Proszę o Sprawdzenie Loga :)
Jak w temacie, z góry dziękuje :)
Logfile of HijackThis v1.97.7
Scan saved at 04:47:46, on 2006–03–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
G:\Programy\Daemon\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
D:\Zainstalowane\Backup4all\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\łukasz\Pulpit\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: (no name) – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [DAEMON Tools–1033] "G:\Programy\Daemon\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe –startgui
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Backup4all] D:\Zainstalowane\Backup4all\Backup4all.exe /s
O4 – HKCU\..\Run: [Backup4all OTB Agent] D:\Zainstalowane\Backup4all\B4AOTB.exe
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Add to &Teleport – G:\Programy\Teleport Pro\teleport.htm
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
O16 – DPF: {745395C8–D0E1–4227–8586–624CA9A10A8D} (AxisMediaControl Class) – http://camera3.gnax.net/activex/AMC.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Pozdrawiam
Logfile of HijackThis v1.97.7
Scan saved at 04:47:46, on 2006–03–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
G:\Programy\Daemon\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
D:\Zainstalowane\Backup4all\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\łukasz\Pulpit\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: (no name) – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [DAEMON Tools–1033] "G:\Programy\Daemon\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe –startgui
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Backup4all] D:\Zainstalowane\Backup4all\Backup4all.exe /s
O4 – HKCU\..\Run: [Backup4all OTB Agent] D:\Zainstalowane\Backup4all\B4AOTB.exe
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Add to &Teleport – G:\Programy\Teleport Pro\teleport.htm
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
O16 – DPF: {745395C8–D0E1–4227–8586–624CA9A10A8D} (AxisMediaControl Class) – http://camera3.gnax.net/activex/AMC.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Pozdrawiam
Odpowiedzi: 6
OK, Dziękuje :)
Pozdrawiam
Pozdrawiam
Wygląda ze wszystko OK. Polecam zainstalowanie poprawek SP2.
**Mis**:
co to za backupy są w folderze D:\zainstalowane\backup4all\.....
To jest program do robienia backupu :)
co to za backupy są w folderze D:\zainstalowane\backup4all\.....
Nie mam pojęcia od czego to jest, ale w kaźdym razie wyświetla mi, źe to jest "unknown" and "Possibly nasty" Ale poczekamy na kogoś kto się na tym rozumie lepiej niź ja.
Nie mam pojęcia od czego to jest, ale w kaźdym razie wyświetla mi, źe to jest "unknown" and "Possibly nasty" Ale poczekamy na kogoś kto się na tym rozumie lepiej niź ja.
Teraz ok ?
Pozdrawiam
Logfile of HijackThis v1.99.1
Scan saved at 16:17:33, on 2006–03–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
D:\Zainstalowane\Backup4all\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
G:\Programy\Daemon\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\r2 studios\HideOE\HideOE.exe
C:\Program Files\outlook express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Gadu–Gadu\gg.exe
C:\Documents and Settings\łukasz\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [DAEMON Tools–1033] "G:\Programy\Daemon\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe –startgui
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Backup4all] D:\Zainstalowane\Backup4all\Backup4all.exe /s
O4 – HKCU\..\Run: [Backup4all OTB Agent] D:\Zainstalowane\Backup4all\B4AOTB.exe
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Add to &Teleport – G:\Programy\Teleport Pro\teleport.htm
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\ZAINST~1\FP\OFFICE11\REFIEBAR.DLL
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O16 – DPF: {745395C8–D0E1–4227–8586–624CA9A10A8D} (AxisMediaControl Class) – http://camera3.gnax.net/activex/AMC.cab
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: PLFlash DeviceIoControl Service – Prolific Technology Inc. – D:\Zainstalowane\Backup4all\IoctlSvc.exe
O23 – Service: Sygate Personal Firewall (SmcService) – Sygate Technologies, Inc. – C:\Program Files\Sygate\SPF\smc.exe
Pozdrawiam
Wpierw zaktualizuj HijackThis, bo to traci sens.
Strona 1 / 1