wies.niak Napisano Styczeń 13, 2007 Zgłoś Share Napisano Styczeń 13, 2007 wrzuć nowy log.-=MARCIN=- -> nie podoba mi się:C:WINDOWSsystem32PuXpMan.exei te wpisy:O4 - HKLM..Run: [mspwr] C:WINDOWSsystem32PuXpMan.exe O4 - HKLM..Run: [PwrUpTweakMe] C:WINDOWSsystem32PuXpTwks.exe /TWEAKO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx Link do komentarza Udostępnij na innych stronach More sharing options...
mar Napisano Styczeń 13, 2007 Zgłoś Share Napisano Styczeń 13, 2007 (killbox w trybie delete on reboot):-Co to znaczy :?: Link do komentarza Udostępnij na innych stronach More sharing options...
-=MARCIN=- Napisano Styczeń 13, 2007 Zgłoś Share Napisano Styczeń 13, 2007 tzn zeby odpalic program killbox w nim podac sciezki folderow ktore chcesz usunac i zaznaczyc opcje delete on reboot ( usunc przy restarcie ) wtedy komp sie zrestartuje i juz powinno tych folderow nie byc wiem bo wies.niak mowil i sam to robilem przy okazji wrzuce moj log zeby wies.niak sprawdzil jak moze Logfile of HijackThis v1.99.1Scan saved at 2:44:40 PM, on 1/13/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:Program FilesNetropaMultimedia Keyboardnhksrv.exeC:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exeC:PROGRA~1F-SECU~1backweb4476822ProgramSERVIC~1.EXEC:Program FilesF-Secure Internet SecurityAnti-Virusfsgk32st.exeC:Program FilesF-Secure Internet Securitybackweb4476822programfsbwsys.exeC:Program FilesF-Secure Internet SecurityAnti-VirusFSGK32.EXEC:Program FilesF-Secure Internet SecurityCommonFSMA32.EXEC:Program FilesF-Secure Internet SecurityAnti-Virusfssm32.exeC:Program FilesF-Secure Internet SecurityCommonFSMB32.EXEC:Program FilesAnalog DevicesSoundMAXSMAgent.exeC:WINDOWSsystem32svchost.exeC:Program FilesF-Secure Internet SecurityCommonFCH32.EXEC:Program FilesF-Secure Internet SecurityCommonFAMEH32.EXEC:Program FilesF-Secure Internet SecurityAnti-Virusfsqh.exeC:Program FilesF-Secure Internet SecurityAnti-Virusfsrw.exeC:Program FilesF-Secure Internet SecurityFWESProgramfsdfwd.exeC:Program FilesF-Secure Internet SecurityAnti-Virusfsav32.exeC:Program FilesAlienGUIsewbload.exeC:WINDOWSExplorer.EXEC:Program FilesTrustMI-2500X OPTICAL MOUSEMouse32a.exeC:Program FilesNetropaMultimedia KeyboardMMKeybd.exeC:WINDOWSvsnpstd.exeC:Program FilesHPHP Software UpdateHPWuSchd2.exeC:Program FilesAnalog DevicesSoundMAXSMax4PNP.exeC:Program FilesAnalog DevicesSoundMAXSmax4.exeC:Program FilesCyberLinkPowerDVDPDVDServ.exeC:Program FilesPowerISOPWRISOVM.EXEC:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exeC:WINDOWSsystem32qttask.exeC:Program FilesNokiaNokia PC Suite 6LaunchApplication.exeC:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exeC:Program FilesF-Secure Internet SecurityCommonFSM32.EXEC:WINDOWSsystem32ctfmon.exeC:Program FilesMSN MessengerMsnMsgr.ExeC:Program FilesMessengermsmsgs.exeC:Program FilesF-Secure Internet Securitybackweb4476822Programfspex.exeC:Program FilesHPDigital Imagingbinhpqtra08.exeC:PROGRA~1F-SECU~1ANTI-S~1fsaw.exeC:Program FilesF-Secure Internet SecurityFSGUIfsguidll.exeC:Program FilesPC Connectivity SolutionServiceLayer.exeC:Program FilesNetropaMultimedia KeyboardTrayMon.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32wuauclt.exeC:Program FilesNetropaOnscreen DisplayOSD.exeC:Program FilesHPDigital Imagingbinhpqimzone.exeC:Program FilesHPDigital ImagingbinhpqSTE08.exeC:Program FilesHPDigital ImagingProduct Assistantbinhprblog.exeC:WINDOWSsystem32svchost.exeC:Program FilesWindows Media Playerwmplayer.exeC:Program FilesOperaOpera.exeC:Documents and SettingsOwnerDesktopHijackThis.exeR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLLO4 - HKLM..Run: [FLMOFFICE4DMOUSE] C:Program FilesTrustMI-2500X OPTICAL MOUSEMouse32a.exeO4 - HKLM..Run: [MULTIMEDIA KEYBOARD] C:Program FilesNetropaMultimedia KeyboardMMKeybd.exeO4 - HKLM..Run: [snpstd] C:WINDOWSvsnpstd.exeO4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exeO4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exeO4 - HKLM..Run: [soundMAXPnP] C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exeO4 - HKLM..Run: [soundMAX] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /trayO4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"O4 - HKLM..Run: [PWRISOVM.EXE] C:Program FilesPowerISOPWRISOVM.EXEO4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"O4 - HKLM..Run: [QuickTime Task] "C:WINDOWSsystem32qttask.exe" -atboottimeO4 - HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startupO4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimizedO4 - HKLM..Run: [F-Secure Manager] "C:Program FilesF-Secure Internet SecurityCommonFSM32.EXE" /splashO4 - HKLM..Run: [F-Secure TNB] "C:Program FilesF-Secure Internet SecurityTNBTNBUtil.exe" /CHECKALL /WAITFORSWO4 - HKLM..Run: [F-Secure Startup Wizard] "C:Program FilesF-Secure Internet SecurityFSGUIFSSW.EXE" /rebootO4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /backgroundO4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /backgroundO4 - HKCU..Run: [PeerGuardian] C:Program FilesPeerGuardian2pg2.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exeO4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:Program FilesF-Secure Internet Securitybackweb4476822Programfspex.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exeO4 - Global Startup: HP Image Zone Fast Start.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exeO8 - Extra context menu item: &Block this popup - C:Program FilesF-Secure Internet SecurityAnti-Spywareblockpopups.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dllO9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:Program FilesF-Secure Internet SecurityAnti-Spywareieshield.dllO9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:Program FilesF-Secure Internet SecurityAnti-Spywareieshield.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLLO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLLO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLLO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLLO20 - Winlogon Notify: WB - C:Program FilesAlienGUIsefastload.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dllO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exeO23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:PROGRA~1F-SECU~1backweb4476822ProgramSERVIC~1.EXEO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:Program FilesF-Secure Internet SecurityAnti-Virusfsgk32st.exeO23 - Service: fsbwsys - F-Secure Corp. - C:Program FilesF-Secure Internet Securitybackweb4476822programfsbwsys.exeO23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:Program FilesF-Secure Internet SecurityFWESProgramfsdfwd.exeO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:Program FilesF-Secure Internet SecurityCommonFSMA32.EXEO23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:Program FilesNetropaMultimedia Keyboardnhksrv.exeO23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exeDzieki !! Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Styczeń 13, 2007 Zgłoś Share Napisano Styczeń 13, 2007 wygląda czysto.jeśli chcesz robić sobie kontrolne sprawdzanie, to korzystaj z www.hijackthis.de - tam jest analizator. nie jest on doskonały, ale zaznacza co jest ok, a co niekoniecznie. Link do komentarza Udostępnij na innych stronach More sharing options...
-=MARCIN=- Napisano Styczeń 14, 2007 Zgłoś Share Napisano Styczeń 14, 2007 dzieki nastepnym razem juz zrobie na tej stronce Link do komentarza Udostępnij na innych stronach More sharing options...
Mr_Jack197 Napisano Styczeń 26, 2007 Zgłoś Share Napisano Styczeń 26, 2007 Mam tu log z HiJacka. Czy mógłby mi ktoś go sprawdzić bo podejrzewam że jakiegoś śmiecia złapałem. A tak konkretnie to zmienia mi sie styl z winxp na standardowy windows, po czym wszystko wysiada Logfile of HijackThis v1.99.1Scan saved at 16:51:56, on 2007-01-26Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:Program FilesAOLActive Virus Shieldavp.exeC:WINDOWSsystem32nvsvc32.exeC:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32wscntfy.exeC:WINDOWSsystem32RUNDLL32.EXEC:Program FilesNVIDIA CorporationNvMixerNVMixerTray.exeC:Program FilesWinFastWFTVFMWFWIZ.exeC:Program FilesThomsonSpeedTouch USBDragdiag.exeC:Program FilesAOLActive Virus Shieldavp.exeC:Program FilesSpybot - Search & DestroyTeaTimer.exeC:WINDOWSSystem32svchost.exeC:Documents and SettingsAdrianPulpithijackthisHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_10binssv.dllO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..Run: [NVMixerTray] "C:Program FilesNVIDIA CorporationNvMixerNVMixerTray.exe"O4 - HKLM..Run: [WinFast Schedule] C:Program FilesWinFastWFTVFMWFWIZ.exeO4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /iconO4 - HKLM..Run: [aol] "C:Program FilesAOLActive Virus Shieldavp.exe"O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -kO4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exeO4 - HKCU..Run: [HijackThis startup scan] C:Documents and SettingsAdrianPulpithijackthisHijackThis.exe /startupscanO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binnpjpi150_10.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binnpjpi150_10.dllO17 - HKLMSystemCCSServicesTcpip..{5A18243A-BC7E-473D-BA65-6A0E27B256E3}: NameServer = 194.204.152.34 217.98.63.164O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dllO23 - Service: Active Virus Shield (AVP) - Unknown owner - C:Program FilesAOLActive Virus Shieldavp.exe" -r (file missing)O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Styczeń 26, 2007 Zgłoś Share Napisano Styczeń 26, 2007 log czysty.a nie używałeś może jakiegoś programu do styli i wyglądu systemu?widzę, że masz 2 antywirusy - wyłącz jeden, może się gryzą.czy w innym profilu problem też występuje? Link do komentarza Udostępnij na innych stronach More sharing options...
