Proszę o sprawdzenie loga mojej znajomej. Miała kilka wirusów, a poza tym wolno Jej komputer chodził. Nie podoba mi się kilka wpisów ale wolę się poradzić specjalistów.
Z góry wielki dzięki.
Logfile of HijackThis v1.99.1
Scan saved at 17:55:13, on 2005-07-06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avast 4.6\aswUpdSv.exe
C:\YDPDict\watch.exe
D:\Program Files\Avast 4.6\ashServ.exe
D:\PROGRA~1\AVAST4~1.6\ashDisp.exe
D:\Program Files\Java Runtime\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Avast 4.6\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Avast 4.6\ashMaiSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\msiexec.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Documents and Settings\Dominik\Pulpit\Hijaktis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=C:\YDPDict\watch.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [avast!] D:\PROGRA~1\AVAST4~1.6\ashDisp.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] D:\Program Files\Java Runtime\bin\jusched.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java Runtime\bin\npjpi150_02.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java Runtime\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 69.50.161.82
O15 - Trusted IP range: 69.50.161.82 (HKLM)
O15 - ProtocolDefaults: ‘http’ protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: ‘https’ protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: ‘http’ protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: ‘https’ protocol is in Trusted Zone, should be Internet Zone (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip…{9FA2CFEF-13C8-4708-9EEB-B7E16B6CEFC1}: NameServer = 80.244.142.250 80.244.128.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Avast 4.6\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Avast 4.6\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Avast 4.6\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Avast 4.6\ashWebSv.exe" /service (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe