mks wir skaner onliine

Menu

Czytasz posty znalezione dla zapytania: mks wir skaner onliine





Temat: bardzo prosze o sprawdzenie mojego loga
bardzo prosze o sprawdzenie mojego loga
Avast wykrył trojana Win32Trojan-gen{other} jak mam go usunac? Prosze o porade

Logfile of HijackThis v1.99.1
Scan saved at 17:26:05, on 2005-11-13
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSMixer.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_S10IC2.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesWinampWinampa.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesCommon FilesEPSONEBAPISAgent2.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:InternetProgramyHTHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.kurnik.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
/Consumer
O4 - HKLM..Run: [EPSON Stylus C43 Series]
C:WINDOWSSystem32spoolDRIVERSW32X863E_S10IC2.EXE /P23 "EPSON Stylus C43
Series" /O6 "USB001" /M "Stylus C43"
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [WinampAgent] "C:Program FilesWinampWinampa.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon
FilesRealUpdate_OB ealsched.exe" -osboot
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash
/minimized
O4 - HKCU..Run: [NBJ] "C:Program FilesAheadNero BackItUpNBJ.exe"
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOfficeOSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O15 - Trusted Zone: skaner.mks.com.pl
O16 - DPF: ING Bank Online - ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON
CORPORATION - C:Program FilesCommon FilesEPSONEBAPISAgent2.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe






Temat: cUpdate.exe
Witaj Kolobos
Musiałem jeszcze przeskanować komputer scanerami online
przesyłam ponownie loga z hijackthis. Ale zanim go wkleję to napiszę coś jeszcze.
Otórz PANDA skaner on line wykrył mi jakieś świnstwa, których nie mógł mi
usunąć. Prześlę Ci również to co mi znalazł:

Incident Status Location

Adware:Adware/ExactSearch No disinfected Windows Registry

Virus:Eicar.Mod No disinfected
E:KAVPersonalProdata1.cab[eicar.html]

A to jest log z HIJACKTHIS:

Logfile of HijackThis v1.99.1
Scan saved at 14:33:10, on 2005-05-04
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32csrss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:Program FilesKaspersky LabKaspersky Anti-Virus Personal Proavpcc.exe
C:WINNTSystem32svchost.exe
C:Program FilesKaspersky LabKaspersky Anti-Virus Personal Proavpm.exe
C:WINNTsystem32 egsvc.exe
C:WINNTsystem32MSTask.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTsystem32svchost.exe
C:WINNTExplorer.EXE
C:Program FilesKaspersky LabKaspersky Anti-Virus Personal Proavpcc.exe
C:WINNTsystem32internat.exe
C:WINNTsystem32RunDLL32.exe
C:Program FilesKaspersky LabKaspersky Anti-HackerKAVPF.exe
C:Program FilesSpywareGuardsgmain.exe
C:Program FilesSpywareGuardsgbhp.exe
C:WINNTsystem32wuauclt.exe
C:WINNTsystem32 tvdm.exe
C:Program FilesNetscapeNetscapeNetscp.exe
C:Program Filesa2a2guard.exe
C:Program FileswincmdWINCMD32.EXE
C:WINNTSystem32cisvc.exe
C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
C:WINNTSystem32cidaemon.exe
C:Documents and SettingsAdministratorPulpithijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: SpywareGuard Download Protection -
{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:Program FilesSpywareGuarddlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINNTsystem32msdxm.ocx
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [OfficeGuard RegChecker] "C:Program FilesKaspersky
LabKaspersky Anti-Virus Personal Proogrc.exe"
O4 - HKLM..Run: [AVPCC] "C:Program FilesKaspersky LabKaspersky Anti-Virus
Personal Proavpcc.exe" /wait
O4 - HKCU..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU..Run: [a-squared] "C:Program Filesa2a2guard.exe"
O4 - Startup: SpywareGuard.lnk = C:Program FilesSpywareGuardsgmain.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:Program FilesKaspersky
LabKaspersky Anti-HackerKAVPF.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:WINNTweb elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINNTweb elated.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) -
www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{EB32C9F4-E481-4504-855C-66FA58060A44}:
NameServer = 192.168.100.1,194.204.159.1
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:Program
FilesKaspersky LabKaspersky Anti-Virus Personal Proavpcc.exe" /service (file
missing)
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) -
VERITAS Software Corp. - C:WINNTSystem32dmadmin.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner -
C:Program FilesKaspersky LabKaspersky Anti-Virus Personal Proavpm.exe"
/service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:WINNTSystem32 vsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software -
C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe






Temat: Help me - trojan !!!
Help me - trojan !!!
Prosze o pomoc w usunieciu wirusa. Trojan : Worm.Blaster.C zlokalizowany w :
C:WINNTsystem32enbiei.exe wykryty mks online. Prosze o pomoc step by
step.

Logfile of HijackThis v1.98.0
Scan saved at 21:51:39, on 2004-08-15
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32spoolsv.exe
C:WINNTSystem32svchost.exe
C:WINNTSystem32 vsvc32.exe
C:WINNTsystem32 egsvc.exe
C:WINNTsystem32MSTask.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTsystem32svchost.exe
C:WINNTExplorer.EXE
C:Program FileseDonkey2000eDonkey2000.exe
C:WINNTsystem32enbiei.exe
C:WINNTsystem32internat.exe
C:Program FilesGadu-Gadugg.exe
C:WINNTsystem32RunDll32.exe
C:WINNTsystem32wuauclt.exe
C:Program FilesDC++DCPlusPlus.exe
C:Program FilesBcDcDCPlusPlus.exe
C:Program FileswincmdWINCMD32.EXE
C:Program FilesHijack ThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.onet.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} -
C:Program FilesCommon FilesReGet SharedCatcher.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:PROGRA~1FlashGetjccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINNTSystem32msdxm.ocx
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:Program
FilesReGetDxiebar.dll
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..Run: [LogitechVideoRepair] C:Program
FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program
FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [CloneCDElbyCDFL] "C:Program FilesElaborate
BytesCloneCDElbyCheck.exe" /L ElbyCDFL
O4 - HKLM..Run: [NeroCheck] C:WINNTSystem32NeroCheck.exe
O4 - HKLM..Run: [SiSSoundMan] C:WINNTSystem32SoundMan.exe
O4 - HKLM..Run: [SiSSetCDfmt] C:WINNTSystem32SetCDfmt.exe
O4 - HKLM..Run: [eDonkey2000] C:Program FileseDonkey2000eDonkey2000.exe -
t
O4 - HKLM..Run: [www.hidro.4t.com ] enbiei.exe
O4 - HKCU..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program
FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOfficeOSA9.EXE
O4 - Global Startup: Reboot.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem,
DisableRegedit=1
O8 - Extra context menu item: &Pobierz przez ReGet Deluxe - C:Program
FilesCommon FilesReGet SharedCC_Link.htm
O8 - Extra context menu item: Pobierz &wszystko przez ReGet Deluxe -
C:Program FilesCommon FilesReGet SharedCC_All.htm
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:Program
FilesFlashGetjc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
C:Program FilesFlashGetjc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:WINNTSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:WINNTSystem32msjava.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:PROGRA~1FlashGetJetCar.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
0050BA6940E3} - C:PROGRA~1FlashGetJetCar.exe
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab




Temat: Coś mi chyba przypełzo
Coś mi chyba przypełzo
Cały czas tworzą mi się na pulpicie dwa pliki WebProxy.ini i WebExcl.dat mimo że je usówam to cały czas wracają.

Skanowałem kompa MKS Virem Online, Panda OnLine, Kaspersky Profesional, na stałe mam AVG Network Edition, do tego puszczałem jeszcze ad-aware, spybot search & destroy i cały czas chodzi Microsft ANtiSpyware. Nic nie pomaga, cały czas wracają, log z HiJackThis:

Logfile of HijackThis v1.99.0
Scan saved at 14:06:08, on 2005-02-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1GrisoftAVG7avgamsvr.exe
C:PROGRA~1GrisoftAVG7avgupsvc.exe
C:PROGRA~1GrisoftAVGTCP~1avgtcpsv.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSexplorer.exe
C:Program FilesJavaj2re1.4.2_05injusched.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:PROGRA~1GrisoftAVG7avgcc.exe
C:PROGRA~1GrisoftAVG7avgemc.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesGrisoftAvgAdmin7avgadmin.exe
C:Program FilesOpenOffice.org 1.9.77programsoffice.exe
C:Program FilesOpenOffice.org 1.9.77programsoffice.BIN
C:Program FilesOperaOpera.exe
C:Program FilesMiranda IMmiranda32.exe
C:Program FilesMozilla Thunderbird hunderbird.exe
C:Program FilesMicrosoft AntiSpywareGIANTAntiSpywareMain.exe
C:Program Files otalcmdTOTALCMD.EXE
D:HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.pabianice.gmina.pl/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = www.pabianice.gmina.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {2332DDF9-809C-4AA8-95B9-239B2B20C952} - (no file)
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_05injusched.exe
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP
O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVG7avgemc.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Startup: OpenOffice.org 1.9.77.lnk = C:Program FilesOpenOffice.org 1.9.77programquickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader eader_sl.exe
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:Program FilesVisualRoutevrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:Program FilesVisualRoutevrie.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097059403166
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - skaner.mks.com.pl/SkanerOnline.cab
O20 - AppInit_DLLs: PAVWAIT.DLL
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe
O23 - Service: AVG7 TCP Server - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGTCP~1avgtcpsv.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:WINDOWSSystem32 vsvc32.exe




Temat: prosze o sprawdzenie
W dalszym ciagu pliki antk15.dll, hdf15.dll i hdp15.dll mam zarazone tymi
samymi trojanami i MKS nie chce ich usunac ani wyleczyc. Microsoft AntiSpyware
i Adaware nic nie znalazl...

Logfile of HijackThis v1.99.1
Scan saved at 00:19:38, on 2005-04-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTGTSoftStyleXPStyleXPService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32userinit.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:Program FilesNeostrada TPNeostradaTP.exe
D:InstallAvant Browseravant.exe
D: len len.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1KASIKUSTAWI~1TempRar$EX00.797HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.gazeta.pl
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} -
C:Program FilesCommon FilesReGet SharedCatcher.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} -
D:Installsciaganie plikowReGetDxiebar.dll
O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program
FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe
O8 - Extra context menu item: &Pobierz przez ReGet Deluxe - C:PROGRA~1COMMON~1
REGETS~1CC_Link.htm
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
D:InstallAvant BrowserAddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam -
D:InstallAvant BrowserAddToADBlackList.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
D:InstallAvant BrowserOpenAllLinks.htm
O8 - Extra context menu item: Pobierz &wszystko przez ReGet Deluxe - C:PROGRA~1
COMMON~1REGETS~1CC_All.htm
O8 - Extra context menu item: Podświetl - D:InstallAvant BrowserHighlight.htm
O8 - Extra context menu item: Szukaj - D:InstallAvant BrowserSearch.htm
O16 - DPF: {81E688E8-36A4-4FEF-B70B-8B0A1C5C1308} (WebLauncherX Control) -
www.kuchnie.pl/online/cad/launcher.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{A5AFFB3D-4ABD-4110-B43B-9BBCA789205C}:
NameServer = 194.204.152.34 217.98.63.164
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32
Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:Documents and
SettingsKASIKPulpitCWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
Corporation - C:Program FilesSymantec AntiVirusDefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:Program FilesSymantec
AntiVirusSavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:Program
FilesTGTSoftStyleXPStyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program
FilesSymantec AntiVirusRtvscan.exe




Temat: prosze o sprawdzenie
wklejam log z hijacka bo tamten mi nie dziala (jakis problem z XP + SP2).
Skaner jeden wykryl mi wirusa o nazwie BKDR PLIMUS.A (non cleanable) w jednym z
tych 3 plikow w sys32 i to wszystko. Panda u mnie nie poszla.
Kosz nie chce sie oproznic a Kerio i AV zainstalowac. I takie tam inne cuda na
kiju;> cos w tym logu jest?

Logfile of HijackThis v1.99.1
Scan saved at 22:19:38, on 2005-04-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTGTSoftStyleXPStyleXPService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32userinit.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32GStartUp.exe
C:WINDOWSSystem32alg.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:Program FilesNeostrada TPNeostradaTP.exe
C:Program FilesNeostrada TPComComp.exe
C:Program FilesNeostrada TPWatch.exe
D: len len.exe
D:InstallAvant Browseravant.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:WINDOWSsystem32svchost.exe
C:Documents and SettingsKASIKPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.gazeta.pl
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} -
C:Program FilesCommon FilesReGet SharedCatcher.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} -
D:Installsciaganie plikowReGetDxiebar.dll
O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program
FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [ ] C:WINDOWSsystem32userinit.exe
O4 - HKLM..Run: [Hidder] "D:installsekretnikHidder.exe" /start
O8 - Extra context menu item: &Pobierz przez ReGet Deluxe - C:PROGRA~1COMMON~1
REGETS~1CC_Link.htm
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
D:InstallAvant BrowserAddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam -
D:InstallAvant BrowserAddToADBlackList.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
D:InstallAvant BrowserOpenAllLinks.htm
O8 - Extra context menu item: Pobierz &wszystko przez ReGet Deluxe - C:PROGRA~1
COMMON~1REGETS~1CC_All.htm
O8 - Extra context menu item: Podświetl - D:InstallAvant BrowserHighlight.htm
O8 - Extra context menu item: Szukaj - D:InstallAvant BrowserSearch.htm
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) -
www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {81E688E8-36A4-4FEF-B70B-8B0A1C5C1308} (WebLauncherX Control) -
www.kuchnie.pl/online/cad/launcher.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{A5AFFB3D-4ABD-4110-B43B-9BBCA789205C}:
NameServer = 194.204.152.34 217.98.63.164
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32
Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:Documents and
SettingsKASIKPulpitCWShredder.exe
O23 - Service: StartUp Service (GStartUp) - G DATA Software Sp. z o.o. -
C:WINDOWSsystem32GStartUp.exe
O23 - Service: StyleXPService - Unknown owner - C:Program
FilesTGTSoftStyleXPStyleXPService.exe




Temat: prosze o sprawdzenie
ReGet jest ok
gorzej z userinit.exe bo wraca po resecie i znowu jest w autostarcie:/

Logfile of HijackThis v1.99.1
Scan saved at 20:16:31, on 2005-04-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTGTSoftStyleXPStyleXPService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32userinit.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:PROGRA~1NEOSTR~1CnxMon.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSsystem32wuauclt.exe
D:InstallAvant Browseravant.exe
C:Program FilesNeostrada TPNeostradaTP.exe
C:Program FilesNeostrada TPComComp.exe
C:Program FilesNeostrada TPWatch.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1KASIKUSTAWI~1TempRar$EX00.922HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.gazeta.pl
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} -
C:Program FilesCommon FilesReGet SharedCatcher.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} -
D:Installsciaganie plikowReGetDxiebar.dll
O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program
FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe
O4 - HKLM..Run: [ ] C:WINDOWSsystem32userinit.exe
O8 - Extra context menu item: &Pobierz przez ReGet Deluxe - C:PROGRA~1COMMON~1
REGETS~1CC_Link.htm
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
D:InstallAvant BrowserAddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam -
D:InstallAvant BrowserAddToADBlackList.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
D:InstallAvant BrowserOpenAllLinks.htm
O8 - Extra context menu item: Pobierz &wszystko przez ReGet Deluxe - C:PROGRA~1
COMMON~1REGETS~1CC_All.htm
O8 - Extra context menu item: Podświetl - D:InstallAvant BrowserHighlight.htm
O8 - Extra context menu item: Szukaj - D:InstallAvant BrowserSearch.htm
O16 - DPF: {81E688E8-36A4-4FEF-B70B-8B0A1C5C1308} (WebLauncherX Control) -
www.kuchnie.pl/online/cad/launcher.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{A5AFFB3D-4ABD-4110-B43B-9BBCA789205C}:
NameServer = 194.204.152.34 217.98.63.164
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32
Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:Documents and
SettingsKASIKPulpitCWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
Corporation - C:Program FilesSymantec AntiVirusDefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:Program FilesSymantec
AntiVirusSavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:Program
FilesTGTSoftStyleXPStyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program
FilesSymantec AntiVirusRtvscan.exe




Temat: prosze o sprawdzenie
sprobowalam, nie udalo sie

jeszcze jedno pytanie mam. W folderze C:WINDOWSDownloaded Program Files mam 3
cuda:
{ciag cyferek}
shockwave flash
webLauncherX Control

dwie pierwsze sa opisane jako "zniszczone", trzecia jest zainstalowana (nie
przypominam sobie ani zebym "niszczyla" ani instalowala webLauncherX). Co z tym?

piecyku dzieki za cierpliwosc;)

Logfile of HijackThis v1.99.1
Scan saved at 23:12:17, on 2005-04-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTGTSoftStyleXPStyleXPService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32userinit.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:Program FilesNeostrada TPNeostradaTP.exe
D:InstallAvant Browseravant.exe
D: len len.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1KASIKUSTAWI~1TempRar$EX05.344HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.gazeta.pl
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} -
C:Program FilesCommon FilesReGet SharedCatcher.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} -
D:Installsciaganie plikowReGetDxiebar.dll
O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program
FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe
O8 - Extra context menu item: &Pobierz przez ReGet Deluxe - C:PROGRA~1COMMON~1
REGETS~1CC_Link.htm
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
D:InstallAvant BrowserAddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam -
D:InstallAvant BrowserAddToADBlackList.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
D:InstallAvant BrowserOpenAllLinks.htm
O8 - Extra context menu item: Pobierz &wszystko przez ReGet Deluxe - C:PROGRA~1
COMMON~1REGETS~1CC_All.htm
O8 - Extra context menu item: Podświetl - D:InstallAvant BrowserHighlight.htm
O8 - Extra context menu item: Szukaj - D:InstallAvant BrowserSearch.htm
O16 - DPF: {81E688E8-36A4-4FEF-B70B-8B0A1C5C1308} (WebLauncherX Control) -
www.kuchnie.pl/online/cad/launcher.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{A5AFFB3D-4ABD-4110-B43B-9BBCA789205C}:
NameServer = 194.204.152.34 217.98.63.164
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32
Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:Documents and
SettingsKASIKPulpitCWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
Corporation - C:Program FilesSymantec AntiVirusDefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:Program FilesSymantec
AntiVirusSavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:Program
FilesTGTSoftStyleXPStyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program
FilesSymantec AntiVirusRtvscan.exe




Temat: windows xp internet spowolnił pomocy
no dobra,
i co dalej?

Logfile of HijackThis v1.99.1
Scan saved at 00:53:06, on 2005-04-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32igfxtray.exe
C:WINDOWSSystem32hkcmd.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Progra~1Launch ManagerLaunchAp.exe
C:Progra~1Launch ManagerPowerKey.exe
C:Progra~1Launch ManagerHotkeyApp.exe
C:Progra~1Launch ManagerCtrlVol.exe
C:Progra~1Launch ManagerWbutton.exe
C:Program FilesAcerNotebook Manageralmxptray.exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesltmohLtmoh.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb06.exe
C:Program FilesBrowser MOUSEmouse32a.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
F:winzipWZQKPICK.EXE
F:officeOffice10msoffice.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32 undll32.exe
C:Documents and Settingsfelicja.ACER_FCPulpithijasckthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.gazeta.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
global.acer.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyServer = w3cache.icm.edu.pl:8080
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O4 - HKLM..Run: [LaunchApp] LaunApp
O4 - HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [LaunchAp] C:Progra~1Launch ManagerLaunchAp.exe
O4 - HKLM..Run: [PowerKey] "C:Progra~1Launch ManagerPowerKey.exe"
O4 - HKLM..Run: [LManager] C:Progra~1Launch ManagerHotkeyApp.exe
O4 - HKLM..Run: [CtrlVol] C:Progra~1Launch ManagerCtrlVol.exe
O4 - HKLM..Run: [Wbutton] "C:Progra~1Launch ManagerWbutton.exe"
O4 - HKLM..Run: [AcerNotebookManager] C:Program FilesAcerNotebook
Manageralmxptray.exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [LtMoh] C:Program FilesltmohLtmoh.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32
spooldriversw32x863hpztsb06.exe
O4 - HKLM..Run: [FLMOFFICE4DMOUSE] C:Program FilesBrowser MOUSEmouse32a.exe
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = F:officeOffice10OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:winzipWZQKPICK.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://F:officeOffice10EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: BSK Online - ssl.bsk.com.pl/component/BSKOnl.cab
O16 - DPF: ING Bank Online - ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{8EF837DD-635C-445C-8756-99E40E6D81D8}:
NameServer = 194.204.152.134,194.204.159.1
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll




Temat: Bardzo proszę o pomoc :(
Może mój Hijack coś wyjasni ??? Zerknij proszę jeśli możesz :)
Logfile of HijackThis v1.98.2
Scan saved at 21:19:06, on 2004-11-18
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton AntiVirus avapsvc.exe
C:Program FilesNorton AntiVirusSAVScan.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSSystem32 askmgr.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesWanadooEspaceWanadoo.exe
C:Program FilesWanadooComComp.exe
C:Program FilesWanadooWatch.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesHijackThis.exe
C:Program FilesMessengermsmsgs.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
szukaj.wp.pl
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.interia.pl
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada
Plus wita Cie w Internecie
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:WINDOWSSystem32Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program
FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program
FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:Program FilesNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [StopSignStatus] Rundll32.exe "C:Program FilesCommon
FileseAccelerationInstallerstopsinfo.dll",VerifyStatus
O4 - HKLM..Run: [webscan] C:Program FilesAcceleration SoftwareAnti-
Virusstopsignav.exe -k
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec
SharedccApp.exe"
O4 - HKLM..Run: [SmcService] C:PROGRA~1SygateSPFsmc.exe -startgui
O4 - HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec
SharedSecurity CenterUsrPrmpt.exe
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840
dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:WINDOWSweb elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:WINDOWSweb elated.htm
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - www.stop-
sign.com/pub/download/ss_tscanner.cab?n=s_gw_pl_infn_vir-
file&kw=gw_pl_drwtsn32.exe&pg=%26se_spin%26se046a%26ss_downloads%
26ss_downloads&ver=online&SV=se046a&dc=1
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093799608835
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{2D41EC93-7671-43FE-8515-C4E320ACA850}:
NameServer = 194.204.152.34 217.98.63.164
O17 - HKLMSystemCS1ServicesTcpip..{2D41EC93-7671-43FE-8515-C4E320ACA850}:
NameServer = 194.204.152.34 217.98.63.164




Temat: powolny xp
moze i mnie ktos pomoze?
choc mi sie wydaje ze to tez wina moze lezec po stronie SP2 gdyz sam sciaga
sobie uaktulnia ktore nie za rewelacyjnie chodza:/

Logfile of HijackThis v1.99.1
Scan saved at 18:25:33, on 2005-02-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:Program FilesD-Toolsdaemon.exe
C:Program FilesJavaj2re1.4.2_04injusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesFree Download Managerfdm.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesWLANWConfigWConfig.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesOutlook Expressmsimn.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsLukas.BZYKU-18F2EEF43Ustawienia lokalneTemporary
Internet FilesContent.IE51ZXM26AQHijackThis[1].exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.google.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} -
C:Program FilesiMeshiMesh5iMeshBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: Local Spool Net support DLL - {41943050-65CC-454B-81E4-9C8A9D7CBAEA} -
C:WINDOWSsystem32localsplnet.dll
O4 - HKLM..Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM..Run: [KAVPersonal50] C:Program FilesKaspersky LabKaspersky Anti-
Virus Personalkav.exe /minimize
O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -
lang 1033
O4 - HKLM..Run: [Admilli Service] C:Program FilesAdmilli
ServiceAdmilliServ.exe
O4 - HKLM..Run: [Windows ServeAd] C:Program FilesWindows
ServeAdWinServAd.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_04
injusched.exe
O4 - HKLM..Run: [WinVNC] "C:Program FilesORLVNCWinVNC.exe" -servicehelper
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Free Download Manager] C:Program FilesFree Download
Managerfdm.exe -autorun
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Skype] "C:Program
FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - Global Startup: WConfig.lnk = C:Program FilesWLANWConfigWConfig.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz stronę WEB z Free Download Manager -
file://C:Program FilesFree Download Managerdlpage.htm
O8 - Extra context menu item: Pobierz wszystko z Free Download Manager -
file://C:Program FilesFree Download Managerdlall.htm
O8 - Extra context menu item: Pobierz z &BitSpirit - C:Program
FilesBitSpiritsurl.htm
O8 - Extra context menu item: Pobierz z Free Download Manager -
file://C:Program FilesFree Download Managerdllink.htm
O8 - Extra context menu item: Pobierz zaznaczenie z Free Download Manager -
file://C:Program FilesFree Download Managerdlselected.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:WINDOWSsystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:WINDOWSsystem32msjava.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
C:Program FilesIrfanViewEbayEbay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .pdf: C:Program FilesInternet ExplorerPLUGINS ppdf32.dll
O16 - DPF: ING Bank Online - ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O23 - Service: kavsvc - Kaspersky Lab - C:Program FilesKaspersky
LabKaspersky Anti-Virus Personalkavsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:Program
FilesORLVNCWinVNC.exe" -service (file missing)




