Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    prosze o sprawdzenie loga-wyskakuje system alert

    IP: *.ha3.agh.edu.pl 13.02.07, 21:37
    Logfile of HijackThis v1.99.1
    Scan saved at 21:32:28, on 2007-02-13
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
    C:\Program Files\Gigabyte\ET5\GUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Robert\Pulpit\hijackthis\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.pajacyk.pl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
    O2 - BHO: Adobe PDF Reader Link Helper -
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common
    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -
    C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: Norton Internet Security 2006 -
    {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common
    Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program
    Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
    O3 - Toolbar: Norton Internet Security 2006 -
    {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common
    Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} -
    C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
    Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility
    Manager\G-VGA.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
    /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
    Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program
    Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
    C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server
    VMRC Advanced Control) -
    www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166800904303
    O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) -
    www.mks.com.pl/skaner/SkanerOnline.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
    download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4961/mcfscan.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{34EC0FAF-6CA9-449C-A16F-C6741C7F7344}:
    NameServer = 85.255.114.46,85.255.112.210
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{51DEB2FE-83F0-45C3-8494-6C6B41699B7A}:
    NameServer = 85.255.114.46,85.255.112.210
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{7BF85631-C9BE-4D60-8432-DF72BD7EACB7}:
    NameServer = 85.255.114.46,85.255.112.210
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{A8B9FF08-D545-4720-BBE4-C885F83D0947}:
    NameServer = 85.255.114.46,85.255.112.210
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.46
    85.255.112.210
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46
    85.255.112.210
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} -
    C:\WINDOWS\system32\higehsg.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
    Obserwuj wątek
      • Gość: Kolobos Re: prosze o sprawdzenie loga-wyskakuje system al IP: *.escom.net.pl 13.02.07, 22:00
        Odinstaluj Nortona, zainstaluj AntiVir PE. Przeskanuj system przy pomocy ewido.
        Uzyj: downloads.subratam.org/Fixwareout.exe , po uzyciu utworzy sie log, ktory wklej na forum.

        W hjt usun:
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        www.yahoo.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.yahoo.com
        O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
        C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll <- katalog Yahoo! usun z dysku.

        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE <- wylacz w msconfig.

        Podmienione dnsy tez usun:
        O17 -
        HKLM\System\CCS\Services\Tcpip\..\{34EC0FAF-6CA9-449C-A16F-C6741C7F7344}:
        NameServer = 85.255.114.46,85.255.112.210
        O17 -
        HKLM\System\CCS\Services\Tcpip\..\{51DEB2FE-83F0-45C3-8494-6C6B41699B7A}:
        NameServer = 85.255.114.46,85.255.112.210
        O17 -
        HKLM\System\CCS\Services\Tcpip\..\{7BF85631-C9BE-4D60-8432-DF72BD7EACB7}:
        NameServer = 85.255.114.46,85.255.112.210
        O17 -
        HKLM\System\CCS\Services\Tcpip\..\{A8B9FF08-D545-4720-BBE4-C885F83D0947}:
        NameServer = 85.255.114.46,85.255.112.210
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.46
        85.255.112.210
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46
        85.255.112.210

        O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} -
        C:\WINDOWS\system32\higehsg.dll <- plik usun z dysku.

        Doklej reszte od:
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
        • Gość: bobby Re: prosze o sprawdzenie loga-wyskakuje system al IP: *.ha3.agh.edu.pl 14.02.07, 16:52
          wykonalem zalecone zmiany. nie wszystko sie dalo usunac a po zmianach w msconfig
          komp uruchomil sie selektywnie.

          Pomoglo na wyskujacy dymek ale pzrestaly dzialac pzregladarki internetowe wiec
          cofnalem wszyskie zmiany w hijackthis i dymka dalej nie ma. uruchomilem zalecany
          program i wklejam loga.

          czy moge uznac ze jest ok skoro nic nie wyskakuje?



          Fixwareout Last edited 2/11/2007
          Post this report in the forums please
          ...
          »»»»»Prerun check
          HKLM\SOFTWARE\~\Winlogon\ "System"="kdnww.exe"

          »»»»» System restarted

          »»»»» Postrun check
          HKLM\SOFTWARE\~\Winlogon\ "system"=""
          ....
          ....
          »»»»» Misc files.
          ....
          »»»»» Checking for older varients.
          ....

