TA STRONA UŻYWA COOKIE. Dowiedz się więcej o celu ich używania i zmianie ustawień cookie w przeglądarce. Korzystając ze strony wyrażasz zgodę na używanie cookie, zgodnie z aktualnymi ustawieniami przeglądarki.
Od dnia 25.05.2018 r. na terenie Unii Europejskiej wchodzi w życie Rozporządzenie Parlamentu Europejskiego w sprawie ochrony danych osobowych. Prosimy o zapoznanie się z polityką prywatności oraz regulaminem serwisu  [X]

Trojan !! cz. 2

Tematyka dotycząca bezpośredniej wymiany plików, czyli p2p

Postprzez toxek1 » 10 Wrz 2006, 16:50

PostUA:


Jak masz szybkiego neta to se ściagnij.

On się nie instaluje w systemie. Tylko w trakcie instalacji dochodzi do momentu, że trzeba podać klucz licencyjny. I wtedy można zrobić skan. I w trakcie skanu znajduje mi te spyware and adware ;-[

Sciągnij se to zobaczysz !!
Awatar użytkownika
toxek1
Forumowicz
Forumowicz
 
Posty: 33
Dołączenie: 09 Wrz 2006, 14:32
Miejscowość: Olsztyn

Postprzez toxek1 » 10 Wrz 2006, 16:56

PostUA:


Awatar użytkownika
toxek1
Forumowicz
Forumowicz
 
Posty: 33
Dołączenie: 09 Wrz 2006, 14:32
Miejscowość: Olsztyn

Postprzez pp3088 » 10 Wrz 2006, 18:31

PostUA:


Haha tez mam gatora :lol: Nie no z tego co widzę to program stosuje metode perswazji, wynajduję sobie kilka wirusów o losowych nazwach i namawia do zakupu wersji płatnej. Czyli pic na wode. Na 99,9% to fałszywe wpisy. Ciekawe czy ten program nie jest takim fałszywcem :?
Awatar użytkownika
pp3088
Aktywny w piśmie
Aktywny w piśmie
 
Posty: 999
Dołączenie: 11 Sie 2006, 23:59
Miejscowość: Szczecin

Postprzez toxek1 » 10 Wrz 2006, 20:06

PostUA:


Aha lipne wirusy !! Co ci lamusy nie wymyślą, żebyś tylko kupił !!
Ten program kosztuje 100$ !!

Czyli wszystko wporządku. Tylko zosatł mi ten antywirus AVIRA. Tylko jeszcze o to bym cię prosił, żeby mi pokazał jak go usunąć do zera. OK
Awatar użytkownika
toxek1
Forumowicz
Forumowicz
 
Posty: 33
Dołączenie: 09 Wrz 2006, 14:32
Miejscowość: Olsztyn

Postprzez pp3088 » 10 Wrz 2006, 20:10

PostUA:


Na to wygląda :) Eh najlepsze było jak wykryło mi wirka w pliku, którego nie było 0o

Zarzuć nowe logi bo mogło sporo się zmienić. Z Silneta też się by przydał.

Dla pewności przeleć skanerami online masz na ww.instalki.pl po lewej takie banerki ^^

Pozdrawiam
Awatar użytkownika
pp3088
Aktywny w piśmie
Aktywny w piśmie
 
Posty: 999
Dołączenie: 11 Sie 2006, 23:59
Miejscowość: Szczecin

Postprzez toxek1 » 10 Wrz 2006, 20:17

PostUA:


Log z Silent:

"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"BitTorrent" = ""C:Program FilesBitTorrentittorrent.exe" --force_start_minimized" [file not found]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"LaunchApp" = "Alaunch" ["Acer Inc."]
"IgfxTray" = "C:WINDOWSsystem32igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:WINDOWSsystem32hkcmd.exe" ["Intel Corporation"]
"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
"AzMixerSel" = "C:Program FilesRealtekInstallShieldAzMixerSel.exe" ["Realtek Semiconductor Corp."]
"PHIME2002A" = "C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName" [MS]
"PCMService" = ""C:Program FilesAcerAcer ArcadePCMService.exe"" ["CyberLink Corp."]
"EPM-DM" = "c:acerepmepm-dm.exe" ["Acer Inc"]
"ePowerManagement" = "C:AcerePMePM.exe boot" ["Acer Value Labs, Taiwan"]
"eRecoveryService" = "C:Program FilesAcereRecoveryMonitor.exe" ["acer Inc."]
"iPlusManager" = "C:Program FilesiPlusiPlusChecker.exe" [null data]
"CoolSwitch" = "C:WINDOWSsystem32 askswitch.exe" [null data]
"LManager" = "C:PROGRA~1LAUNCH~1QtZgAcer.EXE" ["Dritek System Inc."]
"SunJavaUpdateSched" = "C:Program FilesJavajre1.5.0_06injusched.exe" ["Sun Microsystems, Inc."]
"Outpost Firewall" = "C:Program FilesAgnitumOutpost Firewall 1.0outpost.exe /waitservice" ["Agnitum Ltd."]
"avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [null data]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "D:PROGRA~1SPYBOT~1SDHelper.dll" ["Safer Networking Limited"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesSynapticsSynTPSynTPCpl.dll" ["Synaptics, Inc."]
"{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}" = "EPM-PO Shell Extension"
-> {HKLM...CLSID} = "EPM-PO Shell Extensions"
InProcServer32(Default) = "epm-po.dll" ["Acer Labs USA"]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
InProcServer32(Default) = "C:Program FilesAheadInCDincdshx.dll" ["Nero AG"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]
"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "CorelDRAW Shell Extension Component"
-> {HKLM...CLSID} = "CorelDRAW Shell Extension Component"
InProcServer32(Default) = "D:Program FilesCorelCorel Graphics 11DRAWCDRVIEWERCrlShell110.dll" ["Corel Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
InProcServer32(Default) = "C:WINDOWSsystem32rowseui.dll" [MS]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
InProcServer32(Default) = "C:WINDOWSsystem32dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
InProcServer32(Default) = "C:WINDOWSsystem32dfshim.dll" [MS]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
-> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"
InProcServer32(Default) = "C:WINDOWSsystem32upnpui.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]
"{709C6E11-538F-4759-86AC-6ACB302AA0DE}" = "Desktop Manager"
-> {HKCU...CLSID} = "Desktop Manager"
InProcServer32(Default) = "C:WINDOWSsystem32msvdm.dll" [null data]
"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"
-> {HKCU...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32phototoys.dll" [MS]
"{efb97cb8-a4a4-4357-a261-002ffaed0267}" = "CD Slideshow Powertoy"
-> {HKCU...CLSID} = "CD Burn Slideshow Hook"
InProcServer32(Default) = "C:WINDOWSsystem32slideshow.dll" [MS]
"{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
InProcServer32(Default) = "C:PROGRA~1A-SQUA~1A2FREE~1.DLL" ["Emsi Software GmbH"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks
INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
InProcServer32(Default) = "C:PROGRA~1WINDOW~4MpShHook.dll" [MS]
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
InProcServer32(Default) = "C:Program Filesewido anti-spyware 4.0shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows
INFECTION WARNING! "AppInit_DLLs" = "C:PROGRA~1AGNITUMOUTPOS~1.0wl_hook.dll,C:WINDOWSsystem32wmfhotfix.dll" [file not found]

HKLMSystemCurrentControlSetControlSession Manager
INFECTION WARNING! "BootExecute" = "autocheck autochk *" [file not found], [MS], [file not found]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
INFECTION WARNING! igfxcuiDLLName = "igfxdev.dll" ["Intel Corporation"]

HKLMSoftwareClassesFoldershellexColumnHandlers
{7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
ASW(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
InProcServer32(Default) = "C:PROGRA~1AGNITUMOUTPOS~1.0op_shell.dll" ["Agnitum Ltd."]
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
ewido anti-spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
InProcServer32(Default) = "C:Program Filesewido anti-spyware 4.0context.dll" ["Anti-Malware Development a.s."]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
ASW(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
InProcServer32(Default) = "C:PROGRA~1AGNITUMOUTPOS~1.0op_shell.dll" ["Agnitum Ltd."]
ewido anti-spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
InProcServer32(Default) = "C:Program Filesewido anti-spyware 4.0context.dll" ["Anti-Malware Development a.s."]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
a2FreeContMenu(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}"
-> {HKLM...CLSID} = "a-squared Free Context Menu"
InProcServer32(Default) = "C:PROGRA~1A-SQUA~1A2FREE~1.DLL" ["Emsi Software GmbH"]
ASW(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
-> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
InProcServer32(Default) = "C:PROGRA~1AGNITUMOUTPOS~1.0op_shell.dll" ["Agnitum Ltd."]
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "C:Program FilesAntiVir PersonalEdition Classicshlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and Settings omekDane aplikacjiMozillaFirefoxTapeta pulpitu.bmp"


Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWS3DWORL~1.SCR" [file not found]


Startup items in "tomek" & "All Users" startup folders:
-------------------------------------------------------

C:Documents and SettingsAll UsersMenu StartProgramyAutostart
INFECTION WARNING! "Adobe Reader Speed Launch.lnk.disabled" [null data]
"Adobe Reader Speed Launch" -> shortcut to: "C:Program FilesAdobeAcrobat 7.0Reader eader_sl.exe" ["Adobe Systems Incorporated"]


Enabled Scheduled Tasks:
------------------------

"MP Scheduled Scan" -> launches: "C:Program FilesWindows DefenderMpCmdRun.exe Scan -RestrictPrivileges" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%system32 svpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpnyt.dll" ["Yahoo! Inc."]

Explorer Bars

HKCUSoftwareMicrosoftInternet ExplorerExplorer Bars
{21569614-B795-46B1-85F4-E737A8DC09AD}(Default) = (no title provided)
-> {HKLM...CLSID} = "Shell Search Band"
InProcServer32(Default) = "C:WINDOWSsystem32rowseui.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{44627E97-789B-40D4-B5C2-58BD171129A1}
"ButtonText" = "Szybkie dostosowywanie programu Outpost Firewall Pro"

{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apache2, Apache2, ""C:Program Filesxamppapacheinapache.exe" -k runservice" ["Apache Software Foundation"]
avast! Antivirus, avast! Antivirus, ""C:Program FilesAlwil SoftwareAvast4ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"]
CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe"" [empty string]
CyberLink Media Library Service, CyberLink Media Library Service, ""C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe"" ["Cyberlink"]
CyberLink Task Scheduler (CTS), CLSched, ""C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe"" [empty string]
EvtEng, EvtEng, "C:Program FilesIntelWirelessBinEvtEng.exe" ["Intel Corporation"]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:Program Filesewido anti-spyware 4.0guard.exe" ["Anti-Malware Development a.s."]
FileZilla Server FTP server, FileZilla Server, "C:Program FilesxamppFileZillaFTPFileZillaServer.exe" ["FileZilla Project"]
mysql, mysql, ""C:Program Filesxamppmysqlinmysqld-nt.exe" "--defaults-file=C:Program Filesxamppmysqlinmy.cnf" mysql" [null data]
Notebook Manager Service, anbmService, "C:AcereManageranbmServ.exe" ["OSA Technologies Inc."]
Outpost Firewall Service, OutpostFirewall, "C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe /service" ["Agnitum Ltd."]
RegSrvc, RegSrvc, "C:Program FilesIntelWirelessBinRegSrvc.exe" ["Intel Corporation"]
Spectrum24 Event Monitor, S24EventMonitor, "C:Program FilesIntelWirelessBinS24EvMon.exe" ["Intel Corporation "]
Windows Defender Service, WinDefend, ""C:Program FilesWindows DefenderMsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLMSystemCurrentControlSetControlPrintMonitors
Microsoft Shared Fax MonitorDriver = "FXSMON.DLL" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 27 seconds, including 2 seconds for message boxes)