Mr_Jack197 Napisano Styczeń 27, 2007 Zgłoś Share Napisano Styczeń 27, 2007 Niemam dwóch antywirów:) mam tylko Active Virus Shield. A co do programów to nie używalem żadnych. Komp jest czysty po formacie. Coś takiego sie dzieje tylko po posiedzeniu kilku minut w necie. Tak, występuje to na wszystkich profilach. Mam nie zaktualizowany windows. Czy może być to wina braku jakiejś łatki czy cuś? Link do komentarza Udostępnij na innych stronach More sharing options...
[Ekspert] Mormegil Napisano Styczeń 27, 2007 Zgłoś Share Napisano Styczeń 27, 2007 Masz jeszcze Spybot'a Wiec razem sa dwa.klogon.dll - co to jest :?: Bo napewno nie skladnik windowsa xp. A nie widze, zebys mial inne skladniki Kaspersky'ego. Link do komentarza Udostępnij na innych stronach More sharing options...
Vilku Napisano Luty 1, 2007 Zgłoś Share Napisano Luty 1, 2007 Logfile of HijackThis v1.99.1Scan saved at 22:19:53, on 31-01-2007Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesCommon FilesSymantec SharedccSvcHst.exeC:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exeC:WINDOWSsystem32brsvc01a.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32brss01a.exeC:Program FilesCommon FilesAcronisSchedule2schedul2.exeC:Program FilesSymantecLiveUpdateALUSchedulerSvc.exeC:Program FilesDiskeeper CorporationDiskeeperDkService.exeC:WINDOWSsystem32nvsvc32.exeC:WINDOWSsystem32r_server.exeC:WINDOWSsystem32svchost.exeC:WINDOWSExplorer.EXEC:Program FilesAcronisTrueImageTrueImageMonitor.exeC:Program FilesCommon FilesAcronisSchedule2schedhlp.exeC:WINDOWSsystem32RunDLL32.exeC:Program FilesJavajre1.5.0_10binjusched.exeC:Program FilesCommon FilesSymantec SharedccApp.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesCommon FilesAheadlibNMBgMonitor.exeC:WINDOWSSystem32svchost.exeC:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exeC:Documents and SettingsH&MPulpithijackthisHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunchR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Acrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:Program FilesCommon FilesSymantec SharedcoSharedBrowser1.0NppBho.dllO2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:Program FilesGetRightxx2gr.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_10binssv.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dllO3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:Program FilesCommon FilesSymantec SharedcoSharedBrowser1.0UIBHO.dllO4 - HKLM..Run: [DiskeeperSystray] "C:Program FilesDiskeeper CorporationDiskeeperDkIcon.exe"O4 - HKLM..Run: [TrueImageMonitor.exe] C:Program FilesAcronisTrueImageTrueImageMonitor.exeO4 - HKLM..Run: [Acronis Scheduler2 Service] "C:Program FilesCommon FilesAcronisSchedule2schedhlp.exe"O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exeO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM..Run: [setDefPrt] C:Program FilesBrotherBrmfl05aBrStDvPt.exeO4 - HKLM..Run: [ControlCenter2.0] C:Program FilesBrotherControlCenter2brctrcen.exe /autorunO4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.5.0_10binjusched.exe"O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"O4 - HKLM..Run: [osCheck] "D:NortonosCheck.exe"O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadlibNMBgMonitor.exe"O4 - Startup: Xfire.lnk = D:Xfirexfire.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = D:Acrobat 7.0Readerreader_sl.exeO4 - Global Startup: Status Monitor.lnk = C:Program FilesBrotherBrmfcmonBrMfcWnd.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1153165481187O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLLO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:Program FilesCommon FilesAcronisSchedule2schedul2.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exeO23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:WINDOWSsystem32brsvc01a.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)O23 - Service: COM Host (comHost) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedVAScannercomHost.exeO23 - Service: Diskeeper - Diskeeper Corporation - C:Program FilesDiskeeper CorporationDiskeeperDkService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:NortonisPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exeO23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:WINDOWSsystem32r_server.exe" /service (file missing)O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exeCzy coś jest nie tak? Ostatnio komp mi dziwnie zamula... Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Luty 1, 2007 Zgłoś Share Napisano Luty 1, 2007 instalowałeś program do zdalnej administracji? jeśli nie to usuń ten plik (za pomocą programu killbox) przy odłączonym necie:C:WINDOWSsystem32r_server.exewtedy usuń też wpisO23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:WINDOWSsystem32r_server.exe" /service (file missing)przeskanuj sobie komputer programem ewido.poza tym czysto. Link do komentarza Udostępnij na innych stronach More sharing options...
Vilku Napisano Luty 2, 2007 Zgłoś Share Napisano Luty 2, 2007 Nowy log do sprawdzenia, tym razem z okropnie przymulającego laptopa. Z góry dziękuję za pomoc. Użyłem analizatora ze strony www.hijackthis.de , ale, jak sam napisałeś, nie jest on bezbłędny.Logfile of HijackThis v1.99.1Scan saved at 23:42:19, on 2007-02-02Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exec:program filescommon fileslogishrdlvmvfmLVPrcSrv.exeC:Program FilesCA Internet Security SuiteCA Anti-VirusISafe.exeC:Program FilesTOSHIBAConfigFreeCFSvcs.exeC:WINDOWSsystem32svchost.exeC:Program FilesCA Internet Security SuiteCA Anti-VirusVetMsg.exeC:WINDOWSsystem32wuauclt.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSExplorer.EXEC:Program FilesATI TechnologiesATI Control Panelatiptaxx.exeC:Program FilesSynapticsSynTPSynTPLpr.exeC:Program FilesSynapticsSynTPSynTPEnh.exeC:Program FilesToshibaWindows UtilitiesHotkey.exeC:Program FilesTOSHIBAConfigFreeNDSTray.exeC:Program FilesTOSHIBAProgram narzędziowy TOSHIBA Zooming UtilitySmoothView.exeC:Program FilesTOSHIBATouch and LaunchPadExe.exeC:WINDOWSsystem32dlatfswctrl.exeC:Program FilesCA Internet Security Suitecctraycctray.exeC:Program FilesCA Internet Security SuiteCA Anti-VirusCAVRID.exeC:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exeC:Program FilesCommon FilesRealUpdate_OBrealsched.exeC:Program FilesTOSHIBATOSCDSPDtoscdspd.exeC:WINDOWSsystem32CTFMON.EXEC:Program FilesAdobeAcrobat 7.0Readerreader_sl.exeC:Documents and SettingsHubertPulpithijackthisHijackThis.exeR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBRR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLLO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLLO4 - HKLM..Run: [ATIPTA] "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe"O4 - HKLM..Run: [synTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exeO4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exeO4 - HKLM..Run: [Toshiba Hotkey Utility] "C:Program FilesToshibaWindows UtilitiesHotkey.exe" /lang PLO4 - HKLM..Run: [NDSTray.exe] NDSTray.exeO4 - HKLM..Run: [smoothView] C:Program FilesTOSHIBAProgram narzędziowy TOSHIBA Zooming UtilitySmoothView.exeO4 - HKLM..Run: [PadTouch] C:Program FilesTOSHIBATouch and LaunchPadExe.exeO4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exeO4 - HKLM..Run: [cctray] "C:Program FilesCA Internet Security Suitecctraycctray.exe"O4 - HKLM..Run: [CAVRID] "C:Program FilesCA Internet Security SuiteCA Anti-VirusCAVRID.exe"O4 - HKLM..Run: [CFSServ.exe] CFSServ.exe -NoClientO4 - HKLM..Run: [LogitechCommunicationsManager] "C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe"O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottimeO4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osbootO4 - HKCU..Run: [TOSCDSPD] C:Program FilesTOSHIBATOSCDSPDtoscdspd.exeO4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exeO4 - Startup: Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:Program FilesMicrosoft OfficeOFFICE11ONENOTEM.EXEO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exeO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm130YYPLO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02binnpjpi150_02.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02binnpjpi150_02.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cabO16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v6.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLLO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exeO23 - Service: CAISafe - Computer Associates International, Inc. - C:Program FilesCA Internet Security SuiteCA Anti-VirusISafe.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:Program FilesTOSHIBAConfigFreeCFSvcs.exeO23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:program filescommon fileslogishrdlvmvfmLVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:Program FilesCommon FilesLogiShrdSrvLnchSrvLnch.exeO23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:Program FilesCA Internet Security SuiteCA Anti-VirusVetMsg.exe Link do komentarza Udostępnij na innych stronach More sharing options...
[Ekspert] Mormegil Napisano Luty 3, 2007 Zgłoś Share Napisano Luty 3, 2007 c:program filescommon fileslogishrdlvmvfmLVPrcSrv.exe - masz kamere internetowa :?:C:Program FilesCommon FilesLogiShrdLComMgrCommunications_Helper.exe - co to :?:O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLL - korzystasz z czegos takiego :?:O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm130YYPL - a z czegos takiego :?:O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL - a z tego :?:O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab - a z tego :?:Nie wiem co to jest ten Communication_Helper, ale jak na mnie to komp jest poprostu zapchany. Wywal troche softu. Wywal to internet security. Wylacz systemowego Firewall'a. Powylaczaj czesc uslug systemowych. Zwlaszcza Indeksowania, AutoUpdate. Korzystales kiedys z przywracania systemu :?: Nie, to tez wylacz. Zainstaluj sobie jakas prosta i szybka scianke jak Kerio PF. Do tego jakis antyvirus, ktory bedziesz odpalac tylko od czasu do czasu, a nie mulic kompa nie ustannym skanem. Oczysc katalogi Temp, Prefetch. Na koniec zrob defragmentacje dyskow twardych.Warto tez sciagnac sobie MS Bootvis i go odpalic. To powinno przyspieszyc bootowanie windowsa. Link do komentarza Udostępnij na innych stronach More sharing options...
