Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    proszę o sprawdzenie loga

    25.07.05, 08:39
    Logfile of HijackThis v1.99.1
    Scan saved at 08:37:38, on 2005-07-25
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software
    Updater.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\PC\USTAWI~1\Temp\Rar$EX00.823\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.wp.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O1 - Hosts: 62.75.224.159 home.edonkey2000.com
    O1 - Hosts: 62.75.224.159 home.edonkey.com
    O2 - BHO: SuperBar - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program
    Files\_SUPERBAR\_SUPERBAR.dll
    O3 - Toolbar: SuperBar - {7788A1CA-969B-4E31-9636-4369B970B672} - C:\Program
    Files\_SUPERBAR\_SUPERBAR.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
    \NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
    atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P
    Networking.exe /AUTOSTART
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program
    Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
    Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program
    Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: ING Bank Online -
    ssl.bsk.com.pl/bskonl/component/INGOnl.cab
    O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) -
    67.15.101.3/g_bin/pl/solitaire_2_0_0_18.cab
    O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
    67.15.101.3/g_bin/pl/cards_2_0_0_63.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire
    Marbles&Diamonds&Runes) - 67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
    O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word
    Games) - 67.15.101.3/g_bin/pl/wordssingle_2_0_0_34.cab
    O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) -
    67.15.101.3/g_bin/pl/mahjong_2_0_0_18.cab
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
    skaner.mks.com.pl/SkanerOnline.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
    67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak
    Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\system32\nvsvc32.exe

    Obserwuj wątek
      • Gość: Kolobos Re: proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 25.07.05, 08:59
        Nie uruchamiaj hijackthis z zipa!

        Przeskanuj i usun wszystko tym:
        download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe

        Zamykasz w menadzerze zadan ten proces:
        C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

        W hijackthis kasujesz to:

        O1 - Hosts: 62.75.224.159 home.edonkey2000.com
        O1 - Hosts: 62.75.224.159 home.edonkey.com
        O2 - BHO: SuperBar - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program
        Files\_SUPERBAR\_SUPERBAR.dll
        O3 - Toolbar: SuperBar - {7788A1CA-969B-4E31-9636-4369B970B672} - C:\Program
        Files\_SUPERBAR\_SUPERBAR.dll
        O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P
        Networking.exe /AUTOSTART <- kasujesz caly katalog P2P Networking
        O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

        Nastepnie Start->Uruchom
        regsvr32 /u "C:\Program Files\_SUPERBAR\\_SuperBar.Dll"
        regsvr32 /u "C:\Program Files\_SuperBar\_SuperBarExts.Dll"
        I kasujesz katalog _SuperBar

        W Start->Uruchom->Msconfig->Uruchamianie odznacz ptaszki przy:
        UserFaultCheck
        KernelFaultCheck
        • csylwia1 Re: proszę o sprawdzenie loga 25.07.05, 17:33
          Dziękuję za pomoc. Tutaj zawsze można liczyć na bezinteresowne
          zainteresowanie:D:D:) Oto wyniki moich wypocin wg. Twoich wskazówek:


          Logfile of HijackThis v1.99.1
          Scan saved at 17:28:59, on 2005-07-25
          Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\SOUNDMAN.EXE
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
          C:\Program Files\Gadu-Gadu\gg.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Skype\Phone\Skype.exe
          C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
          C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software
          Updater.exe
          C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\system32\drivers\KodakCCS.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\WINDOWS\system32\wuauclt.exe
          D:\InSTaLki\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.wp.pl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
          \NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
          \NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
          atboottime
          O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
          O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
          O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
          AntiSpyware\gcasServ.exe"
          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [Skype] "C:\Program
          Files\Skype\Phone\Skype.exe" /nosplash /minimized
          O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
          Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
          O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK
          Software Updater\7288971\Program\Kodak Software Updater.exe
          O4 - Global Startup: Microsoft Office.lnk = D:\Office\OSA9.EXE
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
          C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
          00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: ING Bank Online - ssl.bsk.com.pl/bskonl/component/INGOnl.cab
          O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) -
          67.15.101.3/g_bin/pl/solitaire_2_0_0_18.cab
          O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
          67.15.101.3/g_bin/pl/cards_2_0_0_63.cab
          O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire
          Marbles&Diamonds&Runes) - 67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
          O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word
          Games) - 67.15.101.3/g_bin/pl/wordssingle_2_0_0_34.cab
          O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) -
          67.15.101.3/g_bin/pl/mahjong_2_0_0_18.cab
          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
          skaner.mks.com.pl/SkanerOnline.cab
          O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
          67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashMaiSv.exe" /service (file missing)
          O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashWebSv.exe" /service (file missing)
          O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak
          Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
          C:\WINDOWS\system32\nvsvc32.exe

          • Gość: Kolobos Re: proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 25.07.05, 17:42
            Wyglada ok.
            • csylwia1 Re: proszę o sprawdzenie loga 25.07.05, 17:44
              Tym większe dzięki:D
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.