murzyn utworzono 22 grudnia 2007 utworzono 22 grudnia 2007 Witam. Ma prośbe żeby ktoś przeanalizował mi ten raport z hijack'a bo mocno muli mi kompa i wyskakuja jakies dziwne okienka.Z gory thx.
murzyn komentarz 22 grudnia 2007 Autor komentarz 22 grudnia 2007 LOG jest nie kompletny.... wklej cały log pierwszy raz to robie takze sorry:P Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:33:20, on 2007-12-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\Program Files\Ahead\InCD\InCDsrv.exe H:\WINDOWS\system32\spoolsv.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\System32\CTSvcCDA.EXE H:\Program Files\Common Files\LightScribe\LSSrvc.exe E:\Programy\Alcohol 120\StarWind\StarWindService.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\UAService7.exe H:\WINDOWS\System32\MsPMSPSv.exe H:\WINDOWS\system32\wscntfy.exe H:\WINDOWS\htpatch.exe E:\Programy\Power DVD\PowerDVD\PDVDServ.exe H:\Program Files\Ahead\InCD\InCD.exe H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe E:\Programy\Picasa2\PicasaMediaDetector.exe E:\Programy\Winamp\winampa.exe E:\Programy\HP Deskjet 5900\HP Software Update\HPWuSchd2.exe H:\Program Files\DAEMON Tools\daemon.exe H:\Program Files\ATI Technologies\ATI.ACE\cli.exe H:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe H:\Program Files\SE\Application Launcher\Application Launcher.exe H:\WINDOWS\mrofinu1188.exe H:\WINDOWS\system32\ctfmon.exe H:\Program Files\Creative\Shared Files\CamTray.exe H:\Program Files\Save\Save.exe H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe H:\Program Files\Skype\Phone\Skype.exe E:\Programy\Gadu-Gadu\gg.exe E:\Programy\SŁOWNIK\Watch.exe H:\Program Files\ATI Technologies\ATI.ACE\CLI.exe E:\Programy\HP Deskjet 5900\Digital Imaging\bin\hpqtra08.exe E:\Programy\logitech\SetPoint\KEM.exe H:\Program Files\SEC\Natural Color\NaturalColorLoad.exe E:\Programy\logitech\SetPoint\KHALMNPR.EXE E:\Programy\HP Deskjet 5900\Digital Imaging\bin\hpqimzone.exe E:\Programy\HP Deskjet 5900\Digital Imaging\bin\hpqSTE08.exe H:\WINDOWS\System32\HPZipm12.exe E:\Programy\HP Deskjet 5900\Digital Imaging\Product Assistant\bin\hprblog.exe H:\WINDOWS\system32\wuauclt.exe H:\Program Files\Common Files\Teleca Shared\Generic.exe H:\Program Files\SE\Mobile Phone Monitor\epmworker.exe H:\PROGRA~1\Mozilla Firefox\firefox.exe H:\WINDOWS\system32\wuauclt.exe H:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM\..\Run: [HTpatch] H:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [siSUSBRG] H:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [RemoteControl] "E:\Programy\Power DVD\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [inCD] H:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] H:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Picasa Media Detector] E:\Programy\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [WinampAgent] E:\Programy\Winamp\winampa.exe O4 - HKLM\..\Run: [HP Software Update] E:\Programy\HP Deskjet 5900\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DAEMON Tools] "H:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "H:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [wpkontakt] H:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe -autostart O4 - HKLM\..\Run: [sony Ericsson PC Suite] "H:\Program Files\SE\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Host Process] H:\WINDOWS\Fonts\svchost.exe O4 - HKLM\..\Run: [runner1] H:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKLM\..\Run: [1b4b1641] rundll32.exe "H:\WINDOWS\system32\cvsdwaci.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Niezbędnik Internauty] C:\Program Files\HT NETWORKS\Niezbędnik Internauty\Niezb.exe O4 - HKCU\..\Run: [bitTorrent] "E:\Programy\bittorent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Twoje TVN24] "H:\Program Files\Pasek TVN24\PasekTVN24.exe" O4 - HKCU\..\Run: [Creative WebCam Tray] "H:\Program Files\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [WhenUSave] "H:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Programy\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: hamachi.lnk = H:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Programy\Adobe Reader 7.0.5\Reader\reader_sl.exe O4 - Global Startup: Aktywacja Testera.lnk = ? O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = H:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programy\HP Deskjet 5900\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = E:\Programy\HP Deskjet 5900\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = E:\Programy\logitech\SetPoint\KEM.exe O4 - Global Startup: NaturalColorLoad.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - H:\Program Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - H:\Program Files\RXToolBar\sfcont.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\Programy\spd.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\System32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - H:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\System32\HPZipm12.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Programy\Alcohol 120\StarWind\StarWindService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - H:\WINDOWS\system32\UAService7.exe -- End of file - 7944 bytes to jest caly log
GoBi komentarz 22 grudnia 2007 komentarz 22 grudnia 2007 Kasuj wpisy a foldery i pliki zaznaczone skasuj ręcznie z dysku: O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - H:\Program Files\RXToolBar\sfcont.dllO4 - HKCU\..\Run: [WhenUSave] "H:\Program Files\Save\Save.exe" O4 - HKLM\..\Run: [runner1] H:\WINDOWS\mrofinu1188.exe61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKLM\..\Run: [Host Process] H:\WINDOWS\Fonts\svchost.exe H:\Program Files\Save\Save.exe H:\WINDOWS\mrofinu1188.exe
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.