Dodaj do ulubionych

Sprawdzenie loga z hijack this

IP: *.neoplus.adsl.tpnet.pl 19.08.06, 12:12
Logfile of HijackThis v1.99.1
Scan saved at 12:05:46, on 2006-08-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\ANTYVI~1\backweb\4476822\Program\SERVIC~1.EXE
D:\Antyvirus\Anti-Virus\fsgk32st.exe
D:\Antyvirus\Anti-Virus\FSGK32.EXE
D:\Antyvirus\backweb\4476822\program\fsbwsys.exe
D:\Antyvirus\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe
D:\Antyvirus\Common\FSMB32.EXE
D:\Antyvirus\Anti-Virus\fssm32.exe
D:\Antyvirus\Common\FCH32.EXE
D:\Antyvirus\Common\FAMEH32.EXE
D:\Antyvirus\Anti-Virus\fsqh.exe
D:\Antyvirus\Anti-Virus\fsrw.exe
D:\Antyvirus\FWES\Program\fsdfwd.exe
D:\Antyvirus\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Antyvirus\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\ANTYVI~1\ANTI-S~1\fsaw.exe
D:\BitComet\BitComet.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Antyvirus\FSGUI\fsguidll.exe
D:\eMule\emule.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\VLC\Toolbar\EPSIBar.exe
D:\Antyvirus\backweb\4476822\Program\fspex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\GRVSA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Aska\Pulpit\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Acrobat\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Antyvirus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure
TNB] "D:\Antyvirus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup
Wizard] "D:\Antyvirus\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BitComet] "D:\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
\dslmon.exe
O4 - Global Startup: EPSI ToolBar.lnk = D:\VLC\Toolbar\EPSIBar.exe
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk =
D:\Antyvirus\backweb\4476822\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Zablokuj to okienko - D:\Antyvirus\Anti-
Spyware\blockpopups.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Osłona programu IE - {300DB664-75B5-47c0-8B45-
A44ACCF73C00} - D:\Antyvirus\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Osłona programu IE... - {300DB664-75B5-47c0-8B45-
A44ACCF73C00} - D:\Antyvirus\Anti-Spyware\ieshield.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E0B3881-B3B4-4DE6-95EA-
014FCAFC18D2}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E0B3881-B3B4-4DE6-95EA-
014FCAFC18D2}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-
Secure Internet Security 2005 - D:\ANTYVI~1\backweb\4476822
\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure
Corporation - D:\Antyvirus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - D:\Antyvirus\backweb\4476822
\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure
Corporation - D:\Antyvirus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation -
D:\Antyvirus\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


Bardzo uprzejmię dziękuje, mój damski umysł nic kompletnie z tego nie kapuje
aczkolwiek komp nawala. aha to mnie troche martwi O4 - HKCU\..\Run:
[WhenUSave] "C:\Program Files\Save\Save.exe" bo mi czasem wyskakują jakieś
głupoty WhenUSave czy coś.
Edytor zaawansowany
  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 19.08.06, 12:26
    W menadzerze zadan zakoncz:
    C:\Program Files\Save\Save.exe
    Katalog Save usun z dysku.

    W hjt usun:
    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka