Możecie sprawdzić?


(system) #1

Logfile of HijackThis v1.99.0

Scan saved at 11:04:46, on 2005-02-15

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\Program Files\Diskeeper\DkService.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\AGNITU~1\outpost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AutoConnect\AutoConnect.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Microsoft Office\Office10\msoffice.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\Pliki z netu\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [Outpost Firewall] C:\Program Files\Agnitum Outpost Firewall\outpost.exe /waitservice

O4 - HKLM..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper\DkIcon.exe"

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe

O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Diskeeper\ESIRegister.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\AGNITU~1\TRASH.EXE (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\AGNITU~1\TRASH.EXE (HKCU)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7183078395

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip..{E7D3076A-1BC2-4638-AA86-7E9BA8C4DC10}: NameServer = 194.204.152.34 217.98.63.164

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\wpkontakt\url_wpmsg.dll

O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper\DkService.exe

O23 - Service: InCD Helper (read only) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Outpost Firewall Service - Agnitum - C:\PROGRA~1\AGNITU~1\outpost.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


(boczi) #2

Czysty :slight_smile:


(Musg) #3

O4 - HKLM..\RunOnce: [srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

O4 - HKLM..\RunOnce: [OLEDb Service] C:\WINDOWS\System32\runoledb32.exe

O4 - HKCU..\RunOnce: [srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

O4 - HKCU..\RunOnce: [OLEDb Service] C:\WINDOWS\System32\runoledb32.exe

jestes tak bardzo pewien ze masz to usunac ,wydaje mi sie ze te wpisy sa prawidlowe

hiroaq no widze ,ze sie zrobił ładny balagan.Twoj log jest czysty ,a te wpisy nie dotyczą Ciebie.


(Kuz5) #4

hiroaq usuń to:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

Wyłącz CTFMON.EXE: Panel sterowania => Opcje regionalne=> Języki => Szczegóły => Zaawansowane => zaznaczasz wyłącz zaawansowane usługi tekstowe

Jeżeli nie używasz Windows Messenger to go usuń:

Start=>Uruchom=>Wpisz polecenie

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove


(system) #5

Mam pytsanie do Musga!! Napisałeś ze mam to wyrzucic oraz ze te wpisy sa prawidlowe!! To co w końcu??


(fiesta) #6

Posty dotyczące loga drugiego usera wydzieliłem do innego wątku.