FAQ | Points | Add... | Recent posts | Search | Register | Log in


Prosze o sprawdzenie loga:-(
Search:  
Post new topic  Reply to topic      Main Page -> Forum Index -> Computer Service -> Computer Software -> Prosze o sprawdzenie loga:-(
Author
Message
0madziar
Poziom 5
Poziom 5


Joined: 03 May 2005
Posts: 13
Location: Lublin
Post#1 Post from the author of the topic 05 Dec 2005 21:53   

Prosze o sprawdzenie loga:-(
Logfile of HijackThis v1.99.1
Scan saved at 21:17:36, on 2005-12-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\sywsvcs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\T.D.M\Pulpit\Nowy folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RefSettingsBibThird] C:\Documents and Settings\All Users\Dane aplikacji\DRV BODY REF SETTINGS\exit slow.exe
O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Outpost Center] C:\WINDOWS\system32\outpstd.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [Name Mapi] C:\DOCUME~1\TD2240~1.M\DANEAP~1\ANTIRE~1\LONG TRANS.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://arcaonline.arcabit.com
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: hpdj - HP - C:\DOCUME~1\TD2240~1.M\USTAWI~1\Temp\hpdj.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Back to top
   
Google

Google Adsense
Post# Post from the author of the topic 05 Dec 2005 21:53   



Back to top
   
Kolobos
Poziom 26
Poziom 26


Joined: 13 Jun 2003
Posts: 26220
Location: Warszawa
Post#2 05 Dec 2005 22:01helpful post - solution   

Prosze o sprawdzenie loga:-(
Zakoncz proces:
C:\WINDOWS\system32\sywsvcs.exe

W hijackthis usun:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html <- usun plik
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe <- usun caly katalog inet20003
O4 - HKLM\..\Run: [RefSettingsBibThird] C:\Documents and Settings\All Users\Dane aplikacji\DRV BODY REF SETTINGS\exit slow.exe <- usun plik
O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKLM\..\Run: [Outpost Center] C:\WINDOWS\system32\outpstd.exe <- usun plik
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" <- usun plik
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe <- usun plik
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe <- usun plik
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe <- usun plik
O4 - HKCU\..\Run: [Name Mapi] C:\DOCUME~1\TD2240~1.M\DANEAP~1\ANTIRE~1\LONG TRANS.exe <- usun plik
O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll <- usun plik

Na koniec skan:
http://download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po przeskanowaniu odinstaluj.
Back to top
   
Google

Google Adsense
Post# 05 Dec 2005 22:01helpful post - solution   



Back to top
   
0madziar
Poziom 5
Poziom 5


Joined: 03 May 2005
Posts: 13
Location: Lublin
Post#3 Post from the author of the topic 06 Dec 2005 00:17   

Re: Prosze o sprawdzenie loga:-(
Z góry dzieki za pomoc zrobiłem jak mówiłeś usunołem wpisy w Hijacku zeskanowałem tym skanerem i nie poradził sobie jedynie z takim czyms : C:\Windows\_delete_on_rebot_bxproxy.exe moze masz pomysł jak sie tego pozbyc dla pewności wklejam loga.

Logfile of HijackThis v1.99.1
Scan saved at 23:29:06, on 2005-12-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\DOCUME~1\ALLUSE~1\DANEAP~1\DRVBOD~1\EXITSL~1.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\T.D.M\Pulpit\Nowy folder\HijackThis.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray
O4 - HKCU\..\Run: [Name Mapi] C:\DOCUME~1\TD2240~1.M\DANEAP~1\ANTIRE~1\LONG TRANS.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://arcaonline.arcabit.com
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\TD2240~1.M\USTAWI~1\Temp\hpdj.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Back to top
   
Google

Google Adsense
Post# Post from the author of the topic 06 Dec 2005 00:17   



Back to top
   
Kolobos
Poziom 26
Poziom 26


Joined: 13 Jun 2003
Posts: 26220
Location: Warszawa
Post#4 06 Dec 2005 00:26helpful post - solution   

Prosze o sprawdzenie loga:-(
Zakoncz proces:
C:\DOCUME~1\ALLUSE~1\DANEAP~1\DRVBOD~1\EXITSL~1.EXE
I usun plik tak jak pisalem.

W hijackthis usun:
O4 - HKCU\..\Run: [Name Mapi] C:\DOCUME~1\TD2240~1.M\DANEAP~1\ANTIRE~1\LONG TRANS.exe
I usun plik.

Jak juz to zrobisz to uruchom ponownie windows i sprobuj usunac C:\Windows\_delete_on_rebot_bxproxy.exe jezeli bedzie problem to sciagnij killbox (znajdziesz na google) zaznacz w nim delete on reboot, wybierz plik i po resecie go nie bedzie.
Back to top
   
0madziar
Poziom 5
Poziom 5


Joined: 03 May 2005
Posts: 13
Location: Lublin
Post#5 Post from the author of the topic 06 Dec 2005 00:42   

Re: Prosze o sprawdzenie loga:-(
No tak ale takiego czegos jak C:\Windows\_delete_on_rebot_bxproxy.exe nie moge znaleść killbox także wiec chyba juz go nie ma,nie chce mi sie juz instalowac ponownie ewido zeby sprawdzić czy jeszcze go wykrywa. Tak wiec dzieki wielkie za pomoc no i zasłużone punkty dla Ciebie. I tak juz jest 100 razy lepiej,rano jeszcze raz zeskanuje i jak by co to napisze.Pozdrawiam
Back to top
   
Post new topic  Reply to topic      Main Page -> Forum Index -> Computer Service -> Computer Software -> Prosze o sprawdzenie loga:-(
Page 1 of 1
Similar topics
Prosze o sprawdzenie loga (2)
Prosze o sprawdzenie loga (2)
Prosze o sprawdzenie loga!! (1)
Prosze o sprawdzenie loga (11)
Prosze o sprawdzenie loga (2)
Prosze o sprawdzenie loga! (2)
Prosze o sprawdzenie loga (23)
prosze o sprawdzenie loga (5)
Prosze o sprawdzenie loga (5)
Prosze o sprawdzenie loga (2)

Page generation time: 0.615 seconds


FAQ || Administrator || Moderators || Widgets and banners || Contact
elektroda.pl topic RSS feed