Dodaj do ulubionych

Czy ktoś mi może pomóc? Logfile z Hijack.

22.11.05, 16:58
Logfile of HijackThis v1.99.1
Scan saved at 16:46:00, on 2005-11-22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mssearchnet.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Agusia\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
home.pol.chello.pl/ssi/welcome/welcome.php?url=search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
home.pol.chello.pl/ssi/welcome/welcome.php?url=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
home.pol.chello.pl/ssi/welcome/welcome.php?url=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program
Microsoft Internet Explorer dostarczony przez chello broadband n.v.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} -
C:\WINDOWS\System32\hpB5A0.tmp (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\pl-pl\msntb.dll (file missing)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop
Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-
4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP
Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF:
START_PAGE_URL=home.pol.chello.pl/ssi/welcome/welcome.php?url=home
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1
\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Obserwuj wątek
    • Gość: k Re: Czy ktoś mi może pomóc? Logfile z Hijack. IP: *.warszawa.sdi.tpnet.pl 22.11.05, 18:30
      Zainstaluj sobie najnowsza wersje IE -> www.windowsupdate.com

      W menadzerze zadan zakoncz:
      C:\WINDOWS\System32\mssearchnet.exe
      Opis usuwania masz tutaj:
      www.searchengines.pl/phpbb203/index.php?showtopic=12510&st=30&p=167684&
      W hijackthis usun:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program
      Microsoft Internet Explorer dostarczony przez chello broadband n.v.
      O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} -
      C:\WINDOWS\System32\hpB5A0.tmp (file missing)
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
      Files\MSN Apps\MSN Toolbar\01.02.3000.1001\pl-pl\msntb.dll (file missing)
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1
      \MSNMES~1\msgrapp.dll" (file missing)
      • szumek_szczecin Re: Czy ktoś mi może pomóc? Logfile z Hijack. 22.11.05, 20:58
        W pasku na dole po prawej stronie były dwie ikonki informujące, że mój komputer jest zainfekowany, jedna zniknęła, ale druga uaktywniła się i jest jeszcze bardziej denerwująca.
        Był też program SpyAxe, który po każdym odinstalowaniu sam się ponownie instalował, ale chyba udało mi się go usunąć.
        Za chwilę wstawie nowy logfile.
        • szumek_szczecin Re: Czy ktoś mi może pomóc? Logfile z Hijack. 22.11.05, 20:59
          Logfile of HijackThis v1.99.1
          Scan saved at 20:58:41, on 2005-11-22
          Platform: Windows XP (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\System32\mssearchnet.exe
          C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
          C:\Program Files\Logitech\Video\LogiTray.exe
          C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
          C:\Program Files\Winamp\winampa.exe
          C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe
          C:\WINDOWS\System32\hphmon05.exe
          C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
          C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
          C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
          C:\Program Files\VIAudioi\SBADeck\ADeck.exe
          C:\WINDOWS\System32\ctfmon.exe
          C:\Program Files\Gadu-Gadu\gg.exe
          C:\WINDOWS\System32\LVComS.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\System32\HPZipm12.exe
          C:\Program Files\Opera\Opera.exe
          C:\Documents and Settings\Agusia\Pulpit\HijackThis.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = home.pol.chello.pl/ssi/welcome/welcome.php?url=search
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = home.pol.chello.pl/ssi/welcome/welcome.php?url=home
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.pol.chello.pl/ssi/welcome/welcome.php?url=home
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
          O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
          O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
          O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
          O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
          O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
          O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe"
          O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
          O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
          O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
          O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
          O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O14 - IERESET.INF: START_PAGE_URL=home.pol.chello.pl/ssi/welcome/welcome.php?url=home
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132684411787
          O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

