mam problem.....services.exe proces 752 mi posila porad na asi 20IP adres.... proste pustim PC a po treba 10minutach zacne posilat 20-40KB/s porad ty IPadresy se prohazujou a menej.....udelal sem log z toho hijacka tak tu je
Logfile of HijackThis v1.99.1
Scan saved at 10:19:38, on 10.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NVATray.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\PROGRA~1\NAVIGA~1\MouseElf.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
D:\céčko záloha\Program Files\OpenOffice.org 2.1\program\soffice.exe
D:\céčko záloha\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\Program Files\Navigator\EMouse.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Flegg\Dokumenty\ICQ Lite\239981228\brácha_378593897\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\NAVIGA~1\MouseElf.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HPFPro.lnk = C:\Program Files\Hurricanesoft\Hurricanesoft Personal Firewall Pro\HPF.exe
O4 - Startup: OpenOffice.org 2.1.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{82136CEC-5743-4233-AF18-35E09AD3A065}: NameServer = 212.158.128.2,212.158.128.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: confjpg.dll jpgstat.dll
O20 - Winlogon Notify: jpgmgr - jpgmgr32.dll (file missing)
O20 - Winlogon Notify: shfoxpob - C:\WINDOWS\
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)
BTW dik za help....mozna by se to lip resilo po ICQ tak jestli by byl nekdo ochotnej pls ozvete se na 378593897 dik moc
SERVICES.EXE.....posila data...
- HeXx
- Nováček
-
- Registrován: 09. čer 2007
- Kontaktovat uživatele:
- likc
- Začátečník
-
- Registrován: 30. čer 2006
Fixni:
O20 - AppInit_DLLs: confjpg.dll jpgstat.dll
O20 - Winlogon Notify: jpgmgr - jpgmgr32.dll (file missing)
O20 - Winlogon Notify: shfoxpob - C:\WINDOWS\
pokud se to tam objevi znovu, pujde to smazat Killbox em a nebo muzes pouzit tenhle program, umi to smazat - Prevx1.
Nebezi ti zadny firewall, pak muzes aplikacim ne/povolit pristup na net. mas tam nejaky pozustatek Keria O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)
A nebo TI bezi tohle jako firewall? C:\Program Files\Hurricanesoft\Hurricanesoft Personal Firewall Pro\HPF.exe
O20 - AppInit_DLLs: confjpg.dll jpgstat.dll
O20 - Winlogon Notify: jpgmgr - jpgmgr32.dll (file missing)
O20 - Winlogon Notify: shfoxpob - C:\WINDOWS\
pokud se to tam objevi znovu, pujde to smazat Killbox em a nebo muzes pouzit tenhle program, umi to smazat - Prevx1.
Nebezi ti zadny firewall, pak muzes aplikacim ne/povolit pristup na net. mas tam nejaky pozustatek Keria O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)
A nebo TI bezi tohle jako firewall? C:\Program Files\Hurricanesoft\Hurricanesoft Personal Firewall Pro\HPF.exe
- HeXx
- Nováček
-
- Registrován: 09. čer 2007
- Kontaktovat uživatele:
jj to mi bezi jako firewall....jo a sem v tomhle celkem novacek jak to fixnu.....to udela ten prevx1 nebo to musim nejak ja ....likc píše:Fixni:
O20 - AppInit_DLLs: confjpg.dll jpgstat.dll
O20 - Winlogon Notify: jpgmgr - jpgmgr32.dll (file missing)
O20 - Winlogon Notify: shfoxpob - C:\WINDOWS\
pokud se to tam objevi znovu, pujde to smazat Killbox em a nebo muzes pouzit tenhle program, umi to smazat - Prevx1.
Nebezi ti zadny firewall, pak muzes aplikacim ne/povolit pristup na net. mas tam nejaky pozustatek Keria O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\Program Files\Kerio\WinRoute Firewall\winroute.exe (file missing)
A nebo TI bezi tohle jako firewall? C:\Program Files\Hurricanesoft\Hurricanesoft Personal Firewall Pro\HPF.exe
- likc
- Začátečník
-
- Registrován: 30. čer 2006
Fixnes to tak, ze u tech radku, co jsem ti napsal zaskrtnes v HJT ten ctverecek vlevo a pak das Fix. Resni PC a uvidis, jestli tam ty radky jsou porad a jestli ti to porat posila data. To fixnuti zvladnes.
Pokud si na to netroufas, tak stahni ten Prevx1 a ten by ti mel comp vycistit. (je mozny, ze se Ti bude hadat se spyware terminatorem, tak ST na chvili vypni, az to odstranis, tak Prevx1 zase odinstalujes a spustis ST).
Pokud si na to netroufas, tak stahni ten Prevx1 a ten by ti mel comp vycistit. (je mozny, ze se Ti bude hadat se spyware terminatorem, tak ST na chvili vypni, az to odstranis, tak Prevx1 zase odinstalujes a spustis ST).
- HeXx
- Nováček
-
- Registrován: 09. čer 2007
- Kontaktovat uživatele: