Proszę o sprawdzenie loga.
Witam. Prosze o sprawdzenie mojego loga :) Nie opanowałem tego jeszcze na tyle źeby poradzić sobie samemu :)
z góry dziękuję za pomoc.
Logfile of HijackThis v1.99.1
Scan saved at 13:06:14, on 2006–03–25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\AppServ\Apache\Apache.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\AppServ\Apache\Apache.exe
C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlagent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\szklarek\Pulpit\DynClient.exe
D:\muserver\MUServerStartUP.exe
d:\muserver\cs\cs.exe
d:\muserver\dataserver1\dataserver1.exe
d:\muserver\dataserver2\dataserver2.exe
d:\muserver\joinserver\joinserver.exe
d:\muserver\mu2003_event_server\wz_mu2003_event_server.exe
d:\muserver\rankingserver\devilsqure_eventserver.exe
d:\muserver\exdb\exdb.exe
d:\muserver\gameserver\gameserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Documents and Settings\szklarek\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: PCTools Site Guard – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 – BHO: PCTools Browser Monitor – {B56A7D7D–6927–48C8–A975–17DF180C71AC} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 – HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [BgMonitor_{79662E04–7C6C–4d9f–84C7–88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 – HKCU\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" ––logon
O4 – HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 – Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 – Extra context menu item: &Download with &DAP – C:\Program Files\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\Program Files\DAP\dapextie2.htm
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O15 – Trusted Zone: http://www.mks.com.pl
O15 – Trusted Zone: http://support.f–secure.com
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://creative.com/su/ocx/15015/CTSUEng.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 – DPF: {E991BDE0–9816–4094–853E–6BDB60F0342D} (Get_ActiveX Control) – http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://creative.com/su/ocx/15016/CTPID.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{0EADCF17–A7B5–4062–B8B6–45625C301049}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Apache – Unknown owner – C:\AppServ\Apache\Apache.exe" ––ntservice (file missing)
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Sunbelt Kerio Personal Firewall 4 (KPF4) – Sunbelt Software – C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 – Service: mysql – Unknown owner – C:\AppServ\mysql\bin\mysqld–nt.exe
O23 – Service: PC Tools Spyware Doctor (SDhelper) – PC Tools Research Pty Ltd – C:\Program Files\Spyware Doctor\sdhelp.ex
pozdrawiam
szklarek
z góry dziękuję za pomoc.
Logfile of HijackThis v1.99.1
Scan saved at 13:06:14, on 2006–03–25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\AppServ\Apache\Apache.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\AppServ\Apache\Apache.exe
C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlagent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\szklarek\Pulpit\DynClient.exe
D:\muserver\MUServerStartUP.exe
d:\muserver\cs\cs.exe
d:\muserver\dataserver1\dataserver1.exe
d:\muserver\dataserver2\dataserver2.exe
d:\muserver\joinserver\joinserver.exe
d:\muserver\mu2003_event_server\wz_mu2003_event_server.exe
d:\muserver\rankingserver\devilsqure_eventserver.exe
d:\muserver\exdb\exdb.exe
d:\muserver\gameserver\gameserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Documents and Settings\szklarek\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: PCTools Site Guard – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 – BHO: PCTools Browser Monitor – {B56A7D7D–6927–48C8–A975–17DF180C71AC} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 – HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [BgMonitor_{79662E04–7C6C–4d9f–84C7–88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 – HKCU\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" ––logon
O4 – HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 – Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 – Extra context menu item: &Download with &DAP – C:\Program Files\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\Program Files\DAP\dapextie2.htm
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O15 – Trusted Zone: http://www.mks.com.pl
O15 – Trusted Zone: http://support.f–secure.com
O16 – DPF: {0A5FD7C5–A45C–49FC–ADB5–9952547D5715} (Creative Software AutoUpdate) – http://creative.com/su/ocx/15015/CTSUEng.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 – DPF: {E991BDE0–9816–4094–853E–6BDB60F0342D} (Get_ActiveX Control) – http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O16 – DPF: {F6ACF75C–C32C–447B–9BEF–46B766368D29} (Creative Software AutoUpdate Support Package) – http://creative.com/su/ocx/15016/CTPID.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{0EADCF17–A7B5–4062–B8B6–45625C301049}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Apache – Unknown owner – C:\AppServ\Apache\Apache.exe" ––ntservice (file missing)
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Sunbelt Kerio Personal Firewall 4 (KPF4) – Sunbelt Software – C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 – Service: mysql – Unknown owner – C:\AppServ\mysql\bin\mysqld–nt.exe
O23 – Service: PC Tools Spyware Doctor (SDhelper) – PC Tools Research Pty Ltd – C:\Program Files\Spyware Doctor\sdhelp.ex
pozdrawiam
szklarek
Odpowiedzi: 4
"Proszę o sprawdzenie loga" + nie czytanie przyklejonych tematów w tym FAQ = blokada.
Zaznaczasz co chcesz usunąc i dajesz Fix checked
a ktoś powie jak ? :D
Tylko to do zafixowania, o ile nie przeoczyłem czegoś.
szklarek:
F2 – REG:system.ini: Shell=explorer.exe
Strona 1 / 1