Logfile of HijackThis v1.99.1

Gość: agazeus Re: Logfile of HijackThis v1.99.1 IP: *.com / 82.177.161.* 16.11.05, 20:42

CZY MÓGŁBY MI TO KTOŚ SPRAWDZIĆ I PORADZIĆ CO USUNĄĆ???

Logfile of HijackThis v1.99.1
Scan saved at 20:21:35, on 2005-11-16
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\soundman.exe
C:\windows\system32\mdms.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\sysvcs.exe
C:\Program Files\PLANET\PLANET WL-U350B Wireless \WlanMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\kr\Pulpit\Logfile of HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.wp.pl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} -
C:\WINDOWS\System32\appwiy.dll
O2 - BHO: CFilter Object - {C97EAD04-D1D3-4580-BDAC-EB13B6CB176E} -
C:\WINDOWS\fonts\font.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /0
O4 - Global Startup: WL-U350B Monitor Utility.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
67.15.101.3/g_bin/pl/cards_2_0_0_65.cab
O16 - DPF: {2A781DED-C22D-4153-9812-CEA98A32981C} (GameDesire Makao) -
67.15.101.3/g_bin/pl/cardsmakao_2_0_0_17.cab
O16 - DPF: {2DF91772-19DC-47AE-B52F-B8E2FE545625} (Spd2 Class) -
www.lemontv.pl/lmctrls.cab
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) -
67.15.101.3/g_bin/pl/boards_2_0_0_20.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131988864942
O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} -
megapanel.gem.pl/temp/netp/0995/7359/0198/5100/1_0995735901985100.ocx
O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) -
67.15.101.3/g_bin/pl/makao_2_0_0_15.cab
O16 - DPF: {8FACB588-4A4B-46C1-807B-1F08D0AC7592} (eTours Control) -
www.360etours.net/tours/activex/eTours.ocx
O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) -
67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) -
67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab
O16 - DPF: {A854AD6D-6DB5-41FB-8044-0BD38092A007} (Ganymede Sudoku) -
67.15.101.3/g_bin/pl/sudoku_2_0_0_1.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire
Marbies&Diamonds) - 67.15.101.3/g_bin/pl/marbles_2_0_0_18.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) -
67.15.101.3/g_bin/pl/darts_2_0_0_28.cab
O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) -
67.15.101.3/g_bin/pl/breakout_2_0_0_15.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) -
67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) -
67.15.101.3/g_bin/pl/mahjong_2_0_0_18.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Menedżer kont zabezpieczeń (SamSs) - Realtek Semiconductor
Corporation - (no file)

Drzewko
Od najstarszego
Od najnowszego

Gość: Kolobos Re: Logfile of HijackThis v1.99.1 IP: *.warszawa.sdi.tpnet.pl 16.11.05, 19:48

Zobacz pare ostatnich watkow, a jak umiesz czytac i pisac to mozesz nawet
wpisac w google hijackthis i zaznaczyc wyszukiwanie w polskich stronach, a
nastepnie poczytac druga strone.
- Gość: agazeus Re: Logfile of HijackThis v1.99.1 IP: *.com / 82.177.161.* 16.11.05, 20:42
  
  CZY MÓGŁBY MI TO KTOŚ SPRAWDZIĆ I PORADZIĆ CO USUNĄĆ???
  
