x-kom hosting

log

androlo

androlo

utworzono
utworzono
Logfile of HijackThis v1.99.1

Scan saved at 22:56:21, on 2007-07-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSsystem32nvsvc32.exe

C:Program FilesCyberLinkShared FilesRichVideo.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:WINDOWSsystem32RunDLL32.exe

C:Program FilesVIARAIDraid_tool.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:Program FilesWinampwinampa.exe

C:WINDOWSRTHDCPL.EXE

C:Program FilesCyberLinkPowerDVDPDVDServ.exe

C:Program FilesJavajre1.6.0_01binjusched.exe

C:Program FilesAGLOCO ViewbarViewbar.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesRALINKRT2500 Wireless LAN CardInstallerWINXPRaConfig2500.exe

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSsystem32wscntfy.exe

C:WINDOWSexplorer.exe

C:Program FilesGadu-Gadugg.exe

C:Program FilesWinampwinamp.exe

C:Program Filesinternet exploreriexplore.exe

C:Program Filesinternet exploreriexplore.exe

C:DOCUME~1ADMINI~1USTAWI~1TempKatalog tymczasowy 1 dla hijackthis_199.zipHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM..Run: [RaidTool] C:Program FilesVIARAIDraid_tool.exe

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [LanguageShortcut] "C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe"

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe"

O4 - HKLM..Run: [Viewbar] C:Program FilesAGLOCO ViewbarViewbar.exe

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeReader 8.0Readerreader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exe

O4 - Global Startup: RaConfig2500.lnk = C:Program FilesRALINKRT2500 Wireless LAN CardInstallerWINXPRaConfig2500.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra button: BetOnBet Poker - {2B936D2B-EDD7-405f-9057-3685BE897E62} - C:Program FilesbetonbetMPPMPPoker.exe (file missing)

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:PokerTitan Pokercasino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:PokerTitan Pokercasino.exe

O9 - Extra button: Golden Riviera Poker - {85BFB6E0-96F9-4424-8819-1D67E9F78D33} - C:Program FilesgoldenrivieraMPPMPPoker.exe

O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:PokerCDPokercasino.exe

O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:PokerCDPokercasino.exe

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:Program FilesBodog PokerBPGame.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:Program FilesCarbonPokerPoker.exe (HKCU)

O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.gamingclubpoker.com/download_helper/Nyoko.cab

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/ve...n7/dlhelper.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://goldenriviera.microgaming.com/golde...era/FlashAX.cab

O17 - HKLMSystemCCSServicesTcpip..{56F0396A-359E-4F60-8BF4-D3229567672A}: NameServer = 212.244.133.213,85.219.244.253

O17 - HKLMSystemCCSServicesTcpip..{9B0FECF4-73C3-41E0-A9DF-20B03E23BE53}: NameServer = 212.244.133.213,85.219.244.253

O17 - HKLMSystemCS1ServicesTcpip..{56F0396A-359E-4F60-8BF4-D3229567672A}: NameServer = 212.244.133.213,85.219.244.253

O17 - HKLMSystemCS2ServicesTcpip..{56F0396A-359E-4F60-8BF4-D3229567672A}: NameServer = 212.244.133.213,85.219.244.253

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe

CatchMe

CatchMe

komentarz
komentarz

W logu nic nie ma. Skasuj resztki wpisów:

O9 - Extra button: BetOnBet Poker - {2B936D2B-EDD7-405f-9057-3685BE897E62} - C:Program FilesbetonbetMPPMPPoker.exe (file missing)

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:Program FilesPartyGamingPartyCasinoRunCasino.exe (file missing)

O16 - DPF: {360E40AA-EE8B-4101-BA67-0CAD3F7A48DD} (Nyoko Downloader Class) - http://www.gamingclubpoke...elper/Nyoko.cab

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgamin...n7/dlhelper.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://goldenriviera.microgaming.com/golde...era/FlashAX.cab

- Wklej log z ComboFix.