                        • szumek_szczecin Re: Czy ktoś mi może pomóc? Logfile z Hijack. 22.11.05, 21:48
                          Logfile of HijackThis v1.99.1
                          Scan saved at 21:47:50, on 2005-11-22
                          Platform: Windows XP (WinNT 5.01.2600)
                          MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                          C:\WINDOWS\System32\svchost.exe
                          C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                          C:\Program Files\Logitech\Video\LogiTray.exe
                          C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
                          C:\Program Files\Winamp\winampa.exe
                          C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe
                          C:\WINDOWS\System32\hphmon05.exe
                          C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
                          C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                          C:\Program Files\VIAudioi\SBADeck\ADeck.exe
                          C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
                          C:\WINDOWS\System32\ctfmon.exe
                          C:\Program Files\Gadu-Gadu\gg.exe
                          C:\Program Files\MSN Messenger\msnmsgr.exe
                          C:\WINDOWS\System32\LVComS.exe
                          C:\WINDOWS\System32\HPZipm12.exe
                          C:\Program Files\Internet Explorer\IEXPLORE.EXE
                          C:\Program Files\SpyAxe\spyaxe.exe
                          C:\Program Files\SpyAxe\spyaxe.exe
                          C:\Documents and Settings\Agusia\Pulpit\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                          www.onet.pl/
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                          home.pol.chello.pl/ssi/welcome/welcome.php?url=home
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                          home.pol.chello.pl/ssi/welcome/welcome.php?url=home
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                          C:\WINDOWS\System32\msdxm.ocx
                          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop
                          Album Starter Edition\3.0\Apps\apdproxy.exe"
                          O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky
                          Anti-Virus Personal\kav.exe" /minimize
                          O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
                          Files\Logitech\Video\ISStart.exe
                          O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
                          Files\Logitech\Video\LogiTray.exe
                          O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
                          Packard\HP Share-to-Web\hpgs2wnd.exe
                          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
                          O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                          O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001
                          \pl-pl\msnappau.exe"
                          O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-
                          4f90-9B40-E0A3B8475C4E}\hphupd05.exe
                          O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
                          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
                          \spool\drivers\w32x86\3\hpztsb09.exe
                          O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP
                          Software Update\HPWuSchd2.exe
                          O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
                          O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                          O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
                          Messenger\msnmsgr.exe" /background
                          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
                          Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                          O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                          res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                          O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
                          C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                          O14 - IERESET.INF:
                          START_PAGE_URL=home.pol.chello.pl/ssi/welcome/welcome.php?url=home
                          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
                          update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132684411787
                          O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky
                          Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
                          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

                            • szumek_szczecin Re: Czy ktoś mi może pomóc? Logfile z Hijack. 22.11.05, 22:51
                              Przeskanowałem, znalazł z 10 spyware'ów.
                              Oto log z hijackThis:
                              Logfile of HijackThis v1.99.1
                              Scan saved at 22:49:38, on 2005-11-22
                              Platform: Windows XP (WinNT 5.01.2600)
                              MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

                              Running processes:
                              C:\WINDOWS\System32\smss.exe
                              C:\WINDOWS\system32\winlogon.exe
                              C:\WINDOWS\system32\services.exe
                              C:\WINDOWS\system32\lsass.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\WINDOWS\Explorer.EXE
                              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                              C:\WINDOWS\System32\svchost.exe
                              C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                              C:\Program Files\Logitech\Video\LogiTray.exe
                              C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
                              C:\Program Files\Winamp\winampa.exe
                              C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe
                              C:\WINDOWS\System32\hphmon05.exe
                              C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
                              C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                              C:\Program Files\VIAudioi\SBADeck\ADeck.exe
                              C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
                              C:\WINDOWS\System32\ctfmon.exe
                              C:\Program Files\Gadu-Gadu\gg.exe
                              C:\Program Files\MSN Messenger\msnmsgr.exe
                              C:\WINDOWS\System32\LVComS.exe
                              C:\WINDOWS\System32\HPZipm12.exe
                              C:\Program Files\Internet Explorer\IEXPLORE.EXE
                              C:\Program Files\Internet Explorer\IEXPLORE.EXE
                              C:\WINDOWS\System32\WScript.exe
                              C:\Documents and Settings\Agusia\Pulpit\HijackThis.exe

                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                              www.onet.pl/
                              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                              home.pol.chello.pl/ssi/welcome/welcome.php?url=home
                              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                              home.pol.chello.pl/ssi/welcome/welcome.php?url=home
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                              C:\WINDOWS\System32\msdxm.ocx
                              O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop
                              Album Starter Edition\3.0\Apps\apdproxy.exe"
                              O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky
                              Anti-Virus Personal\kav.exe" /minimize
                              O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
                              Files\Logitech\Video\ISStart.exe
                              O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
                              Files\Logitech\Video\LogiTray.exe
                              O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
                              Packard\HP Share-to-Web\hpgs2wnd.exe
                              O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
                              O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                              O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001
                              \pl-pl\msnappau.exe"
                              O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-
                              4f90-9B40-E0A3B8475C4E}\hphupd05.exe
                              O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
                              O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
                              \spool\drivers\w32x86\3\hpztsb09.exe
                              O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP
                              Software Update\HPWuSchd2.exe
                              O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
                              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                              O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                              O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
                              Messenger\msnmsgr.exe" /background
                              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
                              Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                              O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                              res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                              O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
                              C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                              O14 - IERESET.INF:
                              START_PAGE_URL=home.pol.chello.pl/ssi/welcome/welcome.php?url=home
                              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
                              update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132684411787
                              O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky
                              Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
                              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

                              • szumek_szczecin Re: Czy ktoś mi może pomóc? Logfile z Hijack. 22.11.05, 22:51
                                A to z silentrunners:
                                "Silent Runners.vbs", revision 41, www.silentrunners.org/
                                Operating System: Windows XP
                                Output limited to non-default values, except where indicated by "{++}"


                                Startup items buried in registry:
                                ---------------------------------

                                HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                                "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
                                "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [file not
                                found]
                                "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]
                                "msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

                                HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                                "Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter
                                Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
                                "KAVPersonal50" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
                                Personal\kav.exe" /minimize" ["Kaspersky Lab"]
                                "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Labtec
                                Inc."]
                                "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Labtec
                                Inc."]
                                "Share-to-Web Namespace Daemon" = "C:\Program Files\Hewlett-Packard\HP Share-to-
                                Web\hpgs2wnd.exe" ["Hewlett-Packard"]
                                "NeroCheck" = "C:\WINDOWS\System32\\NeroCheck.exe" ["Ahead Software Gmbh"]
                                "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
                                "msnappau" = ""C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-
                                pl\msnappau.exe"" [MS]
                                "HPHUPD05" = "c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-
                                E0A3B8475C4E}\hphupd05.exe" ["Hewlett-Packard"]
                                "HPHmon05" = "C:\WINDOWS\System32\hphmon05.exe" ["Hewlett-Packard"]
                                "HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3
                                \hpztsb09.exe" ["HP"]
                                "HP Software Update" = "C:\Program Files\Hewlett-Packard\HP Software
                                Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
                                "AudioDeck" = "C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 " ["VIA
                                Technologies, Inc."]

                                HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
                                "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
                                wyświetlania"
                                -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
                                "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
                                -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll"
                                ["Hilgraeve, Inc."]
                                "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
                                -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
                                "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
                                -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
                                "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
                                -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                                [null data]
                                "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Labtec Pictures"
                                -> {CLSID}\InProcServer32\(Default) = "C:\Program
                                Files\Logitech\Video\Namespc2.dll" ["Labtec Inc."]
                                "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop
                                Icon Handler"
                                -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11
                                \MLSHEXT.DLL" [MS]
                                "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom
                                Icon Handler"
                                -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11
                                \OLKFSTUB.DLL" [MS]
                                "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
                                -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft
                                Office\OFFICE11\msohev.dll" [MS]
                                "{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Folder przesyłania Share-to-Web"
                                -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Hewlett-Packard\HP
                                Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]

                                HKLM\Software\Classes\PROTOCOLS\Filter\
                                INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
                                -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common
                                Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

                                HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
                                Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
                                -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Kaspersky
                                Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
                                WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                                -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                                [null data]

                                HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
                                WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                                -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                                [null data]

                                HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
                                Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
                                -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Kaspersky
                                Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
                                WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
                                -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
                                [null data]


                                Active Desktop and Wallpaper:
                                -----------------------------

                                Active Desktop is disabled at this entry:
                                HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


                                Enabled Screen Saver:
                                ---------------------

                                HKCU\Control Panel\Desktop\
                                "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


                                Startup items in "Agusia" & "All Users" startup folders:
                                --------------------------------------------------------

                                C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
                                "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0
                                \Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


                                Enabled Scheduled Tasks:
                                ------------------------

                                "HP Usg Daily" -> launches: "c:\Program Files\Hewlett-Packard\{5372B9A6-6E51-
                                4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe" [empty string]


                                Winsock2 Service Provider DLLs:
                                -------------------------------

                                Namespace Service Providers

                                HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5
                                \Catalog_Entries\ {++}
                                000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
                                000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
                                000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

                                Transport Service Providers

                                HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9
                                \Catalog_Entries\ {++}
                                0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
                                %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
                                %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


                                Toolbars, Explorer Bars, Extensions:
                                ------------------------------------

