Elektroda.pl
Elektroda.pl
X
Computer Controls
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Spowolnienie komputera-wirusy, ad-aware itp.?(?)

Syntony 11 Maj 2007 01:20 213988 892
  • #601
    mall_pall
    Poziom 15  
    witam mam prosbe moze ktos zerknac na moje logi z HiJack. Z góry dziekuje

    log 1:
    Logfile of HiJackFree v2.1
    Scan saved at 23:25:35, on 2007-05-09
    Platform: Windows XP Dodatek Service Pack 2 (Windows NT 5.1.2600)
    MSIE: Internet Explorer v 6.0 Dodatek Service Pack 2 (6.0.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Program Files\a-squared HiJackFree\a2hijackfree.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O23 - Service: Adobe LM Service - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Urządzenie alarmowe - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Usługa bramy warstwy aplikacji - C:\WINDOWS\System32\alg.exe
    O23 - Service: Zarządzanie aplikacjami - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Windows Audio - C:\WINDOWS\System32\svchost.exe
    O23 - Service: avast! Antivirus - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Usługa inteligentnego transferu w tle - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Przeglądarka komputera - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Usługa indeksowania - C:\WINDOWS\system32\cisvc.exe
    O23 - Service: ClipBook - C:\WINDOWS\system32\clipsrv.exe
    O23 - Service: Aplikacja systemowa modelu COM+ - C:\WINDOWS\system32\dllhost.exe
    O23 - Service: Usługi kryptograficzne - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Program uruchamiający proces serwera DCOM - C:\WINDOWS\system32\svchost
    O23 - Service: Klient DHCP - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Usługa administracyjna Menedżera dysków logicznych - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Menedżer dysków logicznych - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Klient DNS - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Usługa raportowania błędów - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Dziennik zdarzeń - C:\WINDOWS\system32\services.exe
    O23 - Service: System zdarzeń COM+ - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Zgodność szybkiego przełączania użytkowników - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Pomoc i obsługa techniczna - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Dostęp do urządzeń interfejsu HID - C:\WINDOWS\System32\svchost.exe
    O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Usługa COM nagrywania dysków CD IMAPI - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Serwer - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Stacja robocza - C:\WINDOWS\system32\svchost.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pomoc TCP/IP NetBIOS - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Posłaniec - C:\WINDOWS\system32\svchost.exe
    O23 - Service: NetMeeting Remote Desktop Sharing - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Distributed Transaction Coordinator - C:\WINDOWS\system32\msdtc.exe
    O23 - Service: Instalator Windows - C:\WINDOWS\system32\msiexec.exe
    O23 - Service: DDE sieci - C:\WINDOWS\system32\netdde.exe
    O23 - Service: DSDM DDE sieci - C:\WINDOWS\system32\netdde.exe
    O23 - Service: Logowanie do sieci - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Połączenia sieciowe - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Usługa NT LM Security Support Provider - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Magazyn wymienny - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe
    O23 - Service: Usługi IPSEC - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Magazyn chroniony - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Menedżer autopołączenia dostępu zdalnego - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Menedżer połączeń usługi Dostęp zdalny - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Menedżer sesji pomocy pulpitu zdalnego - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Routing i dostęp zdalny - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Lokalizator usługi zdalnego wywołania procedury (RPC) - C:\WINDOWS\system32\locator.exe
    O23 - Service: Zdalne wywoływanie procedur (RPC) - C:\WINDOWS\system32\svchost
    O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe
    O23 - Service: Menedżer kont zabezpieczeń - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Karta inteligentna - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Harmonogram zadań - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Logowanie pomocnicze - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Zawiadomienie o zdarzeniu systemowym - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Zapora systemu Windows/Udostępnianie połączenia internetowego - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Wykrywanie sprzętu powłoki - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Bufor wydruku - C:\WINDOWS\system32\spoolsv.exe
    O23 - Service: Usługa przywracania systemu - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Usługa odnajdywania SSDP - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Windows Image Acquisition (WIA) - C:\WINDOWS\system32\svchost.exe
    O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe
    O23 - Service: Dzienniki wydajności i alerty - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Telefonia - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Usługi terminalowe - C:\WINDOWS\System32\svchost
    O23 - Service: Kompozycje - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Klient śledzenia łączy rozproszonych - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Host uniwersalnego urządzenia Plug and Play - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Zasilacz awaryjny (UPS) - C:\WINDOWS\System32\ups.exe
    O23 - Service: Kopiowanie woluminów w tle - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Usługa Czas systemu Windows - C:\WINDOWS\System32\svchost.exe
    O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Instrumentacja zarządzania Windows - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Usługa numeru seryjnego multimediów przenośnych - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Karta wydajności WMI - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Usługa udostępniania w sieci programu Windows Media Player - C:\Program Files\Windows Media Player\WMPNetwk.exe
    O23 - Service: Centrum zabezpieczeń - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Aktualizacje automatyczne - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Windows Driver Foundation - User-mode Driver Framework - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Konfiguracja zerowej sieci bezprzewodowej - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Usługa dostarczania sieci - C:\WINDOWS\System32\svchost.exe

    log 2:
    Logfile of HiJackFree v2.1
    Scan saved at 01:05:31, on 2007-05-11
    Platform: Windows XP Dodatek Service Pack 2 (Windows NT 5.1.2600)
    MSIE: Internet Explorer v 6.0 Dodatek Service Pack 2 (6.0.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Program Files\a-squared HiJackFree\a2hijackfree.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O23 - Service: Adobe LM Service - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Urządzenie alarmowe - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Usługa bramy warstwy aplikacji - C:\WINDOWS\System32\alg.exe
    O23 - Service: Zarządzanie aplikacjami - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Windows Audio - C:\WINDOWS\System32\svchost.exe
    O23 - Service: avast! Antivirus - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Usługa inteligentnego transferu w tle - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Przeglądarka komputera - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Usługa indeksowania - C:\WINDOWS\system32\cisvc.exe
    O23 - Service: ClipBook - C:\WINDOWS\system32\clipsrv.exe
    O23 - Service: Aplikacja systemowa modelu COM+ - C:\WINDOWS\system32\dllhost.exe
    O23 - Service: Usługi kryptograficzne - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Program uruchamiający proces serwera DCOM - C:\WINDOWS\system32\svchost
    O23 - Service: Klient DHCP - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Usługa administracyjna Menedżera dysków logicznych - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Menedżer dysków logicznych - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Klient DNS - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Usługa raportowania błędów - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Dziennik zdarzeń - C:\WINDOWS\system32\services.exe
    O23 - Service: System zdarzeń COM+ - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Zgodność szybkiego przełączania użytkowników - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Pomoc i obsługa techniczna - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Dostęp do urządzeń interfejsu HID - C:\WINDOWS\System32\svchost.exe
    O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Usługa COM nagrywania dysków CD IMAPI - C:\WINDOWS\system32\imapi.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Serwer - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Stacja robocza - C:\WINDOWS\system32\svchost.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pomoc TCP/IP NetBIOS - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Posłaniec - C:\WINDOWS\system32\svchost.exe
    O23 - Service: NetMeeting Remote Desktop Sharing - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: Distributed Transaction Coordinator - C:\WINDOWS\system32\msdtc.exe
    O23 - Service: Instalator Windows - C:\WINDOWS\system32\msiexec.exe
    O23 - Service: DDE sieci - C:\WINDOWS\system32\netdde.exe
    O23 - Service: DSDM DDE sieci - C:\WINDOWS\system32\netdde.exe
    O23 - Service: Logowanie do sieci - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Połączenia sieciowe - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Usługa NT LM Security Support Provider - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Magazyn wymienny - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe
    O23 - Service: Usługi IPSEC - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Magazyn chroniony - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Menedżer autopołączenia dostępu zdalnego - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Menedżer połączeń usługi Dostęp zdalny - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Menedżer sesji pomocy pulpitu zdalnego - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Routing i dostęp zdalny - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Lokalizator usługi zdalnego wywołania procedury (RPC) - C:\WINDOWS\system32\locator.exe
    O23 - Service: Zdalne wywoływanie procedur (RPC) - C:\WINDOWS\system32\svchost
    O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe
    O23 - Service: Menedżer kont zabezpieczeń - C:\WINDOWS\system32\lsass.exe
    O23 - Service: Karta inteligentna - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Harmonogram zadań - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Logowanie pomocnicze - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Zawiadomienie o zdarzeniu systemowym - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Zapora systemu Windows/Udostępnianie połączenia internetowego - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Wykrywanie sprzętu powłoki - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Bufor wydruku - C:\WINDOWS\system32\spoolsv.exe
    O23 - Service: Usługa przywracania systemu - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Usługa odnajdywania SSDP - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Windows Image Acquisition (WIA) - C:\WINDOWS\system32\svchost.exe
    O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe
    O23 - Service: Dzienniki wydajności i alerty - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Telefonia - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Usługi terminalowe - C:\WINDOWS\System32\svchost
    O23 - Service: Kompozycje - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Klient śledzenia łączy rozproszonych - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Host uniwersalnego urządzenia Plug and Play - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Zasilacz awaryjny (UPS) - C:\WINDOWS\System32\ups.exe
    O23 - Service: Kopiowanie woluminów w tle - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Usługa Czas systemu Windows - C:\WINDOWS\System32\svchost.exe
    O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Instrumentacja zarządzania Windows - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Usługa numeru seryjnego multimediów przenośnych - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Karta wydajności WMI - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O23 - Service: Usługa udostępniania w sieci programu Windows Media Player - C:\Program Files\Windows Media Player\WMPNetwk.exe
    O23 - Service: Centrum zabezpieczeń - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Aktualizacje automatyczne - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Windows Driver Foundation - User-mode Driver Framework - C:\WINDOWS\system32\svchost.exe
    O23 - Service: Konfiguracja zerowej sieci bezprzewodowej - C:\WINDOWS\System32\svchost.exe
    O23 - Service: Usługa dostarczania sieci - C:\WINDOWS\System32\svchost.exe
  • Computer Controls
  • #602
    sir_GuRu
    Poziom 10  
    Witam wszystkich. Mam niecodzienny, strasznie irytujący problem. Mianowicie, w tray-u pojawia się ikonka jakiegoś dziwnego syfu, który co chwilę wyskakuje z txt, że na komputerze obecnych jest dużo spy-ware. Jak się to kliknie, to wyskakuje strona :
    http://www.spylocked.com/?aff=334
    Przypuszczam, że jest to jakiś okrutny syf reklamowy, jednakże mam niemałe problemy z usunięciem go. Program w ogóle nie pojawia się w menadżerze zadań. Próbowałem czyścić też listę uruchamianych programów w msconfig, ale i tak cały czas się pojawia. Nie pomógł też Ad-Aware. Dodam, że komputer to laptop Acer-a, więc część programów w logu jest od zarządzania nim.

    pozdrawiam.

    Logfile of HijackThis v1.99.1
    Scan saved at 14:22:00, on 2007-05-12
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\WINDOWS\system32\inetsrv.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\PROGRA~1\MICROS~3\wcescomm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Program Files\Opera\Opera.exe
    E:\tutaj\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [inetsrv] C:\WINDOWS\system32\inetsrv.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
    O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  • #603
    adammruk
    Poziom 16  
    Logfile of HijackThis v1.99.1
    Scan saved at 20:39:08, on 2007-05-12
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\WINDOWS\system32\atievxx.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Opera\Opera.exe
    D:\GRY\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O20 - Winlogon Notify: linksrv0 - C:\WINDOWS\SYSTEM32\linksrv0.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    Wydaje mi się że jakiś syf siedzi w moim komputerze, bo ostatnio avast wykrył kilka wirusów, od tamtej pory coś muli koputer, i nie można zaktualizować bazy wirusów.Aha, gg też coś dziwnie chodzi, sam się wyłącza, chociaż jak go ponownie zainstalowałem, chodzi w miarę normalnie. Oto log z avast'a:


    2007-03-16 19:59:57 SYSTEM 1520 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
    2007-03-16 19:59:59 SYSTEM 1520 An error has occured while attempting to update. Please check the logs.
    2007-05-03 17:29:46 SYSTEM 964 Sign of "JS:Feebs family" has been found in "http://www.porndigital.net/index_xxl.php" file.
    2007-05-03 17:30:05 SYSTEM 964 Sign of "JS:Feebs family" has been found in "C:\Documents and Settings\Adam\Ustawienia lokalne\Temporary Internet Files\Content.IE5\V5Y6CL6A\index_xxl[1].htm" file.
    2007-05-11 16:15:49 SYSTEM 1084 Sign of "Win32:Agent-FTK [Wrm]" has been found in "C:\WINDOWS\system32\windbg48.sys" file.
    2007-05-11 16:17:19 SYSTEM 1084 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\WINDOWS\10263948.t" file.
    2007-05-11 16:17:50 SYSTEM 1084 Sign of "Win32:Small-EQY [Trj]" has been found in "C:\WINDOWS\10337704.t" file.
    2007-05-11 17:50:36 SYSTEM 1128 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
    2007-05-11 17:50:54 SYSTEM 1128 An error has occured while attempting to update. Please check the logs.
    2007-05-11 18:55:18 SYSTEM 1168 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
    2007-05-11 18:55:29 SYSTEM 1168 An error has occured while attempting to update. Please check the logs.
    2007-05-11 19:08:52 SYSTEM 1148 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
    2007-05-11 19:08:54 SYSTEM 1148 An error has occured while attempting to update. Please check the logs.
    2007-05-11 21:13:51 SYSTEM 1308 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
    2007-05-11 21:13:53 SYSTEM 1308 An error has occured while attempting to update. Please check the logs.
    2007-05-12 01:25:40 SYSTEM 1308 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
    2007-05-12 01:30:37 SYSTEM 1308 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
    2007-05-12 01:30:41 SYSTEM 1308 An error has occured while attempting to update. Please check the logs.
    2007-05-12 15:45:26 SYSTEM 1160 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
    2007-05-12 15:45:28 SYSTEM 1160 An error has occured while attempting to update. Please check the logs.
    2007-05-12 19:53:18 SYSTEM 1140 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
    2007-05-12 19:58:03 SYSTEM 1140 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
    2007-05-12 19:58:13 SYSTEM 1140 An error has occured while attempting to update. Please check the logs.
    2007-05-12 20:04:43 Adam 4016 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
    2007-05-12 20:12:06 Adam 2032 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
    2007-05-12 20:24:15 SYSTEM 1168 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
    2007-05-12 20:24:16 SYSTEM 1168 An error has occured while attempting to update. Please check the logs.
  • #604
    Kolobos
    Spec od komputerów
    :arrow: sir_GuRu
    Uzyj: http://siri.urz.free.fr/Fix/SmitfraudFix_En.php zrob to co masz
    opisane pod "Clean"

    W menadzerze zadan zakoncz:
    C:\WINDOWS\system32\inetsrv.exe
    plik usun z dysku.

    W hjt usun:
    O4 - HKLM\..\Run: [inetsrv] C:\WINDOWS\system32\inetsrv.exe

    Do tego skan:
    http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe


    :arrow: mumbler
    W hjt usun:
    O20 - Winlogon Notify: linksrv0 - C:\WINDOWS\SYSTEM32\linksrv0.dll
    Plik usun z dysku.

    Uzyj:
    http://cybertrash.pl/images/tata/ATF/ATF.html

    Te pliki tez usun:
    C:\WINDOWS\system32\windbg48.sys
    C:\WINDOWS\10263948.
    C:\WINDOWS\10337704.t

    Do tego skan tym:
    http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe
  • #605
    adammruk
    Poziom 16  
    Kolobos, dziękuję bardzo - już zauważyłem poprawę, ale i tak musze zrobić format albo przywracanie systemu
  • #606
    sir_GuRu
    Poziom 10  
    @ Kolobos

    Wielkie dzięki! Wszystko czyściutko, cud malina.
  • Computer Controls
  • #607
    wirusek
    Poziom 10  
    witam!!
    Mógłby ktos zerknac... ??
    jutro bede mial jeszcze jednego loga z innego kompa...

    -------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 23:32:46, on 2007-05-16
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\setrysvc.exe
    C:\WINDOWS\System32\semwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\semwltray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\wirusek\Pulpit\HiJackThis_v2\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.dialog.net.pl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [INPROCOMMWireless] C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup
    O4 - HKLM\..\Run: [Sony Ericsson Wireless Manager UI] C:\WINDOWS\system32\semwltray
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Siemens SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B018B37D-EE00-400C-83C8-69B151BD4EFA}: NameServer = 192.168.0.1
    O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Sony Ericsson Wireless LAN Tray Service (setrysvc) - Unknown owner - C:\WINDOWS\System32\setrysvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 9461 bytes


    z góry dziekuje....
    pozdr
  • #609
    wirusek
    Poziom 10  
    ok dzieki...
    pytam bo cos komputer mi spowalnia...
    a moge cos wywalic zeby przyspieszyc sam start systemu??

    pozdrawiam i jeszcze raz dzieki
  • #610
    flaber007
    Poziom 13  
    wszystko prawie prócz nortona i systemu.. czyli te eriscony bitconect itp bo sie uruchamiają przy starcie i dlatego wolniej startuje.. a jesli masz fat na c i mala partycje to zmien na ntfs.

    wywal oczywiscie to:

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
  • #611
    gastxxx
    Poziom 11  
    Logfile of HijackThis v1.99.1
    Scan saved at 22:46:58, on 2007-05-18
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

    System sie uruchamia, ekran powitalny, wybieram uzytkownika, potem slychac dzwiek, ciagle napis zapraszamy i po jakims czasie dopiero pulpit..wie ktoś jak temu zaradzic?
  • #612
    Kolobos
    Spec od komputerów
    :arrow: gastxxx
    W logu NIC nie ma, wiec po co to wklejasz?
    Zainstaluj jakis antywirus.
  • #613
    gastxxx
    Poziom 11  
    Żeby nie było potem zbędnych pytań o niego ;) System bez wirów i spyware. Zaczelo sie tak dziac po instalacji SP2. Komp to Athlon XP 1800+, GF FX 5200, 384 MB RAM, Gigabyte Ga-7va-sfs, Win Xp Pro SP2
  • #614
    Kolobos
    Spec od komputerów
    Masz troche malo ramu. Utworz moze drugi profil (konto) i zobacz czy na nim bedzie to samo.
  • #615
    @marcin@
    Poziom 9  
    Witam,
    Od dwóch dni komp strasznie wolno się uruchamia i chodzi. Nie działa przeglądarka Mozzilla, IE działa. Ogólnie komp jest zamulony. Zauważyłem sporo uruchomionych procesów~31. wklejam loga:


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 13:52:54, on 2007-06-02
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
    c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE
    c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe
    D:\z dysku e\stery i programy\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    F2 - REG:system.ini: Shell=explorer.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/...ls/en/x86/client/wuweb_site.cab?1167826553734
    O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v...ls/en/x86/client/muweb_site.cab?1167827342109
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DBE71DE6-C899-4383-ACDA-B3C837CD0864}: NameServer = 194.204.159.1 217.98.63.164
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Unknown owner - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)
    O23 - Service: Panda TPSrv (TPSrv) - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

    Jak możecie to powiedzcie co zrobić.
    Pozdrawiam
  • #616
    Kolobos
    Spec od komputerów
    Usuniecie Pandy powinno pomoc, zamiast niej wwdc.exe + AntiVir PE, ewentualnie do tego jeszcze jakis firewall np. Comodo, Kerio.
  • #617
    G.A.P.A
    Poziom 16  
    Witam

    Logfile of HijackThis v1.99.1
    Scan saved at 13:53:43, on 2007-06-03
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    E:\Programy\Kaspersky\avp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    E:\Programy\Kaspersky\avp.exe
    E:\Programy\AQQ\AQQ.exe
    E:\Programy\Winamp\winamp.exe
    D:\Maciej\Instalki\HijackThis\HijackThis.exe
    E:\Programy\Avant Browser\avant.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [AVP] "E:\Programy\Kaspersky\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Programy\Kaspersky\scieplugin.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - E:\Programy\Kaspersky\avp.exe

    Mam pytanko za co odpowiada wpis: "O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll" oraz "C:\WINDOWS\System32\svchost.exe"??
    Za odpowiedz z góry wielki dzięki ;)
  • #618
    Kolobos
    Spec od komputerów
    Pierwszy to kawalek Kaspersky'iego, a drugi to plik systemowy, ktory uruchamia rozne uslugi.
  • #619
    chris86
    Poziom 1  
    witam jestem tu pierwszy raz, widze ze sobie tu pieknie pomagacie, pomozcie i mi :)

    Czy jest tu coś bleee?

    Logfile of HijackThis v1.99.1
    Scan saved at 12:51:28, on 2007-06-16
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Opera\Opera.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\DOCUME~1\KOCIEL~1\USTAWI~1\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: MouseGest - {112AB43D-32C4-3B21-53BA-13A46743BC34} - C:\WINDOWS\system32\mousegex.dll
    O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
    O2 - BHO: Web Mon - {7428F943-BC4F-4A39-3B43-AB433C523B34} - C:\WINDOWS\system32\WebMon.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Web Desk - {BD2E165D-1BC6-23AA-345B-1C234F173CBD} - (no file)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [Soundlibs] C:\WINDOWS\soundlib.exe
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • #620
    Kolobos
    Spec od komputerów
    Odinstaluj jeden antywirus!

    W hjt usun:
    O2 - BHO: MouseGest - {112AB43D-32C4-3B21-53BA-13A46743BC34} - C:\WINDOWS\system32\mousegex.dll <- plik usun z dysku.
    O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL <- katalog MyGlo... usun z dysku.
    O2 - BHO: Web Mon - {7428F943-BC4F-4A39-3B43-AB433C523B34} - C:\WINDOWS\system32\WebMon.dll <- plik usun z dysku.
    O2 - BHO: Web Desk - {BD2E165D-1BC6-23AA-345B-1C234F173CBD} - (no file)
    O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
  • #621
    michal_004
    Poziom 15  
    Witam, kolega ma problem z trojanem, a dokładniej dostał g-line'a na ircu z powodu, że rozsyła trojana (hiltonv3/1909). Nie może sobie z tym poradzić. Skanował już syStem skanerem on-line mks'a Spybotem S&D i jeden ani drugi nic nie wykrył. Niżej przedstawiam log z Hijacka.

    Logfile of HijackThis v1.99.1
    Scan saved at 14:09:36, on 2007-06-18
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared Files\R
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\windll.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    G:\Wolfenstein - Enemy Territory\etmain\etmin.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
    C:\Program Files\Wapster\AQQ\AQQ.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
    G:\Programy\hijackthis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Microsoft] windll.exe
    O4 - HKLM\..\Run: [KAntyDialer] C:\Program Files\AK\Koala AntyDialer 1.0\KAntyDialer.exe
    O4 - HKLM\..\Run: [adiras] adiras.exe
    O4 - HKLM\..\RunServices: [Microsoft] windll.exe
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\X-Lite\x-lite.exe"
    O4 - Startup: DynoWatch2.lnk = G:\Programy\D
    O4 - Startup: etmin.lnk = G:\Wolfenstein - Enemy Territory\etmain\etmin.exe
    O4 - Startup: Internet ADSL.lnk = ?
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CFAE264D-619F-42C3-9316-B701855C2CB0}: NameServer = 83.238.255.76 213.241.79.37
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - N
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

    Z góry dzięki za pomoc.
  • #622
    Kolobos
    Spec od komputerów
    W menadzerze zadan do zakonczenia:
    C:\WINDOWS\system32\windll.exe
    Plik usunac z dysku.

    W hjt do kasacji:
    O4 - HKLM\..\Run: [Microsoft] windll.exe
    O4 - HKLM\..\RunServices: [Microsoft] windll.exe

    Daj w zalaczniku log z combofix oraz z gmera z zakladki rootkit.
  • #623
    michal_004
    Poziom 15  
    Log z combofix w załączniku. Log z gmer: (opcja 'pokazuj wszystko' odznaczona)

    GMER 1.0.12.12244 - http://www.gmer.net
    Rootkit scan 2007-06-18 17:53:36
    Windows 5.1.2600 Dodatek Service Pack 2


    ---- Kernel code sections - GMER 1.0.12 ----

    ? C:\WINDOWS\system32\DRIVERS\update.sys
    ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Nie można odnaleźć określonego pliku.

    ---- EOF - GMER 1.0.12 ----
  • #624
    Kolobos
    Spec od komputerów
    Logi sa ok ale usun z dysku plik C:\WINDOWS\system32\windll.exe.
  • #625
    michal_004
    Poziom 15  
    Dzięki za pomoc. Też nic nie widziałem w tych logach :D Plik o którym mówiłeś kolega usunął.
    Pozdrawiam Michał
  • #627
    G.A.P.A
    Poziom 16  
    Witam ponownie ;)

    Log:
    Logfile of HijackThis v1.99.1
    Scan saved at 19:22:48, on 2007-06-20
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    E:\Programy\Kaspersky 6\avp.exe
    C:\Program Files\Winamp\winampa.exe
    E:\Programy\Java\bin\jusched.exe
    E:\Programy\Kaspersky 6\avp.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    C:\WINDOWS\system32\taskmgr.exe
    D:\Maciej\Instalki\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programy\Java\bin\ssv.dll
    O4 - HKLM\..\Run: [AVP] "E:\Programy\Kaspersky 6\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programy\Java\bin\jusched.exe"
    O4 - Global Startup: Microsoft Office.lnk = E:\Programy\Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programy\Java\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programy\Java\bin\npjpi160_01.dll
    O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Programy\Kaspersky 6\scieplugin.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - E:\Programy\Kaspersky 6\avp.exe" -r (file missing)

    Pytanie następujące: za co jest odpowiedzialny ten proces "C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe" włącza się co jakiś czas i je troche pamięci choć jakoś specjalnie nie przeszkadza ale jak go wyłacze to komp działa dalej normalnie więc domyślam się że to nic ważnego. Jak się tego pozbyć na stałe i co ewentualnie można jeszcze wyrzucić,
    Pozdrawiam - Maciej
  • #628
    paweliw
    Spec od komputerów
    G.A.P.A napisał:
    Pytanie następujące: za co jest odpowiedzialny ten proces "C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe" włącza się co jakiś czas i je troche pamięci choć jakoś specjalnie nie przeszkadza ale jak go wyłacze to komp działa dalej normalnie więc domyślam się że to nic ważnego. Jak się tego pozbyć na stałe i co ewentualnie można jeszcze wyrzucić

    Wystarczyło użyć google.pl i znalazłbyś np. to:
    Forum.searchengines.pl wmiprvse.exe + helpsvc.exe + mdm.exe
    Usługa Pomocy i obsługi technicznej powoduje, że system Windows XP przestaje odpowiadać
    ...

    Co do logu jest czysty, zupełnie spokojnie możesz jednak wywalić z autostartu:
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programy\Java\bin\jusched.exe"
    O4 - Global Startup: Microsoft Office.lnk = E:\Programy\Office\Office\OSA9.EXE
  • #629
    asfaloth
    Poziom 2  
    Proszę uprzejmie o sprawdzenie loga:

    Code:

    Deckard's System Scanner v20070611.50
    Run by Koziel on 2007-05-20 at 19:36:46
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Backed up registry hives.

    Performed disk cleanup.


    -- HijackThis (run as Koziel.exe) ----------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 19:37:06, on 2007-05-20
    Platform: Windows 2000  (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\system\csrrs.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\Explorer.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\NEOSTR~1\neostradatp.exe
    C:\PROGRA~1\NEOSTR~1\ComComp.exe
    C:\PROGRA~1\NEOSTR~1\Toaster.exe
    C:\PROGRA~1\NEOSTR~1\Inactivity.exe
    C:\PROGRA~1\NEOSTR~1\PollingModule.exe
    C:\WINNT\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\NEOSTR~1\Watch.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Koziel\Pulpit\dss.exe
    C:\DOCUME~1\Koziel\Pulpit\Koziel.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINNT\System32\csrs.exe
    O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINNT\System32\ckzmyxok.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SYSTEM] winmgrd.exe
    O4 - HKLM\..\RunServices: [SYSTEM] winmgrd.exe
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SYSTEM] winmgrd.exe
    O4 - HKCU\..\RunServices: [SYSTEM] winmgrd.exe
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{22C4D3B2-91BE-4481-B948-643D7A689D3F}: NameServer = 194.204.159.1 217.98.63.164
    O17 - HKLM\System\CS1\Services\Tcpip\..\{22C4D3B2-91BE-4481-B948-643D7A689D3F}: NameServer = 194.204.159.1 217.98.63.164
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINNT\system\csrrs.exe
    O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\WINNT\System32\FTRTSVC.exe (file missing)
    O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINNT\System32\mspmspsv.exe (file missing)


    -- HijackThis Fixed Entries (C:\DOCUME~1\Koziel\Pulpit\backups\) ---------------

    backup-20070520-191924-195 O4 - HKCU\..\Run: [internat.exe] internat.exe

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    3 e4usbaw (USB ADSL2 WAN Adapter) - c:\winnt\system32\drivers\e4usbaw.sys <Not Verified; Analog Devices Inc.; ADSL USB WAN Driver>
    2 IKANLOADER2 (General Purpose USB Driver (e4ldr.sys)) - c:\winnt\system32\drivers\e4ldr.sys <Not Verified; Analog Deivces; ADI ADSL chipset loader>
    3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\winnt\system32\pcampr5.sys (file missing) <Not Verified; Analog Deivces; ADI ADSL chipset loader>
    3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\winnt\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    2 CSRRS (Windows Time Service) - c:\winnt\system\csrrs.exe
    2 FTRTSVC (France Telecom Routing Table Service) - c:\winnt\system32\ftrtsvc.exe (file missing)
    2 WMDM PMSP Service - c:\winnt\system32\mspmspsv.exe (file missing)


    -- Files created between 2007-04-20 and 2007-05-20 -----------------------------

    2007-05-20 19:06:18         0 d-------- C:\mp3
    2007-05-20 18:59:58         0 d-------- C:\Program Files\Winamp
    2007-05-20 18:56:28         0 --a------ C:\WINNT\nsreg.dat
    2007-05-20 18:53:47     27720 --a------ C:\dj.exe
    2007-05-20 18:51:59     16384 --a-----t C:\WINNT\System32\Perflib_Perfdata_1fc.dat
    2007-05-20 11:50:49     16384 --a-----t C:\WINNT\System32\Perflib_Perfdata_1e4.dat
    2007-05-20 10:55:43         0 d-a------ C:\WINNT
    2007-05-20 10:55:43         0 d---s---- C:\WINNT\Web
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\twain_32
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\system32
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\wins
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\wbem
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\spool
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\ShellExt
    2007-05-20 10:55:43         0 d-------- C:\WINNT\System32\Setup
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\ras
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\os2
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\npp
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\mui
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\ias
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\export
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\drivers
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\drivers\etc
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\drivers\disdn
    2007-05-20 10:55:43         0 drahs--c- C:\WINNT\System32\dllcache
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\dhcp
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\System32\config
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\system
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\security
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\repair
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\msapps
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\msagent
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\Media
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\java
    2007-05-20 10:55:43         0 d--h----- C:\WINNT\inf
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\Help
    2007-05-20 10:55:43         0 dra-s---- C:\WINNT\Fonts
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\Driver Cache
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\Debug
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\Cursors
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\Connection Wizard
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\Config
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\AppPatch
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\addins
    2007-05-20 10:55:43         0 d-a------ C:\WINNT\?
    2007-05-20 10:24:24         0 d-------- C:\Program Files\Accessories
    2007-05-20 10:24:21         0 d-------- C:\Program Files\Windows NT
    2007-05-20 10:24:15         0 d-------- C:\WINNT\System32\Com
    2007-05-20 10:23:54         0 d-------- C:\Program Files\Alwil Software
    2007-05-20 10:14:55    464468 ---h----- C:\WINNT\ShellIconCache
    2007-05-20 10:12:07         0 d-------- C:\Program Files\Skype
    2007-05-20 10:12:06         0 d-------- C:\Program Files\Common Files\Skype
    2007-05-20 10:01:02         0 d-a------ C:\Program Files\Common Files\ODBC
    2007-05-20 10:00:58         0 d-a------ C:\WINNT\Speech
    2007-05-20 10:00:56         0 dra------ C:\Program Files
    2007-05-20 10:00:12         0 d-a------ C:\WINNT\System32\CatRoot
    2007-05-20 09:59:56         0 d-a------ C:\Documents and Settings
    2007-05-20 09:59:46         0 d-------- C:\Program Files\Gadu-Gadu
    2007-05-20 09:57:32     37376 -r-hs---- C:\WINNT\system\csrrs.exe
    2007-05-20 09:57:10     37376 --a------ C:\WINNT\System32\kp.exe
    2007-05-20 09:56:33        61 --a------ C:\WINNT\System32\i
    2007-05-20 09:55:43         0 -ra------ C:\WINNT\System32\TFTP1144
    2007-05-20 09:47:09     32768 --a------ C:\WINNT\System32\WooDial2000.dll <Not Verified; France Télécom R&D; Kit de Connexion et de Services>
    2007-05-20 09:45:47    127456 --a------ C:\WINNT\System32\IPDETECT.EXE <Not Verified; ; IPDETECT>
    2007-05-20 09:45:45    116992 --a------ C:\WINNT\System32\drivers\e4usbaw.sys <Not Verified; Analog Devices Inc.; ADSL USB WAN Driver>
    2007-05-20 09:45:45    126489 --a------ C:\WINNT\System32\drivers\adiusbaw.sys <Not Verified; Analog Devices Inc.; ADSL USB WAN Driver>
    2007-05-20 09:45:45    126976 --a------ C:\WINNT\System32\coclassfast.dll
    2007-05-20 09:45:45     24576 --a------ C:\WINNT\enddisk32.exe
    2007-05-20 09:45:44    152126 --a------ C:\WINNT\System32\drivers\L1E9P2.BIN
    2007-05-20 09:45:44     64000 --a------ C:\WINNT\System32\drivers\e4ldr.sys <Not Verified; Analog Deivces; ADI ADSL chipset loader>
    2007-05-20 09:45:43    135168 --a------ C:\WINNT\System32\unaddrv.exe <Not Verified; Analog Devices.; UnADdrv>
    2007-05-20 09:45:43     46892 --a------ C:\WINNT\System32\ADADIX16.DLL
    2007-05-20 09:45:39    152132 --a------ C:\WINNT\System32\drivers\L1E4P2.BIN
    2007-05-20 09:45:39    152132 --a------ C:\WINNT\System32\drivers\L1E4P1.BIN
    2007-05-20 09:45:39    152132 --a------ C:\WINNT\System32\drivers\L1E4P0.BIN
    2007-05-20 09:45:39    152220 --a------ C:\WINNT\System32\drivers\L1E4I2.BIN
    2007-05-20 09:45:39    152220 --a------ C:\WINNT\System32\drivers\L1E4I1.BIN
    2007-05-20 09:45:39    152220 --a------ C:\WINNT\System32\drivers\L1E4I0.BIN
    2007-05-20 09:45:38    152126 --a------ C:\WINNT\System32\drivers\L1E9P1.BIN
    2007-05-20 09:45:38    152126 --a------ C:\WINNT\System32\drivers\L1E9P0.BIN
    2007-05-20 09:45:38    152126 --a------ C:\WINNT\System32\drivers\L1E9I2.BIN
    2007-05-20 09:45:38    152126 --a------ C:\WINNT\System32\drivers\L1E9I1.BIN
    2007-05-20 09:45:38    152126 --a------ C:\WINNT\System32\drivers\L1E9I0.BIN
    2007-05-20 09:45:35         0 d-------- C:\Program Files\SAGEM
    2007-05-20 09:45:35         0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-05-20 09:45:29         0 d-------- C:\Program Files\Common Files\InstallShield
    2007-05-20 09:45:02         0 d-------- C:\WINNT\System32\AlertModule
    2007-05-20 09:44:56     94208 --a------ C:\WINNT\System32\W32n50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
    2007-05-20 09:44:56     16128 -----n--- C:\WINNT\System32\PCANDIS5.SYS <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
    2007-05-20 09:44:46     36864 --a------ C:\WINNT\System32\IfHelper.dll <Not Verified; France Télécom R&D; IfHelper>
    2007-05-20 09:44:36    278016 --a------ C:\WINNT\System32\vct3216.dll <Not Verified; Voxware, Inc.; Voxware Compression Toolkit>
    2007-05-20 09:44:30     45056 --a------ C:\WINNT\System32\cdrtc.dll <Not Verified; Adaptec; Adaptec's CD-R Helper Drivers>
    2007-05-20 09:44:30     45056 --a------ C:\WINNT\System32\cdral.dll <Not Verified; Adaptec; Adaptec's CDRAL>
    2007-05-20 09:44:30         0 d-------- C:\Program Files\Adaptec
    2007-05-20 09:44:29   1118208 --a------ C:\WINNT\System32\wmpui.dll
    2007-05-20 09:44:29   1298432 --a------ C:\WINNT\System32\wmploc.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
    2007-05-20 09:44:29    815104 --a------ C:\WINNT\System32\wmpcore.dll
    2007-05-20 09:44:29    184320 --a------ C:\WINNT\System32\wmpcd.dll
    2007-05-20 09:44:29     71168 --a------ C:\WINNT\System32\wmerrPLK.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
    2007-05-20 09:44:29    270336 --a------ C:\WINNT\System32\pdbrowse.dll
    2007-05-20 09:44:29     32768 --a------ C:\WINNT\System32\asferror.dll <Not Verified; Microsoft Corporation; Microsoft® NetShow>
    2007-05-20 09:44:25     45056 --a------ C:\WINNT\System32\wmplenc.dll <Not Verified; Thomson Consumer Electronics; Thomson Consumer Electronics wmplenc>
    2007-05-20 09:44:25     16384 --a------ C:\WINNT\System32\wmdmps.dll <Not Verified; Microsoft Corporation; Microsoft (R) DRM>
    2007-05-20 09:44:25     24064 --a------ C:\WINNT\System32\wmdmlog.dll <Not Verified; Microsoft Corporation; Microsoft (R) DRM>
    2007-05-20 09:44:25    159744 --a------ C:\WINNT\System32\mswmdm.dll <Not Verified; Microsoft Corporation; Microsoft (R) DRM>
    2007-05-20 09:44:25    221184 --a------ C:\WINNT\System32\msscp.dll <Not Verified; Microsoft Corporation; Microsoft (R) DRM>
    2007-05-20 09:44:25    188416 --a------ C:\WINNT\System32\mspmsp.dll <Not Verified; Microsoft Corporation; Microsoft (R) DRM>
    2007-05-20 09:44:25    352256 --a------ C:\WINNT\System32\lyrasp.dll <Not Verified; Microsoft Corporation; RCA Lyra WMDM Service Provider>
    2007-05-20 09:44:25    147456 --a------ C:\WINNT\System32\CEWMDM.dll
    2007-05-20 09:44:24    446464 --a------ C:\WINNT\System32\wmvdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
    2007-05-20 09:44:24    466944 --a------ C:\WINNT\System32\wmv8dmoe.dll <Not Verified; Microsoft Corporation; Microsoft (R) NetShow>
    2007-05-20 09:44:24    335360 --a------ C:\WINNT\System32\wmstream.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
    2007-05-20 09:44:24    118784 --a------ C:\WINNT\System32\wmsdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
    2007-05-20 09:44:24    241725 --a------ C:\WINNT\System32\msuni11.dll <Not Verified; Microsoft Corporation; Microsoft (R) Jet>
    2007-05-20 09:44:24     50448 --a------ C:\WINNT\System32\msdmo.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows(R) Millennium Operating System>
    2007-05-20 09:44:23    368710 --a------ C:\WINNT\System32\msisam11.dll <Not Verified; Microsoft Corporation; Microsoft (R) Jet>
    2007-05-20 09:44:23    163840 --a------ C:\WINNT\System32\mindex.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
    2007-05-20 09:44:22     66048 --a------ C:\WINNT\System32\unam4ie.exe <Not Verified; Microsoft Corporation; DirectShow>
    2007-05-20 09:44:04         0 d-------- C:\WINNT\System32\Macromed
    2007-05-20 09:43:50    499984 --a------ C:\WINNT\System32\dxmasf.dll <Not Verified; Microsoft Corporation; DirectShow>
    2007-05-20 09:43:07         0 d-------- C:\WINNT\RegisteredPackages
    2007-05-20 09:41:39         0 d--h----- C:\WINNT\msdownld.tmp
    2007-05-20 09:39:59         0 d-a------ C:\Program Files\neostrada tp
    2007-05-20 09:39:41         0 d--hs---- C:\WINNT\ftpcache
    2007-05-20 09:38:41         0 d-------- C:\WINNT\System32\NtmsData
    2007-05-20 09:38:35         0 d--hs---- C:\WINNT\Installer
    2007-05-20 09:38:25         0 d--h----- C:\WINNT\System32\GroupPolicy
    2007-05-20 09:38:23         0 d--hs---- C:\WINNT\CSC
    2007-05-20 09:37:59         0 d--hs---- C:\System Volume Information
    2007-05-20 09:31:52         0 d-------- C:\WINNT\System32\rpcproxy
    2007-05-20 09:31:52         0 d-------- C:\WINNT\System32\rocket
    2007-05-20 09:31:52         0 d-------- C:\WINNT\System32\inetsrv
    2007-05-20 09:31:52         0 d-------- C:\WINNT\mww32
    2007-05-20 09:31:52         0 d-------- C:\Program Files\microsoft frontpage
    2007-05-20 09:29:56         0 -rahs---- C:\MSDOS.SYS
    2007-05-20 09:29:56         0 -rahs---- C:\IO.SYS
    2007-05-20 09:29:56         0 ---h----- C:\CONFIG.SYS
    2007-05-20 09:29:56         0 ---h----- C:\AUTOEXEC.BAT
    2007-05-20 09:27:39         0 dr------- C:\WINNT\Offline Web Pages
    2007-05-20 09:27:39         0 d---s---- C:\WINNT\Downloaded Program Files
    2007-05-20 09:27:01         0 d-a-s---- C:\WINNT\Tasks
    2007-05-20 09:26:28     15152 --a------ C:\WINNT\System32\emptyregdb.dat
    2007-05-20 09:25:28         0 d-------- C:\WINNT\Registration
    2007-05-20 09:25:09         0 d-------- C:\WINNT\System32\DTCLog