Lauri455 Napisano Luty 14, 2007 Zgłoś Share Napisano Luty 14, 2007 Witam i że tak powiem HELP:Logfile of HijackThis v1.99.1Scan saved at 14:19:59, on 2007-02-14Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesAvast4aswUpdSv.exeC:Program FilesAvast4ashServ.exeC:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exeC:Program FilescFosSpeedspd.exeC:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exeC:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exeC:Program FilesAvast4ashMaiSv.exeC:Program FilesAvast4ashWebSv.exeC:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exeC:Program FilescFosSpeedcFosSpeed.exeC:WINDOWSexplorer.exeC:Program FilesBitTyrantAzureus.exeC:Program FilesOperaOpera.exeC:Program FilesDAPDAP.EXEC:DOCUME~1AdminUSTAWI~1TempRar$EX00.046HijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet ExplorerR1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.localR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MegauploadToolbarmegauploadtoolbar.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_10binssv.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MegauploadToolbarmegauploadtoolbar.dllO3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:WINDOWSImageShackToolbarImageShackToolbar.dllO4 - HKLM..Run: [soundMan] SOUNDMAN.EXEO4 - HKLM..Run: [cFosSpeed] C:Program FilescFosSpeedcFosSpeed.exeO4 - HKLM..Run: [DownloadAccelerator] "C:Program FilesDAPDAP.EXE" /STARTUPO4 - HKLM..Run: [avast!] C:PROGRA~1Avast4ashDisp.exeO4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimizedO4 - HKCU..Run: [AQQ] C:PROGRA~1WapsterAQQAQQ.exeO4 - Startup: BitTyrant.lnk = C:Program FilesBitTyrantAzureus.exeO8 - Extra context menu item: &Clean Traces - C:Program FilesDAPPrivacy Packagedapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:Program FilesDAPdapextie.htmO8 - Extra context menu item: Download &all with DAP - C:Program FilesDAPdapextie2.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1Microsoft OfficeOFFICE11EXCEL.EXE/3000O8 - Extra context menu item: Post Image to Blog - res://C:WINDOWSImageShackToolbarImageShackToolbar.dll/5003O8 - Extra context menu item: Tag This Image - res://C:WINDOWSImageShackToolbarImageShackToolbar.dll/5002O8 - Extra context menu item: Transload Image to ImageShack - res://C:WINDOWSImageShackToolbarImageShackToolbar.dll/5004O8 - Extra context menu item: Upload All Images to ImageShack - res://C:WINDOWSImageShackToolbarImageShackToolbar.dll/5000O8 - Extra context menu item: Upload Image to ImageShack - res://C:WINDOWSImageShackToolbarImageShackToolbar.dll/5001O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1Microsoft OfficeOFFICE11REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:program filesbonjourmdnsnsp.dllO15 - Trusted Zone: http://toolbar.imageshack.usO16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAvast4aswUpdSv.exeO23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exeO23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAvast4ashWebSv.exe" /service (file missing)O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exeO23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:Program FilescFosSpeedspd.exe" -service (file missing)O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exeJakieś sugestie? :roll: Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Luty 14, 2007 Zgłoś Share Napisano Luty 14, 2007 wywal w hijak this:R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.localpoza tym odpal regedit, przejdź do tego klucza i wywal wartość ProxyOverride.użyj LSP-Fix aby usunąćO10 - Unknown file in Winsock LSP: c:program filesbonjourmdnsnsp.dllpoza tym ImageShack toolbar wydaje mi się zbędny, ale to kwestia gustu.jeśli masz jakiś konkretny problem, opisz na czym on polega. Link do komentarza Udostępnij na innych stronach More sharing options...
Lauri455 Napisano Luty 14, 2007 Zgłoś Share Napisano Luty 14, 2007 Głównie chodzi mi o pozbycie się nadmiaru svhost'ów :roll:Logfile of HijackThis v1.99.1Scan saved at 15:39:20, on 2007-02-14Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesAvast4aswUpdSv.exeC:Program FilesAvast4ashServ.exeC:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exeC:Program FilescFosSpeedspd.exeC:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exeC:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exeC:Program FilesAvast4ashMaiSv.exeC:Program FilesAvast4ashWebSv.exeC:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exeC:Program FilescFosSpeedcFosSpeed.exeC:WINDOWSexplorer.exeC:Program FilesBitTyrantAzureus.exeC:Program FilesDAPDAP.EXEC:Program FilesWapsterAQQAQQ.exeC:Program FilesOperaOpera.exeD:ProgramyHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_10binssv.dllO3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)O4 - HKLM..Run: [soundMan] SOUNDMAN.EXEO4 - HKLM..Run: [cFosSpeed] C:Program FilescFosSpeedcFosSpeed.exeO4 - HKLM..Run: [DownloadAccelerator] "C:Program FilesDAPDAP.EXE" /STARTUPO4 - HKLM..Run: [avast!] C:PROGRA~1Avast4ashDisp.exeO4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimizedO4 - HKCU..Run: [AQQ] C:PROGRA~1WapsterAQQAQQ.exeO4 - Startup: BitTyrant.lnk = C:Program FilesBitTyrantAzureus.exeO8 - Extra context menu item: Post Image to Blog - res://C:WINDOWSImageShackToolbarImageShackToolbar.dll/5003O8 - Extra context menu item: Tag This Image - res://C:WINDOWSImageShackToolbarImageShackToolbar.dll/5002O8 - Extra context menu item: Transload Image to ImageShack - res://C:WINDOWSImageShackToolbarImageShackToolbar.dll/5004O8 - Extra context menu item: Upload All Images to ImageShack - res://C:WINDOWSImageShackToolbarImageShackToolbar.dll/5000O8 - Extra context menu item: Upload Image to ImageShack - res://C:WINDOWSImageShackToolbarImageShackToolbar.dll/5001O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1Microsoft OfficeOFFICE11REFIEBAR.DLLO15 - Trusted Zone: http://toolbar.imageshack.usO16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAvast4aswUpdSv.exeO23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exeO23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAvast4ashWebSv.exe" /service (file missing)O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exeO23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:Program FilescFosSpeedspd.exe" -service (file missing)O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Luty 14, 2007 Zgłoś Share Napisano Luty 14, 2007 tak długo jak są to procesy pliku %WINDIR%system32svchost.exe to wszystko jest ok. nie dzis się, że jest ich kilka (u mnie 7).jeśli chcesz zobaczyć co "kryje się" za każdym procesem, możesz odpalić polecenie "tasklist /svc". Link do komentarza Udostępnij na innych stronach More sharing options...
