wies.niak Napisano Maj 12, 2007 Zgłoś Share Napisano Maj 12, 2007 z loga wynika, że masz jednego syfka:C:WINDOWSsvchost.exetylko nie pomyl z plikiem w system32. usuwanie killbox'em z opcją delete on reboot.jeśli nie korzystasz z messengera, wyłącz go.wpis zbędny, ale nieszkodliwy:O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe Link do komentarza Udostępnij na innych stronach More sharing options...
Vergil Napisano Maj 12, 2007 Autor Zgłoś Share Napisano Maj 12, 2007 Co formata robilem i co nowego windowsa instalowalem to caly czas mialem to svchost,nawet swiezo po.Nawet po zakupie nowego dysku mialem to,moze to nie jest jakis syf? Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Maj 12, 2007 Zgłoś Share Napisano Maj 12, 2007 to sprawdź sobie na google, ja sprawdziłem.i jak napisałem, taki sam plik jest w system32, ale tam jest poprawny. Link do komentarza Udostępnij na innych stronach More sharing options...
-=MARCIN=- Napisano Maj 18, 2007 Zgłoś Share Napisano Maj 18, 2007 ostatnio mialem " lekkie " problemy z kompem , sciagnolem program [ Golden Wave ?] i jak sie okazalo z trojanem , cofnalem system o jeden dzien i jest cacy , tylko chyba zostaly jakies smieci wiec prosze o sprawdzenie Log-a Logfile of HijackThis v1.99.1Scan saved at 10:57:10 PM, on 5/18/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exeC:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exeC:PROGRA~1McAfeeMSCmcmscsvc.exec:program filescommon filesmcafeemnamcnasvc.exeC:PROGRA~1McAfeeVIRUSS~1mcods.exeC:PROGRA~1McAfeeMSCmcpromgr.exec:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exeC:PROGRA~1McAfeeVIRUSS~1mcshield.exeC:PROGRA~1McAfeeVIRUSS~1mcsysmon.exeC:Program FilesMcAfeeMPFMPFSrv.exeC:Program FilesSiteAdvisor6066SAService.exeC:WINDOWSSystem32snmp.exeC:Program FilesAnalog DevicesSoundMAXSMAgent.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSExplorer.EXEc:PROGRA~1mcafee.comagentmcagent.exeC:WINDOWSvsnpstd.exeC:Program FilesHPHP Software UpdateHPWuSchd2.exeC:Program FilesAnalog DevicesSoundMAXSMax4PNP.exeC:Program FilesAnalog DevicesSoundMAXSmax4.exeC:Program FilesCyberLinkPowerDVDPDVDServ.exeC:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exeC:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exeC:Program FilesATI TechnologiesATI.ACEcli.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesCommon FilesAheadLibNMBgMonitor.exeC:Program FilesSmart PC SolutionsMagic SpeedMagicSpeedBooster.exeC:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exeC:Program FilesATI TechnologiesATI.ACECLI.exeC:WINDOWSsystem32wuauclt.exeC:Program FilesCommon FilesTeleca SharedGeneric.exeC:Program FilesSony EricssonMobile2Mobile Phone Monitorepmworker.exeC:Program FilesMSN Messengerusnsvc.exeC:Documents and SettingsOwnerDesktopYASU.exeC:Program FilesMSN Messengermsnmsgr.exeC:Program FilesSiteAdvisor6066SiteAdv.exeC:Program FilesWinampwinamp.exeC:Program FilesGadu-Gadugg.exeC:Program FilesOperaOpera.exeC:Program FilesMSN Messengerlivecall.exeC:Documents and SettingsOwnerDesktopDesktopHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:Program FilesSiteAdvisor6066SiteAdv.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLLO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:program filesmcafeevirusscanscriptcl.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:Program FilesSiteAdvisor6066SiteAdv.dllO4 - HKLM..Run: [snpstd] C:WINDOWSvsnpstd.exeO4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exeO4 - HKLM..Run: [soundMAXPnP] C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exeO4 - HKLM..Run: [soundMAX] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /trayO4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"O4 - HKLM..Run: [PWRISOVM.EXE] C:Program FilesPowerISOPWRISOVM.EXEO4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exeO4 - HKLM..Run: [sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptionsO4 - HKLM..Run: [LClock] C:Program FilesLClockLClock.exeO4 - HKLM..Run: [Vista Sidebar] C:Program FilesVista Sidebarsidebar.exeO4 - HKLM..Run: [VisualTooltip] C:Program FilesVisualTooltipVisualToolTip.exeO4 - HKLM..Run: [blaero Start Orb] C:Program FilesBlaero Start OrbBlaero Start Orb.exeO4 - HKLM..Run: [styler] C:Program FilesStylerStyler.exeO4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtimeO4 - HKLM..Run: [WireLessKeyboard] C:Program FilesOffice Keyboard DriverStartAutorun.exe PS2USBKbdDrv.exeO4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"O4 - HKCU..Run: [MagicSpeedBooster] C:Program FilesSmart PC SolutionsMagic SpeedMagicSpeedBooster.exeO4 - HKCU..Run: [Yodm3D] C:Documents and SettingsOwnerDesktopYodm3DYodm3D.exeO4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exeO4 - Global Startup: ATI CATALYST System Tray.lnk = C:Program FilesATI TechnologiesATI.ACECLI.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLLO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLLO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLLO18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:Program FilesSiteAdvisor6066SiteAdv.dllO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLLO20 - Winlogon Notify: WB - C:Program FilesAlienGUIsefastload.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dllO23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:Program FilesAreschatServer.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exeO23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exeO23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:program filescommon filesmcafeemnamcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exeO23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exeO23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeeredirsvcredirsvc.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exeO23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exeO23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exeO23 - Service: SiteAdvisor Service - McAfee, Inc. - C:Program FilesSiteAdvisor6066SAService.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Maj 19, 2007 Zgłoś Share Napisano Maj 19, 2007 czysto, tylko jeden mały śmiecik:O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Link do komentarza Udostępnij na innych stronach More sharing options...
