putineq
(putineq)
12 Sierpień 2006 14:01
#1
Witam mógł by ktoś sprawdził log mojego kumpla bo jak gra albo wchodzi do neta właczają mu się reklamy. Zamieszczem log:
Logfile of HijackThis v1.99.1 Scan saved at 15:59:23, on 06-08-12 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\dfndrff_9.exe C:\kybrdff_9.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\nwnmff_9.exe C:\Program Files\ipwins\ipwins.exe C:\Program Files\Common Files{8C0A9022-0710-1045-0609-050405280030}\Update.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe D:\gadu-gadu\gg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe D:\gadu-gadu\gg.exe D:\snikers\Snikers.exe C:\DOCUME~1\Robert\USTAWI~1\Temp\syntalk.exe C:\Program Files\Internet Explorer\iexplore.exe D:\bad day L.A\BadDayLA.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\MORPHEUS\Morpheus.exe D:\storm\mplayerc.exe C:\dfndrff_9.exe C:\dfndrff_9.exe C:\dfndrff_9.exe C:\DOCUME~1\Robert\USTAWI~1\Temp\ICEOWS\ViewUpd\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.adnet-plus.com/banners.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lacza F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing) O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing) O4 - HKLM…\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKLM…\Run: [winlog] winlog.exe O4 - HKLM…\Run: [defender] C:\dfndrff_9.exe O4 - HKLM…\Run: [keyboard] C:\kybrdff_9.exe O4 - HKLM…\Run: [qho5303c] RUNDLL32.EXE w11f1ff7.dll,n 0025303a0000000a11f1ff7 O4 - HKLM…\Run: [newname] C:\nwnmff_9.exe O4 - HKLM…\Run: [ipWins] C:\Program Files\ipwins\ipwins.exe O4 - HKLM…\RunServices: [winlog] winlog.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\gadu-gadu\gg.exe” /tray O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll (file missing) O9 - Extra ‘Tools’ menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll (file missing) O9 - Extra button: N×C¤asÎd - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra ‘Tools’ menuitem: N×C¤asÎd - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleAc … refid=1123 O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\System32\userinit.dll O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\l8n40i5qe8.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
P.S. Jak zobaczycie coś innego to powiedzcie. Z góry dzięki pozdr!
P.S. Jakim programem moge usuną plik zabezpieczony przed usuwaniem, gdy chce go usuną wyskakują błędy. Pozdr!
również do wywalenia
start>>>uruchom>>>wpisz > sc delete Network Monitor