Proszę o sprawdzenie loga
Oto mój log. Mam przeczucie, źe coś mi "siedzi" na łączu, jako źe spadła wydajność.
Podejrzane przezemnie pliki to:
1)O4 – HKCU\..\RunServices: [win msdt service] mswindtc.exe <<<<
Co do innych nie mam pewności
Logfile of HijackThis v1.99.1
Scan saved at 20:29:43, on 2005–11–23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Arovax Shield\ArovaxShield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\gry\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Opera7\opera.exe
D:\Programy(install)\jak zjebany komp\hijack\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe /h
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [Steam] "c:\gry\steam\steam.exe" –silent
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\RunServices: [win msdt service] mswindtc.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 – Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130877354777
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130877666309
O17 – HKLM\System\CCS\Services\Tcpip\..\{C9EEB712–BBC5–4B14–8488–4D049BC9C983}: NameServer = 194.204.152.34 217.98.63.164
O18 – Protocol: bw+0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw+0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw–0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw–0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw00 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw00s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw10 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw10s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw20 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw20s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw30 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw30s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw40 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw40s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw50 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw50s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw60 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw60s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw70 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw70s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw80 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw80s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw90 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw90s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwa0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwa0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwb0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwb0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwc0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwc0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwd0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwd0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwe0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwe0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwf0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwf0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwfile–8876480 – {9462A756–7B47–47BC–8C80–C34B9B80B32B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol–8876480.dll
O18 – Protocol: bwg0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwg0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwh0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwh0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwi0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwi0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwj0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwj0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwk0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwk0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwl0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwl0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwm0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwm0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwn0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwn0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwo0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwo0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwp0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwp0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwq0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwq0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwr0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwr0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bws0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bws0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwt0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwt0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwu0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwu0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwv0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwv0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bww0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bww0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwx0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwx0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwy0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwy0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwz0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwz0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: offline–8876480 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: ewido security suite control – ewido networks – C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 – Service: ewido security suite guard – ewido networks – C:\Program Files\ewido\security suite\ewidoguard.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Sygate Personal Firewall (SmcService) – Sygate Technologies, Inc. – C:\Program Files\Sygate\SPF\Smc.exe
Thx za pomoc z góry.
Przemek
Podejrzane przezemnie pliki to:
1)O4 – HKCU\..\RunServices: [win msdt service] mswindtc.exe <<<<
Co do innych nie mam pewności
Logfile of HijackThis v1.99.1
Scan saved at 20:29:43, on 2005–11–23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Arovax Shield\ArovaxShield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\gry\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Opera7\opera.exe
D:\Programy(install)\jak zjebany komp\hijack\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe /h
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [Steam] "c:\gry\steam\steam.exe" –silent
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\RunServices: [win msdt service] mswindtc.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 – Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130877354777
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130877666309
O17 – HKLM\System\CCS\Services\Tcpip\..\{C9EEB712–BBC5–4B14–8488–4D049BC9C983}: NameServer = 194.204.152.34 217.98.63.164
O18 – Protocol: bw+0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw+0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw–0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw–0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw00 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw00s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw10 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw10s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw20 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw20s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw30 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw30s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw40 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw40s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw50 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw50s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw60 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw60s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw70 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw70s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw80 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw80s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw90 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bw90s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwa0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwa0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwb0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwb0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwc0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwc0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwd0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwd0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwe0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwe0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwf0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwf0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwfile–8876480 – {9462A756–7B47–47BC–8C80–C34B9B80B32B} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol–8876480.dll
O18 – Protocol: bwg0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwg0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwh0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwh0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwi0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwi0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwj0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwj0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwk0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwk0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwl0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwl0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwm0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwm0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwn0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwn0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwo0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwo0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwp0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwp0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwq0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwq0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwr0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwr0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bws0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bws0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwt0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwt0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwu0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwu0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwv0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwv0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bww0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bww0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwx0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwx0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwy0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwy0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwz0 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: bwz0s – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O18 – Protocol: offline–8876480 – {4EF251F3–A501–4AB5–AEC8–89CCD9504D07} – C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol–8876480.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: ewido security suite control – ewido networks – C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 – Service: ewido security suite guard – ewido networks – C:\Program Files\ewido\security suite\ewidoguard.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Sygate Personal Firewall (SmcService) – Sygate Technologies, Inc. – C:\Program Files\Sygate\SPF\Smc.exe
Thx za pomoc z góry.
Przemek
Odpowiedzi: 8
Daj sobie spokoj z services.exe. To kurna plik systemowy i tak zachowuje sie system po jego zamknieciu.
Masz sie pozbyc pliku mswindtc.exe (system ma pokazac pliku ukryte i systemowe), oraz wszelkich wpisow w rejestrze, jego dotyczacych.
Masz sie pozbyc pliku mswindtc.exe (system ma pokazac pliku ukryte i systemowe), oraz wszelkich wpisow w rejestrze, jego dotyczacych.
Wybacz, niejasno napisałem. Trochę się zakręciłem z nerwów.
Napiszę jeszcze raz.
Plik mswindtc.exe wykasowałem, choć ciągle go znajduje w rejestrze. Z dysku wywaliłem. Żadnych niespodziewanych akcji po wykasowaniu nie miałem.
Prócz of course tego, źe gdy plik był aktywny duźo mi systemowych rzeczy poblokował.
Natomiast plik services.exe wykasowałem kill boxem, a ten w podzięce uszkodził mi system, zamykając go najpierw "blasterowym" okienkiem. Usunięcie go spod safe mode dało ten sam rezultat. W efekcie 2 razy reinstalowałem wina. Teraz w sumie chciałbym tylko się dowiedzieć czy naleźy ten plik zwalczyć, czy mam dać mu źyć. I jeszcze raz przepraszam za nieczytelne informacje.
Napiszę jeszcze raz.
Plik mswindtc.exe wykasowałem, choć ciągle go znajduje w rejestrze. Z dysku wywaliłem. Żadnych niespodziewanych akcji po wykasowaniu nie miałem.
Prócz of course tego, źe gdy plik był aktywny duźo mi systemowych rzeczy poblokował.
Natomiast plik services.exe wykasowałem kill boxem, a ten w podzięce uszkodził mi system, zamykając go najpierw "blasterowym" okienkiem. Usunięcie go spod safe mode dało ten sam rezultat. W efekcie 2 razy reinstalowałem wina. Teraz w sumie chciałbym tylko się dowiedzieć czy naleźy ten plik zwalczyć, czy mam dać mu źyć. I jeszcze raz przepraszam za nieczytelne informacje.
Hmm tego nie wiem jak to sprawdzić ?EL NINO:
Nie opowiadaj. Znalazles pliki services.exe i smss.exe dopisane w kluczach RUN ?
Są tylko w system32HiJack pokazal te pliku w takiej lokalizacji ? Pliki SERVICES.EXE i SMSS.EXE znajduja sie u Ciebie w folderach \Windows i \Windows\System ?
Wybacz ja nie panikuje, jedynie denerwuje mnie, źe miałem łącze ok, teraz mam lagi.Zechciej czytac linkowane teksty ze zrozumieniem i nie panikuj niepotrzebnie.
BTW, po wykasowaniu mswindtc.exe na 1100% nie wyskoczylo info o zamknieciu kompa za 60sek.
Masz ABSOLUTNĄ RACJĘ poniewaź po wykasowaniu mswindtc.exe nic nie wyskoczyło. Natomiast właśnie wyskoczyło po wykasowaniu services.exe. Czy to aby normalne?
Nie opowiadaj. Znalazles pliki services.exe i smss.exe dopisane w kluczach RUN ? HiJack pokazal te pliku w takiej lokalizacji ? Pliki SERVICES.EXE i SMSS.EXE znajduja sie u Ciebie w folderach \Windows i \Windows\System ? Czy moze tak jak Bill przykazal w \Windows\System32 ? Zechciej czytac linkowane teksty ze zrozumieniem i nie panikuj niepotrzebnie.
BTW, po wykasowaniu mswindtc.exe na 1100% nie wyskoczylo info o zamknieciu kompa za 60sek.
BTW, po wykasowaniu mswindtc.exe na 1100% nie wyskoczylo info o zamknieciu kompa za 60sek.
Ajt źle napisałem. Wykasowałem plik mswindtc.exe, nie services.exe. Na dodatek dowiedziałem się, źe jest to robak internetowy = pliki SERVICES.EXE SMSS.EXE to prawdopodobnie robak internetowy.
info tutaj: http://hacking.pl/4990
Co robić?
info tutaj: http://hacking.pl/4990
Co robić?
W jakim celu ?Zabawiłem się w usunięcie pliku services.exe poprzez killboxa.
Zabawiłem się w usunięcie pliku services.exe poprzez killboxa. Wynik? No cóź...wyskoczyło okienko, źe system zostanie zamknięty w 60 sekund, spowodowany właśnie tym plikiem (takie okienko jak przy blasterze). System przestał funkcjonować – reinstalowałem, wszedłem w tryb awaryjny i zrobiłem tak samo z tym samym skutkiem. Znów reinstalowałem z zamiarem wykasowania tego ręcznie, jednak boję się, źe znów stracę kolejne 40 minut... Co robić?
BTW thx za info juź wykasowałem.
BTW thx za info juź wykasowałem.
Usuń:
Co do 018 to sie musi ktoś mądrzejszy odemnie odezwać.
Z dysku teź.O4 – HKCU\..\RunServices: [win msdt service] mswindtc.exe
Co do 018 to sie musi ktoś mądrzejszy odemnie odezwać.
Strona 1 / 1