log i chyba wirus pomocy
Cześć. Mam mały problemik z kompem. Chyba wirus, ale sam juź nie wiem bo skanowałem kompa juź wiele razy i nic. Przesyłam moj log. Prosze o sprawdzenie. Wirusik (chyba) polega na tym ze sam mi cos pisze na ekranie, albo sam mi cos uruchamia np start i cos wybiera. Nie wiem czy mam cos na kompie czy wina czegos innego. Ostatnio sam napisal w notatniku antyvir. Pomocy.
log:
Logfile of HijackThis v1.99.1
Scan saved at 00:30:48, on 2005–07–20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Avast\aswUpdSv.exe
F:\Avast\ashServ.exe
F:\Matlab_6.5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\Avast\ashMaiSv.exe
C:\WINDOWS\explorer.exe
F:\Avast\ashWebSv.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
F:\Avast\ashDisp.exe
F:\Winamp\winampa.exe
F:\Zone Labs\ZoneAlarm\zlclient.exe
F:\Spybot – Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
F:\Bankrut\bankrut.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\Bin\hpoSTS08.exe
F:\Avast\ashSimpl.exe
F:\ezHTML\ezHTML.exe
F:\HijackThis 1.99.1\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – F:\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – F:\SPYBOT~1\SDHelper.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 – HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [avast!] F:\Avast\ashDisp.exe
O4 – HKLM\..\Run: [WinampAgent] F:\Winamp\winampa.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 – HKLM\..\Run: [Zone Labs Client] F:\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot – Search & Destroy\TeaTimer.exe
O4 – Startup: Bankrut.lnk = F:\Bankrut\bankrut.exe
O4 – Startup: Desktop Calendar StartUp.lnk = F:\Desktop Calendar\DESKCAL.EXE
O4 – Global Startup: Adobe Reader Speed Launch.lnk = F:\Adobe Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: hp psc 1000 series.lnk = ?
O4 – Global Startup: hpoddt01.exe.lnk = ?
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {49232000–16E4–426C–A231–62846947304B} (SysData Class) – http://ipgweb.cce.hp.com/rdqemea/pl/downloads/sysinfo.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111363091951
O16 – DPF: {88D969C0–F192–11D4–A65F–0040963251E5} (XML DOM Document 4.0) – http://ipgweb.cce.hp.com/rdqemea/pl/downloads/msxml4.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 – DPF: {CAFEEFAC–0015–0000–0001–ABCDEFFEDCBA} (Java Plug–in 1.5.0_01) –
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – F:\Avast\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – F:\Avast\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – F:\Avast\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – F:\Avast\ashWebSv.exe" /service (file missing)
O23 – Service: MATLAB Server (matlabserver) – Unknown owner – F:\Matlab_6.5\webserver\bin\win32\matlabserver.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
log:
Logfile of HijackThis v1.99.1
Scan saved at 00:30:48, on 2005–07–20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Avast\aswUpdSv.exe
F:\Avast\ashServ.exe
F:\Matlab_6.5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\Avast\ashMaiSv.exe
C:\WINDOWS\explorer.exe
F:\Avast\ashWebSv.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
F:\Avast\ashDisp.exe
F:\Winamp\winampa.exe
F:\Zone Labs\ZoneAlarm\zlclient.exe
F:\Spybot – Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
F:\Bankrut\bankrut.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\Bin\hpoSTS08.exe
F:\Avast\ashSimpl.exe
F:\ezHTML\ezHTML.exe
F:\HijackThis 1.99.1\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – F:\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – F:\SPYBOT~1\SDHelper.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 – HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [avast!] F:\Avast\ashDisp.exe
O4 – HKLM\..\Run: [WinampAgent] F:\Winamp\winampa.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 – HKLM\..\Run: [Zone Labs Client] F:\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot – Search & Destroy\TeaTimer.exe
O4 – Startup: Bankrut.lnk = F:\Bankrut\bankrut.exe
O4 – Startup: Desktop Calendar StartUp.lnk = F:\Desktop Calendar\DESKCAL.EXE
O4 – Global Startup: Adobe Reader Speed Launch.lnk = F:\Adobe Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: hp psc 1000 series.lnk = ?
O4 – Global Startup: hpoddt01.exe.lnk = ?
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {49232000–16E4–426C–A231–62846947304B} (SysData Class) – http://ipgweb.cce.hp.com/rdqemea/pl/downloads/sysinfo.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111363091951
O16 – DPF: {88D969C0–F192–11D4–A65F–0040963251E5} (XML DOM Document 4.0) – http://ipgweb.cce.hp.com/rdqemea/pl/downloads/msxml4.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 – DPF: {CAFEEFAC–0015–0000–0001–ABCDEFFEDCBA} (Java Plug–in 1.5.0_01) –
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – F:\Avast\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – F:\Avast\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – F:\Avast\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – F:\Avast\ashWebSv.exe" /service (file missing)
O23 – Service: MATLAB Server (matlabserver) – Unknown owner – F:\Matlab_6.5\webserver\bin\win32\matlabserver.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Odpowiedzi: 1
Jeśli chodzi o loga to jest czysty...
Strona 1 / 1