LOG do sprawdzianu


(system) #1

witam

po formatowaniu zainstalowałem parę programów, ale cały czas jest tak jakby ktoś mi kompa liną do mostu przyspawał :frowning:

popartzcie na to w wolnej chwili :slight_smile:

Logfile of HijackThis v1.99.1

Scan saved at 20:44:40, on 2005-10-07

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\AVPersonal\AVGNT.EXE

C:\Program Files\KYE\WebScroll+ Mouse\gnetmous.exe

C:\Program Files\Common Files\CMEII\CMESys.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\GMT\GMT.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

D:\Downloads\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min

O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\KYE\WebScroll+ Mouse\gnetmous.exe

O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe[code]

(Kuz5) #2

Czy oby napewno to jest cały log ?


(system) #3
Logfile of HijackThis v1.99.1

Scan saved at 18:23:29, on 2005-10-11

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\AVPersonal\AVGNT.EXE

C:\Program Files\KYE\WebScroll+ Mouse\gnetmous.exe

C:\Program Files\Common Files\CMEII\CMESys.exe

C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SETI@home\SETI@home.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\Program Files\Common Files\GMT\GMT.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Downloads\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min

O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\KYE\WebScroll+ Mouse\gnetmous.exe

O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

(Gutek) #4

odinsatluj w trybie awaryjnym foldery usuń

Zbędniki:

pierwsze dwa: Start >>> Uruchom >>> msconfig >>> w zakładce Uruchamianie wyłącz te 2 wpisy.

3 wpis: Panel sterowania >>> Ustawienia regionalne >>> Języki >>> Detale >>> Zaawansowane >>> odznaczyć usługi tekstowe, zrób tak jeżeli nie używasz innych języków przy pisaniu

4 wpis: Start >>> Programy >>> Autostart >>> kasacja z prawokliku.


(system) #5

zastosowałem się do zaleceń :slight_smile:

dzięki wielkie :wink:

Złączono Posta : 13.10.2005 (Czw) 8:28

Jak to pisze Gutek2222 "Walka do końca, nie format :slight_smile: "

wklejam mój log z kompa w pracy - tu jest niezły pajzel :o

Logfile of HijackThis v1.99.1

Scan saved at 08:26:59, on 2005-10-13

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\System32\DRIVERS\CDANTSRV.EXE

C:\WINNT\System32\cisvc.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\snmp.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\inetsrv\inetinfo.exe

C:\WINNT\system32\CCM\CcmExec.exe

C:\WINNT\Explorer.EXE

C:\Program Files\KYE\WebScroll+ Eye Mouse\gnetmous.exe

C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINNT\explorer.exe

C:\Program Files\AutoCAD 2002 Plk\acad.exe

C:\WINNT\CDILLA64.EXE

C:\WINNT\System32\cidaemon.exe

C:\WINNT\System32\cidaemon.exe

D:\Michal\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://info/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://popnav.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Microsoft Internet Explorer dostarczony przez Nomi S.A.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.nomi.com.pl:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.pli.pl;ifs;ksiega;info;;

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: MyTotalSearch Search Assistant BHO - {00BD2861-C654-4694-A44A-98642D73247D} - C:\Program Files\MyTotalSearch\SrchAstt\1.bin\MTSSRCAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: mtsBar BHO - {094176F1-BF35-4bcb-B68A-108DFB8C3825} - C:\Program Files\MyTotalSearch\bar\1.bin\MTSBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: My &Total Search - {094176F9-BF35-4bcb-B68A-108DFB8C3825} - C:\Program Files\MyTotalSearch\bar\1.bin\MTSBAR.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\KYE\WebScroll+ Eye Mouse\gnetmous.exe

O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINNT\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM

O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min

O8 - Extra context menu item: &Search - http://bar.mytotalsearch.com/menusearch.html?p=VNxmk14246US

O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab

O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - http://pointa.autodesk.com/portal/lang/plk/InstFred.Ocx

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx

O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://C:\Program Files\AutoCAD 2002 Plk\AcDcToday.ocx

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EADE} - http://lizaczki.sex.pl//d/nastolatki_v1a.exe

O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/plk/InstBanr.Ocx

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002 Plk\AcPreview.ocx

O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/update.CAB

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pli.pl

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA91F35C-E62D-4141-872A-FF35430FFFD2}: Domain = pli.pl

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA91F35C-E62D-4141-872A-FF35430FFFD2}: NameServer = 100.1.1.3,217.96.127.3

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pli.pl

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pli.pl

O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

O23 - Service: SMS Hardware Inventory Agent Service - Unknown owner - C:\WINNT\MS\SMS\clicomp\hinv\hinv32.exe (file missing)

dzięki za pomoc