Lauri455 Napisano Luty 14, 2007 Zgłoś Share Napisano Luty 14, 2007 Kk, zrozumiałem. A od czego (albo do czego) jest 'lsass.exe'? Link do komentarza Udostępnij na innych stronach More sharing options...
-=MARCIN=- Napisano Luty 23, 2007 Zgłoś Share Napisano Luty 23, 2007 Kk, zrozumiałem. A od czego (albo do czego) jest 'lsass.exe'?cyt. "Proces Lsass.exe odpowiada m.in. za zarządzanie uwierzytelnianiem domeny urzędu zabezpieczeń lokalnych i zarządzanie usługą Active Directory. Proces ten obsługuje uwierzytelnianie zarówno klienta, jak i serwera, a także steruje aparatem usługi Active Directory. Proces Lsass.exe odpowiada m.in. za działanie następujących składników:* Urząd zabezpieczeń lokalnych* Usługa Logowanie do sieci* Usługa Menedżer kont zabezpieczeń* Usługa Serwer LSA* Protokół SSL (Secure Sockets Layer)* Protokół uwierzytelniania Kerberos v5* Protokół uwierzytelniania NTLM'lsass.exe' moze byc rowniez :lsass.exe Trojan.W32.Satilolerlsass.exe Trojan.W32.Downloaderlsass.exe Trojan.W32.Rontokbrlsass.exe Trojan.W32.KELVIRlsass.exe Trojan.W32.satilolerlsass.exe Trojan.W32.Webuslsass.exe Trojan.W32.Windang, Trojan.W32.Spybot & backdoor.W32.ratsou Link do komentarza Udostępnij na innych stronach More sharing options...
chmiel Napisano Marzec 2, 2007 Zgłoś Share Napisano Marzec 2, 2007 Kolejny raz prosił bym o pomoc:Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXED:ProgramyAvastaswUpdSv.exeD:ProgramyAvastashServ.exeC:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exeC:Program FilesMicrosoft Analysis ServicesBinmsmdsrv.exeC:WINDOWSsystem32nvsvc32.exeC:WINDOWSSystem32svchost.exeC:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exeC:WINDOWSSOUNDMAN.EXEC:WINDOWSSystem32RUNDLL32.EXED:ProgramyAvastashDisp.exeD:Programycyber link soulutionPowerDVDPDVDServ.exeC:Program FilesJavajre1.5.0_10binjusched.exeC:WINDOWSSystem32spooldriversw32x863hpztsb07.exeD:ProgramyDAPDAP.EXEC:Program FilesHPHP Software UpdateHPWuSchd2.exeD:ProgramyGadu-Gadugg.exeC:Program FilesDAEMON Toolsdaemon.exeC:Program FilesCommon FilesAheadlibNMBgMonitor.exeC:Program FilesSAGEMSAGEM F@st 800-840dslmon.exeC:Program FilesHPDigital Imagingbinhpqtra08.exeC:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exeD:ProgramyAvastashMaiSv.exeC:WINDOWSBricoPacksVista InspiratObjectDockObjectDock.exeC:Program FilesOpenOffice.org 2.0programsoffice.exeC:WINDOWSBricoPacksVista InspiratYzToolbarYzToolBar.exeC:Program FilesOpenOffice.org 2.0programsoffice.BIND:ProgramyAvastashWebSv.exeC:Program FilesHPDigital ImagingbinhpqSTE08.exeD:ProgramyBitCometBitComet.exeC:WINDOWSsystem32HPZipm12.exeC:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exeD:ProgramyMozilla Firefoxfirefox.exeC:WINDOWSSystem32cmd.exeC:Documents and SettingsChmiel.CHMIEL-01PulpitHijackThis.exeR1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://py.com/R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_10binssv.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocxO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dllO4 - HKLM..Run: [soundMan] SOUNDMAN.EXEO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..Run: [avast!] D:ProgramyAvastashDisp.exeO4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"O4 - HKLM..Run: [RemoteControl] "D:Programycyber link soulutionPowerDVDPDVDServ.exe"O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.5.0_10binjusched.exe"O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb07.exeO4 - HKLM..Run: [DownloadAccelerator] "D:ProgramyDAPDAP.EXE" /STARTUPO4 - HKLM..Run: [speedOptimizer] C:PROGRA~1SPEEDO~1SPO.EXE -s O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -kO4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSSystem32NeroCheck.exeO4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exeO4 - HKCU..Run: [Gadu-Gadu] "D:ProgramyGadu-Gadugg.exe" /trayO4 - HKCU..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033O4 - HKCU..Run: [PowerBar] "D:Programycyber link soulutionMultimedia LauncherPowerBar.exe" /AtBootTimeO4 - HKCU..Run: [NETIANET] C:Documents and SettingsChmiel.CHMIEL-01Pulpitnetianet.exeO4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadlibNMBgMonitor.exe"O4 - Startup: OpenOffice.org 2.0.lnk = C:Program FilesOpenOffice.org 2.0programquickstart.exeO4 - Startup: Stardock ObjectDock.lnk = C:WINDOWSBricoPacksVista InspiratObjectDockObjectDock.exeO4 - Startup: Y'z ToolBar.lnk = C:WINDOWSBricoPacksVista InspiratYzToolbarYzToolBar.exeO4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exeO8 - Extra context menu item: &Clean Traces - D:ProgramyDAPPrivacy Packagedapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - D:ProgramyDAPdapextie.htmO8 - Extra context menu item: Download &all with DAP - D:ProgramyDAPdapextie2.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dllO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO17 - HKLMSystemCCSServicesTcpip..{8DD16EF7-7786-45A1-9150-224752D35DFE}: NameServer = 213.241.79.37 83.238.255.76O17 - HKLMSystemCS1ServicesTcpip..{8DD16EF7-7786-45A1-9150-224752D35DFE}: NameServer = 213.241.79.37 83.238.255.76O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:ProgramyAvastaswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - D:ProgramyAvastashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - D:ProgramyAvastashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - D:ProgramyAvastashWebSv.exe" /service (file missing)O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Marzec 2, 2007 Zgłoś Share Napisano Marzec 2, 2007 wywal:O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htmale to jest niegroźne śmiecie. poza tym czysto. pomijam fakt, że log jest niekompletny.opisz problem. Link do komentarza Udostępnij na innych stronach More sharing options...
cygan Napisano Marzec 10, 2007 Zgłoś Share Napisano Marzec 10, 2007 Ostatnio podczas skanowania avast wykrył mi Win32 CTX......wywaliłem go ale w razie czego zrobiłem loga.....Logfile of HijackThis v1.99.1Scan saved at 19:58:58, on 2007-03-10Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:WINDOWSsystem32nvsvc32.exeC:WINDOWSExplorer.EXEC:Program FilesAlwil SoftwareAvast4ashMaiSv.exeC:WINDOWSsystem32wscntfy.exeC:PROGRA~1ALWILS~1Avast4ashDisp.exeC:Program FilesThomsonSpeedTouch USBDragdiag.exeC:Program FilesJavajre1.5.0_07binjusched.exeC:Program FilesAlwil SoftwareAvast4ashWebSv.exeC:PROGRA~1A4TechMouseAmoumain.exeC:WINDOWSsystem32RUNDLL32.EXEC:Program FilesGadu-Gadugg.exeC:Documents and SettingsszefunioPulpitutorrent.exeC:Program FilesMozilla Firefoxfirefox.exeC:DOCUME~1szefunioUSTAWI~1TempRar$EX00.477HijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = R3 - Default URLSearchHook is missingO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_07binssv.dllO4 - HKLM..Run: [siSSetCDfmt] C:WINDOWSsystem32SetCDfmt.exeO4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /iconO4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.5.0_07binjusched.exeO4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -kO4 - HKLM..Run: [WheelMouse] C:PROGRA~1A4TechMouseAmoumain.exeO4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..Run: [bearShare] "C:Program FilesBearShareBearShare.exe" /pauseO4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /trayO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exeO17 - HKLMSystemCCSServicesTcpip..{D34DB015-8A7B-4109-842A-075AB1E14702}: NameServer = 213.241.79.37 83.238.255.76O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exeO23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:WINDOWSsystem32sfrem01.exe Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Marzec 10, 2007 Zgłoś Share Napisano Marzec 10, 2007 usuń:R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =nic groźnego, po prostu śmiecie.poza tym czysto.jedynie polecam pozbyć się bearshare - już przy instalacji wyrażasz zgodę na instalację softu spyware'owego. zwykle nie zwraca się na to uwagi, tak jak na licencję i klika się dalej, a tam właśnie pisze że spyware (oczywiście nie bezpośrednio). Link do komentarza Udostępnij na innych stronach More sharing options...
-=MARCIN=- Napisano Marzec 11, 2007 Zgłoś Share Napisano Marzec 11, 2007 Logfile of HijackThis v1.99.1Scan saved at 4:55:49 PM, on 3/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:Program FilesNetropaMultimedia Keyboardnhksrv.exeC:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exeC:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exeC:PROGRA~1McAfeeMSCmcmscsvc.exec:program filescommon filesmcafeemnamcnasvc.exeC:PROGRA~1McAfeeVIRUSS~1mcods.exeC:PROGRA~1McAfeeMSCmcpromgr.exec:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exeC:PROGRA~1McAfeeVIRUSS~1mcshield.exeC:PROGRA~1McAfeeVIRUSS~1mcsysmon.exeC:Program FilesMcAfeeMPFMPFSrv.exeC:Program FilesSiteAdvisor6028SAService.exeC:Program FilesAnalog DevicesSoundMAXSMAgent.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesAlienGUIsewbload.exeC:WINDOWSExplorer.EXEc:PROGRA~1mcafee.comagentmcagent.exeC:Program FilesTrustMI-2500X OPTICAL MOUSEMouse32a.exeC:Program FilesNetropaMultimedia KeyboardMMKeybd.exeC:WINDOWSvsnpstd.exeC:Program FilesHPHP Software UpdateHPWuSchd2.exeC:Program FilesAnalog DevicesSoundMAXSMax4PNP.exeC:Program FilesAnalog DevicesSoundMAXSmax4.exeC:Program FilesCyberLinkPowerDVDPDVDServ.exeC:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exeC:Program FilesNokiaNokia PC Suite 6LaunchApplication.exeC:Program FilesSiteAdvisor6028SiteAdv.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesMessengermsmsgs.exeC:Program FilesCommon FilesAheadLibNMBgMonitor.exeC:Program FilesPC Connectivity SolutionServiceLayer.exeC:Program FilesHPDigital Imagingbinhpqtra08.exeC:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exeC:Program FilesNetropaMultimedia KeyboardTrayMon.exeC:Program FilesNetropaOnscreen DisplayOSD.exeC:Program FilesHPDigital ImagingbinhpqSTE08.exeC:Program FilesHPDigital Imagingbinhpqimzone.exeC:Program FilesMSN Messengerusnsvc.exeC:Program FilesWinampwinamp.exeC:Program FilesMSN Messengermsnmsgr.exeC:Program FilesOperaOpera.exeC:WINDOWSsystem32wuauclt.exeC:Documents and SettingsOwnerDesktopHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:Program FilesSiteAdvisor6028SiteAdv.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLLO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:program filesmcafeevirusscanscriptcl.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:Program FilesSiteAdvisor6028SiteAdv.dllO4 - HKLM..Run: [FLMOFFICE4DMOUSE] C:Program FilesTrustMI-2500X OPTICAL MOUSEMouse32a.exeO4 - HKLM..Run: [MULTIMEDIA KEYBOARD] C:Program FilesNetropaMultimedia KeyboardMMKeybd.exeO4 - HKLM..Run: [snpstd] C:WINDOWSvsnpstd.exeO4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exeO4 - HKLM..Run: [soundMAXPnP] C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exeO4 - HKLM..Run: [soundMAX] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /trayO4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"O4 - HKLM..Run: [PWRISOVM.EXE] C:Program FilesPowerISOPWRISOVM.EXEO4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"O4 - HKLM..Run: [QuickTime Task] "C:WINDOWSsystem32qttask.exe" -atboottimeO4 - HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startupO4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exeO4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -kO4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033O4 - HKLM..Run: [siteAdvisor] C:Program FilesSiteAdvisor6028SiteAdv.exeO4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /backgroundO4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /backgroundO4 - HKCU..Run: [PeerGuardian] C:Program FilesPeerGuardian2pg2.exeO4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"O4 - HKCU..Run: [Windows Registry Repair Pro] C:Program Files3B SoftwareWindows Registry Repair ProRegistryRepairPro.exe 4O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exeO4 - Global Startup: HP Image Zone Fast Start.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLLO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLLO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLLO18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:Program FilesSiteAdvisor6028SiteAdv.dllO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLLO20 - Winlogon Notify: WB - C:Program FilesAlienGUIsefastload.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dllO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exeO23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exeO23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:program filescommon filesmcafeemnamcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exeO23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exeO23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exeO23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exeO23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:Program FilesNetropaMultimedia Keyboardnhksrv.exeO23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exeO23 - Service: SiteAdvisor Service - McAfee, Inc. - C:Program FilesSiteAdvisor6028SAService.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exeprosze a sprawdzenie log-a;)antyvirus wykryl mi 10 badziewi a kiedy whodze w moje dokumenty a potem zamkne to przez chwile komp mi zamula nie wiem od czego :roll: Link do komentarza Udostępnij na innych stronach More sharing options...
Vergil Napisano Maj 12, 2007 Autor Zgłoś Share Napisano Maj 12, 2007 Chyba mam wiry w kompie :x Zrobiłem skan i loga wrzucam tu.Co skasowac??Logfile of HijackThis v1.99.1Scan saved at 07:47:27, on 2007-05-12Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:Program FilesAnalog DevicesSoundMAXSMax4PNP.exeC:Program FilesAnalog DevicesSoundMAXSmax4.exeC:Program FilesJavajre1.5.0_05binjusched.exeC:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesAdobeReader 8.0Readerreader_sl.exeC:Program FilesQuickTimeqttask.exeC:WINDOWSsystem32nvsvc32.exeC:WINDOWSsystem32PnkBstrA.exeC:Program FilesAnalog DevicesSoundMAXSMAgent.exeC:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exeC:WINDOWSsystem32wscntfy.exeC:WINDOWSsvchost.exeC:Documents and SettingsTomekMoje dokumentyHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.torrenty.org/R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~3Office12GRA8E1~1.DLLO4 - HKLM..Run: [soundMAXPnP] C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exeO4 - HKLM..Run: [soundMAX] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /trayO4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottimeO4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.5.0_05binjusched.exeO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exeO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInitO4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadlibNMBgMonitor.exe"O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeReader 8.0Readerreader_sl.exeO4 - Global Startup: Adobe Reader Synchronizer.lnk = C:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exeO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_05binnpjpi150_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_05binnpjpi150_05.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~3Office12GR99D3~1.DLLO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLLO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLLO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe Link do komentarza Udostępnij na innych stronach More sharing options...