  Logfile of HijackThis v1.99.1
  Scan saved at 20:21:35, on 2005-11-16
  Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\csrss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\wdfmgr.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\WINDOWS\soundman.exe
  C:\windows\system32\mdms.exe
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  C:\WINDOWS\System32\sysvcs.exe
  C:\Program Files\PLANET\PLANET WL-U350B Wireless \WlanMonitor.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\explorer.exe
  C:\Documents and Settings\kr\Pulpit\Logfile of HijackThis\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
  www.wp.pl
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
  www.wp.pl
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
  F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,userinit.exe
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
  C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
  \SPYBOT~1\SDHelper.dll
  O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} -
  C:\WINDOWS\System32\appwiy.dll
  O2 - BHO: CFilter Object - {C97EAD04-D1D3-4580-BDAC-EB13B6CB176E} -
  C:\WINDOWS\fonts\font.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
  C:\WINDOWS\System32\msdxm.ocx
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
  \NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [SoundMan] soundman.exe
  O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
  Sweeper\SpySweeper.exe" /0
  O4 - Global Startup: WL-U350B Monitor Utility.lnk = ?
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
  C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
  00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
  67.15.101.3/g_bin/pl/cards_2_0_0_65.cab
  O16 - DPF: {2A781DED-C22D-4153-9812-CEA98A32981C} (GameDesire Makao) -
  67.15.101.3/g_bin/pl/cardsmakao_2_0_0_17.cab
  O16 - DPF: {2DF91772-19DC-47AE-B52F-B8E2FE545625} (Spd2 Class) -
  www.lemontv.pl/lmctrls.cab
  O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
  poczta.wp.pl/autoryzacja/mailcfg.ocx
  O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) -
  67.15.101.3/g_bin/pl/boards_2_0_0_20.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
  update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131988864942
  O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} -
  megapanel.gem.pl/temp/netp/0995/7359/0198/5100/1_0995735901985100.ocx
  O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) -
  67.15.101.3/g_bin/pl/makao_2_0_0_15.cab
  O16 - DPF: {8FACB588-4A4B-46C1-807B-1F08D0AC7592} (eTours Control) -
  www.360etours.net/tours/activex/eTours.ocx
  O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) -
  67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
  O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) -
  67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab
  O16 - DPF: {A854AD6D-6DB5-41FB-8044-0BD38092A007} (Ganymede Sudoku) -
  67.15.101.3/g_bin/pl/sudoku_2_0_0_1.cab
  O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire
  Marbies&Diamonds) - 67.15.101.3/g_bin/pl/marbles_2_0_0_18.cab
  O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) -
  67.15.101.3/g_bin/pl/darts_2_0_0_28.cab
  O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) -
  67.15.101.3/g_bin/pl/breakout_2_0_0_15.cab
  O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) -
  67.15.101.3/g_bin/pl/words_2_0_0_36.cab
  O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) -
  67.15.101.3/g_bin/pl/mahjong_2_0_0_18.cab
  O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
  67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
  Software\Avast4\ashServ.exe
  O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
  Software\Avast4\ashMaiSv.exe" /service (file missing)
  O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
  Software\Avast4\ashWebSv.exe" /service (file missing)
  O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
  C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: Menedżer kont zabezpieczeń (SamSs) - Realtek Semiconductor
  Corporation - (no file)
  - Gość: Kolobos Re: Logfile of HijackThis v1.99.1 IP: *.warszawa.sdi.tpnet.pl 16.11.05, 21:19
    
    W menadzerze zadan zakoncz proces:
    C:\windows\system32\mdms.exe
    Opis usuwania masz tutaj:
    www.searchengines.pl/phpbb203/index.php?
    showtopic=12510&pid=188758&mode=threaded&show=&st=30&#entry188758
    
    W hijackthis usun:
    
    O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} -
    C:\WINDOWS\System32\appwiy.dll <- usun plik
    O2 - BHO: CFilter Object - {C97EAD04-D1D3-4580-BDAC-EB13B6CB176E} -
    C:\WINDOWS\fonts\font.dll <- usun plik
    O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
    O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} -
    megapanel.gem.pl/temp/netp/0995/7359/0198/5100/1_0995735901985100.ocx
    O16 - DPF: {8FACB588-4A4B-46C1-807B-1F08D0AC7592} (eTours Control) -
    www.360etours.net/tours/activex/eTours.ocx
    O23 - Service: Menedżer kont zabezpieczeń (SamSs) - Realtek Semiconductor
    Corporation - (no file) <- wylacz usluge w services.msc
    
    Sprawdz ten plik:
    C:\WINDOWS\System32\userinit.exe
    tym skanerem:
    virusscan.jotti.org/ i napisz czy cos znalazl.
    
    I jeszcze skan system tym:
    download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
    przeskanowaniu odinstaluj.

Najnowsze z forum Wirusy, trojany, spyware

Zaloguj się