Proszę o sprawdzenie loga


(Polo76) #1

Logfile of HijackThis v1.99.1

Scan saved at 13:09:45, on 2005-04-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\LXSUPMON.EXE

D:\Kaspersky Anti-Virus Personal Pro 5\kav.exe

D:\programy\pamięć\CachemanXP\CachemanXP.exe

D:\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe

E:\NORTON~1\NORTON~2\NPROTECT.EXE

E:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

D:\programy\tlen\tlen.exe

E:\Programy\Gadu-Gadu\gg.exe

E:\Programy\Opera\opera.exe

C:\DOCUME~1\polo\USTAWI~1\Temp\Rar$EX00.500\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.miniclip.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.miniclip.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Danielek za długo gra na komputerze

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: (no name) - {1E634697-3A49-47CA-89DF-C70E11F5C730} - (no file)

O3 - Toolbar: (no name) - {7A68AF7B-0CA7-40AC-94BF-6AF308B96A65} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN

O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM..\Run: [KAV50] "D:\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0

O4 - HKCU..\Run: [Dzieńdobry!] D:\programy\Dzieńdobry!\dziendobry.exe /auto

O4 - HKCU..\Run: [ETD Security Scanner] "C:\Program Files\ETD Security Scanner\ETD Security Scanner.exe" /s

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - e:\Programy\IrfanView\Ebay\Ebay.htm

O12 - Plugin for .exe: e:\Programy\Opera\PLUGINS\NPFgc1.dll

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_58.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_16.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - D:\programy\pamięć\CachemanXP\CachemanXP.exe

O23 - Service: KLBLMain - Unknown owner - D:\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\NORTON~1\NORTON~2\NPROTECT.EXE

O23 - Service: PDEngine - Raxco Software, Inc. - C:\WINDOWS\Installer{0FFCBC14-E43C-4DD8-9F48-7F6997149A3E}\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\WINDOWS\Installer{0FFCBC14-E43C-4DD8-9F48-7F6997149A3E}\PDSched.exe

O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\programy\benchmarki\testujące\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\programy\benchmarki\testujące\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

O23 - Service: Speed Disk service - Symantec Corporation - E:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


(Kuz5) #2

Log ogólnie czysty

Usuń:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

O3 - Toolbar: (no name) - {1E634697-3A49-47CA-89DF-C70E11F5C730} - (no file)

O3 - Toolbar: (no name) - {7A68AF7B-0CA7-40AC-94BF-6AF308B96A65} - (no file)

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll

(Polo76) #3

teraz wygląda tak:

Logfile of HijackThis v1.99.1

Scan saved at 19:55:09, on 2005-04-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\LXSUPMON.EXE

D:\Kaspersky Anti-Virus Personal Pro 5\kav.exe

D:\programy\pamięć\CachemanXP\CachemanXP.exe

D:\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe

E:\NORTON~1\NORTON~2\NPROTECT.EXE

E:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

D:\programy\tlen\tlen.exe

E:\Programy\Gadu-Gadu\gg.exe

E:\Programy\Opera\opera.exe

C:\WINDOWS\Explorer.EXE

E:\ściągane\Download\hijackthis1.99.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.miniclip.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.miniclip.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Danielek za długo gra na komputerze

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN

O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM..\Run: [KAV50] "D:\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0

O4 - HKCU..\Run: [Dzieńdobry!] D:\programy\Dzieńdobry!\dziendobry.exe /auto

O4 - HKCU..\Run: [ETD Security Scanner] "C:\Program Files\ETD Security Scanner\ETD Security Scanner.exe" /s

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - e:\Programy\IrfanView\Ebay\Ebay.htm

O12 - Plugin for .exe: e:\Programy\Opera\PLUGINS\NPFgc1.dll

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_58.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_16.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - D:\programy\pamięć\CachemanXP\CachemanXP.exe

O23 - Service: KLBLMain - Unknown owner - D:\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\NORTON~1\NORTON~2\NPROTECT.EXE

O23 - Service: PDEngine - Raxco Software, Inc. - C:\WINDOWS\Installer{0FFCBC14-E43C-4DD8-9F48-7F6997149A3E}\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\WINDOWS\Installer{0FFCBC14-E43C-4DD8-9F48-7F6997149A3E}\PDSched.exe

O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\programy\benchmarki\testujące\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\programy\benchmarki\testujące\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

O23 - Service: Speed Disk service - Symantec Corporation - E:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


(Musg) #4

czysto :slight_smile: