sprawdzenie loga w hijackthis

IP: *.prodtech.pl 27.04.06, 18:44
    • Gość: k Re: sprawdzenie loga w hijackthis IP: *.warszawa.sdi.tpnet.pl 27.04.06, 19:04
      Zakoncz:
      C:\windows\mousepad14.exe
      C:\Program Files\paytime.exe
      C:\windows\system32\taskmgn.exe
      C:\WINDOWS\system32\0mcamcap.exe
      C:\winstall.exe
      C:\WINDOWS\wupdmgr.exe <- opis usuwania masz tutaj: 42.pl/u/hX7
      C:\WINDOWS\osaupd.exe
      C:\PROGRA~1\COMMON~1\rwzo\rwzom.exe
      C:\PROGRA~1\COMMON~1\rwzo\rwzoa.exe

      W hjt:
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      c:\secure32.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      searchbar.findthewebsiteyouneed.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      searchbar.findthewebsiteyouneed.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      searchbar.findthewebsiteyouneed.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      c:\secure32.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      c:\secure32.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      searchbar.findthewebsiteyouneed.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      c:\secure32.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      searchbar.findthewebsiteyouneed.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      c:\secure32.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      c:\secure32.html <- usun plik
      F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common
      Files\Microsoft Shared\Web Folders\ibm00001.exe"
      O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} -
      C:\WINDOWS\DH.dll <- usun plik
      O2 - BHO: (no name) - {BF4F1464-E8D5-4C1D-B64C-A88A2C559D60} - C:\Program
      Files\Internet Explorer\mecoqogi.dll <- usun plik
      O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} -
      C:\WINDOWS\system32\azesearch4.ocx
      O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} -
      C:\WINDOWS\system32\iasada.dll <- usun plik
      O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} -
      C:\WINDOWS\system32\azesearch4.ocx <- usun plik
      O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard14.exe <- usun plik
      O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad14.exe <- usun plik
      O4 - HKLM\..\Run: [newname] C:\windows\newname14.exe <- usun plik
      O4 - HKLM\..\Run: [SysTray] C:\Program Files\paytime.exe <- usun plik
      O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmgn.exe <-
      usun plik
      O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe <- usun plik
      O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
      O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web
      Folders\ibm00001.exe" <- usun plik
      O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe <- usun plik
      O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
      O4 - HKCU\..\Run: [rwzo] C:\PROGRA~1\COMMON~1\rwzo\rwzom.exe <- usun katalog
      rwzo

      Przeskanuj system przy pomocy ewido.

      Log sie nie zmiescil:
      O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -
      <a href="
      Wiec doklej brakujaca czesc, albo po usunieciu tego co podalem wklej nowy log.
      • Gość: PAtrYCzeK Re: sprawdzenie loga w hijackthis IP: *.prodtech.pl 27.04.06, 19:34
        Logfile of HijackThis v1.99.1
        Scan saved at 19:34:22, on 2006-04-27
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Norton Internet Security\ISSVC.exe
        C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\WgaTray.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
        C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
        C:\Program Files\Gadu-Gadu\Gadu-Gadu\gg.exe
        C:\Program Files\D-Link AirPlus\AirPlus.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
        C:\WINDOWS\system32\devldr32.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\osaupd.exe
        C:\WINDOWS\wupdmgr.exe
        C:\Program Files\Gadu-Gadu\Gadu-Gadu\gg.exe
        C:\Documents and Settings\andrzej\Pulpit\hijackthis\hijackthis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
        C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
        Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
        O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control
        Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32
        \spool\drivers\w32x86\3\hpztsb05.exe
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
        lang 1033
        O4 - HKLM\..\Run: [BearShare] "D:\Kasia\Programy\bs\BearShare.exe" /pause
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
        Shared\ccApp.exe"
        O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
        \SNDMon.exe /Consumer
        O4 - HKLM\..\Run: [DialerKiller] C:\Program Files\Dialer Killer\DialKill.exe -h
        O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
        O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Andrzej\DAP\DAP.EXE" /STARTUP
        O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC
        Suite 6\LaunchApplication.exe -onlytray
        O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common
        Files\PCSuite\DataLayer\DataLayer.exe
        O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
        88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\Gadu-
        Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6
        \PcSync2.exe /NoDialog
        O4 - HKCU\..\Run: [eMuleAutoStart] D:\Andrzej\programy\eMule\emule.exe -
        AutoStart
        O4 - Global Startup: D-Link AirPlus.lnk = ?
        O8 - Extra context menu item: &Clean Traces - D:\Andrzej\DAP\Privacy
        Package\dapcleanerie.htm
        O8 - Extra context menu item: &Download with &DAP - D:\Andrzej\DAP\dapextie.htm
        O8 - Extra context menu item: Download &all with DAP -
        D:\Andrzej\DAP\dapextie2.htm
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} -
        C:\Program Files\Common Files\moje.js
        O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
        C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O15 - Trusted Zone: www.mks.com.pl
        O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -
        www.azebar.com/install/1.cab
        O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
        static.zangocash.com/cab/Seekmo/ie/bridge-c580.cab?b0f8f42ea502af4234f315a96c591487aec46b759e7ecd34897c7a1e212d03bbe0c166f9a9db2480
        1534e1909b4f838e2277426e71f70abb71a43dd2fd7b0f0dd4445f79b7:becd9eac74a713e574763
        602b68942cb
        O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
        O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32
        \Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton
        Internet Security\ISSVC.exe
        O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
        Internet Security\Norton AntiVirus\SAVScan.exe
        O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
        C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
        Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
        Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
        Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        • Gość: k Re: sprawdzenie loga w hijackthis IP: *.warszawa.sdi.tpnet.pl 28.04.06, 01:33
          Do kasacji w hjt:
          O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
          O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -
          www.azebar.com/install/1.cab
          O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
          static.zangocash.com/cab/Seekmo/ie/bridge-c580.cab?
          b0f8f42ea502af4234f315a96c591487aec46b759e7ecd34897c7a1e212d03bbe0c166f9a9db2480
          1534e1909b4f838e2277426e71f70abb71a43dd2fd7b0f0dd4445f79b7:becd9eac74a713e574763
          602b68942cb
          O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
      • Gość: PAtrYczeK Re: sprawdzenie loga w hijackthis IP: *.prodtech.pl 27.04.06, 21:40
        pliki C:\WINDOWS\wupdmgr.exe,C:\WINDOWS\osaupd.exe nie da sie usunąć ciągle
        powracają.na tej stronie co podałeś to zabardzo nie wiem o co chodzi?pomóż
        • neder Re: sprawdzenie loga w hijackthis 27.04.06, 22:24
          wywal te pliki killboxem w trybie awaryjnym
        • Gość: k Re: sprawdzenie loga w hijackthis IP: *.warszawa.sdi.tpnet.pl 28.04.06, 01:34
          Jak to nie wiesz o co chodzi? Czytac potrafisz wiec przeczytaj co tam jest
          napisane i zrob co trzeba.
Pełna wersja