Temat: czy ktoś mógłby mi sprawdzić loga?
czy ktoś mógłby mi sprawdzić loga?
Logfile of HijackThis v1.99.1
Scan saved at 19:29:18, on 2005-06-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.exe
C:WINDOWSSYSTEM32GEARSEC.EXE
C:WINDOWSsystem32driversKodakCCS.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:PROGRA~1A4TechMouseAmoumain.exe
C:Program FilesXemiComputersActive Desktop CalendarADC.exe
c:windowssystem32 amtqo.exe
C:WINDOWSsystem32 undll32.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesOperaOpera.exe
C:Documents and Settings nPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = mma-tracker.com.br/index.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe C:WINDOWSNail.exe
O1 - Hosts file is located at: C:WINDOWS sdbhosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [WheelMouse] C:PROGRA~1A4TechMouseAmoumain.exe
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"
O4 - HKLM..Run: [zixrfec] c:windowssystem32 amtqo.exe
O4 - HKCU..Run: [Active Desktop Calendar] C:Program FilesXemiComputersActive Desktop CalendarADC.exe
O4 - Startup: Gadu-Gadu.lnk = C:Program FilesGadu-Gadugg.exe
O8 - Extra context menu item: Download All by FlashGet - C:Program FilesFlashGetjc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:Program FilesFlashGetjc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O16 - DPF: ING Bank Online - ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - skaner.mks.com.pl/SkanerOnline.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:WINDOWSSYSTEM32GEARSEC.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32 vsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:WINDOWSsvcproc.exe

z gory dzieki



Temat: Kto pomoze PILNIE blondynce w logu? PLISSS
KOCHANY KOLOMBUSIE!!!
To moj, powiedz czy cos jeszcze wypieprzyc. Sadze, ze nie jest jeszcze do konca
ok....Niby wszystko dziala, ale az sie boje. Zainstalowalam sobie inna
przegladarke bo na IE jest podobno duzo tych swinstw. Wklejam loga. napisz co
usunac teraz. I DZIEKI Z GORY!MILEGO DNIA.
Logfile of HijackThis v1.99.1
Scan saved at 09:02:23, on 2005-07-15
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1NORTON~1 avapw32.exe
C:Program FilesHewlett-PackardDigital ImagingUnloadhpqcmon.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf.exe
C:WINDOWSSystem32wuauclt.exe
D:programyhijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.wp.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program
FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:Program FilesNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~1 avapw32.exe
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
/Consumer
O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32\NeroCheck.exe
O4 - HKLM..Run: [CamMonitor] C:Program FilesHewlett-PackardDigital
Imaging\Unloadhpqcmon.exe
O4 - HKLM..Run: [Share-to-Web Namespace Daemon] C:Program
FilesHewlett-PackardHP Share-to-Webhpgs2wnd.exe
O4 - HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec
SharedSecurity CenterUsrPrmpt.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOfficeOSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
%windir%doscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%doscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:WINDOWSweb elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
www.netsecure.pl/scan8/oscan8.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O23 - Service: Usługa Autoochrony w programie Norton AntiVirus (navapsvc) -
Symantec Corporation - C:Program FilesNorton AntiVirus avapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
- C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program
FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe

Pozatym boje sie o tego SVOCHSTA czy jak mu tam bylo;)



Temat: proszę o sparwdzenia loga
log po zmianach
a oto log po zmianach

Logfile of HijackThis v1.99.1
Scan saved at 22:22:27, on 2006-08-07
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ONELABSvsmon.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
D:Program Filesewido anti-spyware 4.0guard.exe
C:WINDOWSSystem32CBApds.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program Filesone LabsoneAlarmzlclient.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~1VPTray.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSystem32wuauclt.exe
E:instalkihijackthishijackthis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program
FilesSpybot - Search & DestroySDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [Zone Labs Client] "C:Program Filesone
LabsoneAlarmzlclient.exe"
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec
SharedccApp.exe"
O4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search &
DestroyTeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%
doscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%doscandel.exe (file missing)
O12 - Plugin for .pdf: C:Program FilesInternet ExplorerPLUGINS ppdf32.dll
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLMSystemCCSServicesTcpip..{4AAF5DD8-F4DF-49E7-B603-2B699750FBA6}:
NameServer = 85.255.116.74 85.255.112.167
O17 - HKLMSystemCS1ServicesTcpip..{4AAF5DD8-F4DF-49E7-B603-2B699750FBA6}:
NameServer = 85.255.116.74 85.255.112.167
O20 - Winlogon Notify: NavLogon - C:WINDOWSSystem32NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
Corporation - C:Program FilesSymantec AntiVirusDefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -
D:Program Filesewido anti-spyware 4.0guard.exe
O23 - Service: Intel PDS - Intel® Corporation - C:WINDOWSSystem32CBApds.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program
FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program
FilesSymantec AntiVirusRtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:WINDOWSsystem32ONELABSvsmon.exe




Temat: Prosze o sprawdzenie mojego loga i thx
Prosze o sprawdzenie mojego loga i thx
Logfile of HijackThis v1.99.1
Scan saved at 17:37:35, on 2005-07-08
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSMixer.exe
C:Program FilesCommon FilesEPSONEBAPISAgent2.exe
C:Program FilesNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_S10IC2.EXE
C:Program FilesNorton AntiVirusSAVScan.exe
C:Program FilesJavajre1.5.0_02injusched.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesGadu-Gadugg.exe
C:Program FileseMuleemule.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsuserPulpitNowy folderHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.kurnik.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:program
files180searchassistantsaishook.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:Program FilesNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec
SharedccApp.exe"
O4 - HKLM..Run: [NAV CfgWiz] C:Program FilesCommon FilesSymantec
SharedCfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
/Consumer
O4 - HKLM..Run: [Friko Player] C:Program FilesFriko PlayerFrikoPlayer.exe
-autorun
O4 - HKLM..Run: [EPSON Stylus C43 Series]
C:WINDOWSSystem32spoolDRIVERSW32X863E_S10IC2.EXE /P23 "EPSON Stylus C43
Series" /O6 "USB001" /M "Stylus C43"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavajre1.5.0_02injusched.exe
O4 - HKLM..Run: [fgt] C:WINDOWSfgt.exe
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash
/minimized
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOfficeOSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_02in pjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_02in pjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: ING Bank Online - ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation
- C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON
CORPORATION - C:Program FilesCommon FilesEPSONEBAPISAgent2.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) -
Symantec Corporation - C:Program FilesNorton AntiVirus avapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton
AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program
FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe




Temat: czy ktoś mógłby mi sprawdzić loga?
wielkie dzieki,teraz juz wszystko jest ok?

Logfile of HijackThis v1.99.1
Scan saved at 15:38:37, on 2005-06-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.exe
C:WINDOWSSYSTEM32GEARSEC.EXE
C:WINDOWSsystem32driversKodakCCS.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:PROGRA~1A4TechMouseAmoumain.exe
C:Program FilesXemiComputersActive Desktop CalendarADC.exe
C:WINDOWSsystem32 undll32.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesOperaOpera.exe
C:Program FilesBitCometBitComet.exe
C: otalcmdTOTALCMD.EXE
C:Documents and Settings nPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = mma-tracker.com.br/index.php
F2 - REG:system.ini: Shell=Explorer.exe C:WINDOWSNail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [WheelMouse] C:PROGRA~1A4TechMouseAmoumain.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"
O4 - HKLM..RunOnce: [MicrosoftAntiSpywareCleaner] C:Program FilesMicrosoft AntiSpywaregcASCleaner.exe
O4 - HKCU..Run: [Active Desktop Calendar] C:Program FilesXemiComputersActive Desktop CalendarADC.exe
O4 - Startup: Gadu-Gadu.lnk = C:Program FilesGadu-Gadugg.exe
O8 - Extra context menu item: Download All by FlashGet - C:Program FilesFlashGetjc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:Program FilesFlashGetjc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O16 - DPF: ING Bank Online - ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - skaner.mks.com.pl/SkanerOnline.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:WINDOWSSYSTEM32GEARSEC.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32 vsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:WINDOWSsvcproc.exe (file missing)




Temat: SPOOLSV.exe - przymula mi kompa
SPOOLSV.exe - przymula mi kompa
To jest trojan najprawdopodobnie bo wcześniej go nie miałem i windowsXP
chodził mi beż zarzutów. Oczywiście żeby nie być lamą przeskanowałem sobie
kompa (troche to trwało) : avastem, spybot, ad-aware, Microsoft Antispyware,
cwdshredder i mksem online. załączam loga jakby ktoś coś u mnie jeszcze
znalazł. Prosze tylko żeby mi ktoś powiedział jak wywalic tego spoolsv z
mojego kompa, a zapomniałbym przez to paskudztwo(tak mysle) nie dośc ze mam
procesor obciążony w 99 procentach to na dodatek nie moge drukować pdfów a
niedawno tzn kilka dni temu drukowałem po 100 stron pdfów dziennnie.

Logfile of HijackThis v1.99.0
Scan saved at 23:18:54, on 2005-01-17
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.ex e
C:WINDOWSsystem32services.ex e
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
d:Program FilesStardockObject DesktopWindowBlindswbload.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1A4TechMouseAmouma in.exe
D:PROGRA~1ALWILS~1Avast4ash Disp.exe
C:WINDOWSSystem32spooldrive rsw32x863hpztsb05.exe
C:Program FilesMessengermsmsgs.exe
d:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
d:Program FilesAlwil SoftwareAvast4ashServ.exe
d:MATLAB6p5webserverinwin3 2matlabserver.exe
d:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSSystem32spoolDRIVE RSW32X863HPZSTC05.EXE
D:Program FilesMozilla Firefoxfirefox.exe
D:wincmdWINCMD32.EXE
C:WINDOWSsystem32spoolsv.exe
C:DOCUME~1KRZYSZ~1USTAWI~1T EMP$wc0HIJACK~1.EXE

R1 - HKCUSoftwareMicrosoftWindows CurrentVersionInternet
Settings,ProxyServer = 192.168.0.1:8080
R0 - HKCUSoftwareMicrosoftInterne t ExplorerToolbar,LinksFolderNam e = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} -
d:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper .ocx
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D38828 35F153} -
C:PROGRA~1TEXTwareQUICKF~1P lugInsIEHelp.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-006008 3CFB9C} -
C:WINDOWSSystem32 zdd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9 082467} -
C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [WheelMouse] C:PROGRA~1A4TechMouseAmouma in.exe
O4 - HKLM..Run: [avast!] d:PROGRA~1ALWILS~1Avast4ash Disp.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility]
C:WINDOWSSystem32spooldrive rsw32x863hpztsb05.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://D:PROGRA~1MICROS~1OFFI CE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C 608501} -
C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C 608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C57 1A8263} -
D:PROGRA~1MICROS~1OFFICE11R EFIEBAR.DLL
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608 E52A43} (SignActivX Control) -
www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 -
HKLMSystemCCSServicesTcpip ..{86337C58-7621-494B-874D-5F0 1A91117F4}:
NameServer = 194.204.159.1,164.204.152.34
O18 - Protocol: textwareilluminatorbase -
{CE5CD329-1650-414A-8DB0-4CBF72 FAED87} -
C:WINDOWSSystem32 extwareill uminatorbaseProtocol.dll
O23 - Service: avast! iAVS4 Control Service - Unknown - d:Program FilesAlwil
SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - d:Program FilesAlwil
SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:Program FilesAlwil
SoftwareAvast4ashMaiSv.exe
O23 - Service: MATLAB Server - Unknown -
d:MATLAB6p5webserverinwin3 2matlabserver.exe

