KUBAx
(Kuba1550)
27 Listopad 2006 15:20
#1
Witam! Proszę o sprawdzenie loga w tym poscie - poniewaz robię porządki (zimowe :mrgreen: ) na dysku a nie umiem sam nic odczytac z tego loga. Komp trochę się muli. Pozdr.
Logfile of HijackThis v1.99.1 Scan saved at 19:49:33, on 2006-11-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe E:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\ctfmon.exe E:\Gadu-Gadu\gg.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe E:\MS OFFICE 2003\OFFICE\SETUP.EXE C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\MsiExec.exe C:\Documents and Settings\XXXXX\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe, O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [vmtuner] gglib.exe O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [MsgCenterExe] “C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe” -osboot O4 - HKLM…\Run: [msresearch] C:\WINDOWS\tool4.exe O4 - HKLM…\Run: [sp2update] C:\windows\sp2update00.exe O4 - HKLM…\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM…\Run: [ViP’s UserGuard] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU…\Run: [oifo] C:\PROGRA~1\COMMON~1\oifo\oifom.exe O4 - HKCU…\Run: [P2kAutostart] C:\DOCUME~1\XXXXX\USTAWI~1\Temp\Rar$EX00.339\P2kAutostart.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\nero\Nero BackItUp\NBJ.exe” O4 - HKCU…\Run: [Komunikator] E:\Program Files\Tlen.pl\tlen.exe O4 - HKCU…\Run: [Gadu-Gadu] “E:\Gadu-Gadu\gg.exe” /tray O8 - Extra context menu item: Pobierz z &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_66.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\fplm0331e.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winsit32 - winsit32.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Joan
(Joan Sunshine)
27 Listopad 2006 16:19
#2
Wyłączasz przywracanie systemu (Panel sterowania -> System -> Przywracanie systemu -> zaznaczasz „Wyłącz przywracanie systemu” ).
W HJT zaznaczasz wpisy i klikasz na dole “Fix checked” , to co na czerwono usuwasz ręcznie z dysku:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM…\Run: [vmtuner] gglib.exe O4 - HKLM…\Run: [msresearch] C:\WINDOWS\tool4.exe O4 - HKLM…\Run: [sp2update] C:\windows\sp2update00.exe O4 - HKCU…\Run: [oifo] C:\PROGRA~1\COMMON~1\oifo\oifom.exe O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\fplm0331e.dll (file missing) O20 - Winlogon Notify: winsit32 - winsit32.dll (file missing)
Po zabiegach nowe logi z HiJacka oraz Silent Runners (zaznaczasz No i czekasz aż skończy pracować w tle) i koniecznie z L2mfix (najpierw wciskasz dowolny klawisz, potem wybierasz opcję 1)