Prosze o sprawdzenie loga problem z dh.dll_
Logfile of HijackThis v1.99.1
Scan saved at 14:19:42, on 2006–04–15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\mousepad11.exe
D:\Gadu–Gadu\gg.exe
C:\Program Files\atcl\urda.exe
C:\Program Files\ScannerU\AM32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Incoming\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe /h
O4 – HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 – HKLM\..\Run: [keyboard] C:\windows\keyboard11.exe
O4 – HKLM\..\Run: [mousepad] C:\windows\mousepad11.exe
O4 – HKLM\..\Run: [newname] C:\windows\newname11.exe
O4 – HKLM\..\RunServices: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [waveopen] C:\DOCUME~1\Barton\DANEAP~1\OOZEFI~1\show mfcd.exe
O4 – HKCU\..\Run: [PicoZip] E:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 – HKCU\..\Run: [Nodw] "C:\Program Files\atcl\urda.exe" –vt yazr
O4 – Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 – DPF: {DECEAAA2–370A–49BB–9362–68C3A58DDC62} – http://static.zangocash.com/cab/180solutions/ie/bridge–c574.cab?7e6110aa3c6f8db2d200288fdb0d198d65fb6fd289582fc4891f4f6b53889dd15254e4f596d99017564f86408b9e054eb872396df6497fed02430d34cc89:92eb922ee8f1d31ca46f9388b1d01a38
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Scan saved at 14:19:42, on 2006–04–15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\mousepad11.exe
D:\Gadu–Gadu\gg.exe
C:\Program Files\atcl\urda.exe
C:\Program Files\ScannerU\AM32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Incoming\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe /h
O4 – HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 – HKLM\..\Run: [keyboard] C:\windows\keyboard11.exe
O4 – HKLM\..\Run: [mousepad] C:\windows\mousepad11.exe
O4 – HKLM\..\Run: [newname] C:\windows\newname11.exe
O4 – HKLM\..\RunServices: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [waveopen] C:\DOCUME~1\Barton\DANEAP~1\OOZEFI~1\show mfcd.exe
O4 – HKCU\..\Run: [PicoZip] E:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 – HKCU\..\Run: [Nodw] "C:\Program Files\atcl\urda.exe" –vt yazr
O4 – Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 – DPF: {DECEAAA2–370A–49BB–9362–68C3A58DDC62} – http://static.zangocash.com/cab/180solutions/ie/bridge–c574.cab?7e6110aa3c6f8db2d200288fdb0d198d65fb6fd289582fc4891f4f6b53889dd15254e4f596d99017564f86408b9e054eb872396df6497fed02430d34cc89:92eb922ee8f1d31ca46f9388b1d01a38
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Odpowiedzi: 4
Dzięki to były wirusy...
niby wszystko teraz jest w porządku ,ale nadal wyskakuje tysiące pop upów;(
niby wszystko teraz jest w porządku ,ale nadal wyskakuje tysiące pop upów;(
blusky:
wydaje mi sie ze sa to wirusy ale nie jestem pewien i wolę tego nie kasowac..
Tak skasuj to łacznie z plikami i usuń jeszcze tą kontrolke. Pamiętaj by wyłaczyc przywracanie systemu.
O16 – DPF: {DECEAAA2–370A–49BB–9362–68C3A58DDC62} – http://static.zangocash.com/cab/180solutions/ie/bridge–c574.cab?7e6110aa3c6f8db2d200288fdb0d198d65fb6fd289582fc4891f4f6b53889dd15254e4f596d99017564f86408b9e054eb872396df6497fed02430d34cc89:92eb922ee8f1d31ca46f9388b1d01a38
A to wiesz moźe co to jest :?:
nie znam tego i nie wiem czy moźna to usunąc.O4 – HKCU\..\Run: [Nodw] "C:\Program Files\atcl\urda.exe" –vt yazr
C:\Program Files\atcl\urda.exe
Przeskanuj EWIDO zrób update i przeskanuj http://www.ewido.net/en/
O4 – HKLM\..\Run: [keyboard] C:\windows\keyboard11.exe
O4 – HKLM\..\Run: [mousepad] C:\windows\mousepad11.exe
O4 – HKLM\..\Run: [newname] C:\windows\newname11.exe
wydaje mi sie ze sa to wirusy ale nie jestem pewien i wolę tego nie kasowac..
O4 – HKLM\..\Run: [mousepad] C:\windows\mousepad11.exe
O4 – HKLM\..\Run: [newname] C:\windows\newname11.exe
wydaje mi sie ze sa to wirusy ale nie jestem pewien i wolę tego nie kasowac..
C:\Program Files\atcl\urda.exe
C:\windows\mousepad11.exe
a to co? :)
C:\windows\mousepad11.exe
a to co? :)
Strona 1 / 1