Proszę o sprawdzenie loga
prosze o sprawdzenie loga :
Logfile of HijackThis v1.99.1
Scan saved at 01:50:00, on 02.05.2006
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\usr\Apache\apache.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\usr\mysql\bin\mysqld.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
c:\usr\Apache\apache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator.TWOJA–4G8KKPD0P.000\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.pl
F3 – REG:win.ini: run=
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: Media Playback Support Dll – {9D9A7350–46C9–4E3C–92EF–382B5740A1C3} – C:\WINDOWS\System32\bvicore.dll
O2 – BHO: NTIECatcher Class – {C56CB6B0–0D96–11D6–8C65–B2868B609932} – C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 – Toolbar: (no name) – {855F3B16–6D32–4fe6–8A56–BBB695989046} – (no file)
O4 – HKLM\..\Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra button: (no name) – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – (no file)
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_17.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_67.cab
O16 – DPF: {2B6A3140–7073–11D5–8F79–0080C8D7EC11} (GameDesire Proxy) – http://www.gamedesire.com/g_bin/ginuser_eng_2_0_0_3.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (Ganymede Board Games) – http://67.15.101.3/g_bin/pl/boards_2_0_0_24.cab
O16 – DPF: {479B29EF–9A2C–11D0–B696–00A0C903487A} (SunLoad Class) – http://www.millenniumdm.pl/teleinwestor/IE/sunloadn.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133828022968
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133827998250
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/eng/poker_2_0_0_34.cab
O16 – DPF: {88D969C0–F192–11D4–A65F–0040963251E5} (XML DOM Document 4.0) – http://www.johncardinal.com/cabs/msxml4.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_31.cab
O16 – DPF: {C5E28B9D–0A68–4B50–94E9–E8F6B4697514} (NsvPlayX Control) – http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 – DPF: {DCB16E44–D6DB–473E–A251–F6FBB381C1C3} (GameDesire Chess) – http://67.15.101.3/g_bin/eng/chess_2_0_0_14.cab
O16 – DPF: {E95CF138–A587–4C54–8175–3AD80997CB14} (GameDesire Soccer) – http://67.15.101.3/g_bin/pl/soccer_2_0_0_10.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/eng/billard8_2_0_0_24.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C2} (GameDesire Pool 9) – http://67.15.101.3/g_bin/eng/billard9_2_0_0_20.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{45C30BDC–C8BA–41C9–AC2F–372CAC036230}: NameServer = 192.168.0.1
O17 – HKLM\System\CS1\Services\Tcpip\..\{45C30BDC–C8BA–41C9–AC2F–372CAC036230}: NameServer = 192.168.0.1
O23 – Service: Apache – Unknown owner – c:\usr\Apache\apache.exe" ––ntservice (file missing)
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 – Service: Crypkey License – Unknown owner – C:\WINDOWS\SYSTEM32\crypserv.exe
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro\kavsvc.exe
O23 – Service: Macromedia Licensing Service – Unknown owner – C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: MySql – Unknown owner – c:/usr/mysql/bin/mysqld.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Kerio Personal Firewall (PersFw) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 – Service: Registry Management Service (RegManServ) – Unknown owner – C:\Program Files\Advanced Registry Doctor\RegManServ.exe (file missing)
O23 – Service: TrueVector Internet Monitor (vsmon) – Unknown owner – (no file)
Odpowiedzi: 3
Usuwasz:
Ostatnia pozycja, czyli usluga vsmon, to pozostalosc po Zone Alarm. Usun ja – komenda "sc delete nazwa_uslugi".
Dziwnym jest rowniez to, ze pod CSLIDem javy SUNa, widac u Ciebie jave od M$:
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra button: (no name) – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – (no file)
F3 – REG:win.ini: run=
O2 – BHO: Media Playback Support Dll – {9D9A7350–46C9–4E3C–92EF–382B5740A1C3} – C:\WINDOWS\System32\bvicore.dll
O23 – Service: TrueVector Internet Monitor (vsmon) – Unknown owner – (no file)
Ostatnia pozycja, czyli usluga vsmon, to pozostalosc po Zone Alarm. Usun ja – komenda "sc delete nazwa_uslugi".
Dziwnym jest rowniez to, ze pod CSLIDem javy SUNa, widac u Ciebie jave od M$:
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra button: (no name) – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – (no file)
Proszę o pomoc. Mam problemy z siecią tzn. mogę korzystać z internetu tylko przez 10 min.
Wole źeby loga sprawdzili mi specjaliści
Wole źeby loga sprawdzili mi specjaliści
Skorzystaj z przyklejonego w tym dziale tematu pt. "Tutaj sprawdzamy logi z HiJack This".
Strona 1 / 1