Czego dotyczą wpisy z HijackThis pod numerem 01


(Groh V) #1
Logfile of HijackThis v1.99.1

Scan saved at 17:44, on 2007-12-12

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Option\GlobeTrotter Mobility Manager\GlobeTrotter Mobility Manager.exe

C:\Program Files\Option\GlobeTrotter Mobility Manager\VirtualWirelessDevice.exe

C:\Documents and Settings\kix\Pulpit\HijackThis 1.99.1.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/

O1 - Hosts: 82.146.60.44 postbank.de

O1 - Hosts: 82.146.60.44 www.postbank.de

O1 - Hosts: 82.146.60.44 banking.postbank.de

O1 - Hosts: 82.146.60.44 direkt.postbank.de

O1 - Hosts: 82.146.60.44 www.smile.co.uk

O1 - Hosts: 82.146.60.44 smile.co.uk

O1 - Hosts: 82.146.60.44 cahoot.com

O1 - Hosts: 82.146.60.44 www.cahoot.com

O1 - Hosts: 82.146.60.44 www.cahoot.co.uk

O1 - Hosts: 82.146.60.44 cahoot.co.uk

O1 - Hosts: 82.146.60.44 www.co-operativebank.co.uk

O1 - Hosts: 82.146.60.44 co-operativebank.co.uk

O1 - Hosts: 82.146.60.44 www.co-operativebank.com

O1 - Hosts: 82.146.60.44 co-operativebank.com

O1 - Hosts: 82.146.60.44 personal.barclays.co.uk

O1 - Hosts: 82.146.60.44 barclays.co.uk

O1 - Hosts: 82.146.60.44 ibank.barclays.co.uk

O1 - Hosts: 82.146.60.44 www.barclays.co.uk

O1 - Hosts: 82.146.60.44 barclays.touchclarity.com

O1 - Hosts: 82.146.60.44 hsbc.co.uk

O1 - Hosts: 82.146.60.44 www.hsbc.co.uk

O1 - Hosts: 82.146.60.44 hsbc.touchclarity.com

O1 - Hosts: 82.146.60.44 www1.member-hsbc-group.com

O1 - Hosts: 82.146.60.44 lloydstsb.co.uk

O1 - Hosts: 82.146.60.44 www.lloydstsb.co.uk

O1 - Hosts: 82.146.60.44 lloydstsb.com

O1 - Hosts: 82.146.60.44 www.lloydstsb.com

O1 - Hosts: 82.146.60.44 mi.lloydstsb.com

O1 - Hosts: 82.146.60.44 www.woolwich.co.uk

O1 - Hosts: 82.146.60.44 woolwich.co.uk

O1 - Hosts: 82.146.60.44 www.deutsche-bank.de

O1 - Hosts: 82.146.60.44 deutsche-bank.de

O1 - Hosts: 82.146.60.44 meine.deutsche-bank.de

O1 - Hosts: 82.146.60.44 www.anbusiness.com

O1 - Hosts: 82.146.60.44 anbusiness.com

O1 - Hosts: 82.146.60.44 www.abbeyinternational.com

O1 - Hosts: 82.146.60.44 www.barclays.com

O1 - Hosts: 82.146.60.44 barclays.com

O1 - Hosts: 82.146.60.44 ibank.internationalbanking.barclays.com

O1 - Hosts: 82.146.60.44 offshore.hsbc.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

(boczi) #2

Proszę poprawić temat na konkretny, obrazujący problem, używając opcji Edytuj


(Gutek) #3

sam to wszystko ustawiałeś?


(Groh V) #4

Laptop nie jest mój. Kumpela pożyczyła go koleżankom w akademiku. Poistalowały jej Kaaze i inne syfy.

Wyczyściłem go z "grubsza"(trojany, wirusy). Pozostały mi właśnie te wpisy i nadal nie mogę uruchomić go w trybie awaryjnym.


(Gutek) #5


(Groh V) #6

Czego dotycz ą te wpisy w logu HijackThis?

Jeszcze ten z Combo.


(Asterisk) #7

groh1 - byłeś proszony o zmianę tematu.

Więcej próśb nie będzie


(Gutek) #8

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

przeskanuj pliki na http://virusscan.jotti.org/

Pobierz program SDFix

-


(Groh V) #9

Tryb awaryjny naprawiony.

Co z plikami luaPUMlw.exe i vCjIAlVO.exe. Usunąć?

Skąd te wpisy pod 01(zostały usunięte).

Log z SDFix'a.