Underek
(Hilary42)
22 Październik 2006 11:55
#1
Najpierw logi a potem opis:
Logfile of HijackThis v1.99.1
Scan saved at 13:49:23, on 2006-10-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\taskmgr.exe
E:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\bbbb\Pulpit\TORRENT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.imesh.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Spik] F:\Program Files\Spik\Spik.exe -autostart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "F:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F6AE2BF-D96E-4A81-85CC-08F83FE34199}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - F:\Program Files\Spik\url_wpmsg.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
Po skanowaniu Ad-Aware SE Personal
“Silent Runners.vbs”, revision 43, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““F:\Program Files\Gadu-Gadu\gg.exe” /tray” [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Spik” = “F:\Program Files\Spik\Spik.exe -autostart” [null data] “KernelFaultCheck” = “D:\WINDOWS\system32\dumprep 0 -k” [MS] “!AVG Anti-Spyware” = ““F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) - {CLSID}\InProcServer32(Default) = “E:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {CLSID}\InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {CLSID}\InProcServer32(Default) = “D:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice Property Sheet Handler” - {CLSID}\InProcServer32(Default) = “F:\Program Files\OpenOffice.org1.1.4\program\shlxthdl.dll” [file not found] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” - {CLSID}\InProcServer32(Default) = “D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” - {CLSID}\InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” - {CLSID}\InProcServer32(Default) = “D:\WINDOWS\system32\browseui.dll” [MS] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” - {CLSID}\InProcServer32(Default) = “E:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Dodatki Spika” - {CLSID}\InProcServer32(Default) = “F:\Program Files\Spik\shellext_wpmsg.dll” [“Wirtualna Polska”] “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” = “Dodatki Spika” - {CLSID}\InProcServer32(Default) = “F:\Program Files\Spik\shellext_wpmsg.dll” [“Wirtualna Polska”] “{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}” = “wodShellMenu” - {CLSID}\InProcServer32(Default) = “D:\WINDOWS\system32\wodShellMenu.dll” [“WeOnlyDo! COM”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! “{54D9498B-CF93-414F-8984-8CE7FDE0D391}” = “ewido shell guard” - {CLSID}\InProcServer32(Default) = “F:\Program Files\ewido anti-malware\shellhook.dll” ["TODO: "] INFECTION WARNING! “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” - {CLSID}\InProcServer32(Default) = “F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {CLSID}\InProcServer32(Default) = “E:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” - {CLSID}\InProcServer32(Default) = “F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [file not found] Spik(Default) = “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” - {CLSID}\InProcServer32(Default) = “F:\Program Files\Spik\shellext_wpmsg.dll” [“Wirtualna Polska”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {CLSID}\InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] wodShellMenu(Default) = “{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}” - {CLSID}\InProcServer32(Default) = “D:\WINDOWS\system32\wodShellMenu.dll” [“WeOnlyDo! COM”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” - {CLSID}\InProcServer32(Default) = “F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [file not found] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {CLSID}\InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] wodShellMenu(Default) = “{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}” - {CLSID}\InProcServer32(Default) = “D:\WINDOWS\system32\wodShellMenu.dll” [“WeOnlyDo! COM”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {CLSID}\InProcServer32(Default) = “E:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Spik(Default) = “{B4B924A2-EBDA-11DA-95DA-00E08161165F}” - {CLSID}\InProcServer32(Default) = “F:\Program Files\Spik\shellext_wpmsg.dll” [“Wirtualna Polska”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {CLSID}\InProcServer32(Default) = “E:\Program Files\WinRAR\rarext.dll” [null data] wodShellMenu(Default) = “{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}” - {CLSID}\InProcServer32(Default) = “D:\WINDOWS\system32\wodShellMenu.dll” [“WeOnlyDo! COM”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “D:\Documents and Settings\bbbb\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “bbbb” “All Users” startup folders: ------------------------------------------------------ D:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” - shortcut to: “D:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “D:\WINDOWS\System32\Ati2evxx.exe” [“ATI Technologies Inc.”] avast! Antivirus, avast! Antivirus, ““E:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““E:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, “F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe” [“Anti-Malware Development a.s.”] ewido security suite control, ewido security suite control, “F:\Program Files\ewido anti-malware\ewidoctrl.exe” [“ewido networks”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt08\Driver = “hpzsnt08.dll” [“HP”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 58 seconds, including 3 seconds for message boxes)
Wszystkie programy z dysku F na moim PC zostały skasowane poprostu ich nie ma a ja ich nie kasowałem został tylko winamp który był włonczony od rana poza nim nic nie zostało nawet muza czy filmy.
Bardzo bym chciał odzyskać dane z tego dysku były tam bardzo ważne dl mnie programy.
Myszak
(Myszonus)
22 Październik 2006 12:04
#2
Miałeś jakąś awarię systemową. Zdebuguj błąd. Wpis skasuj Hijackiem.
W logach nic nie widać.
Myszak
(Myszonus)
22 Październik 2006 12:08
#4
Underek
(Hilary42)
22 Październik 2006 12:23
#5
A kontakty ze gg ja odzyskac bo nie ma ich oraz zakładki w operze.
PaPuX
(PaPuX)
22 Październik 2006 13:24
#6
To trzeba było wysyłać kontakty na serwer.
jak się nei zabepiczasz to nie oczekuj że się samo zrobi