Prośba o sprawdzenie loga
Jak w temacie:
Logfile of HijackThis v1.99.1
Scan saved at 18:31:48, on 2005–11–14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\System32\paytime.exe
D:\Gadu–Gadu\gg.exe
D:\WINDOWS\tool2.exe
D:\Program Files\Messenger\msmsgs.exe
C:\winstall.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Michał\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "D:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 – BHO: DAPHelper Class – {0000CC75–ACF3–4cac–A0A9–DD3868E06852} – D:\Program Files\DAP\DAPBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – D:\WINDOWS\System32\appwiz.dll
O2 – BHO: WhIeHelperObj Class – {c900b400–cdfe–11d3–976a–00e02913a9e0} – D:\Program Files\webHancer\programs\whiehlpr.dll
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – D:\Program Files\DAP\DAPIEBar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [PayTime] D:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – Startup: Crack.lnk = D:\Documents and Settings\Baran\Dane aplikacji\Cream Software\Crack.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – D:\PROGRA~1\DAP\DAP.EXE
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O16 – DPF: {288C5F13–7E52–4ADA–A32E–F5BF9D125F98} (CR64Loader Object) – http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 – DPF: {288C5F13–7E52–4ADA–A32E–F5BF9D125F99} (CR64Loader Object) – http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 – DPF: {917623D1–D8E5–11D2–BE8B–00104B06BDE3} (CamImage Class) – http://217.117.128.162/activex/AxisCamControl.cab
O16 – DPF: {DF780F87–FF2B–4DF8–92D0–73DB16A1543A} (PopCapLoader Object) – http://www.popcap.com/games/popcaploader_v6.cab
O21 – SSODL: SysTray.Exys – {7368D5FC–6F5C–4f5b–B964–E67214F67852} – D:\WINDOWS\System32\injbnmlm.dll
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – D:\WINDOWS\System32\ldaajkfq.dll
O21 – SSODL: SysTray.Exmr – {73F8D5FF–6F5C–4f5b–B964–E6F214F6F852} – D:\WINDOWS\System32\opijohkp.dll
O21 – SSODL: DEDBI00B – {3253187B–3B5D–6C58–7F76–3B1B339C687A} – D:\WINDOWS\System32\Jhmppfnp.dll (file missing)
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – D:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – D:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 – Service: C–DillaSrv – C–Dilla Ltd – D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 18:31:48, on 2005–11–14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\System32\paytime.exe
D:\Gadu–Gadu\gg.exe
D:\WINDOWS\tool2.exe
D:\Program Files\Messenger\msmsgs.exe
C:\winstall.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Michał\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "D:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 – BHO: DAPHelper Class – {0000CC75–ACF3–4cac–A0A9–DD3868E06852} – D:\Program Files\DAP\DAPBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – D:\WINDOWS\System32\appwiz.dll
O2 – BHO: WhIeHelperObj Class – {c900b400–cdfe–11d3–976a–00e02913a9e0} – D:\Program Files\webHancer\programs\whiehlpr.dll
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – D:\Program Files\DAP\DAPIEBar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [PayTime] D:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – Startup: Crack.lnk = D:\Documents and Settings\Baran\Dane aplikacji\Cream Software\Crack.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – D:\PROGRA~1\DAP\DAP.EXE
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O16 – DPF: {288C5F13–7E52–4ADA–A32E–F5BF9D125F98} (CR64Loader Object) – http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 – DPF: {288C5F13–7E52–4ADA–A32E–F5BF9D125F99} (CR64Loader Object) – http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
O16 – DPF: {917623D1–D8E5–11D2–BE8B–00104B06BDE3} (CamImage Class) – http://217.117.128.162/activex/AxisCamControl.cab
O16 – DPF: {DF780F87–FF2B–4DF8–92D0–73DB16A1543A} (PopCapLoader Object) – http://www.popcap.com/games/popcaploader_v6.cab
O21 – SSODL: SysTray.Exys – {7368D5FC–6F5C–4f5b–B964–E67214F67852} – D:\WINDOWS\System32\injbnmlm.dll
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – D:\WINDOWS\System32\ldaajkfq.dll
O21 – SSODL: SysTray.Exmr – {73F8D5FF–6F5C–4f5b–B964–E6F214F6F852} – D:\WINDOWS\System32\opijohkp.dll
O21 – SSODL: DEDBI00B – {3253187B–3B5D–6C58–7F76–3B1B339C687A} – D:\WINDOWS\System32\Jhmppfnp.dll (file missing)
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – D:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – D:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 – Service: C–DillaSrv – C–Dilla Ltd – D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – Unknown owner – %ProgramFiles%\WinPcap\rpcapd.exe" –d –f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Odpowiedzi: 1
1. Jeden przyklejony temat –> http://forum.centrumxp.pl/viewtopic.php?t=33140 pkt nr 8.
2. Drugi przyklejony temat.
2. Drugi przyklejony temat.
Strona 1 / 1