I dam jeszcze z hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 20:16:55, on 2006-09-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSsystem32spoolsv.exe
C:AcereManageranbmServ.exe
C:WINDOWSExplorer.EXE
C:Program Filesxamppapacheinapache.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program Filesxamppapacheinapache.exe
C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLService.exe
C:Program Filesewido anti-spyware 4.0guard.exe
C:Program FilesxamppFileZillaFTPFileZillaServer.exe
C:Program Filesxamppmysqlinmysqld-nt.exe
C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesAcerAcer ArcadePCMService.exe
C:acerepmepm-dm.exe
C:Program FilesAcereRecoveryMonitor.exe
C:WINDOWSsystem32 askswitch.exe
C:Program FilesJavajre1.5.0_06injusched.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesiPlusiPlusFlashSkin.exe
C:Program FilesMozilla Firefoxfirefox.exe
D:hijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://global.acer.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [LaunchApp] Alaunch
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [PCMService] "C:Program FilesAcerAcer ArcadePCMService.exe"
O4 - HKLM..Run: [EPM-DM] c:acerepmepm-dm.exe
O4 - HKLM..Run: [ePowerManagement] C:AcerePMePM.exe boot
O4 - HKLM..Run: [eRecoveryService] C:Program FilesAcereRecoveryMonitor.exe
O4 - HKLM..Run: [iPlusManager] C:Program FilesiPlusiPlusChecker.exe
O4 - HKLM..Run: [CoolSwitch] C:WINDOWSsystem32 askswitch.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1QtZgAcer.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06injusched.exe
O4 - HKLM..Run: [Outpost Firewall] C:Program FilesAgnitumOutpost Firewall 1.0outpost.exe /waitservice
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKCU..Run: [BitTorrent] "C:Program FilesBitTorrentittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader eader_sl.exe
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:PROGRA~1AGNITUMOUTPOS~1.0PluginsBrowserBarie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2600350015
O17 - HKLMSystemCCSServicesTcpip..{CA4DBDBD-DEDC-4501-B202-B6C36B28D173}: NameServer = 212.2.96.51 212.2.96.52
O20 - AppInit_DLLs: C:PROGRA~1AGNITUMOUTPOS~1.0wl_hook.dll,C:WINDOWSsystem32wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:AcereManageranbmServ.exe
O23 - Service: Apache2 - Unknown owner - C:Program Filesxamppapacheinapache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: AVE Service (AVEService) - Unknown owner - C:Program FilesAVIRA DesktopAVESVC.EXE (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:Program Filesewido anti-spyware 4.0guard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:Program FilesxamppFileZillaFTPFileZillaServer.exe
O23 - Service: mysql - Unknown owner - C:Program Filesxamppmysqlinmysqld-nt.exe" "--defaults-file=C:Program Filesxamppmysqlinmy.cnf" mysql (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
O23 - Service: RegSrvc - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: SysEnforce - Unknown owner - C:PROGRA~1TRISNA~1SSISYSENF~1.EXE (file missing)
Awatar użytkownika
toxek1
Forumowicz
Forumowicz
 
Posty: 33
Dołączenie: 09 Wrz 2006, 14:32
Miejscowość: Olsztyn

Postprzez pp3088 » 10 Wrz 2006, 20:31

PostUA:


No to sprawy kosmetyczne :)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

Używasz Yahoo! Toolbar, jeśli nie to usuń
[High Definition Audio Property Page Shortcut]
[AzMixerSel] [PHIME2002A]
[PCMService]
[EPM-DM]
[ePowerManagement]
[eRecoveryService]
[iPlusManager]
[CoolSwitch]
[LManager]
[SunJavaUpdateSched]



Start>>uruchom>>msconfig>>zakąłdka uruchamianie odchaczykuj te wpisy i daj zastosuj, zbędniki, mulą autostart. Nie usunie Ci tych prgroamó tylko wyłączy je z automatycznego odpalania prz każdym starcie. Jeśli uważasz któregoś za niezbędny to zostaw

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe


Zbędny dodatek microsoftu, fix w hijacku.
O23 - Service: AVE Service (AVEService) - Unknown owner - C:Program FilesAVIRA DesktopAVESVC.EXE (file missing)


start>>uruchom>msconfig>>zakładka usługi znajdź ave service i odptaszkuj, jeżeli nie działa skopiuj komunikat.

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe


Hmm ten Cyber Link ostro zmula kompa, co użyuwasz tej firmy??
Awatar użytkownika
pp3088
Aktywny w piśmie
Aktywny w piśmie
 
Posty: 999
Dołączenie: 11 Sie 2006, 23:59
Miejscowość: Szczecin

Postprzez toxek1 » 10 Wrz 2006, 20:50

PostUA:


[AzMixerSel] [PHIME2002A] - co to jest, jest to coś ważnego ?? bo nie wiem czy mam odptaszkowac

jusched - czy moge to odptaszkować ?? wiem tylko ze to należy do javy

ave service - tego nie mogę odptaszkować bo tam tego nie ma !!

I mam acer jest to odpowiednik simenasa.


Dam jeszcze raz loga:

Logfile of HijackThis v1.99.1
Scan saved at 20:49:44, on 2006-09-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSsystem32spoolsv.exe
C:AcereManageranbmServ.exe
C:WINDOWSExplorer.EXE
C:Program Filesxamppapacheinapache.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program Filesxamppapacheinapache.exe
C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLService.exe
C:Program Filesewido anti-spyware 4.0guard.exe
C:Program FilesxamppFileZillaFTPFileZillaServer.exe
C:Program Filesxamppmysqlinmysqld-nt.exe
C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesAcerAcer ArcadePCMService.exe
C:acerepmepm-dm.exe
C:Program FilesAcereRecoveryMonitor.exe
C:WINDOWSsystem32 askswitch.exe
C:Program FilesJavajre1.5.0_06injusched.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesiPlusiPlusFlashSkin.exe
C:Program FilesMozilla Firefoxfirefox.exe
D:hijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://global.acer.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll
O4 - HKLM..Run: [LaunchApp] Alaunch
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run: [AzMixerSel] C:Program FilesRealtekInstallShieldAzMixerSel.exe
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [PCMService] "C:Program FilesAcerAcer ArcadePCMService.exe"
O4 - HKLM..Run: [EPM-DM] c:acerepmepm-dm.exe
O4 - HKLM..Run: [ePowerManagement] C:AcerePMePM.exe boot
O4 - HKLM..Run: [eRecoveryService] C:Program FilesAcereRecoveryMonitor.exe
O4 - HKLM..Run: [iPlusManager] C:Program FilesiPlusiPlusChecker.exe
O4 - HKLM..Run: [CoolSwitch] C:WINDOWSsystem32 askswitch.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1QtZgAcer.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06injusched.exe
O4 - HKLM..Run: [Outpost Firewall] C:Program FilesAgnitumOutpost Firewall 1.0outpost.exe /waitservice
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader eader_sl.exe
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:PROGRA~1AGNITUMOUTPOS~1.0PluginsBrowserBarie_bar.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2600350015
O17 - HKLMSystemCCSServicesTcpip..{CA4DBDBD-DEDC-4501-B202-B6C36B28D173}: NameServer = 212.2.96.51 212.2.96.52
O20 - AppInit_DLLs: C:PROGRA~1AGNITUMOUTPOS~1.0wl_hook.dll,C:WINDOWSsystem32wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:AcereManageranbmServ.exe
O23 - Service: Apache2 - Unknown owner - C:Program Filesxamppapacheinapache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: AVE Service (AVEService) - Unknown owner - C:Program FilesAVIRA DesktopAVESVC.EXE (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:Program Filesewido anti-spyware 4.0guard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:Program FilesxamppFileZillaFTPFileZillaServer.exe
O23 - Service: mysql - Unknown owner - C:Program Filesxamppmysqlinmysqld-nt.exe" "--defaults-file=C:Program Filesxamppmysqlinmy.cnf" mysql (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
O23 - Service: RegSrvc - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: SysEnforce - Unknown owner - C:PROGRA~1TRISNA~1SSISYSENF~1.EXE (file missing)
Awatar użytkownika
toxek1
Forumowicz
Forumowicz
 
