Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    Sprawdzenie loga z Hijackthis

    IP: *.neoplus.adsl.tpnet.pl 31.10.05, 20:09
    Logfile of HijackThis v1.99.1
    Scan saved at 20:06:02, on 2005-10-31
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Winamp\Winampa.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\gg\Gadu-Gadu\gg.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\asd\Pulpit\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    195.95.218.172/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    195.95.218.172/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    195.95.218.172/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    195.95.218.172/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    195.95.218.172/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    195.95.218.172/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    F2 - REG:system.ini: Shell=explorer.exe
    "C:\Program
    Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} -
    C:\WINDOWS\system32\appwiz.dll (file missing)
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
    Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [WindUp] WindUp.exe
    O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky
    Anti-Virus Personal\kav.exe /minimize
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web
    Folders\ibm00001.exe"
    O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
    /minimized
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\gg\Gadu-Gadu\gg.exe" /tray
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program
    files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download All by FlashGet - C:\Program
    Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program
    Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program
    files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} -
    C:\Program Files\Common Files\moje.js
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links -
    {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .amr: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{24788230-4B5B-4BF8-BC79-C420D3639625}:
    NameServer = 85.255.114.29,85.255.112.152
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    (file missing)
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky
    Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Power Manager (PowerManager) - Unknown owner -
    C:\WINDOWS\svchost.exe (file missing)

    Obserwuj wątek
      • Gość: Kolobos Re: Sprawdzenie loga z Hijackthis IP: *.warszawa.sdi.tpnet.pl 31.10.05, 22:09
        Usun:

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        195.95.218.172/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        195.95.218.172/index.php
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        195.95.218.172/index.php
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        195.95.218.172/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        195.95.218.172/index.php
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        195.95.218.172/index.php
        F2 - REG:system.ini: Shell=explorer.exe
        "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
        O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} -
        C:\WINDOWS\system32\appwiz.dll (file missing)
        O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
        O4 - HKLM\..\Run: [WindUp] WindUp.exe <- usun plik
        O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe <- usun plik
        O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web
        Folders\ibm00001.exe" <- usun plik i uruchom exefix.reg ktory znajdziesz na
        google.
        O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe <- usun plik
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links -
        {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
        ll
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        (file missing)
        O23 - Service: Power Manager (PowerManager) - Unknown owner -
        C:\WINDOWS\svchost.exe (file missing) <- wylacz usluge w services.msc i usun w
        hijackthis (delete nt service wpisz PowerManager)

        Zamknij tez porty w wwdc.exe o ile jeszcze tego nie zrobiles.
        • Gość: tata1959 Re: Sprawdzenie loga z Hijackthis IP: *.neoplus.adsl.tpnet.pl 01.11.05, 00:13
          witam
          tak..podmienione serwery DNS,to są Ukraińskie i oczywiście VX2 w nowej
          wersji,ciężka sprawa,to właśnie między innymi brak uaktualnień windy.
          pozdrawiam

          .

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.