Delmaq Napisano Maj 19, 2007 Zgłoś Share Napisano Maj 19, 2007 Czy moglibyście rzucić na to okiem. Nic nie instalowałem ale coś mi się wydaje że nie jest tak jak powinno ;DLogfile of HijackThis v1.99.1Scan saved at 15:13:40, on 2007-05-19Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16441)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:Program FilesNetropaMultimedia Keyboardnhksrv.exeC:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exeC:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXEC:WINDOWSsystem32HPZipm12.exeC:WINDOWSsystem32svchost.exeC:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exeC:Program FilesJavajre1.5.0_11binjusched.exeC:WINDOWSSOUNDMAN.EXEC:Program FilesNetropaMultimedia KeyboardMMKeybd.exeC:Program FilesMagicRotationMagicPvt.exeC:Program FilesCommon FilesInstallShieldUpdateServiceissch.exeC:Program FilesHPHP Software UpdateHPWuSchd2.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesNetropaOnscreen DisplayOSD.exeC:Program FilesOperaOpera.exeC:Documents and SettingsDelmaqPulpithijackthisHijackThis.exeR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:Program FilesFlashGetjccatch.dllO2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:Documents and SettingsDelmaqMoje dokumentygr6proxx2gr.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_11binssv.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:Program FilesFlashGetgetflash.dllO3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:Program FilesFlashGetfgiebar.dllO4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe"O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.5.0_11binjusched.exe"O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM..Run: [MULTIMEDIA KEYBOARD] C:Program FilesNetropaMultimedia KeyboardMMKeybd.exeO4 - HKLM..Run: [MagicRotation] C:Program FilesMagicRotationMagicPvt.exeO4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -startO4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startupO4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exeO4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /backgroundO4 - HKCU..Run: [XPRepairPro2007] C:Program FilesXP Repair Pro 2007XPRepairPro.exe /rO8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:Program FilesFlashGetjc_link.htmO8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:Program FilesFlashGetjc_all.htmO8 - Extra context menu item: Add to Anti-Banner - C:Program FilesKaspersky LabKaspersky Internet Security 6.0ie_banner_deny.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11binssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Internet Security 6.0scieplugin.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLLO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:Program FilesFlashGetFlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:Program FilesFlashGetFlashGet.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO11 - Options group: [INTERNATIONAL] International*O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cabO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLLO20 - AppInit_DLLs: C:PROGRA~1KASPER~2KASPER~1.0adialhk.dllO20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dllO23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:Program FilesAreschatServer.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exeO23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:Program FilesKaspersky LabKaspersky Internet Security 6.0avp.exe" -r (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exeO23 - Service: License Management Service ESD - Unknown owner - C:Program FilesCommon Fileselement5 SharedServiceLicence Manager ESD.exeO23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:Program FilesNetropaMultimedia Keyboardnhksrv.exeO23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Maj 19, 2007 Zgłoś Share Napisano Maj 19, 2007 wygląda czysto. zbędne wpisy.O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) Link do komentarza Udostępnij na innych stronach More sharing options...
Delmaq Napisano Maj 19, 2007 Zgłoś Share Napisano Maj 19, 2007 No dzięki bardzo . Nie ma to jak opinia fachowca. Link do komentarza Udostępnij na innych stronach More sharing options...
-=MARCIN=- Napisano Maj 19, 2007 Zgłoś Share Napisano Maj 19, 2007 sie dolaczam do posta Delmaq'a Link do komentarza Udostępnij na innych stronach More sharing options...
Vergil Napisano Maj 21, 2007 Autor Zgłoś Share Napisano Maj 21, 2007 No ja tez sie dołączam do poprzednich postów. Link do komentarza Udostępnij na innych stronach More sharing options...
F@mas Napisano Maj 28, 2007 Zgłoś Share Napisano Maj 28, 2007 Ale mi sie syf w kompie zrobił. Pewnego dnia ni z tego ni z owego mój avast stwierdził że mam od cholery i ciut trojanów na dysku. No i niby je usuwa, ale jakoś tak opornie mu to idzie, bo cały czas wykrywa nowe (w ogóle cały system strasznie sie ślimaczy). Co wywalić albo jaki jeszcze program ściągnąć do przeczyszczenia?Logfile of HijackThis v1.99.1Scan saved at 13:12:04, on 2003-05-28Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32LEXBCES.EXEC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32LEXPPS.EXEC:WINDOWSSystem32RUNDLL32.EXEC:Program FilesJavajre1.5.0_06binjusched.exeC:Program FilesLexmark X74-X75lxbbbmgr.exeC:WINDOWSabc5026def.exeC:Program FilesLexmark X74-X75lxbbbmon.exeC:windowssystem32driversuzcx.exeC:WINDOWSSystem32ctfmon.exeC:Program FilesMessengermsmsgs.exeC:Program FilesErrorSafe Freeuers.exeC:PROGRA~1MOZILL~1FIREFOX.EXEC:WINDOWSSystem32nvsvc32.exeC:WINDOWSSystem32svchost.exeC:Program FilesAlwil SoftwareAvast4ashWebSv.exeC:Program FilesInternet Exploreriexplore.exeC:WINDOWSbtn5026v7.exeC:WINDOWSSystem32ipmon.exeC:WINDOWSSystem32ipmon.exeC:WINDOWSsmanager.7.exeC:Documents and SettingsMarcelload.exeC:Program FilesDriveCleaner