Tez ladnie prosze o sprawdzenie mojego , dzieki ;)

IP: 86.73.110.* 12.04.07, 19:13

Cz.1

Logfile of HijackThis v1.99.1
Scan saved at 7:11:21 PM, on 4/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\oodag.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QKeys\QKeys.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINNT\system32\AVWLPSTA.EXE
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
C:\Program Files\Nokia\PC Suite pour Nokia 7650\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite pour Nokia 7650\ectaskscheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\abdel\Desktop\Hijack This\hijackthis.exe
    • Gość: Nel Re: Tez ladnie prosze o sprawdzenie mojego , dzie IP: 86.73.110.* 12.04.07, 19:14
      I cz.2

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      fr.news.yahoo.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      fr.yahoo.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
      fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
      Settings,ProxyOverride = ;localhost;<local>
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
      (no file)
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
      Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
      c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-
      00A0C9082467} - C:\WINNT\System32\msdxm.ocx
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
      files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [QKeys] C:\Program Files\QKeys\QKeys.EXE
      O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
      atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06
      \bin\jusched.exe
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [AVWLPSTA.EXE] AVWLPSTA.EXE
      O4 - HKLM\..\Run: [rheauzr] c:\winnt\system32\rheauzr.exe rheauzr
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
      O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006
      \MemOptimizer.exe" autostart
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
      88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O4 - HKCU\..\Run: [Instant Access] C:\WINNT\system32\prodsrvs.exe /res
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
      Messenger\MsnMsgr.Exe" /background
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
      Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA
      Master 4.2\CM_camera.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office10\OSA.EXE
      O4 - Global Startup: PCSuiteForNokia7650 Detect.lnk = C:\Program Files\Nokia\PC
      Suite pour Nokia 7650\connmngmntbox.exe
      O4 - Global Startup: PCSuiteForNokia7650 TS.lnk = C:\Program Files\Nokia\PC
      Suite pour Nokia 7650\ectaskscheduler.exe
      O8 - Extra context menu item: &Google Search - res://c:\program
      files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://c:\program
      files\google\GoogleToolbar2.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://c:\program
      files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
      files\google\GoogleToolbar2.dll/cmcache.html
      O8 - Extra context menu item: Similar Pages - res://c:\program
      files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://c:\program
      files\google\GoogleToolbar2.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
      00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
      Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
      C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
      by103w.bay103.mail.live.com/mail/resources/MsnPUpld.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
      update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125394507046
      O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) -
      www4.photoweb.fr/telechargement/Photoweb_uploader.cab
      O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International
      Setup Player) - 72.32.179.44/filter/cameraviewer/isetup.cab
      O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - es6-
      scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{F0CD825C-FE26-4715-85E7-DC80530A944C}:
      NameServer = 172.19.0.254,193.49.144.1
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = uang,univ-
      angers.fr
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = uang,univ-
      angers.fr
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = uang,univ-
      angers.fr
      O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1
      \SYSTEM~1\autocomp.exe (file missing)
      O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS
      Software Corp. - C:\WINNT\System32\dmadmin.exe
      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON
      CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
      O23 - Service: ewido security suite control - ewido networks - C:\Program
      Files\ewido anti-malware\ewidoctrl.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program
      Files\Eset\nod32krn.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
      C:\WINNT\System32\nvsvc32.exe
      O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe

      • Gość: Kolobos Re: Tez ladnie prosze o sprawdzenie mojego , dzie IP: *.escom.net.pl 12.04.07, 23:18
        Usun w hjt:
        > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        > fr.news.yahoo.com/
        > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        > fr.yahoo.com
        > R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
        > fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*fr.search.yahoo.com
        > R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        > R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
        > (no file)
        O4 - HKLM\..\Run: [rheauzr] c:\winnt\system32\rheauzr.exe rheauzr <- plik usun z dysku.
        O4 - HKCU\..\Run: [Instant Access] C:\WINNT\system32\prodsrvs.exe /res <- plik usun z dysku.
        O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
        O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab

        Na koniec skan:
        www.pandasoftware.com/activescan/pol/activescan_principal.htm
        www.spywareinfo.com/xscan.php
        www.bitdefender.com/scan8/ie.html
Pełna wersja