Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    Sprawdzanie loga z HijackThis

    25.03.06, 21:47
    Logfile of HijackThis v1.99.1
    Scan saved at 21:29:41, on 2005-03-25
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\NetMeter\NetMeter.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Documents and Settings\Michał\Pulpit\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    www.p2p-load.de/share/?l=e
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    www.p2p-load.de/share/?l=e
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.onet.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: (no name) - {035866EA-0390-0112-F758-B933861F543C} - C:\DOCUME~1
    \MICHAŁ\DANEAP~1\OPTION~1\BLEH ACTIVE.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
    Files\NewDotNet\newdotnet7_22.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-
    90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
    C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
    Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI
    Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1
    \NEWDOT~2.DLL,ClientStartup -s
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O4 - HKCU\..\Run: [Trust List] C:\DOCUME~1\MICHAŁ\DANEAP~1\DEAFMA~1
    \Deleterefhtm.exe
    O4 - Startup: NetMeter.lnk = C:\Program Files\NetMeter\NetMeter.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI
    Technologies\ATI.ACE\CLI.exe
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List -
    res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print -
    res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program
    Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program
    Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
    00401C608501} - C:\WINDOWS\System32\msjava.dll
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} -
    217.96.55.11//activex/AMC.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{53A1039E-93D2-4B0F-9C9C-
    51A291F0480C}: NameServer = 213.199.225.14
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5516F71B-7482-45FF-94DA-
    8908095EB554}: NameServer = 213.199.225.14
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FB0F6ACE-93E6-4F33-97CE-
    55989F08D772}: NameServer = 213.199.225.14
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32
    \Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32
    \IDriverT.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp
    Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    Obserwuj wątek
      • kolobos Re: Sprawdzanie loga z HijackThis 25.03.06, 21:59
        W hijackthis usun:
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        www.p2p-load.de/share/?l=e
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
        www.p2p-load.de/share/?l=e
        O2 - BHO: (no name) - {035866EA-0390-0112-F758-B933861F543C} - C:\DOCUME~1
        \MICHAŁ\DANEAP~1\OPTION~1\BLEH ACTIVE.exe <- usun katalog OPTION~1
        O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
        Files\NewDotNet\newdotnet7_22.dll
        O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
        O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1
        \NEWDOT~2.DLL,ClientStartup -s <- odinstaluj newdotnet
        O4 - HKCU\..\Run: [Trust List] C:\DOCUME~1\MICHAŁ\DANEAP~1\DEAFMA~1
        \Deleterefhtm.exe <- usun katalog DEAFMA~1
        O10 - Hijacked Internet access by New.Net <- usun przy pomocy lspfix (z
        przyklejonego)
        O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} -
        217.96.55.11//activex/AMC.cab

        Do tego zrob skan tym co wszyscy.
      • barracuda7110 Re: Sprawdzanie loga z HijackThis 25.03.06, 22:38
        Zainstaluj poprawki do systemu: www.windowsupdate.com
      • kolobos Re: Sprawdzanie loga z HijackThis 26.03.06, 12:18
        Nie zakladaj nowych watkow tylko wklejaj wszystko w tym!

        Przegapiles jeszcze to:
        O4 - HKCU\..\Run: [Trust List] C:\DOCUME~1\MICHAŁ\DANEAP~1\DEAFMA~1
        \Deleterefhtm.exe

        • gacek1990 Re: Sprawdzanie loga z HijackThis 26.03.06, 14:17
          oki sorx.. Dzieki..!! pozdro.
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.
    Wybrane treści z serwisu Sport.pl są dostępne po wykupieniu płatnej subskrypcji