FreeUDC6cw.exeC:Program FilesCommon FilesDriveCleaner Freeudcsdr.exeC:Program FilesCommon FilesDriveCleaner Freeudcpas.exeC:Program FilesDriveCleaner FreeUDC.exeC:WINDOWSSystem32rundll32.exeC:DOCUME~1MarcelUSTAWI~1Tempserverserver.exeC:WINDOWSavp.exeC:Program FilesGadu-Gadugg.exeC:Documents and SettingsMarcelPulpitHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.sportowefakty.pl/R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSsystem32msdxm.ocxO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exeO4 - HKLM..Run: [services] C:WINDOWSSystem32xasj.exeO4 - HKLM..Run: [Lexmark X74-X75] "C:Program FilesLexmark X74-X75lxbbbmgr.exe"O4 - HKLM..Run: [Windows Logon Application] C:WINDOWSSystem32winIogon.exeO4 - HKLM..Run: [Advanced DHTML Enable] C:WINDOWSSystem32wglv.exeO4 - HKLM..Run: [ipmon] ipmon.exeO4 - HKLM..Run: [AutoSys] C:WINDOWSSystem32autosys.exeO4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exeO4 - HKLM..Run: [avp] C:WINDOWSavp.exeO4 - HKLM..Run: [system] C:WINDOWSSystem32kernels32.exeO4 - HKLM..Run: [sManager] smanager.7.exeO4 - HKLM..Run: [iut75] c:windowssystem32driversuzcx.exeO4 - HKLM..Run: [setup] rundll32.exe "C:WINDOWSSystem32ecxexvbr.dll",realsetO4 - HKLM..Run: [was_check] C:Program FilesErrorSafe FreeWASmon.exeO4 - HKLM..Run: [uerscw] C:Program FilesErrorSafe Freeuerscw.exe -cO4 - HKLM..Run: [userFaultCheck] %systemroot%system32dumprep 0 -uO4 - HKLM..Run: [statemdd] autcwykq.exeO4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -kO4 - HKLM..Run: [WindowsHive] C:WINDOWSSystem32rpcc.exeO4 - HKLM..Run: [smgr] smgr.exeO4 - HKLM..Run: [Neospace Internet Security] "C:Program FilesNeospace Internet Securityisec30.exe"O4 - HKLM..Run: [DriveCleaner Free] "C:Program FilesDriveCleaner FreeUDC.exe" /minO4 - HKLM..Run: [sDR6_Check] "C:Program FilesCommon FilesDriveCleaner Freeudcsdr.exe"O4 - HKLM..Run: [PAS_Check] "C:Program FilesCommon FilesDriveCleaner Freeudcpas.exe"O4 - HKLM..Run: [uDC6cw] "C:Program FilesDriveCleaner FreeUDC6cw.exe" -cO4 - HKLM..Run: [!ewido] "C:Program Filesewido anti-spyware 4.0ewido.exe" /minimizedO4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exeO4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /backgroundO4 - HKCU..Run: [Windows update loader] C:Windowsxpupdate.exeO4 - HKCU..Run: [ErrorSafeFree] C:Program FilesErrorSafe Freeuers.exe /scanO4 - HKCU..Run: [ErrorSafeGratis] "C:Program FilesErrorSafe Freeuers.exe" /minO4 - HKCU..Run: [statemdd] autcwykq.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dllO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htmO10 - Broken Internet access because of LSP provider 'rsvp322.dll' missingO16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cabO16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocxO20 - AppInit_DLLs: c:windowssystem32ldcore.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: MS Internet Countermeasures Framework (ICF) - Unknown owner - C:WINDOWSSystem32svchost.exe:exe.exe (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Maj 28, 2007 Zgłoś Share Napisano Maj 28, 2007 do wywalenia:C:WINDOWSabc5026def.exeC:windowssystem32driversuzcx.exeC:Program FilesErrorSafe Freeuers.exeC:WINDOWSbtn5026v7.exeC:WINDOWSSystem32ipmon.exeC:WINDOWSsmanager.7.exeC:Documents and SettingsMarcelload.exe <- jeśli znasz, to zostawC:Program FilesDriveCleaner FreeUDC6cw.exe <- cały katalog drrivercleaner ma zniknąćC:Program FilesCommon FilesDriveCleaner Freeudcsdr.exe <- j/wC:Program FilesCommon FilesDriveCleaner Freeudcpas.exe C:Program FilesDriveCleaner FreeUDC.exeC:DOCUME~1MarcelUSTAWI~1Tempserverserver.exewpisy do zafiksowania: O4 - HKLM..Run: [services] C:WINDOWSSystem32xasj.exeO4 - HKLM..Run: [Windows Logon Application] C:WINDOWSSystem32winIogon.exe O4 - HKLM..Run: [Advanced DHTML Enable] C:WINDOWSSystem32wglv.exeO4 - HKLM..Run: [ipmon] ipmon.exeO4 - HKLM..Run: [AutoSys] C:WINDOWSSystem32autosys.exe O4 - HKLM..Run: [system] C:WINDOWSSystem32kernels32.exeO4 - HKLM..Run: [sManager] smanager.7.exeO4 - HKLM..Run: [iut75] c:windowssystem32driversuzcx.exeO4 - HKLM..Run: [setup] rundll32.exe "C:WINDOWSSystem32ecxexvbr.dll",realsetO4 - HKLM..Run: [was_check] C:Program FilesErrorSafe FreeWASmon.exe O4 - HKLM..Run: [uerscw] C:Program FilesErrorSafe Freeuerscw.exe -cO4 - HKLM..Run: [statemdd] autcwykq.exeO4 - HKLM..Run: [WindowsHive] C:WINDOWSSystem32rpcc.exeO4 - HKLM..Run: [smgr] smgr.exeO4 - HKLM..Run: [DriveCleaner Free] "C:Program FilesDriveCleaner FreeUDC.exe" /min O4 - HKLM..Run: [sDR6_Check] "C:Program FilesCommon FilesDriveCleaner Freeudcsdr.exe" O4 - HKLM..Run: [PAS_Check] "C:Program FilesCommon FilesDriveCleaner Freeudcpas.exe" O4 - HKLM..Run: [uDC6cw] "C:Program FilesDriveCleaner FreeUDC6cw.exe" -cO4 - HKCU..Run: [Windows update loader] C:Windowsxpupdate.exe O4 - HKCU..Run: [ErrorSafeFree] C:Program FilesErrorSafe Freeuers.exe /scan O4 - HKCU..Run: [ErrorSafeGratis] "C:Program FilesErrorSafe Freeuers.exe" /min O4 - HKCU..Run: [statemdd] autcwykq.exeO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm O10 - Broken Internet access because of LSP provider 'rsvp322.dll' missingO20 - AppInit_DLLs: c:windowssystem32ldcore.dllO23 - Service: MS Internet Countermeasures Framework (ICF) - Unknown owner - C:WINDOWSSystem32svchost.exe:exe.exe (file missing)poza plikami z "pierwszej części", wywal też wszystkie pliki wymienione we wpisach do zafiksowania. użyj do tego programu killbox - wrzuć do niego najpierw wszystkie pliki bez kasowania ich, zaznacz opcję delete on reboot i dopiero skasuj. zaliczysz reset i po resecie powinno być czysto. wtedy odpal hjt i wywal wszystkie wpisy. na czas całego oczyszczania odłącz net, najlepiej fizycznie kabelek wyciagnij.po czyszczeniu log do kontroli. Link do komentarza Udostępnij na innych stronach More sharing options...
POLIPOLIK Napisano Maj 31, 2007 Zgłoś Share Napisano Maj 31, 2007 Dzień dobry. Wrzucam loga, gdyż coś mi się nie podoba w sposobie działania mojego systemu. A że ostatnio działa on coraz bardziej topornie, a ja jestem n00b, liczę na fachową pomoc z Waszej strony. Dziękuję z góry. ;]Logfile of HijackThis v1.99.1Scan saved at 22:12:50, on 2165-05-31Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesAheadInCDInCDsrv.exeC:Program FilesTGTSoftStyleXPStyleXPService.exeC:WINDOWSsystem32spoolsv.exeC:Program FilesAntiVir PersonalEdition Classicsched.exeC:Program FilesAntiVir PersonalEdition Classicavguard.exeC:Program Filesewido anti-malwareewidoctrl.exeC:Program FilesCommon FilesLightScribeLSSrvc.exeC:WINDOWSsystem32nvsvc32.exeC:WINDOWSsystem32WgaTray.exeC:WINDOWSExplorer.EXEC:WINDOWSMixer.exeC:WINDOWSsystem32spooldriversw32x863hpztsb04.exeC:Program FilesQuickTimeqttask.exeC:Program FilesAntiVir PersonalEdition Classicavgnt.exeC:Program FilesHPHP Software UpdateHPWuSchd2.exeC:Program FilesHPhpcoretechhpcmpmgr.exeC:Program FilesJavajre1.5.0_10binjusched.exeD:Program FilesWinampwinampa.exeC:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exeC:Program FilesAheadInCDInCD.exeC:Program FilesCommon FilesInstallShieldUpdateServiceissch.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesMessengermsmsgs.exeC:Program FilesLClocklclock.exeD:Program FilesGadu-Gadugg.exeC:WINDOWSsystem32RaConfig.exeC:WINDOWSBricoPacksVista InspiratObjectDockObjectDock.exeC:WINDOWSsystem32wuauclt.exed:Program FilesWinampwinamp.exeC:Program FilesJavajre1.5.0_10binjucheck.exeC:Program FilesMozilla Firefoxfirefox.exeC:Program FilesmIRCmirc.exeC:Documents and SettingsArnoldPulpitHijackThis.exeR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.phpR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://start.icq.com/R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:PROGRA~1ICQTOO~1toolbaru.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocxO2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:Program FilesDesktop Sidebarsbhelp.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_10binssv.dllO2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:Program FilesTGTSoftStyleXPTGT_BHO.dllO2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:Program FilesBitGrabberTorrentManager.dll (file missing)O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:Program FilesBitComet Toolbarv2.0.0.4BitComet_Toolbar.dllO3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:PROGRA~1ICQTOO~1toolbaru.dllO4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb04.exeO4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exeO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottimeO4 - HKLM..Run: [avgnt] "C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /minO4 - HKLM..Run: [HP Software Update] "C:Program FilesHPHP Software UpdateHPWuSchd2.exe"O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.5.0_10binjusched.exe"O4 - HKLM..Run: [WinampAgent] d:Program FilesWinampwinampa.exeO4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe"O4 - HKLM..Run: [InCD] C:Program FilesAheadInCDInCD.exeO4 - HKLM..Run: [googletalk] C:Program FilesGoogleGoogle Talkgoogletalk.exe /autostartO4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startupO4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -startO4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /backgroundO4 - HKCU..Run: [Ttab] "C:Program Filesshchebdc.exe" -vt yazrO4 - HKCU..Run: [STYLEXP] C:Program FilesTGTSoftStyleXPStyleXP.exe -HideO4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimizedO4 - HKCU..Run: [LClock] C:Program FilesLClocklclock.exeO4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /trayO4 - Startup: desktop(2)(2).iniO4 - Startup: desktop(2).iniO4 - Startup: desktop(3).iniO4 - Startup: Stardock ObjectDock.lnk = C:WINDOWSBricoPacksVista InspiratObjectDockObjectDock.exeO4 - Global Startup: desktop(2)(2).iniO4 - Global Startup: desktop(2).iniO4 - Global Startup: desktop(3).iniO4 - Global Startup: RaConfig.lnk = C:WINDOWSsystem32RaConfig.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dllO9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:Program FilesDesktop Sidebarsbhelp.dllO9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:Program FilesDesktop Sidebarsbhelp.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLLO9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:Program FilesICQ6ICQ.exeO9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:Program FilesICQ6ICQ.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLLO20 - Winlogon Notify: CSCSettings - C:WINDOWSO20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dllO23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicsched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicavguard.exeO23 - Service: ewido security suite control - ewido networks - C:Program Filesewido anti-malwareewidoctrl.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exeO23 - Service: InCD Helper (InCDsrv) - Nero AG - C:Program FilesAheadInCDInCDsrv.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exeO23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware Doctorsvcntaux.exeO23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:Program FilesSpyware Doctorswdsvc.exeO23 - Service: StyleXPService - Unknown owner - C:Program FilesTGTSoftStyleXPStyleXPService.exePozdrawiam! Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Maj 31, 2007 Zgłoś Share Napisano Maj 31, 2007 Do usunięcia:O4 - HKCU..Run: [Ttab] "C:Program Filesshchebdc.exe" -vt yazr <- cały ten katalog usuńO4 - Startup: desktop(2)(2).ini <- może to być związane z tymi modyfikacjami systemu, których używasz, ale raczej bym się tego pozbyłO4 - Startup: desktop(2).ini O4 - Startup: desktop(3).ini O4 - Global Startup: desktop(2)(2).ini O4 - Global Startup: desktop(2).ini O4 - Global Startup: desktop(3).iniCzyli poza tym pierwszym (i pozostałymi, co do których mam wątpliwości), masz czysto. Jedynie masz dość dużo oprogramowania, może warto coś przyciąć w autostarcie?Ewentualnie wrzuć log z comboscan, w nim znacznie więcej widać. Link do komentarza Udostępnij na innych stronach More sharing options...
