 |
|
 |
| |
|
| Autor |
Wiadomość |
KrisDtrych
Nowy nieobeznany
Dołączył: 13 Cze 2006
Posty: 1
Przeczytał: 0 tematów
Ostrzeżeń: 0/4
Skąd: Kamieniec.poz
|
 Wysłany:
Wto 20:43, 13 Cze 2006 |
 |
Logfile of HijackThis v1.99.1
Scan saved at 20:39:35, on 2006-06-13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atmclk.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Save\Save.exe
C:\Program Files\PECarlin\PECarlin.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\SpywareQuake.com\Spyware-Quake.exe
C:\Program Files\SpywareQuake.com\Spyware-Quake.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Kris\Moje dokumenty\mkssetup_2005.exe
C:\Program Files\Warez P2P Client\warez.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\Kris\USTAWI~1\Temp\~AceTemp\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [link widoczny dla zalogowanych]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll
O2 - BHO: (no name) - {22012561-EAA0-9776-A561-9D1CF09BB192} - C:\WINDOWS\System32\ybwv.dll (file missing)
O2 - BHO: (no name) - {48E6FA30-CEAE-C6A8-1882-04FF7167C878} - C:\DOCUME~1\Kris\DANEAP~1\CHINGP~1\phone great.exe
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [w08b4b8b.dll] RUNDLL32.EXE w08b4b8b.dll,I2 00147633008b4b8b
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [bodyboldbleh64] C:\Documents and Settings\All Users\Dane aplikacji\Meta Clock Body Bold\Windowtool.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\RunOnce: [Girls] C:\243461.bat
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [AXVenore] "C:\Program Files\AXVenore\AXVenore.exe"
O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe"
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [rule second] C:\DOCUME~1\Kris\DANEAP~1\MFCDOKAY\Window less.exe
O4 - Startup: McAfee.com SpamKiller.lnk = C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - [link widoczny dla zalogowanych]
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - [link widoczny dla zalogowanych]
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5DEEF55-A46C-40E5-A321-EBCBF1801639}: NameServer = 194.204.152.34 217.98.63.164
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCAdvice\FCAdvice.dll
O20 - AppInit_DLLs: arpa.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe |
Post został pochwalony 0 razy
|
|
 |
|
|
|
 |
M@tiT
Administrator
Dołączył: 20 Sty 2006
Posty: 231
Przeczytał: 0 tematów
Pomógł: 5 razy
Ostrzeżeń: 0/4
|
| Wysłany:
Wto 20:56, 13 Cze 2006 |
|
Uruchamiasz kompa w trybie awaryjnym i TO USUWASZ (FIXUJESZ)
| KrisDtrych napisał: |
C:\WINDOWS\System32\atmclk.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\Program Files\Save\Save.exe
C:\Program Files\SpywareQuake.com\Spyware-Quake.exe
C:\Program Files\SpywareQuake.com\Spyware-Quake.exe
C:\Program Files\McAfee.com\SpamKiller\SpamKiller.exe
O2 - BHO: (no name) - {22012561-EAA0-9776-A561-9D1CF09BB192} - C:\WINDOWS\System32\ybwv.dll (file missing)
O2 - BHO: (no name) - {48E6FA30-CEAE-C6A8-1882-04FF7167C878} - C:\DOCUME~1\Kris\DANEAP~1\CHINGP~1\phone great.exe
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [w08b4b8b.dll] RUNDLL32.EXE w08b4b8b.dll,I2 00147633008b4b8b
O4 - HKLM\..\Run: [bodyboldbleh64] C:\Documents and Settings\All Users\Dane aplikacji\Meta Clock Body Bold\Windowtool.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\RunOnce: [Girls] C:\243461.bat
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe
O4 - HKCU\..\Run: [rule second] C:\DOCUME~1\Kris\DANEAP~1\MFCDOKAY\Window less.exeO10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} (loader Class) - [link widoczny dla zalogowanych]
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - [link widoczny dla zalogowanych]
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5DEEF55-A46C-40E5-A321-EBCBF1801639}: NameServer = 194.204.152.34 217.98.63.164
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\Program Files\FCAdvice\FCAdvice.dll
O20 - AppInit_DLLs: arpa.dll |
Później nowy LOG |
Post został pochwalony 0 razy
|
|
|
|
|
|
fora.pl - załóż własne forum dyskusyjne za darmo
Powered by phpBB
© 2001/3 phpBB Group :: FI Theme ::
Wszystkie czasy w strefie EET (Europa)
|
|
|
 |
|
 |
|