                                Extensions (Tools menu items, main toolbar menu buttons)

                                HKLM\Software\Microsoft\Internet Explorer\Extensions\
                                {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
                                "ButtonText" = "Badanie"


                                Miscellaneous IE Hijack Points
                                ------------------------------

                                C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

                                Added lines (compared with English-language version):
                                [Strings]: START_PAGE_URL=home.pol.chello.pl/ssi/welcome/welcome.php?
                                url=home

                                Missing lines (compared with English-language version):
                                [Strings]: 1 line


                                Running Services (Display Name, Service Name, Path {Service DLL}):
                                ------------------------------------------------------------------

                                kavsvc, kavsvc, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
                                Personal\kavsvc.exe"" ["Kaspersky Lab"]
                                Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft
                                Shared\VS7DEBUG\MDM.EXE"" [MS]
                                Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\HPZipm12.exe" ["HP"]
                                Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
                                          • Gość: k Re: Czy ktoś mi może pomóc? Logfile z Hijack. IP: *.warszawa.sdi.tpnet.pl 23.11.05, 19:46
                                            To jednak zlob, a raczej jego czesc, ktora zostala.
                                            Usun pliki podane tutaj, czyli:
                                            www.sophos.com/virusinfo/analyses/trojzlobbc.html
                                            mscornet.exe (detected as Troj/Zlob-BC)
                                            mssearch.exe (detected as Troj/Zlob-BC)
                                            nvctrl.exe (detected as Troj/Zlob-BC)
                                            ld????.tmp (detected as Troj/Zlob-BC)
                                            ncompat.tlb (may be safely deleted)
                                            msvol.tlb (may be safely deleted)
                                            hp????.tmp (may be safely deleted)

                                            ???? to losowe znaki, jakby jakis plik stawial opory to uzyj killbox z opcja
                                            delete on reboot.
                                            Sprawdz tez plik explorer.exe tym:
                                            virusscan.jotti.org/ i napisz czy cos znalazlo.


                                            • szumek_szczecin Re: Czy ktoś mi może pomóc? Logfile z Hijack. 04.12.05, 13:08
                                              Witam po małej przerwie. Nie znalazłem żadnego z wymienionych wyżej plików na
                                              moim komputerze.
                                              Sprawdzając plik explorer.exe na virusscan.jotti.org/ pokazuje, że
                                              wszystko jest z nim ok.
                                              Objawy nadal takie same: tylko ikonka z dymkiem przy zegarze, żadnych
                                              złośliwych stron, ani nic z tych rzeczy.
                                              Zaraz podam logfile.
                                              • szumek_szczecin Re: Czy ktoś mi może pomóc? Logfile z Hijack. 04.12.05, 13:09
                                                Logfile of HijackThis v1.99.1
                                                Scan saved at 13:09:15, on 2005-12-04
                                                Platform: Windows XP (WinNT 5.01.2600)
                                                MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

                                                Running processes:
                                                C:\WINDOWS\System32\smss.exe
                                                C:\WINDOWS\system32\winlogon.exe
                                                C:\WINDOWS\system32\services.exe
                                                C:\WINDOWS\system32\lsass.exe
                                                C:\WINDOWS\system32\svchost.exe
                                                C:\WINDOWS\System32\svchost.exe
                                                C:\WINDOWS\system32\spoolsv.exe
                                                C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                                                C:\WINDOWS\System32\svchost.exe
                                                C:\WINDOWS\Explorer.EXE
                                                C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
                                                C:\WINDOWS\System32\wuauclt.exe
                                                C:\Program Files\Logitech\Video\LogiTray.exe
                                                C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
                                                C:\Program Files\Winamp\winampa.exe
                                                C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe
                                                C:\WINDOWS\System32\hphmon05.exe
                                                C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
                                                C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
                                                C:\Program Files\VIAudioi\SBADeck\ADeck.exe
                                                C:\WINDOWS\System32\ctfmon.exe
                                                C:\Program Files\Gadu-Gadu\gg.exe
                                                C:\WINDOWS\System32\HPZipm12.exe
                                                C:\Program Files\Internet Explorer\IEXPLORE.EXE
                                                C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
                                                C:\WINDOWS\System32\LVComS.exe
                                                C:\Documents and Settings\Agusia\Pulpit\HijackThis.exe

                                                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                                                www.onet.pl/
                                                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                                                home.pol.chello.pl/ssi/welcome/welcome.php?url=home
                                                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                                                home.pol.chello.pl/ssi/welcome/welcome.php?url=home
                                                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                                                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                                                C:\WINDOWS\System32\msdxm.ocx
                                                O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop
                                                Album Starter Edition\3.0\Apps\apdproxy.exe"
                                                O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky
                                                Anti-Virus Personal\kav.exe" /minimize
                                                O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
                                                Files\Logitech\Video\ISStart.exe
                                                O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
                                                Files\Logitech\Video\LogiTray.exe
                                                O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
                                                Packard\HP Share-to-Web\hpgs2wnd.exe
                                                O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
                                                O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                                                O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001
                                                \pl-pl\msnappau.exe"
                                                O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-
                                                4f90-9B40-E0A3B8475C4E}\hphupd05.exe
                                                O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
                                                O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
                                                \spool\drivers\w32x86\3\hpztsb09.exe
                                                O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP
                                                Software Update\HPWuSchd2.exe
                                                O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
                                                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                                                O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                                                O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                                                O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
                                                Messenger\msnmsgr.exe" /background
                                                O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
                                                Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                                                O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                                                res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
                                                O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
                                                C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
                                                O14 - IERESET.INF:
                                                START_PAGE_URL=home.pol.chello.pl/ssi/welcome/welcome.php?url=home
                                                O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
                                                update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132684411787
                                                O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky
                                                Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
                                                O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    • Gość: imigas Re: Czy ktoś mi może pomóc? Logfile z Hijack. IP: *.kalisz.mm.pl 04.12.05, 15:05
      Nagle pojawił mi się pulpit, że mam Spywera. Proszę o wskazanie zbędnych wpisów:

      Logfile of HijackThis v1.99.1
      Scan saved at 15:05:31, on 2005-12-04
      Platform: Windows 2000 SP4 (WinNT 5.00.2195)
      MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

      Running processes:
      C:\WINNT\System32\smss.exe
      C:\WINNT\system32\winlogon.exe
      C:\WINNT\system32\services.exe
      C:\WINNT\system32\lsass.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\system32\spoolsv.exe
      C:\WINNT\ATKKBService.exe
      C:\WINNT\System32\svchost.exe
      c:\usr\MYSQL\bin\mysqld.exe
      C:\WINNT\system32\nvsvc32.exe
      C:\WINNT\system32\regsvc.exe
      C:\WINNT\system32\MSTask.exe
      C:\WINNT\system32\stisvc.exe
      C:\WINNT\System32\WBEM\WinMgmt.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\Explorer.EXE
      C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
      C:\WINNT\system32\RUNDLL32.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\WINNT\SOUNDMAN.EXE
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
      C:\WINNT\kl.exe
      C:\WINNT\tool2.exe
      C:\WINNT\System32\svchost.exe
      C:\WINNT\tool3.exe
      c:\drsmartload1.exe
      C:\WINNT\system32\paytime.exe
      C:\WINNT\system32\~update.exe
      C:\WINNT\system32\~update.exe
      C:\WINNT\inet20003\services.exe
      C:\WINNT\system32\rundll32.exe
      C:\WINNT\system32\svchost.exe
      C:\WINNT\inet20003\mm.exe
      c:\windows\adtech2006.exe
      C:\WINNT\system32\dllcache\IExplore.exe
      C:\WINNT\system32\dllcache\IExplore.exe
      D:\Pliki\Podstawowe\Antywirusy\HijackThis.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\PROGRA~1\COMMON~1\foii\foiim.exe
      C:\PROGRA~1\COMMON~1\foii\foiia.exe
      C:\PROGRA~1\COMMON~1\foii\foiil.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      c:\secure32.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      c:\secure32.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      F3 - REG:win.ini: run=C:\WINNT\inet20003\services.exe
      O1 - Hosts: 213.180.130.200 onet
      O1 - Hosts: 83.142.61.117 imigas
      O1 - Hosts: 193.23.48.134 allegro
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} -
      C:\WINNT\inet20003\3.00.11.dll
      O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio -
      {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
      O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
      Files\Java\jre1.5.0_04\bin\jusched.exe
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
      C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
      -atboottime
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [bxproxy] C:\WINNT\bxproxy.exe
      O4 - HKLM\..\Run: [timessquare] c:\windows\timessquare.exe
      O4 - HKLM\..\Run: [PayTime] C:\WINNT\system32\paytime.exe
      O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20003\services.exe
      O4 - HKLM\..\Run: [polo.exe] polo.exe
      O4 - HKLM\..\Run: [adtech2006] c:\windows\adtech2006.exe
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program
      Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
      O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
      O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web
      Folders\ibm00001.exe"
      O4 - HKCU\..\Run: [bxproxy] C:\WINNT\bxproxy.exe
      O4 - HKCU\..\Run: [PayTime] C:\WINNT\system32\paytime.exe
      O4 - HKCU\..\Run: [aupd] C:\WINNT\system32\sysvcs.exe
      O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20003\services.exe
      O4 - HKCU\..\Run: [foii] C:\PROGRA~1\COMMON~1\foii\foiim.exe
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common
      Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: Registration Silent Hunter III.LNK =
      E:\Gry\SilentHunterIII\Support\Register\RegistrationReminder.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console -
      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
      Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O20 - Winlogon Notify: ssldr - C:\WINNT\SYSTEM32\ssldr32.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
      Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC.
      - C:\WINNT\ATKKBService.exe
      O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) -
      VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
      - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program
      Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
      C:\WINNT\system32\nvsvc32.exe

      • Gość: k Re: Czy ktoś mi może pomóc? Logfile z Hijack. IP: *.warszawa.sdi.tpnet.pl 04.12.05, 18:25
        MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) <- moze zainstaluj
        aktualizacje...

        Zakoncz procesy i usun pliki:
        C:\WINNT\kl.exe
        C:\WINNT\tool2.exe
        C:\WINNT\tool3.exe
        c:\drsmartload1.exe
        C:\WINNT\system32\paytime.exe
        C:\WINNT\system32\~update.exe
        C:\WINNT\system32\~update.exe
        C:\WINNT\inet20003\services.exe
        C:\WINNT\inet20003\mm.exe
        c:\windows\adtech2006.exe
        C:\WINNT\system32\dllcache\IExplore.exe
        C:\WINNT\system32\dllcache\IExplore.exe
        C:\PROGRA~1\COMMON~1\foii\foiim.exe
        C:\PROGRA~1\COMMON~1\foii\foiia.exe
        C:\PROGRA~1\COMMON~1\foii\foiil.exe

        W hijackthis usun:

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        c:\secure32.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        about:blank
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        c:\secure32.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        c:\secure32.html
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        c:\secure32.html
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        about:blank
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        c:\secure32.html
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        c:\secure32.html <- usun plik
        F3 - REG:win.ini: run=C:\WINNT\inet20003\services.exe
        O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} -
        C:\WINNT\inet20003\3.00.11.dll
        O4 - HKLM\..\Run: [bxproxy] C:\WINNT\bxproxy.exe
        O4 - HKLM\..\Run: [timessquare] c:\windows\timessquare.exe <- usun plik
        O4 - HKLM\..\Run: [PayTime] C:\WINNT\system32\paytime.exe <- usun plik
        O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20003\services.exe
        O4 - HKLM\..\Run: [polo.exe] polo.exe <- usun plik
        O4 - HKLM\..\Run: [adtech2006] c:\windows\adtech2006.exe <- usun plik
        O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe <- usun plik
        O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web
        Folders\ibm00001.exe" <- usun plik
        O4 - HKCU\..\Run: [bxproxy] C:\WINNT\bxproxy.exe <- usun plik
        O4 - HKCU\..\Run: [PayTime] C:\WINNT\system32\paytime.exe <- usun plik
        O4 - HKCU\..\Run: [aupd] C:\WINNT\system32\sysvcs.exe <- usun plik
        O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20003\services.exe <- usun katalog
        inet20003
        O4 - HKCU\..\Run: [foii] C:\PROGRA~1\COMMON~1\foii\foiim.exe <- usun katalog
        foii
        O4 - Startup: Registration Silent Hunter III.LNK =
        E:\Gry\SilentHunterIII\Support\Register\RegistrationReminder.exe
        O20 - Winlogon Notify: ssldr - C:\WINNT\SYSTEM32\ssldr32.dll <- usun plik

        Przeskanuj tym:
        download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
        przeskanowaniu odinstaluj.

        Zainstaluj antyvirus:
        www.avast.com/eng/avast_4_home.html
        Naprawa tapety:
        www.searchengines.pl/phpbb203/index.php?showtopic=31936

        Po wszystkim wklej nowy log.

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka