Proszę o pomoc w sprawdzeniu loga.

IP: 212.122.214.* 18.03.07, 11:15
Proszę o sprawdzenie loga.
Z góry dzięki za pomoc.

Logfile of HijackThis v1.99.1
Scan saved at 11:13:45, on 2007-03-18
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus 2007\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\WINDOWS\System32\clcl2.exe
C:\WINDOWS\vmmreg32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Ahead\ODD Toolkit\DVDCheck.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AvTask.exe
C:\Documents and Settings\A\Ustawienia lokalne\Temporary Internet
Files\Content.IE5\NH0FOCX2\aawsepersonal[1].exe
C:\WINDOWS\System32\MSIEXEC.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AvTask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\Apvxdwin.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AvTask.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\A\USTAWI~1\Temp\Rar$EX00.343\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: run=C:\WINDOWS\ServicePackFiles\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-
0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0
\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [xp_sys] C:\WINDOWS\ServicePackFiles\mmshst39.exe 20130
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\System32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\System32\lnwin.exe
O4 - HKLM\..\Run: [clcl2] C:\WINDOWS\System32\clcl2.exe
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [ComPlus Applications] C:\WINDOWS\vmmreg32.exe
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\A\USTAWI~1\Temp\{47AC4A9D-403C-
41B9-AE00-6C3DBA594660}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}
\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0015"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus
2007\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe
O4 - HKCU\..\Run: [xp_sys] C:\WINDOWS\ServicePackFiles\mmshst39.exe 20130
O4 - HKCU\..\Run: [adirka] C:\WINDOWS\System32\adirka.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1
\program\quickstart.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program
Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) -
www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All
Users\Dokumenty\Settings\winsys2f.dll
O21 - SSODL: SfARmUZLUGvUeR - {4C1AA0EA-E6B0-0A40-A635-D3F46FA35347} -
C:\WINDOWS\System32\uut.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32
\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Software Controller - Panda Software International -
C:\Program Files\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software
International - C:\Program Files\Panda Software\Panda Antivirus 2007
\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software
International - C:\Program Files\Panda Software\Panda Antivirus 2007
\psimsvc.exe

    • Gość: Kolobos Re: Proszę o pomoc w sprawdzeniu loga. IP: *.escom.net.pl 18.03.07, 13:55
      Uzyj wwdc.exe, ewido, oraz wyczysc temp przy pomocy www.atribune.org/content/view/25/2/ , zapoznaj sie z obsluga killbox'a.

      W menadzerze zadan zakoncz:
      C:\WINDOWS\System32\clcl2.exe
      C:\WINDOWS\vmmreg32.exe
      C:\Documents and Settings\A\Ustawienia lokalne\Temporary Internet
      Files\Content.IE5\NH0FOCX2\aawsepersonal[1].exe

      W hjt usun:
      F3 - REG:win.ini: run=C:\WINDOWS\ServicePackFiles\services.exe
      O4 - HKLM\..\Run: [xp_sys] C:\WINDOWS\ServicePackFiles\mmshst39.exe 20130
      O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\System32\adirss.exe
      O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\System32\lnwin.exe
      O4 - HKLM\..\Run: [clcl2] C:\WINDOWS\System32\clcl2.exe
      O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
      O4 - HKLM\..\Run: [ComPlus Applications] C:\WINDOWS\vmmreg32.exe
      O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\A\USTAWI~1\Temp\{47AC4A9D-403C-
      41B9-AE00-6C3DBA594660}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}
      \..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0015"
      O4 - HKCU\..\Run: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe
      O4 - HKCU\..\Run: [xp_sys] C:\WINDOWS\ServicePackFiles\mmshst39.exe 20130
      O4 - HKCU\..\Run: [adirka] C:\WINDOWS\System32\adirka.exe
      O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
      O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All
      Users\Dokumenty\Settings\winsys2f.dll
      O21 - SSODL: SfARmUZLUGvUeR - {4C1AA0EA-E6B0-0A40-A635-D3F46FA35347} -
      C:\WINDOWS\System32\uut.dll (file missing)

      Wymienione pliki usun z dysku.
    • Gość: gośc Re: Proszę o pomoc w sprawdzeniu loga. IP: *.adsl.inetia.pl 01.05.07, 16:42
      avg anti-spyware załatwi ci tcpipmon'a;P
Pełna wersja