\windows\system32\mdms.exe
C:\sys2041519190.exe
C:\WINDOWS\System32\mszx23.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\ms1.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\RaConfig.exe
C:\HiJack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
file://C:\WINDOWS\System32\searchpage.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.topsearch10.com/search.php?aid=42794&q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
secondplan.org/cmd.php?login=xxx-1471405570&c=Polska&s=3851
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop
Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Internet Explorer] c:\Program Files\Internet
Explorer\shttps\http.exe
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKLM\..\Run: [Instance 001] C:\sys2041519190.exe
O4 - HKLM\..\Run: [ms1] C:\WINDOWS\ms1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ms1] C:\WINDOWS\ms1.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program
Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1
\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
\DAP\dapextie2.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{698EBFFA-A726-4618-9F2C-
DD7089AEEC2D}: NameServer = 192.168.10.1
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O20 - Winlogon Notify: tcpG4T - C:\WINDOWS\SYSTEM32\tcpG4T.dll
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} -
C:\WINDOWS\System32\Ddmogg32.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe

Obserwuj wątek
    • Gość: T-800 Re: pomózcie!! log z hijack IP: *.tpnet.pl / *.tpnet.pl 18.08.05, 14:11
      Do usunięcia (najlepiej w trybie awaryjnym):

      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      > file://C:\WINDOWS\System32\searchpage.htm
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      > www.topsearch10.com/search.php?aid=42794&q=
      > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
      > secondplan.org/cmd.php?login=xxx-1471405570&c=Polska&s=3851

      > F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe

      > O4 - HKLM\..\Run: [Internet Explorer] c:\Program Files\Internet
      > Explorer\shttps\http.exe
      > O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
      > O4 - HKLM\..\Run: [Instance 001] C:\sys2041519190.exe
      > O4 - HKLM\..\Run: [ms1] C:\WINDOWS\ms1.exe

      > O4 - HKCU\..\Run: [ms1] C:\WINDOWS\ms1.exe

      > O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe

      > O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
      > O20 - Winlogon Notify: tcpG4T - C:\WINDOWS\SYSTEM32\tcpG4T.dll
      > O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} -
      > C:\WINDOWS\System32\Ddmogg32.dll

      > O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
      > C:\WINDOWS\System32\nvsvc32.exe

      Zrestartuj system, przeskanuj MS AS
      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
      i Ad-aware'em
      ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe
      usuń wszystko, co te programy znajdą i wklej nowy log.

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka