Chcesz sprawdzić swój log z Hijackthisa? Wklej go tutaj...
- Thread starter patology
- Rozpoczęty
- Status
Logfile of HijackThis v1.99.1
Scan saved at 18:53:45, on 07-06-20
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMINTERNAT.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C
ROGRAM FILESGADU-GADUGG.EXE
CROGRAM FILESMOZILLA FIREFOXFIREFOX.EXE
C:HIJACKTHIS.EXE
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.fan-tex.com.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.eu.microsoft.com/poland/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [Gadu-Gadu] "CROGRAM FILESGADU-GADUGG.EXE" /tray
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
Scan saved at 18:53:45, on 07-06-20
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMINTERNAT.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C
ROGRAM FILESGADU-GADUGG.EXEC
ROGRAM FILESMOZILLA FIREFOXFIREFOX.EXEC:HIJACKTHIS.EXE
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.fan-tex.com.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.eu.microsoft.com/poland/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [Gadu-Gadu] "C
ROGRAM FILESGADU-GADUGG.EXE" /trayO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
Kanciastoporty
Były Moderator
- Dołączył
- Grudzień 19, 2006
- Posty
- 1137
lol masz windowsa 98 ? xD
co do loga to te sa troche dziwne
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
co do loga to te sa troche dziwne
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
internat.exe to chyba proces systemowy win98 (jak go używałem to tez takie coś było)
mogłyby ktos sprawdzić?
mogłyby ktos sprawdzić?
Kod:
Logfile of HijackThis v1.99.1
Scan saved at 23:36:08, on 2007-06-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32svchost.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:PROGRA~1NEOSTR~1CnxMon.exe
C:PROGRA~1NEOSTR~1TaskbarIcon.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:PROGRA~1NEOSTR~1NeostradaTP.exe
C:PROGRA~1NEOSTR~1ComComp.exe
C:Program FilesHPDigital ImagingProduct Assistantbinhprblog.exe
C:PROGRA~1NEOSTR~1Watch.exe
C:Program FilesOperaOpera.exe
C:Program FilesGadu-Gadugg.exe
C:Documents and SettingsAdminPulpithijackthisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.neostrada.pl[/url]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe"
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0scieplugin.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLMSystemCCSServicesTcpip..{5CCC0E4F-3985-453B-BC7C-997ED086DC98}: NameServer = 194.204.159.1 217.98.63.164
O20 - Winlogon Notify: klogon - C:WINDOWSsystem32klogon.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe
Kod:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:45:20, on 2007-06-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSsystem32spoolsv.exe
D:WINDOWSExplorer.EXE
D:WINDOWSsystem32CTSvcCDA.exe
D:WINDOWSsystem32inetsrvinetinfo.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSsystem32spooldriversw32x863hpztsb06.exe
D:Program FilesCreativeNewsNewsUpd.EXE
D:Program FilesCreativeShareDLLCtNotify.exe
D:Program FilesCreativeAudio2KPROGRAMCTMIX32.EXE
D:PROGRA~1A4TechKeyboardIkeymain.exe
D:Program FilesCommon FilesRealUpdate_OBrealsched.exe
D:Program FilesWinampwinampa.exe
D:WINDOWSsystem32wscntfy.exe
D:Program FilesJavajre1.5.0_09binjusched.exe
D:Program FilesCreativeShareDLLMediaDet.Exe
D:PROGRA~1SonySONICS~1SsAAD.exe
D:Program FilesQuickTimeqttask.exe
D:WINDOWSsystem32ctfmon.exe
D:Program FilesWinZipWZQKPICK.EXE
D:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
D:Program FilesGadu-Gadugg.exe
D:Program FilesSonySony Picture UtilityBrowserSPUBrowser.exe
D:Program FilesWinRARWinRAR.exe
D:DOCUME~1NataliaUSTAWI~1TempRar$EX00.448HiJackThis_v2.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:Program FilesJavajre1.5.0_09binssv.dll
O4 - HKLM..Run: [HPDJ Taskbar Utility] D:WINDOWSsystem32spooldriversw32x863hpztsb06.exe
O4 - HKLM..Run: [NewsUpd] D:Program FilesCreativeNewsNewsUpd.EXE /q
O4 - HKLM..Run: [Disc Detector] D:Program FilesCreativeShareDLLCtNotify.exe
O4 - HKLM..Run: [CreativeMixer] D:Program FilesCreativeAudio2KPROGRAMCTMIX32.EXE /t
O4 - HKLM..Run: [NeroCheck] D:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [iKeyWorks] D:PROGRA~1A4TechKeyboardIkeymain.exe
O4 - HKLM..Run: [TkBellExe] "D:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [WinampAgent] D:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [SunJavaUpdateSched] D:Program FilesJavajre1.5.0_09binjusched.exe
O4 - HKLM..Run: [ImInstaller_IncrediMail] D:DOCUME~1NataliaUSTAWI~1TempImInstallerIncrediMailincredimail_install.exe -startup -product IncrediMail
O4 - HKLM..Run: [SsAAD.exe] D:PROGRA~1SonySONICS~1SsAAD.exe
O4 - HKLM..Run: [QuickTime Task] "D:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKCU..Run: [CTFMON.EXE] D:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] D:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] D:WINDOWSSystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] D:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] D:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = D:Program FilesSonySony Picture UtilityVolumeWatcherSPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:Program FilesWinZipWZQKPICK.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.5.0_09binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.5.0_09binssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:Program FilesMessengermsmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:Program FilesSkypePlugin ManagerSkype4COM.dll (file missing)
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:WINDOWSSystem32browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:WINDOWSSystem32browseui.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:WINDOWSsystem32CTSvcCDA.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - c:Program FilesFirebirdFirebird_1_5binfbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - c:Program FilesFirebirdFirebird_1_5binfbserver.exe
O23 - Service: iPod Service - Unknown owner - D:Program FilesiPodbiniPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - D:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - D:Program FilesCommon FilesSony SharedAVLibSSScsiSV.exe
--
End of file - 5946 bytesProsze o sprawdzenieloga
Logfile of HijackThis v1.99.1
Scan saved at 07:51:32, on 2007-06-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32brsvc01a.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32brss01a.exe
C:WINDOWSsystem32acs.exe
C
C
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C
C
C
C
C
C
C
C
C
C
C
C:WINDOWSsystem32ctfmon.exe
C
C
C
C
C:WINDOWSsystem32WgaTray.exe
C
C
C
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.interia.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {FA55320A-F492-F21D-9C4E-F8BAA2601AC4} - C:WINDOWSsystem32hfuate.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c
O4 - HKLM..Run: [ALi5289] "C
O4 - HKLM..Run: [NvCplDaemon] "RUNDLL32.EXE" C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] "nwiz.exe" /install
O4 - HKLM..Run: [NvMediaCenter] "RUNDLL32.EXE" C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [RemoteControl] "C
O4 - HKLM..Run: [TWCU] "C
O4 - HKLM..Run: [SunJavaUpdateSched] "C
O4 - HKLM..Run: [Adobe Photo Downloader] "C
O4 - HKLM..Run: [WinampAgent] "C
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [InCD] C
O4 - HKLM..Run: [DAEMON Tools] "C
O4 - HKLM..Run: [SSBkgdUpdate] "C
O4 - HKLM..Run: [PaperPort PTD] C
O4 - HKLM..Run: [IndexSearch] C
O4 - HKLM..Run: [SetDefPrt] C
O4 - HKLM..Run: [ControlCenter2.0] C
O4 - HKLM..Run: [PPort9reminder] "C
O4 - HKLM..Run: [nod32kui] "C
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Uatp] "C
O4 - HKCU..Run: [SpySpotter] C
O4 - HKCU..Run: [SpySpotter System Defender] C
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C
O4 - HKCU..Run: [MSMSGS] "C
O4 - HKCU..Run: [swg] C
O4 - HKCU..Run: [Vidalia] "C
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C
O4 - Global Startup: Privoxy.lnk = C
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C
O12 - Plugin for .spop: C
O20 - AppInit_DLLs: alg.dll
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:WINDOWSsystem32acs.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:WINDOWSsystem32brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe[/b]
Proszę uprzejmie o sprawdzenie poprawności loga.
Z góry dziękuję.
Kanciastoporty
Były Moderator
- Dołączył
- Grudzień 19, 2006
- Posty
- 1137
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb - usunac hijackthisem
R3 - URLSearchHook: (no name) - {FA55320A-F492-F21D-9C4E-F8BAA2601AC4} - C:WINDOWSsystem32hfuate.dll (file missing) - jezeli nie wiesz co to jest to usunac
O20 - AppInit_DLLs: alg.dll - nie wiadomo co to, jak nie wiesz to usun
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) - tez usun
R3 - URLSearchHook: (no name) - {FA55320A-F492-F21D-9C4E-F8BAA2601AC4} - C:WINDOWSsystem32hfuate.dll (file missing) - jezeli nie wiesz co to jest to usunac
O20 - AppInit_DLLs: alg.dll - nie wiadomo co to, jak nie wiesz to usun
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) - tez usun
Witam proszę o sprawdzenie
Kod:
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32RUNDLL32.EXE
D:INTERN~1MEDIAKEY.EXE
C:WINDOWSSystem32CTHELPER.EXE
D:INTERN~1KBOSDCtl.EXE
D:INTERN~1KCodeMsg.EXE
D:Esetnod32kui.exe
C:WINDOWSSystem32MMTray.exe
D:Zone LabsZoneAlarmzlclient.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb10.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesJavajre1.5.0_10binjusched.exe
D:NOKIANOKIAP~1LAUNCH~1.EXE
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:PROGRA~1MICROS~3rapimgr.exe
C:PROGRA~1COMMON~1PCSuiteServicesSERVIC~1.EXE
D:StatBarStatBar.exe
C:Program FilesmfkMFK.EXE
D:lgLGSyncManager.exe
C:Documents and SettingsAll UsersMenu StartProgramyAutostartUninstall.exe
C:WINDOWSsystem32Ctsvccda.exe
d:Esetnod32krn.exe
C:WINDOWSSystem32nvsvc32.exe
C:Program FilesCyberLinkShared filesRichVideo.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSSystem32MsPMSPSv.exe
D:Gadu-Gadugg.exe
d:Winamp3 winampwinamp.exe
D:przeglądarkiMozilla Firefoxfirefox.exe
D:Winampwinamp.exe
D:gryGanymedebilliards.exe
C:Program FilesHijackThisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.windowsxlive.net[/url]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.windowsxlive.net[/url]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:AdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:BitConnetBitComettoolsBitCometBHO_1.1.3.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_10binssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:FlashGetjccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:FlashGetfgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [MediaKey] D:INTERN~1MEDIAKEY.EXE
O4 - HKLM..Run: [CTHelper] CTHELPER.EXE
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKLM..Run: [Jet Detection] d:CreativeSBLivePROGRAMADGJDet.exe
O4 - HKLM..Run: [nod32kui] "d:Esetnod32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [MMTray] MMTray.exe
O4 - HKLM..Run: [Zone Labs Client] d:Zone LabsZoneAlarmzlclient.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb10.exe
O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [LanguageShortcut] "C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.5.0_10binjusched.exe"
O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"
O4 - HKLM..Run: [PCSuiteTrayApplication] D:NOKIANOKIAP~1LAUNCH~1.EXE -onlytray
O4 - HKLM..Run: [Vista Sidebar] C:Program FilesVista Sidebarsidebar.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Konnekt] "C:Program FilesKonnektkonnekt.exe" /autostart
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncwcescomm.exe"
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [Gadu-Gadu] "D:Gadu-Gadugg.exe" /tray
O4 - HKCU..Run: [StatBar] D:StatBarStatBar.exe
O4 - HKCU..Run: [MyKeys] "C:Program FilesmfkMFK.EXE" /M
O4 - Startup: Vista sidebar.lnk = C:Program FilesVista Sidebarsidebar.exe
O4 - Global Startup: Expressivo.lnk = C:Program FilesivoExpressivo Demoexpressivo.exe
O4 - Global Startup: LG SyncManager.lnk = D:lgLGSyncManager.exe
O4 - Global Startup: Microsoft Office.lnk = D:Microsoft OfficeOfficeOSA9.EXE
O4 - Global Startup: Uninstall.exe
O8 - Extra context menu item: Download All by FlashGet - D:FlashGetjc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://D:BitConnetBitCometBitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:BitConnetBitCometBitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:BitConnetBitCometBitComet.exe/AddLink.htm
O8 - Extra context menu item: Download using FlashGet - D:FlashGetjc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_10binssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MICROS~3INetRepl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:FlashGetflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:FlashGetflashget.exe
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - [url]http://67.15.101.3/g_bin/pl/roulette_2_0_0_21.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169818200140[/url]
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - [url]http://www.mks.com.pl/skaner/SkanerOnline.cab[/url]
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - [url]http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab[/url]
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - [url]http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab[/url]
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32Ctsvccda.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - d:Esetnod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared filesRichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exeKanciastoporty
Były Moderator
- Dołączył
- Grudzień 19, 2006
- Posty
- 1137
Crogram FilesmfkMFK.EXE jezeli nie wiesz co to to wywal
Cocuments and SettingsAll UsersMenu StartProgramyAutostartUninstall.exe - lol, wywal to
O4 - HKCU..Run: [MyKeys] "Crogram FilesmfkMFK.EXE" /M - patrz wyzej
O4 - Global Startup: Expressivo.lnk = Crogram FilesivoExpressivo Demoexpressivo.exe - jezeli wiesz co to, to zostaw, jezeli nie, to wywal
O4 - Global Startup: Uninstall.exe - wiadomo
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_21.cab - jezeli nie znasz tego ip to wywal
rogram FilesmfkMFK.EXE jezeli nie wiesz co to to wywalC
ocuments and SettingsAll UsersMenu StartProgramyAutostartUninstall.exe - lol, wywal toO4 - HKCU..Run: [MyKeys] "C
rogram FilesmfkMFK.EXE" /M - patrz wyzejO4 - Global Startup: Expressivo.lnk = C
rogram FilesivoExpressivo Demoexpressivo.exe - jezeli wiesz co to, to zostaw, jezeli nie, to wywalO4 - Global Startup: Uninstall.exe - wiadomo
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_21.cab - jezeli nie znasz tego ip to wywal
Kanciastoporty domniemywałem, że działasz w dobrej wierze i chcesz różnym osobom pomagać. Trochę się na ciebie wkurzyłem. :killer:
Dokonałem usunięcia zgodnie z instrukcją którą podałeś.
Wyłączyłem komputer i poszedłem spać.
Następnego dnia nie mogłem i nie mogę odpalić Windowsa.
Z żadnego trybu nie ruszy.
Komunikat:
Uszkodzone archiwum HKCUSoftwareMicrosoft....coś tam.
Bądż brak ścieżki pliku.
Co teraz radzisz?
Kod:
Logfile of HijackThis v1.99.1
Scan saved at 12:13:15, on 2007-06-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesTuneUp Utilities 2006WinStylerThemeSvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAntiVir PersonalEdition Classicsched.exe
C:Program FilesAntiVir PersonalEdition Classicavguard.exe
C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe
C:WINDOWSSystem32nvsvc32.exe
D:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesAntiVir PersonalEdition Classicavgnt.exe
D:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
D:Program FilesWapSterAQQAQQ.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
D:Program FilesSkypePhoneSkype.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
D:Program FilesTlen.pltlen.exe
D:Program FilesSAMSAM.exe
D:Program FilesSkypePlugin ManagerskypePM.exe
C:Documents and SettingsAll UsersDane aplikacjiSkypePluginsPluginsE12C95FCBD1240FEAE314D89676CA6F8LieDetector.exe
C:Documents and SettingsAll UsersDane aplikacjiSkypePluginsPluginsDF206D97847745E7983C822C45EE3038ringjack.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesMozilla Firefoxfirefox.exe
D:DocumentMERTHFolder3hijackthisHijackThis.exe
C:WINDOWSsystem32NOTEPAD.EXE
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://gryonline.wp.pl/[/url]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:PROGRA~1MICROS~1Office12GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [avgnt] "C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [GrooveMonitor] "D:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [Onet.pl AutoUpdate] C:Program FilesCommon FilesOnet.plAutoUpdate.exe /tsr
O4 - HKLM..Run: [DAEMON Tools-1033] "D:Program FilesD-Toolsdaemon.exe" -lang 1045
O4 - HKLM..Run: [Teleport Scheduler] "D:Program FilesTeleport Proscheduler.exe" /s
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Skype] "D:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [Komunikator] D:Program FilesTlen.pltlen.exe
O4 - HKCU..RunOnce: [FFTI] C:Documents and SettingsMerthDane aplikacjiMozillaFirefoxProfilesj3ywod2x.defaultextensions{B13721C7-F507-4982-B2E5-502A71474FED}ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:Documents and SettingsMerthDane aplikacjiMozillaFirefoxProfiles/j3ywod2x.defaultextensions{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Startup: SAM.lnk = D:Program FilesSAMSAM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:PROGRA~1MICROS~1Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.1_01binnpjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.1_01binnpjpi141_01.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:PROGRA~1MICROS~1Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:PROGRA~1MICROS~1Office12ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:Program FilesWinHTTrackWinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:Program FilesWinHTTrackWinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:PROGRA~1MICROS~1Office12REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169667085842[/url]
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - [url]http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab[/url]
O17 - HKLMSystemCCSServicesTcpip..{BCAD645B-D670-4652-9E1C-19BBE33CF032}: NameServer = 194.204.159.1,194.204.34.52
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:PROGRA~1MICROS~1Office12GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe
O23 - Service: mysql - Unknown owner - D:apachefriendsxamppmysqlbinmysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:Program FilesTuneUp Utilities 2006WinStylerThemeSvc.exeKanciastoporty
Były Moderator
- Dołączył
- Grudzień 19, 2006
- Posty
- 1137
Kanciastoporty domniemywałem, że działasz w dobrej wierze i chcesz różnym osobom pomagać. Trochę się na ciebie wkurzyłem. :killer:
Dokonałem usunięcia zgodnie z instrukcją którą podałeś.
Wyłączyłem komputer i poszedłem spać.
Następnego dnia nie mogłem i nie mogę odpalić Windowsa.
Z żadnego trybu nie ruszy.
Komunikat:
Uszkodzone archiwum HKCUSoftwareMicrosoft....coś tam.
Bądż brak ścieżki pliku.
Co teraz radzisz?[/b][/quote]
ten wpis ktory podales nie moze byc odpowiedzialny za nieuruchomienie windowsa, zaraz sprawdze co i jak, ale odrazu chce cie z gory przeprosic
/prawdopodobnie zjadla mnie rutyna i przy sciezce
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
zasugerowalem sie opisem "entry can be fixes" czyli ze moze byc usuniety (pliku przeciez nie ma). Z drugiej strony jak patrze, to ten wpis nalezy do programu SpySweeper v 4.5 by Webroot, dlatego dalej nie widze mojego bledu. Jednak bedzie to dla mnie nauczka, i bede sprawdzal kazdy wpis dwa razy.
@up
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) - mozesz usunac, ale nie musisz
O4 - HKLM..Run: [Onet.pl AutoUpdate] C
rogram FilesCommon FilesOnet.plAutoUpdate.exe /tsr - jezeli wiesz co to jest, to zostaw, jezeli nie, to usun@UP
Ty nie sprawdzasz po prostu tego na http://hijackthis.de/#anl?
Ty nie sprawdzasz po prostu tego na http://hijackthis.de/#anl?
Kanciastoporty
Były Moderator
- Dołączył
- Grudzień 19, 2006
- Posty
- 1137
dokladnie, tam sprawdzam
Logfile of HijackThis v1.99.1
Scan saved at 19:19:46, on 2007-06-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSSystem32svchost.exe
Drogram FilesAlwil SoftwareAvast4aswUpdSv.exe
Drogram FilesAlwil SoftwareAvast4ashServ.exe
D:WINDOWSExplorer.EXE
DROGRA~1ALWILS~1Avast4ashDisp.exe
Drogram FilesA4TechMouseAmoumain.exe
Drogram FilesJavajre1.5.0_11binjusched.exe
DROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE
Drogram FilesCommon FilesAheadlibNMBgMonitor.exe
Drogram FilesNokiaNokia PC Suite 6PcSync2.exe
D:WINDOWSsystem32ctfmon.exe
D:WINDOWSsystem32spoolsv.exe
DROGRA~1COMMON~1NokiaMPAPIMPAPI3s.exe
Drogram FilesWinampwinamp.exe
Drogram FilesGadu-Gadugg.exe
Drogram FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
D:WINDOWSsystem32nvsvc32.exe
D:WINDOWSSystem32PAStiSvc.exe
Drogram FilesAlwil SoftwareAvast4ashMaiSv.exe
Drogram FilesAlwil SoftwareAvast4ashWebSv.exe
Drogram FilesCommon FilesPCSuiteServicesServiceLayer.exe
D:WINDOWSsystem32wscntfy.exe
D:WINDOWSSystem32svchost.exe
Drogram FilesAzureusAzureus.exe
Drogram FilesInternet ExplorerIEXPLORE.EXE
DROGRA~1FREEDO~1fdm.exe
Crogram FilesHijackThisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O1 - Hosts: 217.153.219.170 L2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Drogram FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - GrogramyFlashGet 1.81 PortableFlashGetjccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - DROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Drogram FilesJavajre1.5.0_11binssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - Drogram FilesFree Download Manageriefdmcks.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - GrogramyFlashGet 1.81 PortableFlashGetgetflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM..Run: [avast!] DROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [WheelMouse] Drogram FilesA4TechMouseAmoumain.exe
O4 - HKLM..Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM..Run: [SunJavaUpdateSched] "Drogram FilesJavajre1.5.0_11binjusched.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [PCSuiteTrayApplication] DROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE -startup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE D:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "Drogram FilesCommon FilesAheadlibNMBgMonitor.exe"
O4 - HKCU..Run: [PcSync] Drogram FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
O4 - HKCU..Run: [ctfmon.exe] D:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [azureus] Drogram FilesAzureusAzureus.exe
O4 - Startup: Adobe Gamma.lnk = Drogram FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = Drogram FilesMicrosoft OfficeOffice10OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Drogram FilesJavajre1.5.0_11binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Drogram FilesJavajre1.5.0_11binssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Drogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Drogram FilesMessengermsmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - DROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - Drogram FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - Drogram FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - Drogram FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - Drogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - Drogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Drogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:WINDOWSsystem32nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - Drogram FilesCommon FilesPCSuiteServicesServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - D:WINDOWSSystem32PAStiSvc.exe
Scan saved at 19:19:46, on 2007-06-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSSystem32svchost.exe
D
rogram FilesAlwil SoftwareAvast4aswUpdSv.exeD
rogram FilesAlwil SoftwareAvast4ashServ.exeD:WINDOWSExplorer.EXE
D
ROGRA~1ALWILS~1Avast4ashDisp.exeD
rogram FilesA4TechMouseAmoumain.exeD
rogram FilesJavajre1.5.0_11binjusched.exeD
ROGRA~1NokiaNOKIAP~1LAUNCH~1.EXED
rogram FilesCommon FilesAheadlibNMBgMonitor.exeD
rogram FilesNokiaNokia PC Suite 6PcSync2.exeD:WINDOWSsystem32ctfmon.exe
D:WINDOWSsystem32spoolsv.exe
D
ROGRA~1COMMON~1NokiaMPAPIMPAPI3s.exeD
rogram FilesWinampwinamp.exeD
rogram FilesGadu-Gadugg.exeD
rogram FilesCommon FilesMicrosoft SharedVS7Debugmdm.exeD:WINDOWSsystem32nvsvc32.exe
D:WINDOWSSystem32PAStiSvc.exe
D
rogram FilesAlwil SoftwareAvast4ashMaiSv.exeD
rogram FilesAlwil SoftwareAvast4ashWebSv.exeD
rogram FilesCommon FilesPCSuiteServicesServiceLayer.exeD:WINDOWSsystem32wscntfy.exe
D:WINDOWSSystem32svchost.exe
D
rogram FilesAzureusAzureus.exeD
rogram FilesInternet ExplorerIEXPLORE.EXED
ROGRA~1FREEDO~1fdm.exeC
rogram FilesHijackThisHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O1 - Hosts: 217.153.219.170 L2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D
rogram FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dllO2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G
rogramyFlashGet 1.81 PortableFlashGetjccatch.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D
ROGRA~1SPYBOT~1SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D
rogram FilesJavajre1.5.0_11binssv.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D
rogram FilesFree Download Manageriefdmcks.dllO2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G
rogramyFlashGet 1.81 PortableFlashGetgetflash.dllO3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM..Run: [avast!] D
ROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [WheelMouse] D
rogram FilesA4TechMouseAmoumain.exeO4 - HKLM..Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM..Run: [SunJavaUpdateSched] "D
rogram FilesJavajre1.5.0_11binjusched.exe"O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [PCSuiteTrayApplication] D
ROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE -startupO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE D:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D
rogram FilesCommon FilesAheadlibNMBgMonitor.exe"O4 - HKCU..Run: [PcSync] D
rogram FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialogO4 - HKCU..Run: [ctfmon.exe] D:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [azureus] D
rogram FilesAzureusAzureus.exeO4 - Startup: Adobe Gamma.lnk = D
rogram FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = D
rogram FilesMicrosoft OfficeOffice10OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D
rogram FilesJavajre1.5.0_11binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D
rogram FilesJavajre1.5.0_11binssv.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D
rogram FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D
rogram FilesMessengermsmsgs.exeO10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D
ROGRA~1COMMON~1SkypeSKYPE4~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - D
rogram FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D
rogram FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - D
rogram FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - D
rogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - D
rogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D
rogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:WINDOWSsystem32nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - D
rogram FilesCommon FilesPCSuiteServicesServiceLayer.exeO23 - Service: STI Simulator - Unknown owner - D:WINDOWSSystem32PAStiSvc.exe
- Status