Pomóżcie ludziska

pozdrawiam



Temat: Log sprawdzcie!!!!!
Log sprawdzcie!!!!!
Logfile of HijackThis v1.97.7
Scan saved at 13:26:20, on 05-01-10
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMINTERNAT.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSSYSTEMSTIMON.EXE
C:WINDOWSSYSTEMPDESKPDESK.EXE
C:PROGRAM FILESA4TECHMOUSEAMOUMAIN.EXE
C:PROGRAM FILESWINAMPWINAMPA.EXE
C:PROGRAM FILESULEAD SYSTEMSULEAD PHOTO EXPRESS 3.0 SECALCHECK.EXE
C:PROGRAM FILESMICROSOFT OFFICEOFFICEOSA.EXE
C:PROGRAM FILESMICROSOFT OFFICEOFFICEFINDFAST.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSSYSTEMPSTORES.EXE
C:WINDOWSPULPITHIJACKTHIS.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.wp.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:PROGRAM
FILESADOBEACROBAT 5.0 CEREADERACTIVEXACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [internat.exe] internat.exe
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM..Run: [StillImageMonitor] C:WINDOWSSYSTEMSTIMON.EXE
O4 - HKLM..Run: [Matrox Powerdesk]
C:WINDOWSSYSTEMPDeskPDesk.exe /Autolaunch
O4 - HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:Program
FilesUlead SystemsUlead Photo Express 3.0 SECalCheck.exe
O4 - Startup: Uruchamianie pakietu Office.lnk = C:Program FilesMicrosoft
OfficeOfficeOSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:Program FilesMicrosoft
OfficeOfficeFINDFAST.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .: C:PROGRA~1INTERN~1PLUGINS ppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: BSK Online - ssl.bsk.com.pl/component/BSKOnl.cab
O16 - DPF: BSK import eksport - ssl.bsk.com.pl/component/BSKIE.cab
O16 - DPF: ING Bank Online - ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) -
67.15.101.3/g_bin/pl/slots80_2_0_0_21.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) -
67.15.101.3/g_bin/pl/slots90_2_0_0_20.cab
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) -
67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) -
67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab
O16 - DPF: {2CFB52FD-7CF2-479C-BF65-B27F8A834F31} (SecureSession Class) -
www.samsungtechwin.com/include/pki/SecuiTechIE.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38357.1516898148
O17 - HKLMSystemCCSServicesVxDMSTCP: NameServer =
213.76.179.201,194.204.159.1



Temat: Do Netseca- log
Do Netseca- log
Logfile of HijackThis v1.97.7
Scan saved at 13:26:20, on 05-01-10
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMINTERNAT.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSSYSTEMSTIMON.EXE
C:WINDOWSSYSTEMPDESKPDESK.EXE
C:PROGRAM FILESA4TECHMOUSEAMOUMAIN.EXE
C:PROGRAM FILESWINAMPWINAMPA.EXE
C:PROGRAM FILESULEAD SYSTEMSULEAD PHOTO EXPRESS 3.0 SECALCHECK.EXE
C:PROGRAM FILESMICROSOFT OFFICEOFFICEOSA.EXE
C:PROGRAM FILESMICROSOFT OFFICEOFFICEFINDFAST.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSSYSTEMPSTORES.EXE
C:WINDOWSPULPITHIJACKTHIS.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.wp.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:PROGRAM
FILESADOBEACROBAT 5.0 CEREADERACTIVEXACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [internat.exe] internat.exe
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM..Run: [StillImageMonitor] C:WINDOWSSYSTEMSTIMON.EXE
O4 - HKLM..Run: [Matrox Powerdesk]
C:WINDOWSSYSTEMPDeskPDesk.exe /Autolaunch
O4 - HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:Program
FilesUlead SystemsUlead Photo Express 3.0 SECalCheck.exe
O4 - Startup: Uruchamianie pakietu Office.lnk = C:Program FilesMicrosoft
OfficeOfficeOSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:Program FilesMicrosoft
OfficeOfficeFINDFAST.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .: C:PROGRA~1INTERN~1PLUGINS ppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: BSK Online - ssl.bsk.com.pl/component/BSKOnl.cab
O16 - DPF: BSK import eksport - ssl.bsk.com.pl/component/BSKIE.cab
O16 - DPF: ING Bank Online - ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-
94901338C922/wmv9VCM.CAB
O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) -
67.15.101.3/g_bin/pl/slots80_2_0_0_21.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) -
67.15.101.3/g_bin/pl/slots90_2_0_0_20.cab
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) -
67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) -
67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab
O16 - DPF: {2CFB52FD-7CF2-479C-BF65-B27F8A834F31} (SecureSession Class) -
www.samsungtechwin.com/include/pki/SecuiTechIE.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38357.1516898148
O17 - HKLMSystemCCSServicesVxDMSTCP: NameServer =
213.76.179.201,194.204.159.1





Strona 2 z 3 • Wyszukano 156 rezultatów • 1, 2, 3

Powered by MyScript