Log :)


(Krzysieknd2) #1

Witam. Odemnie raczej prawie czysty log :slight_smile: (tak mi się coś tam wydaje dziwnego :smiley: )

Logfile of HijackThis v1.99.1

Scan saved at 15:26:47, on 2005-03-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Sygate Personal Firewall Pro\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

D:\Avast! Home Edition\aswUpdSv.exe

D:\Avast! Home Edition\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

D:\AVAST!~1\ashDisp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Winamp\winamp.exe

E:\Programy\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe Reader 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FLASHGET\jccatch.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FLASHGET\fgiebar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [avast!] D:\AVAST!~1\ashDisp.exe

O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe

O4 - HKLM\..\Run: [SmcService] D:\SYGATE~1\smc.exe -startgui

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Krzysiek Kisilewicz\Moje dokumenty\FreeRAM XP Pro 1.40.exe" -win

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FLASHGET\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109282805000

O17 - HKLM\System\CCS\Services\Tcpip\..\{3D646B04-D696-456F-9159-540696C25C62}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS1\Services\Tcpip\..\{3D646B04-D696-456F-9159-540696C25C62}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Avast! Home Edition\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Avast! Home Edition\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Avast! Home Edition\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Avast! Home Edition\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - D:\Sygate Personal Firewall Pro\smc.exe

(Kuz5) #2

Do usunięcia:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Jeżeli nie używasz Windows Messenger to go usuń:

Start=>Uruchom=>Wpisz polecenie

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

Lub programem Xp-AntiSpy PL


(Misterdam) #3

Według mnie ten wpis wygląda na jakiegoś szpiego

4 - HKLM..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe


(Krzysieknd2) #4

Usunąłem, HJ coś się pyta, klikam OK...listy niema ...tworzy się folder backups...uruchamiam ponownie HJ..wpisu niema....

Normalna reakcja?? Tak ma być ??


(Misterdam) #5

Całkowicie normalna.


(Krzysieknd2) #6

Aha. Dziękuje. Myślałem że to coś nie tak :slight_smile: