Proszę o sprawdzenie loga.

INSTALKI.pl - programy, gry, sterowniki

Tematyka związana z produktami firmy Microsoft.
Wyślij odpowiedź
 
Explorer1965r
  • Explorer1965r
  • Posty: 13
  • Dołączenie: 22 Gru 2006, 04:46
  • Miejscowość: Dębica k/Tarnowa

Proszę o sprawdzenie loga.

27 Gru 2006, 22:51

Witam,

Chodzi mi o sprawdzenie loga czy jest czysty.
Zaniepokoiły mnie numery: 010 nie wiem co to jest.
Jakby trzeba będzie coś usunąć to proszę napisać jak to zrobić.

Z góry dzięki za pomoc.

Kod:

Logfile of HijackThis v1.99.1
Scan saved at 21:46:24, on 2006-12-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesComodocommonCAVASpycavasm.exe
E:Program FilesCheetah BurnerCheetah DVD BurnerNMSAccess.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
E:Program FilesComodoComodo AntiVirusCMain.exe
C:Program FilesComodoLaunchPadCLPTray.exe
E:Program FilesMultimedia Keyboard & Mouse DriverMouseDrv.exe
E:Program FilesMultimedia Keyboard & Mouse DriverPS2USBKbdDrv.exe
C:WINDOWSVM_STI.EXE
C:WINDOWSsystem32ctfmon.exe
E:Program FilesComodoComodo AntiVirusCavaud.exe
E:Program FilesComodoComodo AntiViruscavemsrv.exe
E:PROGRA~1MOZILLA.ORGSEAMON~1SEAMON~1.EXE
D:ProgramyProgramy do komputeraHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://google.icq.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_09inssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll
O4 - HKLM..Run: [WireLessMouse] E:Program FilesMultimedia Keyboard & Mouse DriverStartAutorun.exe MouseDrv.exe
O4 - HKLM..Run: [WireLessKeyboard] E:Program FilesMultimedia Keyboard & Mouse DriverStartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM..Run: [cnfgCav] "E:Program FilesComodoComodo AntiVirusCMain.exe"  " /login"
O4 - HKLM..Run: [Comodo Launch Pad Tray] "C:Program FilesComodoLaunchPadCLPTray.exe"
O4 - HKLM..Run: [BigDogPath] C:WINDOWSVM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_09inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_09inssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32cavemlsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32cavemlsp.dll
O17 - HKLMSystemCCSServicesTcpip..{FAAA5D66-7308-4DAC-BA5C-9882B68A0111}: NameServer = 213.199.194.20 213.199.225.14
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:Program FilesComodocommonCAVASpycavasm.exe
O23 - Service: NMSAccess - Unknown owner - E:Program FilesCheetah BurnerCheetah DVD BurnerNMSAccess.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe




"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"CTFMON.EXE" = "C:WINDOWSsystem32ctfmon.exe" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"WireLessMouse" = "E:Program FilesMultimedia Keyboard & Mouse DriverStartAutorun.exe MouseDrv.exe" [empty string]
"WireLessKeyboard" = "E:Program FilesMultimedia Keyboard & Mouse DriverStartAutorun.exe PS2USBKbdDrv.exe" [empty string]
"cnfgCav" = ""E:Program FilesComodoComodo AntiVirusCMain.exe" " /login"" ["COMODO"]
"Comodo Launch Pad Tray" = ""C:Program FilesComodoLaunchPadCLPTray.exe"" ["COMODO"]
"BigDogPath" = "C:WINDOWSVM_STI.EXE Vimicro USB PC Camera (ZC0301PL)" ["Vimicro"]

HKLMSoftwareMicrosoftActive SetupInstalled Components
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = "Outlook Express"
StubPath = "C:WINDOWSsystem32shmgrate.exe OCInstallUserConfigOE" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
InProcServer32(Default) = "E:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "E:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_09inssv.dll" ["Sun Microsystems, Inc."]
{C451C08A-EC37-45DF-AAAD-18B51AB5E837}(Default) = (no title provided)
-> {HKLM...CLSID} = "PDFCreator Toolbar Helper"
InProcServer32(Default) = "C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll" [null data]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "Skladnik rozszerzenia powloki CorelDRAW"
-> {HKLM...CLSID} = "CorelDRAW Shell Extension Component"
InProcServer32(Default) = "D:CorelCorel GraphicsDRAWCDRVIEWERCrlShell110.dll" [null data]
"{4255A182-CAD9-4214-A19B-7BA7FB633BBD}" = "Comodo AntiVirus"
-> {HKLM...CLSID} = "Comodo AntiVirus"
InProcServer32(Default) = "E:Program FilesComodoComodo AntiVirusCavSheI.dll" ["COMODO"]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWindows
<<!>> "AppInit_DLLs" = "C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL" [file not found]

HKLMSoftwareClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "E:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
Comodo AntiVirus(Default) = "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"
-> {HKLM...CLSID} = "Comodo AntiVirus"
InProcServer32(Default) = "E:Program FilesComodoComodo AntiVirusCavSheI.dll" ["COMODO"]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
Comodo AntiVirus(Default) = "{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"
-> {HKLM...CLSID} = "Comodo AntiVirus"
InProcServer32(Default) = "E:Program FilesComodoComodo AntiVirusCavSheI.dll" ["COMODO"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer

"NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"SynchronousMachineGroupPolicy" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"SynchronousUserGroupPolicy" = (REG_DWORD) hex:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileMoje dokumentyMoje obrazyRóżne obrazyatoka.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsRyszardMoje dokumentyMoje obrazyRóżne obrazyatoka.bmp"


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:WINDOWSsystem32CavEmLSP.dll ["COMODO"], 01 - 03, 21
%SystemRoot%system32mswsock.dll [MS], 04 - 06, 09 - 20
%SystemRoot%system32
svpsp.dll [MS], 07 - 08


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}"
-> {HKLM...CLSID} = "PDFCreator Toolbar"
InProcServer32(Default) = "C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll" [null data]

HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" = "PDFCreator Toolbar"
-> {HKLM...CLSID} = "PDFCreator Toolbar"
InProcServer32(Default) = "C:Program FilesPDFCreator Toolbarv3.0.0.0PDFCreator_Toolbar.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_09inssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
InProcServer32(Default) = "C:Program FilesJavajre1.5.0_09in
pjpi150_09.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Comodo Anti-Virus and Anti-Spyware Service, Comodo Anti-Virus and Anti-Spyware Service, ""C:Program FilesComodocommonCAVASpycavasm.exe"" ["Comodo Inc."]
NMSAccess, NMSAccess, "E:Program FilesCheetah BurnerCheetah DVD BurnerNMSAccess.exe" [null data]


Print Monitors:
---------------

HKLMSystemCurrentControlSetControlPrintMonitors
hpzlnt12Driver = "hpzlnt12.dll" ["HP"]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 20 seconds.
---------- (total run time: 61 seconds)
Ostatnio edytowany przez Explorer1965r 27 Gru 2006, 23:13, edytowano w sumie 2 razy
 
LucaS
  • LucaS
  • Posty: 2820
  • Dołączenie: 11 Maj 2006, 21:45

27 Gru 2006, 23:10

te 010 to od Comodo AntiVirus :wink:
 
Explorer1965r
  • Explorer1965r
  • Posty: 13
  • Dołączenie: 22 Gru 2006, 04:46
  • Miejscowość: Dębica k/Tarnowa

27 Gru 2006, 23:15

LucaS napisał(a):te 010 to od Comodo AntiVirus :wink:


Dzięki "LukaS" a tak poza tym jest czysto?
 
pp3088
  • pp3088
  • Posty: 999
  • Dołączenie: 11 Sie 2006, 23:59
  • Miejscowość: Szczecin

28 Gru 2006, 00:42

Zfixuj to i będzei w porządku

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://google.icq.com
Wyślij odpowiedź
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Strona główna