| Author |
Message
|
Ash Ketchum
Poziom 21
Joined: 20 Jun 2003
Posts: 1457
Location: Alabastia
|
 #1
 14 Oct 2005 11:36 Pro¶ba o przejrzenie loga z HijackThis |
|
|
|
Logfile of HijackThis v1.99.1
Scan saved at 12:37:19, on 2005-10-14
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS.000\SYSTEM\STIMON.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\SYSTEM\PSTORES.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.000\MIXER.EXE
C:\WINDOWS.000\SYSTEM\HPZTSB09.EXE
C:\WINDOWS.000\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS.000\SYSTEM\E_S5I0B1.EXE
C:\PROGRAM FILES\TWEAKMASTER\TMTRAY.EXE
D:\GADU-GADU\GG.EXE
C:\WINDOWS.000\SYSTEM\CTFMON.EXE
C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
C:\WINDOWS.000\WUAUCLT.EXE
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\WINDOWS.000\TEMP\RAR$EX00.877\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ł±cza
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TWEAKBHO.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS.000\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS.000\SYSTEM\Kernel.dll
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\PROGRAM FILES\ABBYY FINEREADER 7.0 PROFESSIONAL EDITION\ABBYYNEWSREADER.EXE"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS.000\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [CMS16 CDROM FixLoader] CMSFIXLD.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS.000\SYSTEM\E_S5I0B1.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"
O4 - HKLM\..\Run: [TweakMASTER] C:\PROGRAM FILES\TWEAKMASTER\TMTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS.000\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS.000\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [KBKalendarz] C:\WINDOWS.000\TEMP\RAR$EX00.361\KAL.EXE -hide
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: folder.htt
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: folder.htt
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {083048AE-EECD-4CC5-90A3-BD9B7073BE87} (Download Class) - http://www.melo.pl/dmanager/launcher.cab
|
|
| Back to top |
|
 |
Google
|
| #
14 Oct 2005 11:36 |
|
|
|
|
|
| Back to top |
|
|
arnoldk_20
Poziom 22
Joined: 11 Feb 2004
Posts: 2151
Location: -
|
#2
14 Oct 2005 13:57 Pro¶ba o przejrzenie loga z HijackThis |
|
|
|
Zaktualizuj przegl±darkę Internet Explorer.
usuń
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE Check with an antivirus scanner
C:\WINDOWS.000\SYSTEM\E_S5I0B1.EXE
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS.000\SYSTEM\Kernel.dll
O4 - HKLM\..\Run: [CMS16 CDROM FixLoader] CMSFIXLD.EXE
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKCU\..\Run: [KBKalendarz] C:\WINDOWS.000\TEMP\RAR$EX00.361\KAL.EXE -hide
O4 - Startup: folder.htt
04 - Global Startup: folder.htt
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {083048AE-EECD-4CC5-90A3-BD9B7073BE87} (Download Class) - http://www.melo.pl/dmanager/launcher.cab
Usuń z dysku wszystkie pliki folder.htt
oraz plik c:\ex.cab
Tutaj jest twój log http://www.hijackthis.de/logfiles/d52a0e74f874fd0e2b78f23eaff42ae8.html
Przeskanuj komputer programem antywirusowym
|
|
| Back to top |
|
|
Ash Ketchum
Poziom 21
Joined: 20 Jun 2003
Posts: 1457
Location: Alabastia
|
#3
14 Oct 2005 14:16 Pro¶ba o przejrzenie loga z HijackThis |
|
|
|
A co to jest za folder.htt bo mi cały czas ArcaVir wywala taki komunikat i podczas skanu wywala kupę takich plików. Czy ten ex.cab jest z tym zwi±zany? Nie mogę też wywalic tego Hijacikem. AraVir wy¶wietla alarm że to s± trojany. Czy to groĽne robactwo bo słyszałem że to tylko w każdym folderze taki plik tworzy i niepotrzebnie miejsce zajmuje.
|
|
| Back to top |
|
|
Google
|
| #
14 Oct 2005 14:16 |
|
|
|
|
|
| Back to top |
|
|
grzegorzsawczak
Poziom 18
Joined: 16 May 2003
Posts: 506
Location: Przemy¶l
|
#4
14 Oct 2005 14:31 Pro¶ba o przejrzenie loga z HijackThis |
|
|
|
Co tu moge poprawić
Logfile of HijackThis v1.99.1
Scan saved at 02:35:32, on 2005-10-14
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\MOZILLA THUNDERBIRD\THUNDERBIRD.EXE
D:\PROGRAMY\WINRAR\WINRAR.EXE
C:\WINDOWS\TEMP\RAR$EX01.797\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ł±cza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [psp] C:\WINDOWS\psp.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKCU\..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O16 - DPF: {2DF91772-19DC-47AE-B52F-B8E2FE545625} (Spd2 Class) - http://www.lemontv.pl/lmctrls.cab
O16 - DPF: {A6916797-7ABD-4F07-93AE-098B6F543129} (CO2Player Class) - http://www.lemontv.pl/lmctrlp.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
|
|
| Back to top |
|
|
arnoldk_20
Poziom 22
Joined: 11 Feb 2004
Posts: 2151
Location: -
|
|
| Back to top |
|
|
grzegorzsawczak
Poziom 18
Joined: 16 May 2003
Posts: 506
Location: Przemy¶l
|
#6
14 Oct 2005 14:47 Pro¶ba o przejrzenie loga z HijackThis |
|
|
|
Jak i za pomoc± czego to można usun±ć.
Gdzie s± pliki takiego typu:{99410CDE-6F16-42ce-9D49-3807F78F0287}
|
|
| Back to top |
|
|
Google
|
| #
14 Oct 2005 14:47 |
|
|
|
|
|
| Back to top |
|
|
arnoldk_20
Poziom 22
Joined: 11 Feb 2004
Posts: 2151
Location: -
|
#7
14 Oct 2005 15:08 Pro¶ba o przejrzenie loga z HijackThis |
|
|
|
skasujesz to programem HijackThis
wystarczy ze zaznaczysz ptaszka w kwadracie obok tej nazwy w programie HijackThis i wci¶niesz przycisk fix Checked
|
|
| Back to top |
|
|
Trabi
Poziom 23
Joined: 14 Feb 2003
Posts: 2682
Location: Poznań
|
#8
14 Oct 2005 20:29 Re: Pro¶ba o przejrzenie loga z HijackThis |
|
|
|
| grzegorzsawczak wrote: |
| ...Gdzie s± pliki takiego typu:{99410CDE-6F16-42ce-9D49-3807F78F0287} |
To nie s± pliki, to s± wpisy w rejestrze. Raczej nie do zrozumienia :)
|
|
| Back to top |
|
|
Ash Ketchum
Poziom 21
Joined: 20 Jun 2003
Posts: 1457
Location: Alabastia
|
#9
05 Feb 2006 09:04 Pro¶ba o przejrzenie loga z HijackThis |
|
|
|
Temat zamykam.
|
|
| Back to top |
|
|
