prosze o sprawdzenie loga
Logfile of Browser Hijack Recover(BHR) v2.1
http://www.browser–hijack.com/
Log created on 2005–04–24 15:19:33
Microsoft Windows XP Professional Dodatek Service Pack 2 (Build 2600)
Internet Explorer v6.0.2900.2180 Update Versions: ;SP2;
[Process Manager] – [Process]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\system32\explorer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Browser Hijack Recover\bhr.exe
[IE Options] – [Normal]
R0 – HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/windows/ie_intl/en/start/
R0 – HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Window Title =
[IE Options] – [IE Menu]
[IE Options] – [Internet Options]
[IE Options] – [IE Search Hooks]
R3 – URLSearchHook: Microsoft Url Search Hook – {CFBFAE00–17A6–11D0–99CB–00C04FD64497} – C:\WINDOWS\System32\shdocvw.dll
[IE Add–Ons] – [Toolbars]
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
[IE Add–Ons] – [Explorer Bars]
O9 – Extra "View" Explorer Bars: (No Name) – {32683183–48a0–441b–a342–7c2a440a9478} – (No File)
O9 – Extra "View" Explorer Bars: Favorites Band – {EFA24E61–B078–11D0–89E4–00C04FC9E26E} – C:\WINDOWS\System32\shdocvw.dll
O9 – Extra "View" Explorer Bars: History Band – {EFA24E62–B078–11D0–89E4–00C04FC9E26E} – C:\WINDOWS\System32\shdocvw.dll
[IE Add–Ons] – [Context Menu]
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
[IE Add–Ons] – [BHOs]
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
[IE Add–Ons] – [Tools Menu]
O9 – Extra "Tool" Menu Item: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – No File
O9 – Extra "Tool" Menu Item: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra "Tool" Menu Item: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
[IE Add–Ons] – [Tools Button]
O9 – Extra "Tool" Menu Item: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – No File
O9 – Extra Button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra Button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra Button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
[System Options]
[StartUp]
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run DAEMON Tools–1033 = C:\Program Files\D–Tools\daemon.exe" –lang 1033
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run SCANINICIO = C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run APVXDWIN = C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run AceGain LiveUpdate = C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run gcasServ = C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run C–Media Mixer = Mixer.exe /startup
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run QuickTime Task = C:\WINDOWS\system32\qttask.exe" –atboottime
http://www.browser–hijack.com/
Log created on 2005–04–24 15:19:33
Microsoft Windows XP Professional Dodatek Service Pack 2 (Build 2600)
Internet Explorer v6.0.2900.2180 Update Versions: ;SP2;
[Process Manager] – [Process]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\system32\explorer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Browser Hijack Recover\bhr.exe
[IE Options] – [Normal]
R0 – HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 – HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/windows/ie_intl/en/start/
R0 – HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Window Title =
[IE Options] – [IE Menu]
[IE Options] – [Internet Options]
[IE Options] – [IE Search Hooks]
R3 – URLSearchHook: Microsoft Url Search Hook – {CFBFAE00–17A6–11D0–99CB–00C04FD64497} – C:\WINDOWS\System32\shdocvw.dll
[IE Add–Ons] – [Toolbars]
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
[IE Add–Ons] – [Explorer Bars]
O9 – Extra "View" Explorer Bars: (No Name) – {32683183–48a0–441b–a342–7c2a440a9478} – (No File)
O9 – Extra "View" Explorer Bars: Favorites Band – {EFA24E61–B078–11D0–89E4–00C04FC9E26E} – C:\WINDOWS\System32\shdocvw.dll
O9 – Extra "View" Explorer Bars: History Band – {EFA24E62–B078–11D0–89E4–00C04FC9E26E} – C:\WINDOWS\System32\shdocvw.dll
[IE Add–Ons] – [Context Menu]
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
[IE Add–Ons] – [BHOs]
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
[IE Add–Ons] – [Tools Menu]
O9 – Extra "Tool" Menu Item: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – No File
O9 – Extra "Tool" Menu Item: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra "Tool" Menu Item: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
[IE Add–Ons] – [Tools Button]
O9 – Extra "Tool" Menu Item: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – No File
O9 – Extra Button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra Button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra Button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
[System Options]
[StartUp]
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run DAEMON Tools–1033 = C:\Program Files\D–Tools\daemon.exe" –lang 1033
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run SCANINICIO = C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run APVXDWIN = C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run AceGain LiveUpdate = C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run gcasServ = C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run C–Media Mixer = Mixer.exe /startup
04 – HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run QuickTime Task = C:\WINDOWS\system32\qttask.exe" –atboottime
Odpowiedzi: 6
EL NINO:
Nie HiJack Browsera a HiJack Thisa uzyj, chociaz i tak widac ze goscia masz –> C:\WINDOWS\system32\explorer.exe
Systemowy jest w C:\WINDOWS\explorer.exe
WaGonik, bez urazy, ale pierdoły wypisujesz. Po co usuwac shdocvw.dll ?
Zwracam honor chwila nie uwagi :)
A co do usuwania tych wpisów to mogł ściągnąć HJT a nie browsa.
Nie HiJack Browsera a HiJack Thisa uzyj, chociaz i tak widac ze goscia masz –> C:\WINDOWS\system32\explorer.exe
Systemowy jest w C:\WINDOWS\explorer.exe
WaGonik, bez urazy, ale pierdoły wypisujesz. Po co usuwac shdocvw.dll ?
Systemowy jest w C:\WINDOWS\explorer.exe
WaGonik, bez urazy, ale pierdoły wypisujesz. Po co usuwac shdocvw.dll ?
usunąłem, a kiedy dam refresh dalej to tam jest
masz zaznaczyć w Hijack i usunąc.
Gdzie mam to zapisać??
R3 – URLSearchHook: Microsoft Url Search Hook – {CFBFAE00–17A6–11D0–99CB–00C04FD64497} – C:\WINDOWS\System32\shdocvw.dll
O9 – Extra "View" Explorer Bars: (No Name) – {32683183–48a0–441b–a342–7c2a440a9478} – (No File)
O9 – Extra "View" Explorer Bars: Favorites Band – {EFA24E61–B078–11D0–89E4–00C04FC9E26E} – C:\WINDOWS\System32\shdocvw.dll
O9 – Extra "Tool" Menu Item: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – No Fil
O9 – Extra "Tool" Menu Item: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – No File
Chyba wsio. :)
Strona 1 / 1