          Search five digit cs, dm, kd, jb, other, files.
          The following files NEED TO BE SUBMITTED to one of the following URL'S for
          further inspection.



          Click browse, find the file then click submit.
          www.virustotal.com/flash/index_en.html
          Or virusscan.jotti.org/

          »»»»» Other
          C:\WINDOWS\Temp\kdnww.ren 63274 2004-08-04



          »»»»» Current runs
          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "RTHDCPL"="RTHDCPL.EXE"
          "SkyTel"="SkyTel.EXE"
          "GBB36X Configure"="C:\\WINDOWS\\system32\\JMRaidTool.exe boot"
          "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
          "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
          "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
          "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
          "VGAUtil"="C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe"
          "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
          "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
          "EasyTuneV"="C:\\Program Files\\Gigabyte\\ET5\\GUI.exe"
          "Alcmtr"="ALCMTR.EXE"
          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
          "Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"
          "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
          "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
          ....
          Hosts file was reset, If you use a custom hosts file please replace it
          »»»»» End report »»»»»
          • Gość: Kolobos Re: prosze o sprawdzenie loga-wyskakuje system al IP: *.escom.net.pl 14.02.07, 18:46
            Wklej nowy log z hijackthis (w dwoch postach bo jednym sie nie zmiesci caly!).
            Napisz tez czego nie udalo sie usunac.
            • Gość: bobby Re: prosze o sprawdzenie loga-wyskakuje system al IP: *.ha3.agh.edu.pl 14.02.07, 21:23

              tego pliku nie bylo:C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll

              ten sie nie dal usunac C:\WINDOWS\system32\higehsg.dll

              reszta z hijacka sie usunela ale jak juz pisalem przywrocilem wszystko bo byl
              problem z internetem.

              Logfile of HijackThis v1.99.1
              Scan saved at 21:22:14, on 2007-02-14
              Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
              C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
              C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
              C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
              C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
              C:\WINDOWS\system32\nvsvc32.exe
              C:\WINDOWS\RTHDCPL.EXE
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
              C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
              C:\Program Files\Gigabyte\ET5\GUI.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Gadu-Gadu\gg.exe
              C:\Program Files\Skype\Phone\Skype.exe
              C:\Program Files\Skype\Plugin Manager\SkypePM.exe
              C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
              C:\Program Files\ewido anti-spyware 4.0\guard.exe
              C:\Program Files\ewido anti-spyware 4.0\ewido.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\Documents and Settings\Robert\Pulpit\hijackthis\hijackthis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              www.pajacyk.pl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
              www.yahoo.com
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
              www.yahoo.com
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
              O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
              C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
              - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -
              C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
              Files\Java\jre1.5.0_10\bin\ssv.dll
              O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
              - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
              O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program
              Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
              c:\program files\google\googletoolbar3.dll
              O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
              C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
              O3 - Toolbar: Norton Internet Security 2006 -
              {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec
              Shared\AdBlocking\NISShExt.dll
              O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} -
              C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
              files\google\googletoolbar3.dll
              O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
              O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
              O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
              Files\Java\jre1.5.0_10\bin\jusched.exe"
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
              -atboottime
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
              O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
              O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
              O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe"
              /minimized
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
              O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
              /minimized
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
              Files\Adobe\Reader 8.0\Reader\reader_sl.exe
              O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program
              Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
              Office\Office\OSA9.EXE
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
              C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console -
              {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
              Files\Java\jre1.5.0_10\bin\ssv.dll
              O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
              C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
              C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger -
              {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC
              Advanced Control) -
              www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
              update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166800904303
              O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) -
              www.mks.com.pl/skaner/SkanerOnline.cab
              O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
              download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4961/mcfscan.cab
              O17 - HKLM\System\CCS\Services\Tcpip\..\{34EC0FAF-6CA9-449C-A16F-C6741C7F7344}:
              NameServer = 85.255.114.46,85.255.112.210
              O17 - HKLM\System\CCS\Services\Tcpip\..\{51DEB2FE-83F0-45C3-8494-6C6B41699B7A}:
              NameServer = 85.255.114.46,85.255.112.210
              O17 - HKLM\System\CCS\Services\Tcpip\..\{7BF85631-C9BE-4D60-8432-DF72BD7EACB7}:
              NameServer = 85.255.114.46,85.255.112.210
              O17 - HKLM\System\CCS\Services\Tcpip\..\{A8B9FF08-D545-4720-BBE4-C885F83D0947}:
              NameServer = 85.255.114.46,85.255.112.210
              O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.46
              85.255.112.210
              O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46
              85.255.112.210
              O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
              C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
              O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
              O23 - Service: Automatic LiveUpdate Sch
              • Gość: bobby Re: prosze o sprawdzenie loga-wyskakuje system al IP: *.ha3.agh.edu.pl 14.02.07, 21:25
                O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
                C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
                C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) -
                Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
                O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
                C:\Program Files\Common Files\Symantec Shared\ccProxy
                • Gość: Kolobos Re: prosze o sprawdzenie loga-wyskakuje system al IP: *.escom.net.pl 14.02.07, 23:14
                  Usun wpisy, ktore podalem wczesniej! Jak juz wklejasz to calosc, a nie znowu to samo co wczesniej bez koncowki.
                  • Gość: bobby Re: prosze o sprawdzenie loga-wyskakuje system al IP: *.ha3.agh.edu.pl 15.02.07, 20:27
                    wleilem koncowke w drugim poscie(sa 2 po kolei) to caly log z hijacka. juz
                    pisalem ze jak wykasuje te wpisy to mi przegladarki internetowe nie dzialaja
                    wiec co z tego ze je wykasuje jak wcale nie bede mial internetu?
                    • Gość: Kolobos Re: prosze o sprawdzenie loga-wyskakuje system al IP: *.escom.net.pl 15.02.07, 20:50
                      Pewnie, to ma byc caly log:
                      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
                      C:\Program Files\Common Files\Symantec Shared\ccProxy