Posty: 33
Dołączenie: 09 Wrz 2006, 14:32
Miejscowość: Olsztyn

Postprzez pp3088 » 10 Wrz 2006, 20:55

PostUA:


[AzMixerSel] [PHIME2002A] - co to jest, jest to coś ważnego ?? bo nie wiem czy mam odptaszkowac


Obsługa mixera(masz coś tkaiego?) i obsługa językó arabskich :P
jusched - czy moge to odptaszkować ?? wiem tylko ze to należy do javy


Tak można odptaszkować nie potrzebne na autostart

ave service - tego nie mogę odptaszkować bo tam tego nie ma !!


Wejdź w wyszukiwarke start>>wyszukiwarka i wpisz Avira i usuń wsyztkie pliki jakie tam znajdzie ze starego antywira
Awatar użytkownika
pp3088
Aktywny w piśmie
Aktywny w piśmie
 
Posty: 999
Dołączenie: 11 Sie 2006, 23:59
Miejscowość: Szczecin

Postprzez toxek1 » 10 Wrz 2006, 21:08

PostUA:


Jak szukał mi plików z avira to tylko były 3 pliki txti je usunołem. I nadal w hijackthis jest ten avira.


Logfile of HijackThis v1.99.1
Scan saved at 21:07:31, on 2006-09-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSsystem32spoolsv.exe
C:AcereManageranbmServ.exe
C:WINDOWSExplorer.EXE
C:Program Filesxamppapacheinapache.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program Filesxamppapacheinapache.exe
C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLService.exe
C:Program Filesewido anti-spyware 4.0guard.exe
C:Program FilesxamppFileZillaFTPFileZillaServer.exe
C:Program Filesxamppmysqlinmysqld-nt.exe
C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesAcerAcer ArcadePCMService.exe
C:acerepmepm-dm.exe
C:Program FilesAcereRecoveryMonitor.exe
C:WINDOWSsystem32 askswitch.exe
C:Program FilesJavajre1.5.0_06injusched.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesiPlusiPlusFlashSkin.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe
D:hijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://global.acer.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:PROGRA~1SPYBOT~1SDHelper.dll
O4 - HKLM..Run: [LaunchApp] Alaunch
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [PCMService] "C:Program FilesAcerAcer ArcadePCMService.exe"
O4 - HKLM..Run: [EPM-DM] c:acerepmepm-dm.exe
O4 - HKLM..Run: [ePowerManagement] C:AcerePMePM.exe boot
O4 - HKLM..Run: [eRecoveryService] C:Program FilesAcereRecoveryMonitor.exe
O4 - HKLM..Run: [iPlusManager] C:Program FilesiPlusiPlusChecker.exe
O4 - HKLM..Run: [CoolSwitch] C:WINDOWSsystem32 askswitch.exe
O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1QtZgAcer.EXE
O4 - HKLM..Run: [Outpost Firewall] C:Program FilesAgnitumOutpost Firewall 1.0outpost.exe /waitservice
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:PROGRA~1AGNITUMOUTPOS~1.0PluginsBrowserBarie_bar.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2600350015
O17 - HKLMSystemCCSServicesTcpip..{CA4DBDBD-DEDC-4501-B202-B6C36B28D173}: NameServer = 212.2.96.51 212.2.96.52
O20 - AppInit_DLLs: C:PROGRA~1AGNITUMOUTPOS~1.0wl_hook.dll,C:WINDOWSsystem32wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:AcereManageranbmServ.exe
O23 - Service: Apache2 - Unknown owner - C:Program Filesxamppapacheinapache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: AVE Service (AVEService) - Unknown owner - C:Program FilesAVIRA DesktopAVESVC.EXE (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:Program FilesAcerAcer ArcadeKernelTVCLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:Program FilesAcerAcer ArcadeKernelCLML_NTServiceCLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:Program Filesewido anti-spyware 4.0guard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:Program FilesxamppFileZillaFTPFileZillaServer.exe
O23 - Service: mysql - Unknown owner - C:Program Filesxamppmysqlinmysqld-nt.exe" "--defaults-file=C:Program Filesxamppmysqlinmy.cnf" mysql (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
O23 - Service: RegSrvc - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: SysEnforce - Unknown owner - C:PROGRA~1TRISNA~1SSISYSENF~1.EXE (file missing)
Awatar użytkownika
toxek1
Forumowicz
Forumowicz
 
