prosze o sprawdzenie loga

IP: *.teledisnet.be 20.04.05, 14:27
Logfile of HijackThis v1.99.0
Scan saved at 14:22:50, on 20/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program
files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program
Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Propriétaire\Application
Data\sgrunt\IE4321.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton]
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le
cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O15 - Trusted Zone: www.sgrunt.biz
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} -
www.sgrunt.biz/closer/close.exe
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program
Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program
Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program
Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program
Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - c:\Program
Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation -
c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program
Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique -
Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown -
C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance -
Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Journaux et alertes de performance - Unknown -
C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown -
C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown -
C:\WINDOWS\System32\wbem\wmiapsrv.exe

bardzo prosze o pomoc.Dzieki
    • neder Re: prosze o sprawdzenie loga 20.04.05, 14:54
      coś się złego dzieje? bo log wygląda na czysty - dousunięcia tylko jedno
      > O15 - Trusted Zone: www.sgrunt.biz

      ewentualnie - do usunięcia emule z autostartu - zalezy od Ciebie, czy chcesz,
      żeby uruchamiał się wraz ze startem systemu
      > O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

      ja na twoim miejscu wywaliłabym z autostaru (sekcja 04) wszystko co związane z
      drukarką - po kija Ci to tam;/) - te wszystkie procesy znacznie spowalniają
      start systemu. Od drukarki są:

      > O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      > O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
      > Files\HP\hpcoretech\hpcmpmgr.exe"
      > O4 - HKLM\..\Run: [HPHUPD05] c:\Program
      > Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      > O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      > O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      > O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      > O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
      > Files\HP\Digital Imaging\bin\hpqtra08.exe
      • neder Re: prosze o sprawdzenie loga 20.04.05, 14:59
        a propos tej drukarki - to jak nie wiesz jaki prces za co odpowiada to możesz
        się dowiedzieć tutaj (wpisujesz np. hpqtra08.exe)
        www.processlibrary.com/notfound/index.php
        i zobaczyć czy jest Ci potrzebny - ale moim zdaniem lepiej to wszystko
        uruchamiać gdy jest naprawde potrzebne.
      • Gość: teray Re: prosze o sprawdzenie loga IP: *.teledisnet.be 20.04.05, 15:21
        niby wszysko OK. ale w IE bialy ekran
        i about:blank ,dlamnie to czarna magia
        (teraz to biala),i wkakujace porno strony
        co jakis czas???

        • Gość: Kolobos Re: prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 20.04.05, 15:23
          Zresetuj komputer i po resecie wklej nowy log z hijackthis, nie zaszkodzi tez
          log z:
          www.silentrunners.org/Silent%20Runners.vbs <- ten sie nie zmiesci w
          jednym poscie wiec doklej jakby obcielo.
          • Gość: teray Re: prosze o sprawdzenie loga IP: *.teledisnet.be 20.04.05, 15:30
            'Silent Runners.vbs
            • Gość: Kolobos Re: prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 20.04.05, 15:35
              Masz uruchomic Silent Runners.vbs (kliknac na nim dwa razy) a nie wklejac
              zawartosc tego pliku.
        • neder Re: prosze o sprawdzenie loga 20.04.05, 15:25
          w logu nic nie widzę :9 ale skoro coś tam masz to ściągnij i przeskanuj tym:
          forum.gazeta.pl/forum/72,2.html?f=430&w=14530041&a=14530242
          (CWSredder, ad-aware, Spybot S&D)
    • Gość: teray Re: prosze o sprawdzenie loga IP: *.teledisnet.be 20.04.05, 15:46
      Logfile of HijackThis v1.99.0
      Scan saved at 15:43:24, on 20/04/2005
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\WINDOWS\Explorer.EXE
      c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
      C:\windows\system\hpsysdrv.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\HP\KBD\KBD.EXE
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\AVPersonal\AVWUPSRV.EXE
      c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
      c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program
      files\hp\digital imaging\bin\hpdtlk02.dll
      O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
      c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
      files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
      Files\Java\jre1.5.0_02\bin\jusched.exe
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
      Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [HPHUPD05] c:\Program
      Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec
      Shared\ccApp.exe"
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
      O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Propriétaire\Application
      Data\sgrunt\IE4321.exe
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Acme.PCHButton]
      C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
      Files\HP\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: &Google Search - res://c:\program
      files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: Pages liées - res://c:\program
      files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Pages similaires - res://c:\program
      files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Version de la page actuelle disponible dans le
      cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) -
      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
      Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
      www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
      www-secure.symantec.com/techsupp/asa/SymAData.cab
      O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program
      Files\HP\hpcoretech\comp\hpuiprot.dll
      O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program
      Files\AVPersonal\AVGUARD.EXE
      O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program
      Files\AVPersonal\AVWUPSRV.EXE
      O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program
      Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy - Symantec Corporation - c:\Program
      Files\Fichiers communs\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Program
      Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager - Symantec Corporation - c:\Program
      Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: Service d'administration du Gestionnaire de disque logique -
      Unknown - C:\WINDOWS\System32\dmadmin.exe
      O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
      O23 - Service: Fax - Unknown - C:\WINDOWS\system32\fxssvc.exe
      O23 - Service: Partage de Bureau à distance NetMeeting - Unknown -
      C:\WINDOWS\System32\mnmsrvc.exe
      O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
      O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown
      - C:\WINDOWS\system32\sessmgr.exe
      O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
      O23 - Service: Symantec Network Drivers Service - Symantec Corporation -
      C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Journaux et alertes de performance - Unknown -
      C:\WINDOWS\system32\smlogsvc.exe
      O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
      O23 - Service: Carte de performance WMI - Unknown -
      C:\WINDOWS\System32\wbem\wmiapsrv.exe

