Bardzo proszę o sprawdzenie loga
Witam
Bardzo proszę jakąś pomocną osobę o sprawdzenie tego loga: (z góry dziękuję i pozdrawiam).
Logfile of HijackThis v1.99.0
Scan saved at 12:15:50, on 2005–02–04
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSmsmsgr2.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesWindows AdStatusWinStatKeep.exe
C:Program FilesGadu–Gadugg.exe
C:WINDOWSSystem32driversCDAC11BA.EXE
C:WINDOWSSystem32wdfmgr.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSmsmsgr2.exe
C:WINDOWSSystem32wuauclt.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesLavasoftAd–Aware SE PersonalAd–Aware.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesWindows AdStatusWinStat.exe
C:WINDOWSexplorer.exe
C:WINDOWSexplorer.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesFlashGetflashget.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1AGNIES~1.PIAUSTAWI~1TempRar$EX00.687HijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1AGNIES~1.PIAUSTAWI~1Tempsp.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1AGNIES~1.PIAUSTAWI~1Tempsp.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O2 – BHO: (no name) – {D8701698–DB4B–41FD–82C8–F504B2CAECC4} – C:WINDOWSSystem32klki.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 – HKLM..Run: [CorelDRAW Graphics Suite 11b] C:Program FilesCorelCorel Graphics 12LanguagesENProgramsRegistration.exe /title="CorelDRAW Graphics Suite 12" /date=012705 serial=DR12WTX–9999998–YSP lang=EN
O4 – HKLM..Run: [Admanager Controller] C:Program FilesAdmanager ControllerAdManCtl.exe
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [_Cat4] C:WINDOWSmsmsgr2.exe
O4 – HKLM..Run: [Windows AdStatus] C:Program FilesWindows AdStatusWinStat.exe
O4 – HKLM..RunOnce: [AAW] "C:Program FilesLavasoftAd–Aware SE PersonalAd–Aware.exe" "+b1"
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe
O15 – Trusted IP range: (HKLM)
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} (VacPro.russia_ver3) – http://www.globalphon.com/dialer/russia.CAB
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102608158935
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O18 – Filter: text/html – {CBA42135–9FF2–49DD–88C4–C14E34E0F6E5} – C:WINDOWSSystem32klki.dll
O18 – Filter: text/plain – {CBA42135–9FF2–49DD–88C4–C14E34E0F6E5} – C:WINDOWSSystem32klki.dll
O23 – Service: Ati HotKey Poller – Unknown – C:WINDOWSSystem32Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:WINDOWSsystem32ati2sgag.exe
O23 – Service: C–DillaCdaC11BA – Macrovision – C:WINDOWSSystem32driversCDAC11BA.EXE
Bardzo proszę jakąś pomocną osobę o sprawdzenie tego loga: (z góry dziękuję i pozdrawiam).
Logfile of HijackThis v1.99.0
Scan saved at 12:15:50, on 2005–02–04
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSmsmsgr2.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesWindows AdStatusWinStatKeep.exe
C:Program FilesGadu–Gadugg.exe
C:WINDOWSSystem32driversCDAC11BA.EXE
C:WINDOWSSystem32wdfmgr.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSmsmsgr2.exe
C:WINDOWSSystem32wuauclt.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesLavasoftAd–Aware SE PersonalAd–Aware.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesWindows AdStatusWinStat.exe
C:WINDOWSexplorer.exe
C:WINDOWSexplorer.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesFlashGetflashget.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1AGNIES~1.PIAUSTAWI~1TempRar$EX00.687HijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1AGNIES~1.PIAUSTAWI~1Tempsp.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1AGNIES~1.PIAUSTAWI~1Tempsp.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O2 – BHO: (no name) – {D8701698–DB4B–41FD–82C8–F504B2CAECC4} – C:WINDOWSSystem32klki.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 – HKLM..Run: [CorelDRAW Graphics Suite 11b] C:Program FilesCorelCorel Graphics 12LanguagesENProgramsRegistration.exe /title="CorelDRAW Graphics Suite 12" /date=012705 serial=DR12WTX–9999998–YSP lang=EN
O4 – HKLM..Run: [Admanager Controller] C:Program FilesAdmanager ControllerAdManCtl.exe
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [_Cat4] C:WINDOWSmsmsgr2.exe
O4 – HKLM..Run: [Windows AdStatus] C:Program FilesWindows AdStatusWinStat.exe
O4 – HKLM..RunOnce: [AAW] "C:Program FilesLavasoftAd–Aware SE PersonalAd–Aware.exe" "+b1"
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe
O15 – Trusted IP range: (HKLM)
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} (VacPro.russia_ver3) – http://www.globalphon.com/dialer/russia.CAB
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102608158935
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O18 – Filter: text/html – {CBA42135–9FF2–49DD–88C4–C14E34E0F6E5} – C:WINDOWSSystem32klki.dll
O18 – Filter: text/plain – {CBA42135–9FF2–49DD–88C4–C14E34E0F6E5} – C:WINDOWSSystem32klki.dll
O23 – Service: Ati HotKey Poller – Unknown – C:WINDOWSSystem32Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:WINDOWSsystem32ati2sgag.exe
O23 – Service: C–DillaCdaC11BA – Macrovision – C:WINDOWSSystem32driversCDAC11BA.EXE
Odpowiedzi: 1
Wylacz przywracanie
Zakoncz w tasku:
msmsgr2.exe
WinStatKeep.exe
msmsgr2.exe
WinStat.exe
Nie wiem dlaczego dwa razy uruchomiony jest explorer
C:WINDOWSexplorer.exe
C:WINDOWSexplorer.exe
Zobacz czy jeden z nich nie zbiera nienaturalnie duzo zasobów
Usun z dysku:
klki.dll
msmsgr2.exe
C:Program FilesAdmanager Controller
Oproznij Temp
FIX:
Dopraw na koniec tym i CWShredderem
Zakoncz w tasku:
msmsgr2.exe
WinStatKeep.exe
msmsgr2.exe
WinStat.exe
Nie wiem dlaczego dwa razy uruchomiony jest explorer
C:WINDOWSexplorer.exe
C:WINDOWSexplorer.exe
Zobacz czy jeden z nich nie zbiera nienaturalnie duzo zasobów
Usun z dysku:
klki.dll
msmsgr2.exe
C:Program FilesAdmanager Controller
Oproznij Temp
FIX:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1AGNIES~1.PIAUSTAWI~1Tempsp.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1AGNIES~1.PIAUSTAWI~1Tempsp.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {D8701698–DB4B–41FD–82C8–F504B2CAECC4} – C:WINDOWSSystem32klki.dll
O4 – HKLM..Run: [Admanager Controller] C:Program FilesAdmanager ControllerAdManCtl.exe
O4 – HKLM..Run: [_Cat4] C:WINDOWSmsmsgr2.exe
O4 – HKLM..Run: [Windows AdStatus] C:Program FilesWindows AdStatusWinStat.exe
O15 – Trusted IP range: (HKLM)
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} (VacPro.russia_ver3) – http://www.globalphon.com/dialer/russia.CAB
O18 – Filter: text/html – {CBA42135–9FF2–49DD–88C4–C14E34E0F6E5} – C:WINDOWSSystem32klki.dll
O18 – Filter: text/plain – {CBA42135–9FF2–49DD–88C4–C14E34E0F6E5} – C:WINDOWSSystem32klki.dll
Dopraw na koniec tym i CWShredderem
Strona 1 / 1