Proszę o sprawdzenie loga :)


(Lukaszkozica) #1

Logfile of HijackThis v1.99.1

Scan saved at 10:12:07, on 2005-06-12

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\luke\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - (no file)

O4 - HKLM..\Run: [LaunchApp] Alaunch

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM..\Run: [zzzHPSETUP] E:\Setup.exe

O4 - HKLM..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

O4 - HKLM..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 1773668541

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

z góry dzięki


(Johny) #2

C:\WINDOWS\system32\WISPTIS.EXE

To jest jakiś dziwny wpis,jeśli komp się blokuje zakończ proces i odchacz go,potem wyłącz przywracanie systemu i po restarcie wina usuń plik

tcpsvcs - też nie wiem co to jest

czemu tyle razy uruchamia się svchost.exe ?

i AGRSMMSG to chyba jakiś syf


(Grebo) #3

Nie usuwaj tego! !!

Właściwie to nic nie usuwaj z tego co Johny napisał.

svchost.exe z tego co widzę to się uruchomił normalną ilość razy


(Musg) #4

z loga nic nie usuwasz! !!

sciagnij program :

http://www.cexx.org/lspfix.htm

Odpal LSP-Fix zaznacz "I know what I'm doing" następnie w okienku Keep zaznacz plik który chcesz usunac i za pomocą strzałki () przenieś go do okienka Remover i kliknij Finish

usunac masz:

newdotnet6_38.dll' missing reszta zostaje

i dajesz kolejny log do sprawdzenia

to co powyzej napisano omijasz wielkimi krokami


(Lukaszkozica) #5

teraz to wyglada tak:

Logfile of HijackThis v1.99.1

Scan saved at 12:46:06, on 2005-06-12

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\Internet Explorer\iexplore.exe

D:\Microsoft office\OFFICE11\OUTLOOK.EXE

D:\Microsoft office\OFFICE11\WINWORD.EXE

C:\WINDOWS\msagent\AgentSvr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Avant Browser\avant.exe

C:\Documents and Settings\luke\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - (no file)

O4 - HKLM..\Run: [LaunchApp] Alaunch

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe

O4 - HKLM..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 1773668541

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)


(Musg) #6

hijackiem ciachnij jeszcze to:

i zostaje jeszcze:

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz Service: MSSQLServerADHelper potem:

Otwierasz HijackThis--- Misc Tools--- Delete NT Service--- wklepujesz MSSQLServerADHelper >>> zawierdzasz. Potem kasujesz wpis hijackiem

brakuje ci zabezpieczen anty


(Lukaszkozica) #7

DZienki bardzo

jaesli chodzi o antywira to jakiego polecasz, na razie skanuje mks-wir on line

pozdrawiam


(Musg) #8

on line to troszke za mało

polecam ci :

http://www.google.pl/url?sa=U&start=1&q ... l/&e=10431

ale masz jeszcze wiele innych do wyboru:

http://dobreprogramy.com/index.php?dz=1&t=30

poczytaj