Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Log z hijackthis

dudek_d 28 Gru 2005 22:17 1932 18
  • #2 28 Gru 2005 22:24
    Kolobos
    Spec od komputerów

    W menadzerze zadan zakoncz:
    C:\WINDOWS\system32\paytime.exe
    C:\winstall.exe
    C:\WINDOWS\system32\paytime.exe

    W hijackthis:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html <- usun plik
    F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - HKLM\..\Run: [svchost32] C:\WINDOWS\system32\svchost32.exe <- usun plik
    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
    O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" <- usun plik
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe <- usun plik
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe <- usun plik
    O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll <- usun plik

    Skan tym:
    http://www.webroot.com/shoppingcart/tryme.php...02&WRSID=fa418c3f36c473de8c7d2176ac7ada66 <- zrob update przed skanowaniem, po przeskanowaniu odinstaluj.
    http://download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po przeskanowaniu odinstaluj.
    Zamknij porty w wwdc:
    http://www.firewallleaktester.com/tools/wwdc.exe

    0
  • #3 08 Sty 2006 20:44
    iron29
    Poziom 12  

    Witam
    Czy może ktoś mi to sprawdzić?
    pozdro


    Logfile of HijackThis v1.99.1
    Scan saved at 20:41:26, on 2006-01-08
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\BitLord\BitLord.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    D:\Instalki\Hija\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"




    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [WinMX] C:\Program Files\Winmxpl\WinMX.exe -m
    O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
    O4 - HKCU\..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/...ls/en/x86/client/wuweb_site.cab?1136579958855
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    0
  • #4 08 Sty 2006 20:56
    paweliw
    Spec od komputerów

    Log jest czysty.
    Trochę tylko dużo wpisów w O4 (automatyczny start programu przy starcie Windows) niepotrzebnie obciążających pamięć i procesor.
    Dodatkowo dwa programy P2P jednocześnie (BearShare i BitLord) ...

    0
  • #5 08 Sty 2006 21:02
    iron29
    Poziom 12  

    Jak i gdzie mogę odciążyć proca?

    0
  • #6 08 Sty 2006 21:17
    paweliw
    Spec od komputerów

    Dopiero teraz zauważyłem że masz dwa antywirusy (Norton AntiVirus i Antivir) zrezygnuj z czegoś, ja bym odinstalował Nortona ...

    Ponadto tlen i gg, zawsze Ci to potrzebne razem ?

    Usuń w poszczególnych programach opcje startu z systemem lub Fix w Hijackthis:
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [WinMX] C:\Program Files\Winmxpl\WinMX.exe -m
    O4 - HKCU\..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none

    To tak z grubsza bo ja bym wyłączył także komunikatory:
    O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    0
  • #8 08 Sty 2006 21:55
    paweliw
    Spec od komputerów

    Log jest czysty, problem z wolniejszym uruchamianiem komputera musi być w czymś innym.
    Log wklejaj w treść wiadomości nie jako załącznik !

    0
  • #9 08 Sty 2006 22:21
    iron29
    Poziom 12  

    Ok
    Zobaczymy jak dalej będzie się uruchamiał
    dzieki i pozdro

    Logfile of HijackThis v1.99.1
    Scan saved at 22:19:14, on 2006-01-08
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Program Files\Skype\Phone\Skype.exe
    D:\Instalki\Hija\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/...ls/en/x86/client/wuweb_site.cab?1136579958855
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    0
  • #10 14 Sty 2006 10:14
    iron29
    Poziom 12  

    Witam
    Dzięki za pomoc. Widac że się trochę ustabilizowało
    Powyższy temat uważam za rozwiązany .
    Pozdrawiam

    Dodano po 4 [minuty]:

    Nie zakładam nowego tematu
    Mam do sprawdzenia log. Jak moze ktoś mi to sprawdzic i się odezwać na GG 6248069 to będę wdzięczny
    Pozdrawiam
    Logfile of HijackThis v1.99.1
    Scan saved at 19:48:33, on 13.01.2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\AVPersonal\AVGUARD.EXE
    C:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\inet20003\services.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Programme\AVPersonal\AVGNT.EXE
    C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\System32\paytime.exe
    C:\windows\banmanpro.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programme\Spyware Doctor\swdoctor.exe
    C:\Programme\Messenger\msmsgs.exe
    C:\winstall.exe
    C:\WINDOWS\System32\paytime.exe
    C:\Program Files\SpySheriff\SpySheriff.exe
    C:\Programme\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Programme\Network Monitor\netmon.exe
    C:\WINDOWS\QmVudXR6ZXI\command.exe
    C:\WINDOWS\System32\dllcache\IExplore.exe
    C:\WINDOWS\System32\dllcache\IExplore.exe
    C:\WINDOWS\System32\dllcache\IExplore.exe
    C:\WINDOWS\System32\symsvcsa.exe
    C:\Programme\Gadu-Gadu\gg.exe
    C:\Programme\Skype\Phone\Skype.exe
    C:\Dokumente und Einstellungen\xxx\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20003\3.00.13.dll (file missing)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWn
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [fdiskdumpp] C:\Programme\fdiskdumpp.exe
    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
    O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe
    O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programme\Gadu-Gadu\gg.exe" /tray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symsvcsa.exe
    O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
    O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Programme\OpenOffice.org1.1.2\program\quickstart.exe
    O4 - Global Startup: ZDWlan.lnk = ?
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QmVudXR6ZXI\command.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe
    O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    0
  • #11 14 Sty 2006 11:35
    kacz2n
    Poziom 16  

    Cytat:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
    O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20003\3.00.13.dll (file missing)
    O4 - HKLM\..\Run: [fdiskdumpp] C:\Programme\fdiskdumpp.exe
    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
    O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe
    O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symsvcsa.exe
    O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe


    1. Wyłączyć przywracanie systemu w XP (opis tutaj)
    2. Restart komputera do trybu awaryjnego (opis w powyższym linku)
    3. Zaznaczyć wpisy w Hijacku któe pokazałem i kliknąć Fix checked
    4. Skasować z dysku pliki i foldery wyróżnione na czerwono
    5. Przeskanować skanerami online oraz antyspyware'ami
    6. Wkleić nowy log do sprawdzenia ;)

    usuwanie fałszywej tapety SpySheriff zobacz
    TU

    Cytat:
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QmVudXR6ZXI\command.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe


    Start -> Uruchom -> services.msc ->zatrzymaj usługi Command Service oraz Network Monitor. Usuń katalog QmVudXR6ZXI oraz Network Monitor.

    0
  • #12 14 Sty 2006 11:42
    Kolobos
    Spec od komputerów

    Zakoncz:
    C:\WINDOWS\inet20003\services.exe <- usun caly katalog inet20003
    C:\WINDOWS\System32\paytime.exe
    C:\windows\banmanpro.exe
    C:\winstall.exe
    C:\WINDOWS\System32\paytime.exe
    C:\Program Files\SpySheriff\SpySheriff.exe
    C:\WINDOWS\System32\dllcache\IExplore.exe
    C:\WINDOWS\System32\dllcache\IExplore.exe
    C:\WINDOWS\System32\dllcache\IExplore.exe
    C:\WINDOWS\System32\symsvcsa.exe
    Pliki usun.

    W hijackthis usun:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20003\3.00.13.dll (file missing)
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [fdiskdumpp] C:\Programme\fdiskdumpp.exe
    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
    O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe
    O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symsvcsa.exe
    O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe <- usun caly katalog SpySheriff

    Usun uslugi:
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QmVudXR6ZXI\command.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe

    Start->Uruchom->cmd:
    sc stop "Network Monitor"
    sc delete "Network Monitor"
    sc stop cmdService sc delete cmdService

    Nastepnie usun katalogi Network Monitor oraz
    QmVudXR6ZXI.

    Oczywiscie wszystko rob w trybie awaryjnym.

    Przeskanuj tez tym:
    http://download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po przeskanowaniu odinstaluj.
    ftp://download.hirekmedia.hu/ssfsetup1_0.exe
    Zamknij porty w wwdc:
    http://www.firewallleaktester.com/tools/wwdc.exe

    Po wszystkim wklej nowy log.

    edit:
    Troche sie spoznilem ;-)

    0
  • #13 15 Sty 2006 12:11
    iron29
    Poziom 12  

    dzięki wszystkim za pomoc.
    jest OK


    Zasmykam temat

    0
  • #14 22 Sty 2006 23:14
    danek16
    Poziom 15  

    Witam! zeby nie otwierac nowego tematu to moglbym prosic zeby ktos mojego loga sprwdzil: (mam taki problem ze np jak przegladam allegro i klikne inne zdjeci to mi laczy ze strona allegro.pl a nie ze zdjeciem, albo na niektturych stronach niemoge wejsc w strone logowania) - uzywam Avant Browser.

    Logfile of HijackThis v1.99.1
    Scan saved at 22:58:39, on 2006-01-22
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CPUCooL\CooLSrv.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Program Files\Tweak-XP Pro 3\AdBlocker.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\svcnet.exe
    C:\My Shared Folder\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Shell API32] svcnet.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O4 - HKCU\..\Run: [BlockAds] "C:\Program Files\Tweak-XP Pro 3\AdBlocker.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Shell API32] svcnet.exe
    O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
    O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Personalizuj Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: RF Pasek Narzędzi - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
    O8 - Extra context menu item: Wypełnij Pola - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Zapisz Pola - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Zapisz Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RF Pasek Narzędzi - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/...ls/en/x86/client/wuweb_site.cab?1128167982407
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4747ECF6-61F2-49EF-8D0A-A6665AF4CA2D}: NameServer = 192.168.1.3
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe




    Ktos moglby jeszcze powiedizec jak to sie sprawdza, na czym to polega?
    pozdrwaiam

    0
  • #15 22 Sty 2006 23:31
    Kolobos
    Spec od komputerów

    :arrow: danek16

    W menadzerze zadan zakoncz:
    C:\WINDOWS\system32\svcnet.exe
    plik usun z dysku.

    W hijackthis usun:
    O4 - HKLM\..\Run: [Shell API32] svcnet.exe
    O4 - HKCU\..\Run: [Shell API32] svcnet.exe

    Sprawdz plik: C:\WINDOWS\System32\userinit.exe
    tym skanerem: http://virusscan.jotti.org/ i napisz czy cos znalazl ale pliku narazie nie ruszaj.

    Przeskanuj system tym:
    ftp://download.hirekmedia.hu/ssfsetup1_0.exe <- zrob update przed skanowaniem, po przeskanowaniu odinstaluj.
    http://download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po przeskanowaniu odinstaluj.
    Zamknij porty w wwdc:
    http://www.firewallleaktester.com/tools/wwdc.exe

    Zainstaluj antyvirus:
    http://www.avast.com/eng/avast_4_home.html

    0
  • #16 06 Lut 2006 22:04
    Łukasz Dolega
    Poziom 12  

    Witam,
    Bardzo proszę o sprawdzenie loga.
    Nie wiem co jest przyczyną, ale mój komp rusza się jak żółw(notatnik włącza 15 s).
    A tak na marginesie: co sprawdza hijackthis?

    Logfile of HijackThis v1.99.1
    Scan saved at 21:56:43, on 2006-02-06
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\System32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\System32\RunDll32.exe
    D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Documents and Settings\Lucas\Pulpit\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O8 - Extra context menu item: Download All by FlashGet - D:\PROGRA~1\FLASHGET\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - D:\PROGRA~1\FLASHGET\jc_link.htm
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{13424449-18E9-43B7-A195-1A60798A957F}: NameServer = 10.100.101.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{13424449-18E9-43B7-A195-1A60798A957F}: NameServer = 10.100.101.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{13424449-18E9-43B7-A195-1A60798A957F}: NameServer = 10.100.101.1
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe

    0
  • #17 06 Lut 2006 22:22
    paweliw
    Spec od komputerów

    Log jest właściwie czysty.
    Zastanawia mnie tylko skąd masz takie adresy IP (wewnętrzne !?):
    O17 - HKLM\System\CCS\Services\Tcpip\..\{13424449-18E9-43B7-A195-1A60798A957F}: NameServer = 10.100.101.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{13424449-18E9-43B7-A195-1A60798A957F}: NameServer = 10.100.101.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{13424449-18E9-43B7-A195-1A60798A957F}: NameServer = 10.100.101.1

    Dostawca netu takie Ci podał ?

    0
  • #18 07 Lut 2006 12:44
    Łukasz Dolega
    Poziom 12  

    Witam,
    Tak, numery IP mam od dostawcy Internetu. Jestem podłączony radiowo i to chyba wewnętrzne numery. Czy jest w nich coś dziwnego?
    Dzięki za sprawdzenie. Czy moge coś zrobić żeby mój system sie trochę rozruszał?
    dziękuję i pozdrawiam
    Łukasz Dolega

    0
  • #19 07 Lut 2006 12:56
    paweliw
    Spec od komputerów

    Skoro radiowo i dostawca podał Ci takie numery wewnętrzne, to nie ma nic dziwnego.
    Technologia idzie do przodu ...

    Właściwie niewiele można u Ciebie wyłączyć z autostartu (tylko to):
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    Możesz też zatrzymać usługi dotyczące ATI (karta graficzna)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    (usług nie wyłączysz w hijackthis, musisz to zrobić ręcznie).
    Jak nie wiesz jak to nie kombinuj.

    0