cygan Napisano Czerwiec 1, 2007 Zgłoś Share Napisano Czerwiec 1, 2007 Witam!Mam prośbę czy mógłby ktoś rzucić okiem na log.....i mam pytanie co to jest System Volume Information, ponieważ Avast! cały czas pokazuje w raporcie te pliki a usunąć ich nie idzie???z gory dziiękii:Logfile of HijackThis v1.99.1Scan saved at 17:02:24, on 2007-06-01Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32spoolsv.exeC:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exeC:PROGRA~1ALWILS~1Avast4ashDisp.exeC:Program FilesJavajre1.6.0_01binjusched.exeC:Program FilesThomsonSpeedTouch USBDragdiag.exeC:WINDOWSsystem32RUNDLL32.EXEC:WINDOWSsystem32nvsvc32.exeC:Program FilesAlwil SoftwareAvast4ashMaiSv.exeC:Program FilesAlwil SoftwareAvast4ashWebSv.exeC:WINDOWSsystem32wscntfy.exeC:Program FilesGadu-Gadugg.exeC:Program FilesWinampwinamp.exeC:Program FilesMozilla Firefoxfirefox.exeC:DOCUME~1szefunioUSTAWI~1TempRar$EX00.093HijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dllO4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe"O4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /iconO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInitO4 - HKCU..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLLO17 - HKLMSystemCCSServicesTcpip..{AD63D84B-D30A-4683-9A31-FE2A7EE73FA9}: NameServer = 213.241.79.37 83.238.255.76O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Czerwiec 1, 2007 Zgłoś Share Napisano Czerwiec 1, 2007 Log jest czysty. System Volume Information to katalog, w którym przechowywane są punkty przywracania systemu. Link do komentarza Udostępnij na innych stronach More sharing options...
F@mas Napisano Czerwiec 2, 2007 Zgłoś Share Napisano Czerwiec 2, 2007 nowy log:Logfile of HijackThis v1.99.1Scan saved at 16:17:54, on 2007-06-03Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:WINDOWSSystem32RUNDLL32.EXEC:Program FilesAOLActive Virus Shieldavp.exeC:WINDOWSSystem32CTHELPER.EXEC:WINDOWSSystem32ctfmon.exeC:Program FilesAOLActive Virus Shieldavp.exeC:Documents and SettingsMarcelPulpitHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocxO2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:Program FilesAOL Security ToolbarAOL_security_toolbar.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocxO3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:Program FilesAOL Security ToolbarAOL_security_toolbar.dllO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..Run: [aol] "C:Program FilesAOLActive Virus Shieldavp.exe"O4 - HKLM..Run: [CTHelper] CTHELPER.EXEO4 - HKLM..Run: [updReg] C:WINDOWSUpdReg.EXEO4 - HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBLivePROGRAMADGJDet.exe"O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exeO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htmO12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dllO20 - Winlogon Notify: klogon - C:WINDOWSSystem32klogon.dllO23 - Service: Active Virus Shield (AVP) - AOL - C:Program FilesAOLActive Virus Shieldavp.exeO23 - Service: Creative Service for CDROM Access - Unknown owner - C:WINDOWSSystem32CTsvcCDA.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:WINDOWSSystem32nvsvc32.exe (file missing)O23 - Service: WMDM PMSP Service - Unknown owner - C:WINDOWSSystem32MsPMSPSv.exe (file missing) Link do komentarza Udostępnij na innych stronach More sharing options...
Kamil Walas Napisano Czerwiec 2, 2007 Zgłoś Share Napisano Czerwiec 2, 2007 Dopiero ucze się sprawdzać logi ale coś mi się nie podoba w moim .Oto i on:Logfile of HijackThis v1.99.1Scan saved at 17:43:12, on 2007-06-02Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:windowsSystem32smss.exeC:windowssystem32winlogon.exeC:windowssystem32services.exeC:windowssystem32lsass.exeC:windowssystem32svchost.exeC:windowsSystem32svchost.exeC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:windowsExplorer.EXEC:windowssystem32spoolsv.exeC:Program FilesVIARAIDraid_tool.exeC:windowsSOUNDMAN.EXEC:Program FilesWinampwinampa.exeC:Program FilesJavajre1.6.0_01binjusched.exeC:PROGRA~1SonySONICS~1SsAAD.exeC:PROGRA~1ALWILS~1Avast4ashDisp.exeC:Program FilesDAEMON Toolsdaemon.exeC:windowssystem32ctfmon.exeC:Program FilesCommon FilesAheadLibNMBgMonitor.exec:progra~1intern~1iexplore.exeC:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exeC:windowssystem32ircomm2k.exeC:windowssystem32svchost.exeC:Program FilesAlwil SoftwareAvast4ashMaiSv.exeC:Program FilesAlwil SoftwareAvast4ashWebSv.exeC:Program FilesGadu-Gadugg.exeC:windowssystem32wuauclt.exeC:Program FilesOperaOpera.exeC:Documents and SettingsKamilPulpitHijackThis.exeR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssbR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.bearshare.com/sidebar.html?src=ssbR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.bearshare.com/sidebar.html?src=ssbR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssbR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaR3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComettoolsBitCometBHO.dllO2 - BHO: (no name) - {711B571A-7547-4918-AA58-C48AC791C4F1} - C:WINDOWSsystem32khfghgd.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dllO2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:Program FilesTorrent101TorrentManager.dllO2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:PROGRA~1BEARSH~1BEARSH~2MediaBar.dllO3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:Program FilesBearShare applicationsBearShare MediaBarMediaBar.dllO4 - HKLM..Run: [RaidTool] C:Program FilesVIARAIDraid_tool.exeO4 - HKLM..Run: [soundMan] SOUNDMAN.EXEO4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exeO4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesAheadLibNeroCheck.exeO4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe"O4 - HKLM..Run: [ssAAD.exe] C:PROGRA~1SonySONICS~1SsAAD.exeO4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033O4 - HKCU..Run: [CTFMON.EXE] C:windowssystem32ctfmon.exeO4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"O4 - HKCU..Run: [Vcbat] C:DOCUME~1KamilDANEAP~1FILESH~1dead does.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exeO8 - Extra context menu item: Download all links using BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htmO8 - Extra context menu item: Download all videos using BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htmO8 - Extra context menu item: Download link using &BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O20 - Winlogon Notify: khfghgd - C:windowsSYSTEM32khfghgd.dllO20 - Winlogon Notify: winmfu32 - C:windowsSYSTEM32winmfu32.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exeO23 - Service: Virtual IR COM Port, Service Program (IrCOMM2kSvc) - Jan Kiszka - C:windowssystem32ircomm2k.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exeO23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exeO23 - Service: PACSPTISVR - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Czerwiec 2, 2007 Zgłoś Share Napisano Czerwiec 2, 2007 F@mas -> Czy od ostatniego włączenia komputera (lub restartu) instalowałeś jakiś program? Jeśli tak, to zrób reboot i daj nowy log (najlepiej edytuj ten stary i daj mi znać przez pw, gdybym nie zauważył).Kamil Walas -> Wywal bearshare i wszystko, co z nim związane.Później, jeśli jeszcze coś w logu hijack this zostanie, to wywalaj. Poniżej masz wpisy, ale jeśli są ścieżki do plików, to też usuń pliki. Jeśli jakiś plik stanowi problem, użyj programu killbox.R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/ R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssbR3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)O2 - BHO: (no name) - {711B571A-7547-4918-AA58-C48AC791C4F1} - C:WINDOWSsystem32khfghgd.dll <- Usuń też plikO2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:PROGRA~1BEARSH~1BEARSH~2MediaBar.dllO3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:Program FilesBearShare applicationsBearShare MediaBarMediaBar.dllO4 - HKCU..Run: [Vcbat] C:DOCUME~1KamilDANEAP~1FILESH~1dead does.exe <- Nie znam, na google nie maO20 - Winlogon Notify: khfghgd - C:windowsSYSTEM32khfghgd.dllO20 - Winlogon Notify: winmfu32 - C:windowsSYSTEM32winmfu32.dll Link do komentarza Udostępnij na innych stronach More sharing options...
