Gość: Kolobos Re: WinPC Defender jak to wywalic??? IP: *.zask.pl 10.04.09, 22:05 Daj log z combofix, wczesniej przeczytaj podwieszony temat! Odpowiedz Link Zgłoś
hansgrubber Sprawdzenie loga z Hijack This 14.05.09, 18:12 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:04:38, on 2009-05-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\websrvx\websrvx.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\windows\pp06.exe C:\windows\freddy42.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Administrator\Dane aplikacji\pcdefender.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dll32.exe C:\WINDOWS\system32\DL32.exe C:\WINDOWS\system32\SYS32DLL.exe C:\Program Files\IBM\Bluetooth Software\BTTray.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\8ZMBIXY5\hijackthis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEocx Class - {06ec6572-7280-485a-a712-c380526bc048} - C:\WINDOWS\ieocx.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9- A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: 219198 helper - {5B452B01-12C9-4286-81D9-2308AEB3CD94} - (no file) O2 - BHO: 218538 helper - {5E5EFA8F-9F53-418E-B78E-44866667A404} - C:\WINDOWS\system32\218538\218538.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333- CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA- CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: 179223 helper - {B3FA56CF-B3F9-4328-9802-CFAACEA86646} - C:\WINDOWS\system32\179223\179223.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195- BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\WINDOWS\system32\796525\796525.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18- 009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sysldtray] C:\windows\ld06.exe O4 - HKLM\..\Run: [pp] C:\windows\pp06.exe O4 - HKLM\..\Run: [sysfbtray] C:\windows\freddy42.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sysav] C:\Documents and Settings\Administrator\Dane aplikacji\pcdefender.exe O4 - HKCU\..\Run: [dll] rundll32 dll32,sm O4 - HKCU\..\Run: [dll32] dll32 O4 - HKCU\..\Run: [DL32] DL32 O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32 \CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32 \CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32 \CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32 \CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF- AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331- 5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef- 9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB- E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E- 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2- BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - www- 307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185917377855 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B71 Odpowiedz Link Zgłoś
hansgrubber Re: Sprawdzenie loga z Hijack This 14.05.09, 18:16 cd O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: winrpc32 - C:\WINDOWS\SYSTEM32\winrpc32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150 \Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32 \PnkBstrA.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32 \RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: websrvx - Unknown owner - C:\Program Files\websrvx\websrvx.exe -- End of file - 9083 bytes Mam nadzieje ze wszystko zrobilem jak trzeba. Prosze o pomoc i pozdrawiam. h Odpowiedz Link Zgłoś
Gość: Kolobos Re: Sprawdzenie loga z Hijack This IP: *.zask.pl 14.05.09, 19:14 Po co odpisujesz po miesiacu skoro nie potrafisz czytac?! Miales dac log z combofix na wklej.org i podac link, a nie wklejac log z hijackthis w tresci. Odpowiedz Link Zgłoś
hansgrubber Re: Sprawdzenie loga z Hijack This 26.06.09, 21:54 Swa nieumiejetnosc potwierdzam lektura Twej uprzejmej odpowiedzi. :) Czy moge Cie prosic o pomoc? Odpowiedz Link Zgłoś
Gość: Kolobos Re: Sprawdzenie loga z Hijack This IP: *.zask.pl 28.06.09, 00:07 Juz wystarczajaco Ci pomoglem - podalem wszystko co trzeba! Pozostaje Ci wykonac to co napisalem (lub nie). Odpowiedz Link Zgłoś
