x-kom hosting

Logi do sprawdzenia

klak
utworzono
utworzono

Logi do sprawdzenia:

Logfile of HijackThis v1.99.1Scan saved at 12:29:15, on 2007-12-31Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\oodag.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Web Accelerator\webxl.exeC:\Program Files\Eset\nod32kui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\WapSter\AQQ\AQQ.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\KŁAK\USTAWI~1\Temp\Rar$EX00.453\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optimus.plR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)O4 - HKLM\..\Run: [WebAccelerator] "C:\Program Files\Web Accelerator\webxl.exe"O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Ściągnij przez IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: Ściągnij wszystkie linki przez IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Ściągnij zawartość wideo FLV przez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.jsO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)O14 - IERESET.INF: START_PAGE_URL=http://www.optimus.plO17 - HKLM\System\CS1\Services\Tcpip\..\{36F8D7D2-E466-42F8-BFB4-6B7086903B5F}: NameServer = 192.168.1.1,194.204.159.1O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exeO23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
"Silent Runners.vbs", revision 55, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"IDMan" = "C:\Program Files\Internet Download Manager\IDMan.exe /onboot" ["Tonec Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"WebAccelerator" = ""C:\Program Files\Web Accelerator\webxl.exe"" ["DefendGate Inc."]"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\(Default) = "IDM Helper"  -> {HKLM...CLSID} = "IDMIEHlprObj Class"				   \InProcServer32\(Default) = "C:\Program Files\Internet Download Manager\IDMIECC.dll" ["Tonec Inc."]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"  -> {HKLM...CLSID} = "SimpleShlExt Class"				   \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}" = "EditPlus Context Menu Handler"  -> {HKLM...CLSID} = "EditPlus Context Menu Handler"				   \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data]"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager"  -> {HKLM...CLSID} = "Sony Ericsson File Manager"				   \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"				   \InProcServer32\(Default) = "C:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [null data]HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\<<!>> "BootExecute" = "autocheck autochk *"|"OODBS" ["O&O Software GmbH"]HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AQQFileTransfer\(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}"  -> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"				   \InProcServer32\(Default) = "C:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [null data]EditPlus\(Default) = "{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974}"  -> {HKLM...CLSID} = "EditPlus Context Menu Handler"				   \InProcServer32\(Default) = "C:\Program Files\EditPlus 2\eppshell.dll" [null data]MyPhoneExplorer\(Default) = "{6863F1C7-E13A-481E-BF9C-5C8F01AF74E5}"  -> {HKLM...CLSID} = "MyPhoneExplorer_ShellEx.ShellExt"				   \InProcServer32\(Default) = "C:\Program Files\MyPhoneExplorer\DLL\ShellMgr.dll" ["F.J. Wechselberger"]NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {policy setting}:--------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Kłak\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\taz.scr" ["MacSourcery"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 19%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 18%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]{215940F1-E7E0-4801-BEE3-44D045534106}\"ButtonText" = "Wyslij SMS'a""Script" = "C:\Program Files\Common Files\moje.js" [null data]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Badanie"{9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}\Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[strings]: START_PAGE_URL=http://www.optimus.plMissing lines (compared with English-language version):[strings]: 1 lineRunning Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]O&O Defrag, O&O Defrag, "C:\WINDOWS\system32\oodag.exe" ["O&O Software GmbH"]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]---------- (launch time: 2007-12-31 12:32:25)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points, use the -supp parameter or answer "No" at the  first message box and "Yes" at the second message box.---------- (total run time: 62 seconds, including 18 seconds for message boxes)

GoBi
komentarz
komentarz

Kosmetycznie usuń:

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

klak
komentarz
komentarz

czyli wszystko ok??? dzieki

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.