Log do sprawdzenia pięknie prosze ;]

IP: *.adsl.inetia.pl 25.10.06, 12:56
Logfile of HijackThis v1.99.1
Scan saved at 12:56:08, on 2006-10-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DriveCrypt\DcrServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DriveCrypt\DriveCrypt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sebek\Pulpit\Instalki\HiJackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.dict.pl/plen
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Acrobat 6.0.1\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-
5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
C:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\BCWipe\BCWipeTM.exe"
startup
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9
\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9
\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9
\bdswitch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DriveCrypt Startup] c:\Program
Files\DriveCrypt\DriveCrypt.exe /WS
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded
Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver -
C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: &Ściągnij wszystko za pomocą WellGeta -
C:\Program Files\WellGet\nxall.htm
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded
Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded
Program Files\googlenav.dll/cmsimilar.html
O8 - Extra context menu item: Ściągnij za pomocą &WellGeta - C:\Program
Files\WellGet\nxcatch.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} -
C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-
444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} -
C:\Program Files\WellGet\WellGet.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-
A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Movies Extractor Scout - {F1EEBE30-9780-47FA-8AFF-
114EF77B9EC9} - C:\Program Files\Movies Extractor Scout\flashextract.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) -
toolbar1.google.com/data/pl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) -
www.systemrequirementslab.com/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37DCA4E9-8971-4F97-A8C4-
DCA3B7BF4517}: NameServer = 85.255.114.40 85.255.112.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1
\MSNMES~1\MSGRAP~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file
missing)
O23 - Service: DriveCrypt Service (DriveCryptService) - Unknown owner -
C:\Program Files\DriveCrypt\DcrServ.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner -
C:\Program Files\Common Files\Softwin\BitDefender Update
Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems,
Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program
Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
(file missing)

    • Gość: Kolobos Re: Log do sprawdzenia pięknie prosze ;] IP: *.escom.net.pl 25.10.06, 13:25
      Uzyj: downloads.subratam.org/Fixwareout.exe , log z usuwania wklej na forum (tylko nie wklejaj log'u z hjt...).

      W hjt usun:
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      Podmienione dnsy tez usun i ustaw takie jakie zaleca Twoj dostawca netu:
      O17 - HKLM\System\CCS\Services\Tcpip\..\{37DCA4E9-8971-4F97-A8C4-
      DCA3B7BF4517}: NameServer = 85.255.114.40 85.255.112.15

    • Gość: Ytek Re: Log do sprawdzenia pięknie prosze ;] IP: *.adsl.inetia.pl 26.10.06, 11:07
      Oto log:


      Fixwareout ver 1.003
      Last edited 8/11/2006
      Post this report in the forums please

      Reg Entries that were deleted
      ...

      Random Runs removed from HKLM
      ...

      PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT
      IT IS LEAVE THEM ALONE.

      »»»»» Searching by size/names...

      »»»»»
      Search five digit cs, dm and jb files.
      This WILL/CAN also list Legit Files, Submit them at Virustotal

      Other suspects.
      Directory of C:\WINDOWS\system32

      »»»»» Misc files.

      »»»»» Checking for older varients covered by the Rem3 tool.
Pełna wersja