Bardzo bym prosił o sprawdzenie loga z HijackThis.
Logfile of HijackThis v1.99.1
Scan saved at 13:01:51, on 2006-11-12
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSSystem32Ati2evxx.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSsystem32spoolsv.exe
D:WINDOWSsystem32Ati2evxx.exe
D:WINDOWSExplorer.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
D:WINDOWSimeimejp4_98svchost.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
D:WINDOWSimeimejp4_98projectssetiathome.berkeley.edusvchost.exe
C:Program FilesGadu-Gadugg.exe
D:Documents and [email protected]
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:Program FilesJavajre1.5.0_06inssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O8 - Extra context menu item: Download all links using BitComet - res://D:Program FilesBitCometBitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:Program FilesBitCometBitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with Rapget - D:Documents and [email protected]
apget.htm
O8 - Extra context menu item: Pobierz z &BitSpirit - C:Program FilesBitSpiritsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.5.0_06inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:Program FilesJavajre1.5.0_06inssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:WINDOWSweb
elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:WINDOWSweb
elated.htm
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:WINDOWSsystem32ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Installator Windows (windowsinstaller) - Space Sciences Laboratory - D:WINDOWSimeimejp4_98svchost.exe
Prosze o sprawdzenie loga z HijackThis
2 posty(ów)
• Strona 1 z 1
przez pp3088 » 12 Lis 2006, 18:24
UA:
O23 - Service: Installator Windows (windowsinstaller) - Space Sciences Laboratory - D:WINDOWSimeimejp4_98svchost.exe
No i mamy trojana. Chyba to z rodziny WareOut. startt>uruchom>>cmd
SC STOP Installator Windows (windowsinstaller)
SC DEL Installator Windows (windowsinstaller)
kasujesz plik imeimejp4_98svchost.exe.Dajes znowe logi. Dodajesz L2Mfix i Silenta.
No i mamy trojana. Chyba to z rodziny WareOut. startt>uruchom>>cmd
SC STOP Installator Windows (windowsinstaller)
SC DEL Installator Windows (windowsinstaller)
kasujesz plik imeimejp4_98svchost.exe.Dajes znowe logi. Dodajesz L2Mfix i Silenta.
-
pp3088 - Aktywny w piśmie
- Posty: 999
- Dołączenie: 11 Sie 2006, 23:59
- Miejscowość: Szczecin
2 posty(ów)
• Strona 1 z 1
Kto jest na forum
Zarejestrowani użytkownicy: Bing [Bot]