Proszę o sprawdzenie loga


(Kchoin) #1
Logfile of HijackThis v1.99.1

Scan saved at 21:18:15, on 2005-10-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Hmonitor\hmonitor.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

D:\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe

C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE

C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Tlen.pl\tlen.exe

D:\Skype\Phone\Skype.exe

D:\Gadu-Gadu\gg.exe

D:\CyberLink\Power2Go\Power2GoExpress.exe

C:\PROGRA~1\INTERN~2\KBOSDCtl.EXE

C:\Program Files\Samurize\Client.exe

C:\PROGRA~1\INTERN~2\KCodeMsg.EXE

C:\Program Files\Samurize\Client.exe

C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

D:\Opera\Opera.exe

C:\Documents and Settings\Chris\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FlashGet\jccatch.dll

O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll

O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] d:\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] d:\CyberLink\PowerBackup\PBKScheduler.exe

O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe

O4 - HKLM\..\Run: [AutoOS] C:\Program Files\Auto Power-on\AutoPowerOn.exe

O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Komunikator] D:\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [Skype] "d:\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Power2GoExpress] "d:\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe

O4 - Startup: Client Pogoda.lnk = C:\Program Files\Samurize\Client.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: GhostStartService - Unknown owner - C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE (file missing)

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5


(Gutek) #2

usuń hijackiem wpis

Panel sterowania >>> Java Plug-in >>> Update >>> odptaszkuj Check for updates automatically

Jeśli Quick jest naprawdę potrzebny łupnij go i zastąp odpowiednikiem TU

Start >>> Uruchom >>> msconfig >>> w zakładce Uruchamianie wyłącz ten wpis.


(Asterisk) #3

Znowu niekompletna informacja - chodzi o QuickTime Alternative 1.62


(Kchoin) #4

Dziękuję za sprawdzenie loga i proszę o sprawdzenie loga z kompa w mojej pracy. Z góry dzięki.

Logfile of HijackThis v1.99.1

Scan saved at 13:35:31, on 2005-10-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Registry Defragmentation\RegManServ.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe

C:\Program Files\CiDial\CiDial.exe

C:\Program Files\Samurize\Client.exe

C:\Program Files\Samurize\Client.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\The Bat!\thebat.exe

C:\Program Files\Opera 8 Beta\Opera.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Documents and Settings\oddzial02\Pulpit\HijackThis.exe


O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0

O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe

O4 - Startup: Client Pogoda.lnk = C:\Program Files\Samurize\Client.exe

O4 - Global Startup: CiDial.lnk = C:\Program Files\CiDial\CiDial.exe

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - d:\IrfanView\Ebay\Ebay.htm

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128594074859

O17 - HKLM\System\CCS\Services\Tcpip\..\{ECBDB14C-44B5-436A-AA3D-31F25B9AD69A}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: System Update (dnetc) - Unknown owner - C:\WINDOWS\SYSTEM\amp3search.exe (file missing)

O23 - Service: KLBLMain - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

(Kuz5) #5

Log ogólnie czysty

Do usuniecia

Start => Uruchom => wpisz services.msc => zatrzymaj i wyłącz proces System Update nastepnie odpalasz HijackThis Misc Tools => Delete NT service => wpisz dnetc => Ok i zresetuj komputer.