Gość: wojo IP: *.76.classcom.pl 20.07.06, 21:57 Odpowiedz Link Zgłoś Obserwuj wątek Podgląd Opublikuj
Gość: wojo log c.d. IP: *.76.classcom.pl 20.07.06, 21:58 O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123258224015 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123258530140 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - 193.225.32.158/activex/AxisCamControl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com/asquared.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - 89.97.5.28/activex/AMC.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll O20 - Winlogon Notify: emldvc - C:\WINDOWS\SYSTEM32\emldvc.dll O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\2236_27.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32 \IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32 \Tablet.exe Odpowiedz Link Zgłoś
Gość: Kolobos Re: log c.d. IP: *.warszawa.sdi.tpnet.pl 20.07.06, 22:08 Usun: O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll O20 - Winlogon Notify: emldvc - C:\WINDOWS\SYSTEM32\emldvc.dll O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\2236_27.dll Wymienione pliki usun z dysku przy pomocy killbox'a lub wczesniej wyrejestruj: regsvr32.exe /u C:\WINDOWS\system32\2236_27.dll i dopiero kasujesz. Zainstaluj antyvirus np. AntyVir Pe i przeskanuj system, po wszystkim wklej nowy log z hjt (pomin sekcje O16 - DPF, wtedy moze sie zmiesci w jednym poscie ;-) Odpowiedz Link Zgłoś
Gość: Kolobos Re: proszę o sprawdzenie loga, mam małą rzeźnię.. IP: *.warszawa.sdi.tpnet.pl 20.07.06, 22:05 W menadzerze zadan zakoncz: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\win32.exe <- usun wszystko z katalogu temp. C:\WINDOWS\system32\dlh9jkdq2.exe <- plik usun z dysku. C:\WINDOWS\system32\vxgamet2.exe <- plik usun z dysku. C:\WINDOWS\system32\vxgamet3.exe <- plik usun z dysku. C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\rsysinit.exe C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\20347\60711.exe C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\19333\607112.exe W hjt usun: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=explorer.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nwiz] nwiz.exe /install <- po co dwa razy? jedno wywal. O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\testtestt.exe <- plik usun z dysku. O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\10.tmp5120.exe O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\D.tmp3072.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe <- plik usun z dysku. Te skroty mozna wywalic z autostartu: O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Zaraz sprawdze kolejna czesc, chce tez zobaczyc naglowek log'a z hjt. Odpowiedz Link Zgłoś
Gość: wojo Re: proszę o sprawdzenie loga, mam małą rzeźnię.. IP: *.76.classcom.pl 20.07.06, 22:10 tyle że sukinsyn nie daje wejść do menadżera zadań Odpowiedz Link Zgłoś
Gość: Kolobos Re: proszę o sprawdzenie loga, mam małą rzeźnię.. IP: *.warszawa.sdi.tpnet.pl 20.07.06, 22:13 Wiec uzyj np: www.sysinternals.com/Utilities/ProcessExplorer.html Odpowiedz Link Zgłoś
Gość: wojo Re: proszę o sprawdzenie loga, mam małą rzeźnię.. IP: *.76.classcom.pl 21.07.06, 00:58 niewiele pomogło, wklejam ponownie Logfile of HijackThis v1.99.1 Scan saved at 00:53:19, on 2006-07-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\DCPFLICS\DCPFLICS.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Speed Disk\nopdb.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\Delux\PS2 Keyboard English Edition 2.0\kb_2k.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\explorer.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Pulpit\KillBox.exe C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32 \NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" - lang 1033 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32 \spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06 \bin\jusched.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1 \ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32 \NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" - atboottime O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0 \ewido.exe" /minimized O4 - HKCU\..\Run: [Komunikator] "C:\Program Files\Tlen.pl\tlen.exe" -- confdir=home O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\10.tmp5120.exe O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\D.tmp3072.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: PS2 Keyboard English Edition 2.0.lnk = ? O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir% \bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll O21 - SSODL: MzLhxzWuvTLM - {D8EC8BDD-7246-2177-C3A0-754AB60C48C0} - C:\WINDOWS\system32\bublc.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32 \IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32 \Tablet.exe Odpowiedz Link Zgłoś
Gość: Kolobos Re: proszę o sprawdzenie loga, mam małą rzeźnię.. IP: *.warszawa.sdi.tpnet.pl 21.07.06, 09:51 > niewiele pomogło, wklejam ponownie Pewnie daltego, ze nie zrobiles wszystkiego co napisalem! Dlaczego nie zainstalowales antyvirusa?! Do kasacji w hjt: O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\10.tmp5120.exe <- usun wszystko z temp! O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\D.tmp3072.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe <- plik usun z dysku. O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe <- plik usun z dysku. O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll <- plik usun z dysku. O21 - SSODL: MzLhxzWuvTLM - {D8EC8BDD-7246-2177-C3A0-754AB60C48C0} - C:\WINDOWS\system32\bublc.dll <- ten tez. Przeskanuj system przy pomocy ewido i zobacz czy cos wykrywa. Odpowiedz Link Zgłoś
