Bardzo prosze o sprawdzenie loga


(Kubiik10) #1

prosze o sprawdzenie loga powodem jest za nie mam tapety tylko niebieszkie tlo przy uruchamianiu pokazuje ze niema jakiegos MSCV4.dll. O to log

Logfile of HijackThis v1.99.1

Scan saved at 10:57:19, on 2006-02-16

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CPUCooL\CooLSrv.exe

D:\bbbvb\Firewall\PavFires.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\explorer.exe

D:\bbbvb\pavsrv51.exe

C:\WINDOWS\System32\svchost.exe

D:\bbbvb\AVENGINE.EXE

C:\WINDOWS\System32\RunDll32.exe

C:\WINDOWS\autoclk.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\DAEMON Tools\daemon.exe

D:\gf\bin\jusched.exe

D:\bbbvb\APVXDWIN.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\documents and settings\wolverine\pulpit\romy\programs\voipbuster.exe

C:\PROGRA~1\Wapster\AQQ\AQQ.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

D:\bbbvb\pavProxy.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\lolpobieranie\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00011.exe"

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O2 - BHO: XBTP00558 Class - {96D39527-7C5C-4507-953B-4A665D5883F7} - C:\WINDOWS\DOWNLO~1\toolbar.dll (file missing)

O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB56.dll

O3 - Toolbar: NetSprint Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\WINDOWS\Downloaded Program Files\toolbar.dll (file missing)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)

O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB56.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [autoclk] autoclk.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [timessquare] c:\windows\timessquare.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\gf\bin\jusched.exe

O4 - HKLM\..\Run: [SCANINICIO] "D:\bbbvb\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "D:\bbbvb\APVXDWIN.EXE" /s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [VoipBuster] "C:\documents and settings\wolverine\pulpit\romy\programs\voipbuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - Startup: CPUCooL.lnk = C:\Program Files\CPUCooL\CPUCooL.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Pobierz z &BitSpirit - D:\BitSpirit\bsurl.htm

O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm

O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4E3947A7-B644-4462-A08A-DF973358E81E}: NameServer = 194.204.152.34 217.98.63.164

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\bbbvb\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\bbbvb\pavsrv51.exe

z gory dzieki


(Wieliczka Marcin) #2

Jeżeli wpisy 015 będą stawiać opór to usuń je KillTrusted 0.7

  1. Wyłanczasz przywracanie sysa

  2. Lecisz do aearyjnego

  3. Fixujesz w hijacku wpisy

  4. Pliki usuwasz ręcznie

  5. Daj loga jak będzie po wszystkim

Mam nadzieje że niczego nie zapomniałem :stuck_out_tongue:


(Kubiik10) #3

ok zaden nie sprawil problemu dzieki a o to log po wszystkim :

Logfile of HijackThis v1.99.1

Scan saved at 13:52:19, on 2006-02-16

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\CPUCooL\CooLSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\RunDll32.exe

C:\WINDOWS\autoclk.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\DAEMON Tools\daemon.exe

D:\gf\bin\jusched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\documents and settings\wolverine\pulpit\romy\programs\voipbuster.exe

C:\PROGRA~1\Wapster\AQQ\AQQ.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Hamachi\hamachi.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\lolpobieranie\hijackthis\HijackThis.exe


O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O3 - Toolbar: NetSprint Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\WINDOWS\Downloaded Program Files\toolbar.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [autoclk] autoclk.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\gf\bin\jusched.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [VoipBuster] "C:\documents and settings\wolverine\pulpit\romy\programs\voipbuster.exe" -nosplash -minimized

O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Pobierz z &BitSpirit - D:\BitSpirit\bsurl.htm

O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm

O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{4E3947A7-B644-4462-A08A-DF973358E81E}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

(boczi) #4

Jeśli nie używasz już toolbara NetSprint to usuń:

O3 - Toolbar: NetSprint Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\WINDOWS\Downloaded Program Files\toolbar.dll (file missing)

Zainstaluj Service Pack 2.


(Wieliczka Marcin) #5

Noi wygląda na czysto :stuck_out_tongue: =]

Możesz sobie poczytać o Optymalizacji XP


(Kubiik10) #6

SP2 nie moge zainstalowac bo komp byl w serwisie a w nim zainstalowali Winde piracka takze nie moge :frowning:


(Piecu92) #7

no to zwróć się do serwisu.Nie mogą ci wgrać pirata !!


(Kubiik10) #8

no wlasnie wiem ale jak sie zorientowalem ze to pirat to firmy juz nie bylo xD

a funduszy na orginal nie wiedac