androlo

androlo

komentarz
  • Autor
komentarz 
[/code]"Administrator" - 2007-07-19 20:12:05 - ComboFix 07-07-14.6 - Dodatek Service Pack 2  NTFS  (((((((((((((((((((((((((   Files Created from 2007-06-19 to 2007-07-19  )))))))))))))))))))))))))))))))2007-07-17 21:59	<DIR>	d--------	C:WINDOWSsystem32FlashAX2007-07-10 20:12	51,200	--a------	C:WINDOWSnircmd.exe2007-07-09 22:27	<DIR>	d--------	C:Program FilesTrend Micro2007-07-08 17:13	3,426,072	--a------	C:WINDOWSsystem32d3dx9_32.dll2007-07-05 21:41	<DIR>	d--hs----	C:WINDOWSftpcache2007-06-28 21:32	<DIR>	d--------	C:Program FilesEverest Poker2007-06-26 20:57	1,024	--a------	C:test.bin2007-06-21 02:42	<DIR>	d--------	C:DOCUME~1ADMINI~1DANEAP~1Gadu-Gadu((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-07-19 16:41:15	0	----a-w	C:WINDOWSsystem32dummy.dat2007-07-19 15:12:43	--------	d-----w	C:Program FilesUnibetpokerMPP2007-07-19 06:10:09	--------	d-----w	C:Program FilesB2BPOKER2007-07-19 06:07:19	--------	d-----w	C:DOCUME~1ADMINI~1DANEAP~1Betfair2007-07-19 05:29:35	--------	d-----w	C:Program FilesBodog Poker2007-07-19 05:23:57	--------	d-----w	C:Program FilesPokerStars2007-07-19 05:21:28	--------	d-----w	C:Program FilesBugsysClub Software2007-07-19 04:51:48	--------	d-----w	C:DOCUME~1ADMINI~1DANEAP~1Microgaming2007-07-19 04:47:16	--------	d-----w	C:Program FilesUSDbetCom2007-07-18 14:38:35	--------	d-----w	C:Program FilesAbsolute Poker2007-07-17 17:36:14	--------	d-----w	C:Program FilesRed Kings Poker2007-07-11 19:35:24	--------	d-----w	C:Program FilesPOKER4EVER2007-07-10 20:14:06	--------	d-----w	C:Program FilesTheNutz2007-07-10 13:20:35	--------	d-----w	C:Program FilesGadu-Gadu2007-07-05 20:24:18	--------	d-----w	C:Program FilesHeyPoker2007-06-27 14:58:49	--------	d-----w	C:Program FilesBetsson Poker2007-06-27 14:44:56	--------	d-----w	C:Program FilesInterwetten2007-06-27 14:06:52	--------	d-----w	C:Program FilesSunPoker.com2007-06-27 14:04:51	--------	d-----w	C:Program FilesParadisePoker2007-06-21 15:26:43	--------	d-----w	C:Program FilesPartyGaming2007-06-17 06:41:21	--------	d-----w	C:Program FilesAGLOCO Viewbar2007-06-07 12:36:40	--------	d--h--w	C:Program FilesZero G Registry2007-06-02 11:24:30	--------	d-----w	C:Program FilesTowerGaming2007-06-02 11:23:30	--------	d--h--w	C:Program FilesInstallShield Installation Information2007-06-02 11:23:29	--------	d-----w	C:Program FilesEmpire Interactive2007-05-30 19:18:37	--------	d-----w	C:Program FilesVS Online2007-05-29 20:05:14	12,464	----a-w	C:WINDOWSsystem32driversCdaD10BA.SYS2007-04-30 15:46:10	745,600	----a-w	C:WINDOWSsystem32aswBoot.exe2007-04-30 15:35:28	95,872	-c--a-w	C:WINDOWSsystem32AVASTSS.scr2006-12-25 10:26:49	56	-csh--r	C:WINDOWSsystem3290F1C62B54.sys2006-12-25 10:26:49	10,022	-csha-w	C:WINDOWSsystem32KGyGaAvL.sys(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]2006-10-22 23:08	62080	--a------	C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll[HKEY_LOCAL_MACHINE~Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]2007-03-14 03:43	501400	--a------	C:Program FilesJavajre1.6.0_01binssv.dll[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"nwiz"="nwiz.exe" [2006-06-01 11:22 C:WINDOWSsystem32nwiz.exe]"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:WINDOWSsystem32nvmctray.dll]"RaidTool"="C:Program FilesVIARAIDraid_tool.exe" [2005-11-23 04:12]"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42]"WinampAgent"="C:Program FilesWinampwinampa.exe" [2006-11-21 19:38]"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 09:34 C:WINDOWSRTHDCPL.exe]"RemoteControl"="C:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2006-09-18 12:08]"LanguageShortcut"="C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe" [2006-09-29 22:58]"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_01binjusched.exe" [2007-03-14 03:43]"Viewbar"="C:Program FilesAGLOCO ViewbarViewbar.exe" [2007-06-13 11:04][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44]"MsnMsgr"="C:Program FilesMSN MessengerMsnMsgr.exe" []"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-08-04 01:55]"Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36]**************************************************************************catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.netRootkit scan 2007-07-19 20:13:14Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ...scanning hidden autostart entries ...scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2007-07-19 20:13:41C:ComboFix-Do.txt ... 2007-07-18 22:22C:ComboFix2.txt ... 2007-07-18 22:28C:ComboFix3.txt ... 2007-07-18 22:18	--- E O F ---[code]
CatchMe

CatchMe

komentarz
komentarz

Tu też jest ok. :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

Zadaj pytanie bez logowania
Przejdź do listy tematów
×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.

  Akceptuję