Gość Paulie Napisano Czerwiec 2, 2007 Zgłoś Share Napisano Czerwiec 2, 2007 Log z hijack this:Logfile of HijackThis v1.99.1Scan saved at 22:28:23, on 2007-06-01Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007pavsrv51.exeC:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007AVENGINE.EXEC:WINDOWSsystem32svchost.exeC:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007TPSrv.exec:program filespanda softwarepanda antivirus + firewall 2007firewallPNMSRV.EXEC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32CTsvcCDA.exeC:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exeC:WINDOWSSystem32nvsvc32.exeC:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007PavFnSvr.exeC:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exeC:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007PsImSvc.exeC:Program FilesAnalog DevicesSoundMAXSMAgent.exeC:WINDOWSSystem32svchost.exeC:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007APVXDWIN.EXEC:Program FilesJavajre1.6.0_01binjusched.exeC:Program FilesXfirexfiremusic.exeC:Program FilesCyberLinkPowerDVDPDVDServ.exeC:Program FilesGadu-Gadugg.exeC:WINDOWSsystem32ctfmon.exeC:program filessteamsteam.exec:program filespanda softwarepanda antivirus + firewall 2007WebProxy.exeC:Program FilesLast.fmLastFM.exeD:YzdockYzDock.exeC:modysikacjeYzToolbarYzToolBar.exeC:WINDOWSSystem32svchost.exeC:Program FilesXfirexfire.exeC:Program Filesfoobar2000foobar2000.exeC:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007AvTask.exeC:Program FilesMozilla Firefoxfirefox.exeC:Program FilesHijackThisHijackThis.exeC:WINDOWSsystem32wscntfy.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dllO3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:Program FilesStylerTBStylerTB.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLLO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dllO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007APVXDWIN.EXE" /sO4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe"O4 - HKLM..Run: [Xfire Music] "C:Program FilesXfirexfiremusic.exe"O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033O4 - HKLM..Run: [CloneCDTray] "C:Program FilesSlySoftCloneCDCloneCDTray.exe" /sO4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInitO4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /trayO4 - HKCU..Run: [AQQ] C:PROGRA~1WapsterAQQAQQ.exeO4 - HKCU..Run: [Taskbar Hide] C:PROGRA~1TASKBA~1TaskBar.exe -StartO4 - HKCU..Run: [CTSyncU.exe] "C:Program FilesCreativeSync Manager UnicodeCTSyncU.exe"O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [Steam] "c:program filessteamsteam.exe" -silentO4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exeO4 - Startup: Last.fm (2).lnk = C:Program FilesLast.fmLastFM.exeO4 - Startup: Skrót do YzDock.lnk = D:YzdockYzDock.exeO4 - Startup: Skrót do YzToolBar.lnk = C:modysikacjeYzToolbarYzToolBar.exeO4 - Startup: Xfire.lnk = C:Program FilesXfirexfire.exeO4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXEO4 - Global Startup: Scanner Finder.lnk = C:Program FilesScanWizard 5ScannerFinder.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binnpjpi160_01.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binnpjpi160_01.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO20 - Winlogon Notify: avldr - C:WINDOWSSYSTEM32avldr.dllO23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exeO23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007PavFnSvr.exeO23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exeO23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007pavsrv51.exeO23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:program filespanda softwarepanda antivirus + firewall 2007firewallPNMSRV.EXEO23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007PsImSvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exeO23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007TPSrv.exeCzysto .[wies.niak] Link do komentarza Udostępnij na innych stronach More sharing options...
