Prosze o sprawdzenie loga!

cmydrek · 12 Marzec 2005 17:43

Logfile of HijackThis v1.99.1

Scan saved at 18:27:16, on 2005-03-12

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

D:\WINNT\System32\smss.exe

D:\WINNT\SYSTEM32\winlogon.exe

D:\WINNT\system32\services.exe

D:\WINNT\system32\lsass.exe

D:\WINNT\system32\svchost.exe

D:\WINNT\system32\spoolsv.exe

D:\WINNT\system32\ZoneLabs\isafe.exe

D:\WINNT\System32\svchost.exe

E:\programy\ghoust norton\GhostStartService.exe

D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

D:\WINNT\system32\nvsvc32.exe

D:\WINNT\system32\regsvc.exe

D:\WINNT\system32\MSTask.exe

D:\WINNT\system32\ZONELABS\vsmon.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

D:\WINNT\System32\WBEM\WinMgmt.exe

D:\WINNT\system32\svchost.exe

D:\WINNT\Explorer.EXE

D:\WINNT\SOUNDMAN.EXE

D:\Program Files\D-Tools\daemon.exe

D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe

D:\WINNT\system32\ctfmon.exe

D:\Program Files\Gadu-Gadu\gg.exe

D:\WINNT\system32\RaConfig.exe

D:\WINNT\system32\rundll32.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

D:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\Program Files\BitTorrent\btdownloadgui.exe

E:\download\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 148.244.150.58:80

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=D:\WINNT\svchost32.exe,D:\Documents and Settings\szmelc1\Pulpit\Serwer.exe,D:\WINNT\svchost32.exe,D:\WINNT\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx

O4 - HKLM…\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [DAEMON Tools-1033] “D:\Program Files\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM…\Run: [KASP] “D:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe”

O4 - HKLM…\Run: [Zone Labs Client] “D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

O4 - HKLM…\Run: [KAV50] “D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe” -run -n PersonalPro -v 5.0.0.0 -chkss

O4 - HKLM…\Run: [DC++] D:\Program Files\DC++\DCPlusPlus.exe

O4 - HKLM…\Run: [MKS_MENU] D:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKCU…\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU…\Run: [sys32] D:\WINNT\sys32.exe

O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\PowerGG.exe”

O4 - HKCU…\Run: [star Downloader Free] D:\Program Files\Star Downloader\stardown.exe

O4 - Global Startup: RaConfig.lnk = D:\WINNT\system32\RaConfig.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht! http://bin.wordsx.cc/sIls2808UaacOitp5FjP.chm::/on-line.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht! http://acc2.gateone.ath.cx/script/loud.chm::/Bridge-c139.cab

O17 - HKLM\System\CCS\Services\Tcpip…{7A334118-E46C-4335-98DD-B93E1AB8762D}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - D:\WINNT\system32\ZoneLabs\isafe.exe

O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe

O23 - Service: GhostStartService - Symantec Corporation - E:\programy\ghoust norton\GhostStartService.exe

O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe

O23 - Service: Office Source Engine (ose) - Unknown owner - D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - D:\WINNT\system32\ZONELABS\vsmon.exe

musg · 12 Marzec 2005 17:49

usun

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/

R3 - Default URLSearchHook is missing

O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)

O4 - HKCU…\Run: [sys32] D:\WINNT\sys32.exe

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht! http://bin.wordsx.cc/sIls2808UaacOitp5FjP.chm::/o n-line.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht! http://acc2.gateone.ath.cx/script/loud.chm: Bridge-c139.cab

O23 - Service: Office Source Engine (ose) - Unknown owner - D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)

scan

http://forum.dobreprogramy.pl/viewtopic.php?t=17671

i dajesz raz jeszcze log

Comend · 13 Marzec 2005 08:03

Tego to juz nie trzeba ??:

F2 - REG:system.ini: UserInit=D:\WINNT\svchost32.exe,D:\Documents and Settings\szmelc1\Pulpit\Serwer.exe,D:\WINNT\svchost32.exe,D:\WINNT\system32\userinit.exe,

Pliki tez won

cmydrek · 13 Marzec 2005 13:55

Wrzucam jeszcze raz loga:

Logfile of HijackThis v1.99.1

Scan saved at 14:45:41, on 2005-03-13

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

D:\WINNT\System32\smss.exe

D:\WINNT\system32\csrss.exe

D:\WINNT\SYSTEM32\winlogon.exe

D:\WINNT\system32\services.exe

D:\WINNT\system32\lsass.exe

D:\WINNT\system32\svchost.exe

D:\WINNT\system32\spoolsv.exe

D:\WINNT\system32\ZoneLabs\isafe.exe

D:\WINNT\System32\svchost.exe

E:\programy\ghoust norton\GhostStartService.exe

D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

D:\WINNT\system32\nvsvc32.exe

D:\WINNT\system32\regsvc.exe

D:\WINNT\system32\MSTask.exe

D:\WINNT\System32\WBEM\WinMgmt.exe

D:\WINNT\system32\svchost.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

D:\WINNT\Explorer.EXE

D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

D:\WINNT\SOUNDMAN.EXE

D:\Program Files\D-Tools\daemon.exe

D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe

D:\WINNT\system32\ctfmon.exe

D:\WINNT\system32\rundll32.exe

D:\WINNT\system32\RaConfig.exe

D:\Program Files\Gadu-Gadu\gg.exe

D:\Program Files\Winamp\winamp.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Outlook Express\msimn.exe

E:\download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx

O4 - HKLM…\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [DAEMON Tools-1033] “D:\Program Files\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM…\Run: [Zone Labs Client] “D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

O4 - HKLM…\Run: [KAV50] “D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe” -run -n PersonalPro -v 5.0.0.0 -chkss

O4 - HKCU…\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\PowerGG.exe”

O4 - HKCU…\Run: [spySweeper] “D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe” /0