Moj log


(Karol) #1

Nie wiem czy robie dobrze wklejajac wam to tu ale chyba nic strasznego sie nie stanie jak tu to bedzie ... To jest moj log z tgeo Hijacka czy jak to sie zwie :slight_smile:

StartupList report, 2005-01-08, 18:50:45

StartupList version: 1.52

Started from : D:\Downloads\PRGZ\StartupList.EXE

Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

==================================================

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\sstray.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe

C:\Program Files\Messenger\msmsgs.exe

D:\Downloads\PRGZ\StartupList.exe


Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nForce Tray Options = sstray.exe /r

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /install

NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Gadu-Gadu = "C:\Program Files\Gadu-Gadu\gg.exe" /tray


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

Policies Shell key:

HKCU..\Policies: Shell=*Registry key not found*

HKLM..\Policies: Shell=*Registry value not found*


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program Files\Common Files\justDo\Jd2002.dll - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E}

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}


Enumerating Task Scheduler jobs:

Norton AntiVirus - Skanuj komputer.job

Symantec NetDetect.job


Enumerating Download Program Files:

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx

CODEBASE = http://fpdownload.macromedia.com/get/sh ... wflash.cab


Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll


End of report, 4 320 bytes

Report generated in 0,047 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Jezeli ktos moze mi pomoc to przeanalizowac i powiedziec co jest nie tak z moim system. Konkretnie martwia mnie te svchosty odpalone wielokreotnie... Robilem scany Ad-awerem antywirsami i daj to samo :frowning:

HELP PLZ


(Dragonlnx) #2

To tylko multikopie - nic poważnego ! ...


(Kuz5) #3

Słuchaj pobierz z tej strony http://www.merijn.org program HijackThis 1.99 zeskanuj i dopiero wklej loga.


(Minio Dp) #4

Hmm... :wink:


(Adarek) #5

Coś namieszałeś w ustawieniach ,Tu masz opis co i jak :

http://www.searchengines.pl/phpbb203/in ... opic=15989