                      Jakos nie widze zeby to byla calosc.

                      Usuwasz podmienione DNS'y wiec to normalne, ze strony sie nie otwieraja.
                      Wczesniej musisz ustawic we wlasciwosciach polaczenie dnsy takie jakie zaleca Twoj dostawca netu.
                      • Gość: bobby to jeszcze raz log cz1 IP: *.ha3.agh.edu.pl 15.02.07, 22:04
                        Logfile of HijackThis v1.99.1
                        Scan saved at 22:01:08, on 2007-02-15
                        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                        C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                        C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                        C:\Program Files\ewido anti-spyware 4.0\guard.exe
                        C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
                        C:\WINDOWS\system32\nvsvc32.exe
                        C:\WINDOWS\RTHDCPL.EXE
                        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                        C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
                        C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
                        C:\Program Files\Gigabyte\ET5\GUI.exe
                        C:\WINDOWS\system32\ctfmon.exe
                        C:\Program Files\Gadu-Gadu\gg.exe
                        C:\Program Files\Skype\Phone\Skype.exe
                        C:\Program Files\Messenger\msmsgs.exe
                        C:\Program Files\Skype\Plugin Manager\SkypePM.exe
                        C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
                        C:\Program Files\Mozilla Firefox\firefox.exe
                        C:\Documents and Settings\Robert\Pulpit\hijackthis\hijackthis.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                        www.pajacyk.pl/
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                        www.yahoo.com
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                        www.yahoo.com
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                        O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
                        C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
                        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
                        - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                        O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -
                        C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
                        Files\Java\jre1.5.0_10\bin\ssv.dll
                        O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
                        - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                        O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program
                        Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                        c:\program files\google\googletoolbar3.dll
                        O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
                        C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
                        O3 - Toolbar: Norton Internet Security 2006 -
                        {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec
                        Shared\AdBlocking\NISShExt.dll
                        O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} -
                        C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                        files\google\googletoolbar3.dll
                        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                        O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
                        O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
                        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
                        Files\Java\jre1.5.0_10\bin\jusched.exe"
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
                        -atboottime
                        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                        O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
                        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
                        O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
                        O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
                        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                        O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
                        /minimized
                        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
                        Files\Adobe\Reader 8.0\Reader\reader_sl.exe
                        O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program
                        Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
                        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                        Office\Office\OSA9.EXE
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
                        C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console -
                        {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
                        Files\Java\jre1.5.0_10\bin\ssv.dll
                        O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
                        C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
                        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                        C:\Program Files\Messenger\msmsgs.exe
                        O9 - Extra 'Tools' menuitem: Windows Messenger -
                        {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC
                        Advanced Control) -
                        www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
                        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
                        update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166800904303
                        O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) -
                        www.mks.com.pl/skaner/SkanerOnline.cab
                        O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
                        download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4961/mcfscan.cab
                        O17 - HKLM\System\CCS\Services\Tcpip\..\{34EC0FAF-6CA9-449C-A16F-C6741C7F7344}:
                        NameServer = 85.255.114.46,85.255.112.210
                        O17 - HKLM\System\CCS\Services\Tcpip\..\{51DEB2FE-83F0-45C3-8494-6C6B41699B7A}:
                        NameServer = 85.255.114.46,85.255.112.210
                        O17 - HKLM\System\CCS\Services\Tcpip\..\{7BF85631-C9BE-4D60-8432-DF72BD7EACB7}:
                        NameServer = 85.255.114.46,85.255.112.210
                        O17 - HKLM\System\CCS\Services\Tcpip\..\{A8B9FF08-D545-4720-BBE4-C885F83D0947}:
                        NameServer = 85.255.114.46,85.255.112.210
                        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.46
                        85.255.112.210
                        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46
                        85.255.112.210
                        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
                        C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                        O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
                        O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
                        C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
                        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                        O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) -
                        Symantec Corporation - C:\Program Files\Norton Inter
                        • Gość: Kolobos Re: to jeszcze raz log cz1 IP: *.escom.net.pl 15.02.07, 22:18
                          Nortona mozesz wywalic i zamiast tego zainstalowac AntiVir PE.

                          W hjt usun:
                          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                          www.yahoo.com
                          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                          www.yahoo.com
                          O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
                          C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
                          O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
                          C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
                          O17 - HKLM\System\CCS\Services\Tcpip\..\{34EC0FAF-6CA9-449C-A16F-C6741C7F7344}:
                          NameServer = 85.255.114.46,85.255.112.210
                          O17 - HKLM\System\CCS\Services\Tcpip\..\{51DEB2FE-83F0-45C3-8494-6C6B41699B7A}:
                          NameServer = 85.255.114.46,85.255.112.210
                          O17 - HKLM\System\CCS\Services\Tcpip\..\{7BF85631-C9BE-4D60-8432-DF72BD7EACB7}:
                          NameServer = 85.255.114.46,85.255.112.210
                          O17 - HKLM\System\CCS\Services\Tcpip\..\{A8B9FF08-D545-4720-BBE4-C885F83D0947}:
                          NameServer = 85.255.114.46,85.255.112.210
                          O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.46
                          85.255.112.210
                          O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46
                          85.255.112.210
                          O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)

                          Po usunieciu dns'ow ustawaiasz takie jakie zaleca agh czy kto tam jest Twoim dostawca netu.
                      • Gość: bobby log cz2 IP: *.ha3.agh.edu.pl 15.02.07, 22:07

                        O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
                        C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
                        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                        O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
                        Files\Norton Internet Security\comHost.exe
                        O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -
                        C:\Program Files\ewido anti-spyware 4.0\guard.exe
                        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
                        Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                        O23 - Service: LiveUpdate - Symantec Corporation -
                        C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
                        O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
                        Corporation - C:\Program Files\Norton Internet Security\Norton
                        AntiVirus\navapsvc.exe
                        O23 - Service: Norton Protection Center Service (NSCService) - Symantec
                        Corporation - C:\Program Files\Common Files\Symantec Shared\Security
                        Console\NSCSRVCE.EXE
                        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                        C:\WINDOWS\system32\nvsvc32.exe
                        O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program
                        Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
                        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
                        - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
                        Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                        O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common
                        Files\Symantec Shared\CCPD-LC\symlcsvc.exe

                        teraz na pewno jest caly tak jak sie pojawil w notatniku. a ustawienia sieci mam
                        takie jakie dostarczyl mi admin wiec nie wiem na co mialbym je zmienic
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.
    Wybrane treści z serwisu Sport.pl są dostępne po wykupieniu płatnej subskrypcji