Posty: 33
Dołączenie: 09 Wrz 2006, 14:32
Miejscowość: Olsztyn

Postprzez pp3088 » 10 Wrz 2006, 21:10

PostUA:


Czy ty woogóle zrobiłeś coś z tego u góry, oprócz wyszukania Avira??Zostawmy go narazie nie jest szkodliwy to resztka, a na takie logi to od patrzenia oczy bolą:/ Zrób to co pisałem u góry. Pozdro
Awatar użytkownika
pp3088
Aktywny w piśmie
Aktywny w piśmie
 
Posty: 999
Dołączenie: 11 Sie 2006, 23:59
Miejscowość: Szczecin

Postprzez toxek1 » 10 Wrz 2006, 21:14

PostUA:


Odznaczyłem co mi kazałeś.
Usunołem z rejestru to co kazałeś.
I czekam na dalsze wskazówki Master !!
;-]
Awatar użytkownika
toxek1
Forumowicz
Forumowicz
 
Posty: 33
Dołączenie: 09 Wrz 2006, 14:32
Miejscowość: Olsztyn

Postprzez pp3088 » 10 Wrz 2006, 21:16

PostUA:


No to się cieszę, że się zrozumieliśmy. Startujesz do awaryjnego F8 prz starcie systemu i robisz tma po kolei to co już mówiłem z tą AVIRĄ, nie ma prawa nie zadziałać:P
Awatar użytkownika
pp3088
Aktywny w piśmie
Aktywny w piśmie
 
Posty: 999
Dołączenie: 11 Sie 2006, 23:59
Miejscowość: Szczecin

Postprzez toxek1 » 11 Wrz 2006, 15:33

PostUA:


sory troche nie wiem co zrobić.

Mam zrobić resa i nacisnąć F8. Wejśc tan tryb awaryjny i mam w hijackthis
mam usunąc te 023...servis avria ??
Awatar użytkownika
toxek1
Forumowicz
Forumowicz
 
Posty: 33
Dołączenie: 09 Wrz 2006, 14:32
Miejscowość: Olsztyn

Postprzez pp3088 » 11 Wrz 2006, 15:49

PostUA:


Dobra zrobimy prościej start>>uruchom>>msconfig>>boot.ini>>zaznacz safeboot>>restart komputera

1.start>>uruchom>>msconfig>>usługi>>odptaszkowujesz AVIRA
2.Uruchamiasz Hijacka i usuwasz wpis 023.
3.Dajesz kontrolne logi.
Awatar użytkownika
pp3088
Aktywny w piśmie
Aktywny w piśmie
 
Posty: 999
Dołączenie: 11 Sie 2006, 23:59
Miejscowość: Szczecin

PoprzedniaNastępna

Powróć do P2P - Wymiana plików

Kto jest na forum

Zarejestrowani użytkownicy: Bing [Bot]