Gość: k Re: sprawdzenie loga w hijackthis IP: *.warszawa.sdi.tpnet.pl 27.04.06, 19:04 Zakoncz: C:\windows\mousepad14.exe C:\Program Files\paytime.exe C:\windows\system32\taskmgn.exe C:\WINDOWS\system32\0mcamcap.exe C:\winstall.exe C:\WINDOWS\wupdmgr.exe <- opis usuwania masz tutaj: 42.pl/u/hX7 C:\WINDOWS\osaupd.exe C:\PROGRA~1\COMMON~1\rwzo\rwzom.exe C:\PROGRA~1\COMMON~1\rwzo\rwzoa.exe W hjt: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html <- usun plik F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll <- usun plik O2 - BHO: (no name) - {BF4F1464-E8D5-4C1D-B64C-A88A2C559D60} - C:\Program Files\Internet Explorer\mecoqogi.dll <- usun plik O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\system32\azesearch4.ocx O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll <- usun plik O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.ocx <- usun plik O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard14.exe <- usun plik O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad14.exe <- usun plik O4 - HKLM\..\Run: [newname] C:\windows\newname14.exe <- usun plik O4 - HKLM\..\Run: [SysTray] C:\Program Files\paytime.exe <- usun plik O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmgn.exe <- usun plik O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe <- usun plik O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" <- usun plik O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe <- usun plik O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe O4 - HKCU\..\Run: [rwzo] C:\PROGRA~1\COMMON~1\rwzo\rwzom.exe <- usun katalog rwzo Przeskanuj system przy pomocy ewido. Log sie nie zmiescil: O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - <a href=" Wiec doklej brakujaca czesc, albo po usunieciu tego co podalem wklej nowy log. Odpowiedz Link Zgłoś
Gość: PAtrYCzeK Re: sprawdzenie loga w hijackthis IP: *.prodtech.pl 27.04.06, 19:34 Logfile of HijackThis v1.99.1 Scan saved at 19:34:22, on 2006-04-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Gadu-Gadu\Gadu-Gadu\gg.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\osaupd.exe C:\WINDOWS\wupdmgr.exe C:\Program Files\Gadu-Gadu\Gadu-Gadu\gg.exe C:\Documents and Settings\andrzej\Pulpit\hijackthis\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32 \spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" - lang 1033 O4 - HKLM\..\Run: [BearShare] "D:\Kasia\Programy\bs\BearShare.exe" /pause O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1 \SNDMon.exe /Consumer O4 - HKLM\..\Run: [DialerKiller] C:\Program Files\Dialer Killer\DialKill.exe -h O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Andrzej\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7- 88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\Gadu- Gadu\gg.exe" /tray O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6 \PcSync2.exe /NoDialog O4 - HKCU\..\Run: [eMuleAutoStart] D:\Andrzej\programy\eMule\emule.exe - AutoStart O4 - Global Startup: D-Link AirPlus.lnk = ? O8 - Extra context menu item: &Clean Traces - D:\Andrzej\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\Andrzej\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - D:\Andrzej\DAP\dapextie2.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E- 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: www.mks.com.pl O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - www.azebar.com/install/1.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - static.zangocash.com/cab/Seekmo/ie/bridge-c580.cab?b0f8f42ea502af4234f315a96c591487aec46b759e7ecd34897c7a1e212d03bbe0c166f9a9db2480 1534e1909b4f838e2277426e71f70abb71a43dd2fd7b0f0dd4445f79b7:becd9eac74a713e574763 602b68942cb O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32 \Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Odpowiedz Link Zgłoś
Gość: k Re: sprawdzenie loga w hijackthis IP: *.warszawa.sdi.tpnet.pl 28.04.06, 01:33 Do kasacji w hjt: O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - www.azebar.com/install/1.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - static.zangocash.com/cab/Seekmo/ie/bridge-c580.cab? b0f8f42ea502af4234f315a96c591487aec46b759e7ecd34897c7a1e212d03bbe0c166f9a9db2480 1534e1909b4f838e2277426e71f70abb71a43dd2fd7b0f0dd4445f79b7:becd9eac74a713e574763 602b68942cb O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) Odpowiedz Link Zgłoś
Gość: PAtrYczeK Re: sprawdzenie loga w hijackthis IP: *.prodtech.pl 27.04.06, 21:40 pliki C:\WINDOWS\wupdmgr.exe,C:\WINDOWS\osaupd.exe nie da sie usunąć ciągle powracają.na tej stronie co podałeś to zabardzo nie wiem o co chodzi?pomóż Odpowiedz Link Zgłoś
neder Re: sprawdzenie loga w hijackthis 27.04.06, 22:24 wywal te pliki killboxem w trybie awaryjnym Odpowiedz Link Zgłoś
Gość: k Re: sprawdzenie loga w hijackthis IP: *.warszawa.sdi.tpnet.pl 28.04.06, 01:34 Jak to nie wiesz o co chodzi? Czytac potrafisz wiec przeczytaj co tam jest napisane i zrob co trzeba. Odpowiedz Link Zgłoś