sprawdzanie loga z hijackthis

IP: *.gdynia.mm.pl 24.10.05, 13:53
Logfile of HijackThis v1.99.1
Scan saved at 13:50:19, on 2005-10-24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ISTsvc\istsvc.exe
C:\windows\system32\mdms.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\QW5uYQAA\command.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\Documents and Settings\Anna\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
Files\DAP\DAPIEBar.dll
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} -
C:\Program Files\DashBar\DashBar30.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-
3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} -
C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9
\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [OLE COM Services] regsvrcss32.exe
O4 - HKLM\..\Run: [Windows Update 63] shupd64.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [updatedrweb_nt] C:\WINDOWS\System32
\updatedrweb_nt.exe
O4 - HKLM\..\RunServices: [Windows Update 63] shupd64.exe
O4 - HKLM\..\RunServices: [OLE COM Services] regsvrcss32.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [OLE COM Services] regsvrcss32.exe
O4 - HKCU\..\Run: [Windows Update 63] shupd64.exe
O4 - HKCU\..\RunOnce: [Windows Update 63] shupd64.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1
\DAP\dapextie.htm
O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport
Pro\teleport.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} -
C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: ING Bank Online -
ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) -
67.15.101.3/g_bin/pl/poker_2_0_0_37.cab
O20 - Winlogon Notify: style32 - C:\WINDOWS\
O20 - Winlogon Notify: tcpG4T - C:\WINDOWS\SYSTEM32\tcpG4T.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\m0rmla911d.dll
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} -
C:\WINDOWS\System32\bdgbppfe.dll (file missing)
O21 - SSODL: SysTray.Excn - {1722ECFF-4356-4f5b-B534-E67294FE75E9} -
C:\WINDOWS\System32\mbelhdme.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} -
C:\WINDOWS\System32\pejjdeck.dll (file missing)
O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} -
C:\WINDOWS\System32\aobpeedj.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} -
C:\WINDOWS\System32\Hkdfmppn.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file
missing)
O23 - Service: Command Service (cmdService) - Unknown owner -
C:\WINDOWS\QW5uYQAA\command.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner -
C:\Program Files\Common Files\Softwin\BitDefender Update
Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program
Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
(file missing)

    • Gość: Kolobos Re: sprawdzanie loga z hijackthis IP: *.warszawa.sdi.tpnet.pl 24.10.05, 14:04
      Masz piracki windows bez aktualizacji wiec nie uzywaj juz wiecej IE bo zaraz
      znowu zrobisz syf! Zainstaluj sobie Opere (znajdziesz na google)

      Prawoklik na pasku start, wybierasz menadzer zadan i tam zakoncz:
      C:\Program Files\ISTsvc\istsvc.exe
      C:\windows\system32\mdms.exe
      C:\Program Files\SurfAccuracy\SAcc.exe
      C:\WINDOWS\QW5uYQAA\command.exe

      W hijackthis usun:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      c:\secure32.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      searchbar.findthewebsiteyouneed.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      searchbar.findthewebsiteyouneed.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      searchbar.findthewebsiteyouneed.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      c:\secure32.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      searchbar.findthewebsiteyouneed.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      c:\secure32.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      searchbar.findthewebsiteyouneed.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      c:\secure32.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      c:\secure32.html
      R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
      file)
      O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} -
      C:\Program Files\DashBar\DashBar30.dll <- usun katalog SashBar
      O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-
      3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll <-
      odinstaluj/usun katalog TheSearch...
      O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} -
      C:\Program Files\YourSiteBar\ysb.dll <- to samo tutaj
      O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe <- i tutaj +
      uzyj tego:
      securityresponse.symantec.com/avcenter/FxIstbar.exe
      O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe <- usun to
      co masz podane tutaj:
      securityresponse.symantec.com/avcenter/venc/data/trojan.repsamo.html
      www.pogotovie.pl/encyklopedia_details.php?wirus_id=1057&page=pelnyopis
      forum.gazeta.pl/forum/72,2.html?f=430&w=30500900&a=30506784
      Usuwasz podane wpisy w rejestrze i pliki

      O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe <-
      odinstaluj/usun katalog Surf...
      O4 - HKLM\..\Run: [OLE COM Services] regsvrcss32.exe <- usun plik
      O4 - HKLM\..\Run: [Windows Update 63] shupd64.exe <- usun plik
      O4 - HKLM\..\RunServices: [updatedrweb_nt] C:\WINDOWS\System32
      \updatedrweb_nt.exe <- usun plik
      O4 - HKLM\..\RunServices: [Windows Update 63] shupd64.exe
      O4 - HKLM\..\RunServices: [OLE COM Services] regsvrcss32.exe
      O4 - HKCU\..\Run: [OLE COM Services] regsvrcss32.exe
      O4 - HKCU\..\Run: [Windows Update 63] shupd64.exe
      O4 - HKCU\..\RunOnce: [Windows Update 63] shupd64.exe
      O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} -
      C:\Program Files\SideFind\sidefind.dll
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O10 - Hijacked Internet access by WebHancer <- sciagnij lspfix.exe znajdziesz
      go na google i usun nim webhancer ale nic wiecej nie ruszaj bo zepsujesz!
      O20 - Winlogon Notify: style32 - C:\WINDOWS\
      O20 - Winlogon Notify: tcpG4T - C:\WINDOWS\SYSTEM32\tcpG4T.dll <- opis usuwania
      masz juz w linku do mojego postu podanego na gorze przy mdms.exe
      O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\m0rmla911d.dll <- sciagnij:
      www.downloads.subratam.org/l2mfix.exe rozpakuj, uruchom l2mfix.bat
      wybierz opcje #1 poczekaj az utworzy sie log i mi go wyslij na
      kolobos1@gazeta.pl
      O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} -
      C:\WINDOWS\System32\bdgbppfe.dll (file missing)
      O21 - SSODL: SysTray.Excn - {1722ECFF-4356-4f5b-B534-E67294FE75E9} -
      C:\WINDOWS\System32\mbelhdme.dll (file missing)
      O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} -
      C:\WINDOWS\System32\pejjdeck.dll (file missing)
      O21 - SSODL: SysTray.Exsn - {2368D1FC-2F5C-4f1b-B124-E67214FC78E2} -
      C:\WINDOWS\System32\aobpeedj.dll (file missing)
      O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} -
      C:\WINDOWS\System32\Hkdfmppn.dll (file missing)
      Uruchom services.msc i wylacz tam ta usluge:
      O23 - Service: Command Service (cmdService) - Unknown owner -
      C:\WINDOWS\QW5uYQAA\command.exe <- usun caly katalog QW5costam
      Nastepnie w hijackthis delete nt service wpisz cmdService

      Na koniec skan tym:
      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
      download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
      przeskanowaniu odinstaluj.
      Zamknij porty tym:
      www.firewallleaktester.com/tools/wwdc.exe
      Po wszystkim wklej nowy log, w razie problemow uzyj google albo wyszukiwarki na
      forum.
    • Gość: ciemna_masa Re: sprawdzanie loga z hijackthis IP: *.gdynia.mm.pl 24.10.05, 20:45
      Nie wiem co mi wyszło, ale jak możesz to sprawdz .
      Z góry dziekuje


      Logfile of HijackThis v1.99.1
      Scan saved at 20:43:22, on 2005-10-24
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
      C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
      C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
      C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\WINDOWS\QW5uYQAA\command.exe
      C:\WINDOWS\System32\svchost.exe
      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\PROGRA~1\DAP\DAP.EXE
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
      C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
      C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareUpdater.exe
      C:\Documents and Settings\Anna\Pulpit\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.wp.pl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program
      Files\DAP\DAPIEBar.dll
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
      atboottime
      O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
      AntiSpyware\gcasServ.exe"
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
      O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport
      Pro\teleport.htm
      O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
      \DAP\dapextie2.htm
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
      C:\PROGRA~1\DAP\DAP.EXE
      O16 - DPF: ING Bank Online - ssl.bsk.com.pl/bskonl/component/INGOnl.cab
      O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) -
      67.15.101.3/g_bin/pl/poker_2_0_0_37.cab
      O20 - Winlogon Notify: tcpG4T - C:\WINDOWS\SYSTEM32\tcpG4T.dll
      O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\m0rmla911d.dll
      O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} -
      C:\WINDOWS\System32\bdgbppfe.dll (file missing)

      • Gość: Kolobos Re: sprawdzanie loga z hijackthis IP: *.icm.edu.pl / *.icm.edu.pl 24.10.05, 21:20
        Calkiem dobrze wyszlo, ale zostalo jeszcze to:

        O20 - Winlogon Notify: tcpG4T - C:\WINDOWS\SYSTEM32\tcpG4T.dll <- to usun tak
        jak masz opisane tutaj:
        forum.gazeta.pl/forum/72,2.html?f=430&w=30500900&a=30506784
        Czyli usuwasz pliki i wpisy w regedit, ktore tam podalem.

        O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\m0rmla911d.dll <- zrob log,
        o ktory prosilem i wyslij mi na mail'a tak jak prosilem.

        O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} -
        C:\WINDOWS\System32\bdgbppfe.dll (file missing) <- to wystarczy usunac w
        hijackthis.
    • Gość: ciemna_masa Re: sprawdzanie loga z hijackthis IP: *.gdynia.mm.pl 24.10.05, 21:14
      Pobrałam Opere i strony,które nie działały teraz działają. Dzięki barzo
      • Gość: Kolobos Re: sprawdzanie loga z hijackthis IP: *.icm.edu.pl / *.icm.edu.pl 24.10.05, 21:21
        To jeszcze nie koniec, zrob to co napisalem w poprzednim poscie.
        • piotrwen1 Re: sprawdzanie loga z hijackthis 31.10.05, 20:50
          sorki że znowu zawracam głowę, ale mecze sie z tym straszliwie. Sprawdz prosze co znowu źle narobiłam,
          ogfile of HijackThis v1.99.1
          Scan saved at 20:46:03, on 2005-10-31
          Platform: Windows XP (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 (6.00.2600.0000)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\windows\system32\mdms.exe
          D:\Program Files\Gadu-Gadu\gg.exe
          C:\WINDOWS\System32\svchost.exe
          C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          C:\WINDOWS\System32\wuauclt.exe
          C:\Program Files\Opera\Opera.exe
          C:\Documents and Settings\Anna\Pulpit\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
          O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
          O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
          O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
          O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
          O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
          O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
          O8 - Extra context menu item: Add to &Teleport - C:\Program Files\Teleport Pro\teleport.htm
          O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
          O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
          O16 - DPF: ING Bank Online - ssl.bsk.com.pl/bskonl/component/INGOnl.cab
          O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - 67.15.101.3/g_bin/pl/poker_2_0_0_37.cab
          O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\h60qlgd5160.dll (file missing)
          O20 - Winlogon Notify: tcpG4T - tcpG4T.dll (file missing)

          • Gość: Kolobos Re: sprawdzanie loga z hijackthis IP: *.warszawa.sdi.tpnet.pl 31.10.05, 22:11
            Zakoncz proces i usun plik:
            C:\windows\system32\mdms.exe

            W hijackthis:
            O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe <- opis juz
            Ci podawalem wystarczy przeczytac.
            O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\h60qlgd5160.dll (file missing)
            <- uninstaller masz tutaj: www.pchell.com/support/look2me.shtml
            O20 - Winlogon Notify: tcpG4T - tcpG4T.dll (file missing) <- to tez juz Ci
            podalwalem i nie zamierzam pisac tego samego jeszcze raz.
Pełna wersja