    -- Find3M Report ---------------------------------------------------------------

    2007-05-20 18:56:40         0 d-------- C:\Documents and Settings\Koziel\Dane aplikacji\Talkback
    2007-05-20 18:56:05         0 d-------- C:\Documents and Settings\Koziel\Dane aplikacji\Mozilla
    2007-05-20 18:52:31         0 d-------- C:\Documents and Settings\Koziel\Dane aplikacji\Skype
    2007-05-20 09:39:45         0 d-------- C:\Documents and Settings\Koziel\Dane aplikacji\Macromedia
    2007-05-20 09:38:34         0 d-------- C:\Documents and Settings\Koziel\Dane aplikacji\Identities
    2007-05-20 09:28:04    342104 --a------ C:\WINNT\System32\perfh015.dat
    2007-05-20 09:28:04     45842 --a------ C:\WINNT\System32\perfc015.dat


    -- Registry Dump ---------------------------------------------------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {22BF413B-C6D2-4d91-82A9-A0F997BA588C}   C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Synchronization Manager"="mobsync.exe /logon"
    "WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"
    "WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\GestMaj.exe TaskBarIcon.exe"
    "Client Server Runtime Process"="C:\\WINNT\\System32\\csrs.exe"
    "Advanced DHTML Enable"="C:\\WINNT\\System32\\ckzmyxok.exe"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "SYSTEM"="winmgrd.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "SYSTEM"="winmgrd.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
    "SYSTEM"="winmgrd.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "SYSTEM"="winmgrd.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "internat.exe"="internat.exe"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
       Authentication Packages   REG_MULTI_SZ      msv1_0\0\0
       Security Packages   REG_MULTI_SZ      kerberos\0msv1_0\0schannel\0\0
       Notification Packages   REG_MULTI_SZ      scecli\0\0

     
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    rpcss   REG_MULTI_SZ      RpcSs\0\0



    -- End of Deckard's System Scanner: finished at 2007-05-20 at 19:41:14 ---------



    Code:
    Deckard's System Scanner v20070611.50
    
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Unable to create WMI object; error code: 0x800706BA

    -- Security Center -------------------------------------------------------------

    AUOptions is disabled.


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Koziel\Dane aplikacji
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=MARIAN-1Z5IZCLX
    ComSpec=C:\WINNT\system32\cmd.exe
    HOMEDRIVE=C:
    HOMEPATH=\
    LOGONSERVER=\\MARIAN-1Z5IZCLX
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Os2LibPath=C:\WINNT\system32\os2\dll;
    Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 5, GenuineIntel
    PROCESSOR_LEVEL=6
    PROCESSOR_REVISION=0605
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SystemDrive=C:
    SystemRoot=C:\WINNT
    TEMP=C:\DOCUME~1\Koziel\USTAWI~1\Temp
    TMP=C:\DOCUME~1\Koziel\USTAWI~1\Temp
    USERDOMAIN=MARIAN-1Z5IZCLX
    USERNAME=Koziel
    USERPROFILE=C:\Documents and Settings\Koziel
    windir=C:\WINNT


    -- User Profiles ---------------------------------------------------------------

    Koziel [I](admin)[/I]


    -- Add/Remove Programs ---------------------------------------------------------

    avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
    Gadu-Gadu 6.0 --> C:\Program Files\Gadu-Gadu\Setup.exe
    HijackThis 1.99.1 --> C:\Documents and Settings\Koziel\Pulpit\HijackThis.exe /uninstall
    Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\System32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
    Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    neostrada tp --> C:\PROGRA~1\NEOSTR~1\Uninstall.exe
    SAGEM F@st 800-840 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x15
    Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
    Windows Media Player 7.1 --> C:\Program Files\Windows Media Player\setup_wm.exe /Uninstall


    -- End of Deckard's System Scanner: finished at 2007-05-20 at 19:41:14 ---------

  • #630
    Kolobos
    Spec od komputerów
    :arrow: asfaloth
    Wyedytuj swoj post i umiesc wszystkie logi w zalaczniku!

    W hijackthis usun:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINNT\System32\csrs.exe
    O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINNT\System32\ckzmyxok.exe <- plik usun z dysku.
    O4 - HKLM\..\Run: [SYSTEM] winmgrd.exe <- i ten.
    O4 - HKLM\..\RunServices: [SYSTEM] winmgrd.exe
    O4 - HKCU\..\Run: [SYSTEM] winmgrd.exe
    O4 - HKCU\..\RunServices: [SYSTEM] winmgrd.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

    Usluga do kasacji:
    O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINNT\system\csrrs.exe

    Start->Uruchom->sc stop CSRRS
    oraz: sc delete CSRRS
    Plik csrrs.exe usun z dysku.

    Do tego usun te pliki:
    C:\dj.exe
    C:\WINNT\?
    C:\WINNT\system\csrrs.exe
    C:\WINNT\System32\kp.exe
    C:\WINNT\System32\i
    C:\WINNT\System32\TFTP1144

    Oraz zrob skan tym:
    http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe i zamknij porty przy pomocy wwdc.exe