mord00k Napisano Czerwiec 18, 2007 Zgłoś Share Napisano Czerwiec 18, 2007 Logfile of HijackThis v1.99.1Scan saved at 14:05:14, on 2007-06-18Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:WINDOWSsystem32spoolsv.exeC:Program FilescFosSpeedspd.exeC:WINDOWSsystem32nvsvc32.exeC:Program FilesAlwil SoftwareAvast4ashMaiSv.exeC:Program FilesAlwil SoftwareAvast4ashWebSv.exeC:WINDOWSSystem32svchost.exeC:PROGRA~1COMMON~1StardockSDMCP.exeC:WINDOWSExplorer.EXEC:Program FilesPicasa2PicasaMediaDetector.exeC:Program FilescFosSpeedcFosSpeed.exeC:PROGRA~1ALWILS~1Avast4ashDisp.exeC:WINDOWSsystem32RUNDLL32.EXEC:PROGRA~1MYWEBS~1bar1.binmwsoemon.exeC:Program FilesGadu-Gadugg.exeC:Program FilesMessengermsmsgs.exeC:Program FilesDAEMON Toolsdaemon.exeC:WINDOWSsystem32svchost.exeC:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exeC:Program FilesSAGEM WiFi managerWLANUTL.exeC:Program FilesOpenOffice.org 2.0programsoffice.exeC:Program FilesOpenOffice.org 2.0programsoffice.BINC:Program FilesNetPanelNetPanel.exeC:WINDOWSsystem32wuauclt.exeC:PROGRA~1Mozilla Firefoxfirefox.exeC:Program FilesAlwil SoftwareAvast4ashSimpl.exeC:DOCUME~1mord00kUSTAWI~1TempKatalog tymczasowy 1 dla hijackthis.zipHijackThis.exeR1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.neostrada.pl/R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 200.238.102.170:8080R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLLO2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:Program FilesSiber SystemsAI RoboFormroboform.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_10binssv.dllO2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:Program FilesNetPanelIEHelper.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLLO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:Program FilesSiber SystemsAI RoboFormroboform.dllO4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exeO4 - HKLM..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exeO4 - HKLM..Run: [NetPanel] "C:Program FilesNetPanelStarter.exe" /path="C:Program FilesNetPanel"O4 - HKLM..Run: [cFosSpeed] C:Program FilescFosSpeedcFosSpeed.exeO4 - HKLM..Run: [LClock] C:Program FilesLClockLClock.exeO4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..RunOnce: [MyWebSearch bar Uninstall] rundll32 C:PROGRA~1UNINST~1.DLL,O -2O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /trayO4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /backgroundO4 - HKCU..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033O4 - HKCU..Run: [PeerGuardian] C:Program FilesPeerGuardian2pg2.exeO4 - HKCU..Run: [Expressivo] "C:Program FilesivoExpressivo Demoexpressivo.exe" -tO4 - HKCU..Run: [Aim6] "C:Program FilesAIM6aim6.exe" /d locale=en-US ee://aol/imAppO4 - HKCU..Run: [PSwitch] C:Program FilesProxy Switcher StandardProxySwitcher.exeO4 - HKCU..Run: [VS Online] "C:Program FilesVS OnlineVSOnline.exe" /trayO4 - HKCU..Run: [RoboForm] "C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe"O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exeO4 - Startup: OpenOffice.org 2.0.lnk = C:Program FilesOpenOffice.org 2.0programquickstart.exeO4 - Startup: Stardock ObjectDock.lnk = C:Program FilesStardockObjectDockObjectDock.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeReader 8.0Readerreader_sl.exeO4 - Global Startup: Adobe Reader Synchronizer.lnk = C:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exeO4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?O8 - Extra context menu item: Pasek Narzędzi RoboForm - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.htmlO8 - Extra context menu item: Personalizuj Menu - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComCustomizeIEMenu.htmlO8 - Extra context menu item: Wypełnij Pola - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.htmlO8 - Extra context menu item: Zapisz Pola - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dllO9 - Extra button: Wypełnij pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.htmlO9 - Extra 'Tools' menuitem: Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.htmlO9 - Extra button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.htmlO9 - Extra 'Tools' menuitem: Zapisz Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.htmlO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: Pasek Narzędzi RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.htmlO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://megapanel.gem.pl/WebInstaller.dllO20 - Winlogon Notify: MCPClient - C:PROGRA~1COMMON~1Stardockmcpstub.dllO23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:Program FilescFosSpeedspd.exe" -service (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exeproszę o pomoc ;] Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Czerwiec 18, 2007 Zgłoś Share Napisano Czerwiec 18, 2007 Jeśli coś stawia opór, użyj programu killbox z zaznaczoną opcją delete on reboot.Usuń:C:PROGRA~1MYWEBS~1bar1.binmwsoemon.exe < cały katalog mywebs~1 (mywebsearch pewnie) ma zniknąćO4 - HKLM..RunOnce: [MyWebSearch bar Uninstall] rundll32 C:PROGRA~1UNINST~1.DLL,O -2 Link do komentarza Udostępnij na innych stronach More sharing options...
mord00k Napisano Czerwiec 18, 2007 Zgłoś Share Napisano Czerwiec 18, 2007 Wywaliłem po prostu cały mywebsearch przez uninstalkę... styka? Bo już nie mam tych wskazanych przez Ciebie w logu ;]DziękiLogfile of HijackThis v1.99.1Scan saved at 20:36:13, on 2007-06-18Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:WINDOWSsystem32spoolsv.exeC:Program FilescFosSpeedspd.exeC:WINDOWSsystem32nvsvc32.exeC:PROGRA~1COMMON~1StardockSDMCP.exeC:Program FilesAlwil SoftwareAvast4ashMaiSv.exeC:Program FilesAlwil SoftwareAvast4ashWebSv.exeC:WINDOWSExplorer.EXEC:WINDOWSSystem32svchost.exeC:Program FilesPicasa2PicasaMediaDetector.exeC:WINDOWSsystem32svchost.exeC:Program FilescFosSpeedcFosSpeed.exeC:PROGRA~1ALWILS~1Avast4ashDisp.exeC:WINDOWSsystem32RUNDLL32.EXEC:Program FilesGadu-Gadugg.exeC:Program FilesMessengermsmsgs.exeC:Program FilesDAEMON Toolsdaemon.exeC:Program FilesNetPanelNetPanel.exeC:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exeC:Program FilesSAGEM WiFi managerWLANUTL.exeC:Program FilesOpenOffice.org 2.0programsoffice.exeC:Program FilesOpenOffice.org 2.0programsoffice.BINC:WINDOWSsystem32wuauclt.exeC:PROGRA~1Mozilla Firefoxfirefox.exeC:DOCUME~1mord00kUSTAWI~1TempKatalog tymczasowy 3 dla hijackthis.zipHijackThis.exeR1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.neostrada.pl/R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 200.238.102.170:8080R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLLO2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:Program FilesSiber SystemsAI RoboFormroboform.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_10binssv.dllO2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:Program FilesNetPanelIEHelper.