      na to drugie to jestem za glupi, jak widac
      • Gość: Kolobos Re: prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 20.04.05, 15:52
        Usun w hijackthis te wpisy:
        O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Propriétaire\Application
        Data\sgrunt\IE4321.exe <- jakis dialer

        Wiecej nic nie widze, chyba ze te smiecie od HP.

        A co do:
        www.silentrunners.org/Silent%20Runners.vbs
        To klikasz na linku prawym przyciskiem, wybierasz zapisz jako i zapisujesz np.
        na pulpicie, pozniej klikasz na zapisanym pliku znowy prawym i wybierasz Otworz
        pewnie po fr masz to inaczej ;-) ale wazne zeby go uruchomic, a nie edytowac.
    • Gość: teray Re: prosze o sprawdzenie loga IP: *.teledisnet.be 20.04.05, 16:10
      "Silent Runners.vbs", revision 35, www.silentrunners.org/
      Operating System: Windows XP SP2
      Output limited to non-default values, except where indicated by "{++}"


      Startup items buried in registry:
      ---------------------------------

      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
      "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]
      "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
      "Acme.PCHButton" =
      "C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\PCHButton.exe" ["Motive
      Communications, Inc."]
      "eMuleAutoStart" = "C:\Program Files\eMule\emule.exe -AutoStart"
      ["www.bio-project.net"]

      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
      "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun
      Microsystems, Inc."]
      "hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
      "HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe""
      ["Hewlett-Packard Company"]
      "HPHUPD05" = "c:\Program
      Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" ["Hewlett-Packard"]
      "HPHmon05" = "C:\WINDOWS\System32\hphmon05.exe" ["Hewlett-Packard"]
      "KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
      "Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
      "ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe""
      ["Symantec Corporation"]
      "PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]
      "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
      "UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u" [MS]
      "Olympic" = "C:\Documents and Settings\Propriétaire\Application
      Data\sgrunt\IE4321.exe" [file not found]

      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from
      CLSID]
      -> {CLSID}\InProcServer32\(Default) = "c:\program
      files\google\googletoolbar2.dll" ["Google Inc."]

      HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
      "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du
      Panneau de configuration"
      -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
      "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
      -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll"
      ["Hilgraeve, Inc."]
      "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
      -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
      "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
      -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\RecordNow!\shlext.dll"
      [null data]
      "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
      -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
      [null data]
      "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
      -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
      "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
      -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
      INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]


      Enabled Screen Saver:
      ---------------------

      HKCU\Control Panel\Desktop\
      "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


      Enabled Wallpaper and Active Desktop:
      -------------------------------------

      Active Desktop is disabled.

      HKCU\Control Panel\Desktop\
      "Wallpaper" = "C:\Documents and Settings\Propriétaire\Local Settings\Application
      Data\Microsoft\Wallpaper1.bmp"


      Startup items in "Propriétaire" & "All Users" startup folders:
      --------------------------------------------------------------

      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
      "HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital
      Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]


      Enabled Scheduled Tasks:
      ------------------------

      "Connexion facile à Internet" -> launches: "C:\Program Files\Easy Internet
      signup\HPSdpApp.exe /remind" ["Hewlett-Packard"]
      "WTR" -> launches: "C:\Program Files\BulletProofSoft.com\WinTrace
      Remover\76E2BD14" [file not found]


      Winsock2 Service Provider DLLs:
      -------------------------------

      Namespace Service Providers

      HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\
      {++}
      000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
      000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
      000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

      Transport Service Providers

      HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
      {++}
      0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
      %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
      %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


      Toolbars, Explorer Bars, Extensions:
      ------------------------------------

      Toolbars

      HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
      "{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
      -> {CLSID}\(Default) = "Vue HP"
      -> {CLSID}\InProcServer32\(Default) = "c:\program files\hp\digital
      imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

      HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
      "{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
      -> {CLSID}\(Default) = "Vue HP"
      -> {CLSID}\InProcServer32\(Default) = "c:\program files\hp\digital
      imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

      "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
      -> {CLSID}\(Default) = "&Google"
      -> {CLSID}\InProcServer32\(Default) = "c:\program
      files\google\googletoolbar2.dll" ["Google Inc."]

      HKLM\Software\Microsoft\Internet Explorer\Toolbar\
      "{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
      -> {CLSID}\(Default) = "Vue HP"
      -> {CLSID}\InProcServer32\(Default) = "c:\program files\hp\digital
      imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

      "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
      -> {CLSID}\(Default) = "Web assistant"
      -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Fichiers
      communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

      "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
      -> {CLSID}\(Default) = "&Google"
      -> {CLSID}\InProcServer32\(Default) = "c:\program
      files\google\googletoolbar2.dll" ["Google Inc."]

      Dormant Explorer Bars in "View, Explorer Bar" menu

      HKLM\Software\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\
      (Default) = "Vue HP"
      Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
      InProcServer32\(Default) = "c:\program files\hp\digital
      imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

      • Gość: Kolobos Re: prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 20.04.05, 16:13
        Doklej brakujaca koncowke bo sie cale nie zmiescilo.
        • Gość: teray Re: prosze o sprawdzenie loga IP: *.teledisnet.be 20.04.05, 16:20
          HKLM\Software\Microsoft\Internet Explorer\Toolbar\
          "{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
          -> {CLSID}\(Default) = "Vue HP"
          -> {CLSID}\InProcServer32\(Default) = "c:\program files\hp\digital
          imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

          "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
          -> {CLSID}\(Default) = "Web assistant"
          -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Fichiers
          communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

          "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
          -> {CLSID}\(Default) = "&Google"
          -> {CLSID}\InProcServer32\(Default) = "c:\program
          files\google\googletoolbar2.dll" ["Google Inc."]

          Dormant Explorer Bars in "View, Explorer Bar" menu

          HKLM\Software\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\
          (Default) = "Vue HP"
          Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
          InProcServer32\(Default) = "c:\program files\hp\digital
          imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]

          Extensions (Tools menu items, main toolbar menu buttons)

          HKLM\Software\Microsoft\Internet Explorer\Extensions\
          {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
          "MenuText" = "Console Java (Sun)"
          "CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
          -> {CLSID}\InProcServer32\(Default) = "C:\Program
          Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]


          Running Services (Display Name, Service Name, Path {Service DLL}):
          ------------------------------------------------------------------

          AntiVir Update, AVWUpSrv, ""C:\Program Files\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV
          Datentechnik GmbH, Germany"]
          Symantec Event Manager, ccEvtMgr, ""c:\Program Files\Fichiers communs\Symantec
          Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
          Symantec Network Proxy, ccProxy, ""c:\Program Files\Fichiers communs\Symantec
          Shared\ccProxy.exe"" ["Symantec Corporation"]
          Symantec Settings Manager, ccSetMgr, ""c:\Program Files\Fichiers
          communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
          Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


          ----------
          This report excludes default entries except where indicated.
          To see *everywhere* the script checks and *everything* it finds,
          launch it from a command prompt or a shortcut with the -all parameter.
          ----------
          chyba caly tym razem? jesli mi sie udalo to sam wto niewierze
    • Gość: teray Re: prosze o sprawdzenie loga IP: *.teledisnet.be 20.04.05, 16:16
      chyba wkleilem wszystko ????
      wielkie dzieki za pomoc i wyrozumialosc
      niemam o komp. zielonego pojecia
      pozdrawiam
      • Gość: Kolobos Re: prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 20.04.05, 16:23
        Zostal tylko wpis w hijackthis o ten:
        O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Propriétaire\Application
        Data\sgrunt\IE4321.exe
        Wybierz scan only zaznacz ptaszka przy nim i Fix Checked, reszta jest czysta.
        Chyba ze juz nie masz tego wpisu to nic juz nie rob i raczej powinno byc ok.
        Na wszelki wypadek przeskanuj system tym:

        housecall.trendmicro.com/housecall/start_corp.asp
        www.windowsecurity.com/trojanscan/
        www.pandasoftware.com/activescan/pol/activescan_principal.htm
        • Gość: teray Re: prosze o sprawdzenie loga IP: *.246.81.adsl.skynet.be 20.04.05, 16:49
          wielkie dzieki wszysko zrobie ale jutr
          jestem przy innym komp.
          jutro napisze co mi sie udalo zrobic
          dzieki
Pełna wersja