Analiza loga, prosze :)
Logfile of HijackThis v1.99.1
Scan saved at 10:21:31, on 2005–06–09
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
D:\Programy\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kavmm.exe
C:\WINNT\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINNT\SOUNDMAN.EXE
D:\Programy\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kav.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
D:\Programy\Gadu–Gadu\GG.EXE
C:\Program Files\Winamp\winamp.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\PopUpCop\PCCloser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
D:\Temp\Rar$EX00.931\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=80.227.56.42:8080
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Programy\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 – Toolbar: @msdxmLC.dll,–1@1033,&Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINNT\system32\msdxm.ocx
O3 – Toolbar: PopUpCop – {DB43E4E6–FF8A–4018–8C8E–F68587A44A73} – C:\PROGRA~1\PopUpCop\PopUpCop.dll
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – D:\Programy\DAP\dapiebar.dll
O4 – HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 – HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [KAV50] "D:\Programy\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kav.exe" –run –n PersonalPro –v 5.0.0.0 –chkss
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Programy\Gadu–Gadu\GG.EXE" /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: &Download with &DAP – D:\PROGRAMY\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – D:\PROGRAMY\DAP\dapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – D:\PROGRAMY\DAP\DAP.EXE
O16 – DPF: {10ABC6DB–E091–4EAE–98DD–21B5A2460714} (DetInstaller Class) – http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: Usługa administracyjna Menedźera dysków logicznych (dmadmin) – VERITAS Software Corp. – C:\WINNT\System32\dmadmin.exe
O23 – Service: Kaspersky Anti–Virus Service (KLBLMain) – Kaspersky Lab – D:\Programy\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kavmm.exe
O23 – Service: LicCtrl Service (LicCtrlService) – Unknown owner – C:\WINNT\runservice.exe
O23 – Service: NVIDIA Display Driver Service (Omega 1.6177) (P) (NVSvc) – NVIDIA Corporation – C:\WINNT\system32\nvsvc32.exe
Scan saved at 10:21:31, on 2005–06–09
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
D:\Programy\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kavmm.exe
C:\WINNT\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINNT\SOUNDMAN.EXE
D:\Programy\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kav.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
D:\Programy\Gadu–Gadu\GG.EXE
C:\Program Files\Winamp\winamp.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\PopUpCop\PCCloser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
D:\Temp\Rar$EX00.931\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=80.227.56.42:8080
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Programy\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 – Toolbar: @msdxmLC.dll,–1@1033,&Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINNT\system32\msdxm.ocx
O3 – Toolbar: PopUpCop – {DB43E4E6–FF8A–4018–8C8E–F68587A44A73} – C:\PROGRA~1\PopUpCop\PopUpCop.dll
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – D:\Programy\DAP\dapiebar.dll
O4 – HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 – HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [KAV50] "D:\Programy\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kav.exe" –run –n PersonalPro –v 5.0.0.0 –chkss
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Programy\Gadu–Gadu\GG.EXE" /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: &Download with &DAP – D:\PROGRAMY\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – D:\PROGRAMY\DAP\dapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – D:\PROGRAMY\DAP\DAP.EXE
O16 – DPF: {10ABC6DB–E091–4EAE–98DD–21B5A2460714} (DetInstaller Class) – http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: Usługa administracyjna Menedźera dysków logicznych (dmadmin) – VERITAS Software Corp. – C:\WINNT\System32\dmadmin.exe
O23 – Service: Kaspersky Anti–Virus Service (KLBLMain) – Kaspersky Lab – D:\Programy\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kavmm.exe
O23 – Service: LicCtrl Service (LicCtrlService) – Unknown owner – C:\WINNT\runservice.exe
O23 – Service: NVIDIA Display Driver Service (Omega 1.6177) (P) (NVSvc) – NVIDIA Corporation – C:\WINNT\system32\nvsvc32.exe
Odpowiedzi: 1
W logu niczego szkodliwego nie widać.
Prosze pisać w pierwszy poście z czym ma się problem, a nie tylko prosze o sprawdzenie i tyle.
Prosze pisać w pierwszy poście z czym ma się problem, a nie tylko prosze o sprawdzenie i tyle.
Strona 1 / 1