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:PROGRA~1MEGAUP~1MEGAUP~1.DLLO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:Program FilesSiber SystemsAI RoboFormroboform.dllO4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exeO4 - HKLM..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exeO4 - HKLM..Run: [NetPanel] "C:Program FilesNetPanelStarter.exe" /path="C:Program FilesNetPanel"O4 - HKLM..Run: [cFosSpeed] C:Program FilescFosSpeedcFosSpeed.exeO4 - HKLM..Run: [LClock] C:Program FilesLClockLClock.exeO4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInitO4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /trayO4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /backgroundO4 - HKCU..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033O4 - HKCU..Run: [PeerGuardian] C:Program FilesPeerGuardian2pg2.exeO4 - HKCU..Run: [Expressivo] "C:Program FilesivoExpressivo Demoexpressivo.exe" -tO4 - HKCU..Run: [Aim6] "C:Program FilesAIM6aim6.exe" /d locale=en-US ee://aol/imAppO4 - HKCU..Run: [PSwitch] C:Program FilesProxy Switcher StandardProxySwitcher.exeO4 - HKCU..Run: [VS Online] "C:Program FilesVS OnlineVSOnline.exe" /trayO4 - HKCU..Run: [RoboForm] "C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe"O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exeO4 - Startup: OpenOffice.org 2.0.lnk = C:Program FilesOpenOffice.org 2.0programquickstart.exeO4 - Startup: Stardock ObjectDock.lnk = C:Program FilesStardockObjectDockObjectDock.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeReader 8.0Readerreader_sl.exeO4 - Global Startup: Adobe Reader Synchronizer.lnk = C:Program FilesAdobeReader 8.0ReaderAdobeCollabSync.exeO4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?O8 - Extra context menu item: Pasek Narzędzi RoboForm - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.htmlO8 - Extra context menu item: Personalizuj Menu - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComCustomizeIEMenu.htmlO8 - Extra context menu item: Wypełnij Pola - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.htmlO8 - Extra context menu item: Zapisz Pola - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dllO9 - Extra button: Wypełnij pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.htmlO9 - Extra 'Tools' menuitem: Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.htmlO9 - Extra button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.htmlO9 - Extra 'Tools' menuitem: Zapisz Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.htmlO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: Pasek Narzędzi RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.htmlO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://megapanel.gem.pl/WebInstaller.dllO20 - Winlogon Notify: MCPClient - C:PROGRA~1COMMON~1Stardockmcpstub.dllO23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:Program FilescFosSpeedspd.exe" -service (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe Link do komentarza Udostępnij na innych stronach More sharing options...
M@TH3V Napisano Czerwiec 23, 2007 Zgłoś Share Napisano Czerwiec 23, 2007 Dzisiaj przed momentem pierwszy raz użyłem Hijack-a, musze przyznac że zabardzo nie wiem co by stąd usunąć:MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32csrss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32svchost.exeC:WINDOWSsystem32svchost.exeD:Program FilesAlwil SoftwareAvast4aswUpdSv.exeD:Program FilesAlwil SoftwareAvast4ashServ.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32RunDLL32.exeD:Program FilesSpyware DoctorSDTrayApp.exeC:Program FilesCommon FilesLightScribeLSSrvc.exeC:Program FilesCommon FilesOnet.plAutoUpdate.exeC:Program FilesJavajre1.6.0_01binjusched.exeC:WINDOWSsystem32nvsvc32.exeD:PROGRA~1ALWILS~1Avast4ashDisp.exeD:Program FilesSpyware Doctorsvcntaux.exeC:WINDOWSCTHELPER.EXEC:WINDOWSsystem32ctfmon.exeD:Program FilesGadu-Gadugg.exeD:Program FilesSpyware Doctorswdsvc.exeC:Program FilesMozilla Firefoxfirefox.exeD:Program FilesTSWCSysSrvc.exeD:Program FilesAlwil SoftwareAvast4ashMaiSv.exeD:Program FilesAlwil SoftwareAvast4ashWebSv.exeC:WINDOWSSystem32alg.exeC:WINDOWSsystem32wuauclt.exeC:Program FilesWindows Media Playerwmplayer.exeC:DOCUME~1M@TH3VUSTAWI~1TempRar$EX00.797HijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://google.bearshare.com/pl/R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dllO2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dllO3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLLO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInitO4 - HKLM..Run: [sDTray] "D:Program FilesSpyware DoctorSDTrayApp.exe"O4 - HKLM..Run: [Onet.pl AutoUpdate] C:Program FilesCommon FilesOnet.plAutoUpdate.exe /tsrO4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe"O4 - HKLM..Run: [avast!] D:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [LogonStudio] "D:Program FilesWinCustomizeLogonStudiologonstudio.exe" /RANDOMO4 - HKLM..Run: [CTHelper] CTHELPER.EXEO4 - HKLM..Run: [CTxfiHlp] CTXFIHLP.EXEO4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /trayO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dllO9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - D:Program FilesWINnerTweak3PopUp Blocker.exeO9 - Extra 'Tools' menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - D:Program FilesWINnerTweak3PopUp Blocker.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO17 - HKLMSystemCCSServicesTcpip..{5D124FFE-EF3B-46B2-A450-F352EE545F5F}: NameServer = 10.1.11.254,190.150.77.18O17 - HKLMSystemCS1ServicesTcpip..{5D124FFE-EF3B-46B2-A450-F352EE545F5F}: NameServer = 10.1.11.254,190.150.77.18O17 - HKLMSystemCS2ServicesTcpip..{5D124FFE-EF3B-46B2-A450-F352EE545F5F}: NameServer = 10.1.11.254,190.150.77.18O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - D:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - D:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - D:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exeO23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:Program FilesSpyware Doctorsvcntaux.exeO23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:Program FilesSpyware Doctorswdsvc.exeO23 - Service: SysSrvc - Unknown owner - D:Program FilesTSWCSysSrvc.exei teraz mam prośbe jeżeli ktoś mi poda co mam usunąć to prosze o uzasadnienie dlaczego, czy jest jaki poradnik do Hijack? Link do komentarza Udostępnij na innych stronach More sharing options...
wies.niak Napisano Czerwiec 23, 2007 Zgłoś Share Napisano Czerwiec 23, 2007 Usuń te wpisy:O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLLPoza tym cały katalog MyGlobalSearch ma zniknąć. Jeśli jakiś plik stawia opór, użyj killbox w trybie delete on reboot.Co do Twojego pytania:www.google.plwww.hijackthis.deKorzystam z tych stron analizując logi, jeśli nie rozpoznaję jakichś plików.Poradniki są, chyba nawet na searchengines widziałem jakiś.Po przeanalizowaniu kilkudziesięciu logów, zwykle nie trzeba korzystać z pomocy, bo zna się dość dobrze system i typowe pliki. Link do komentarza Udostępnij na innych stronach More sharing options...