jak utworzyć log
Daj jeszcze log z Sielenta. - też opis w tym linku. Tu nic nie widać ale :
może być syfem więc daj 2 log.
Złączono Posta : 10.09.2006 (Nie) 21:02
Logfile of HijackThis v1.99.1
Scan saved at 21:02:30, on 2006-09-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\programy\Kaspersky Anti-Virus Personal\avp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\programy\Kaspersky Anti-Virus Personal\avp.exe
D:\programy\peer to peer\eMule\emule.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Katalog tymczasowy 3 dla hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM…\Run: [kav] “D:\programy\Kaspersky Anti-Virus Personal\avp.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [OpwareSE2] “C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe”
O4 - HKLM…\Run: [OPSE reminder] “C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe” -r “C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini”
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM…\Run: [!ewido] “C:\Program Files\ewido anti-spyware 4.0\ewido.exe” /minimized
O4 - HKCU…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 - Startup: Reboot.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\programy\Kaspersky Anti-Virus Personal\scieplugin.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\programy\Kaspersky Anti-Virus Personal\avp.exe" -r (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
Na przyszłość nie zakładaj 2 tematów
http://forum.dobreprogramy.pl/viewtopic.php?t=96982
Masz wkleić loga z SilentRunners
“Silent Runners.vbs”, revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“Google Desktop Search” = ““C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup” [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“kav” = ““D:\programy\Kaspersky Anti-Virus Personal\avp.exe”” [“Kaspersky Lab”]
“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“HP Software Update” = “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” [null data]
“HPDJ Taskbar Utility” = “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe” [“HP”]
“DeviceDiscovery” = “C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [“Hewlett-Packard”]
“Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS]
“OpwareSE2” = ““C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe”” [“ScanSoft, Inc.”]
“OPSE reminder” = ““C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe” -r “C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini”” [“ScanSoft, Inc.”]
“KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” [MS]
“!ewido” = ““C:\Program Files\ewido anti-spyware 4.0\ewido.exe” /minimized” [“Anti-Malware Development a.s.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx” [empty string]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar Helper”
\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Web Anti-Virus”
-> {HKLM…CLSID} = “Web Anti-Virus”
\InProcServer32(Default) = “D:\programy\Kaspersky Anti-Virus Personal\scieplugin.dll” [“Kaspersky Lab”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”]
“{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”]
“{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”]
“{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”]
“{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx”
-> {HKLM…CLSID} = “AlcoholShellEx”
\InProcServer32(Default) = “D:\programy\ALCOHO~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~1\Office\OLKFSTUB.DLL” [MS]
“{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band”
-> {HKLM…CLSID} = “Shell Search Band”
\InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “ewido anti-spyware 4.0”
-> {HKLM…CLSID} = “CShellExecuteHookImpl Object”
\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll” [“Anti-Malware Development a.s.”]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! klogon\DLLName = “C:\WINDOWS\system32\klogon.dll” [“Kaspersky Lab”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”
-> {HKLM…CLSID} = “CContextScan Object”
\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”]
Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “D:\programy\Kaspersky Anti-Virus Personal\shellex.dll” [“Kaspersky Lab”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}”
-> {HKLM…CLSID} = “CContextScan Object”
\InProcServer32(Default) = “C:\Program Files\ewido anti-spyware 4.0\context.dll” [“Anti-Malware Development a.s.”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “D:\programy\Kaspersky Anti-Virus Personal\shellex.dll” [“Kaspersky Lab”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”
-> {HKLM…CLSID} = “WinZip”
\InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing LP”]
Active Desktop and Wallpaper:
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS]
Startup items in “Administrator” & “All Users” startup folders:
C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart
INFECTION WARNING! “Reboot.exe” [empty string]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS]
“WinZip Quick Pick” -> shortcut to: “C:\Program Files\WinZip\WZQKPICK.EXE” [“WinZip Computing LP”]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
“ButtonText” = “Web Anti-Virus”
Running Services (Display Name, Service Name, Path {Service DLL}):
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, “C:\Program Files\ewido anti-spyware 4.0\guard.exe” [“Anti-Malware Development a.s.”]
Kaspersky Anti-Virus 6.0, AVP, ““D:\programy\Kaspersky Anti-Virus Personal\avp.exe” -r” [“Kaspersky Lab”]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt08\Driver = “hpzsnt08.dll” [“HP”]
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer “No” at the first message box.
---------- (total run time: 142 seconds, including 11 seconds for message boxes)
Log jest czysty