Log hijackthis
Last Updated: Jun 23 2006 10:19, Started by
luapsogard
, Jun 10 2006 18:09
·
0
#1
Posted 10 June 2006 - 18:09
Logfile of HiJackThis v1.99.1
Scan saved at 19:01:47, on 10.06.2003 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\htpatch.exe C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe C:\Program Files\Samsung\Digimax Viewer 2.0\STImgBrowser.exe C:\Program Files\AVerTV\QuickTV.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\DENYSA\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {EC206636-B2AF-295A-A60C-94044BBC2B22} - TorontoMail.dll (file missing) R3 - URLSearchHook: (no name) - {8898C043-E36A-C4AB-7C4B-28CE64B0DB95} - FLKPT.dll (file missing) F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file) O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [CleanIt] C:\Program Files\CleanIt\cleanit.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe" O4 - Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe O4 - Global Startup: Digimax Viewer 2.0.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangoc...ece5b5b666353a7 O17 - HKLM\System\CCS\Services\Tcpip\..\{3F811D8E-9BFF-4559-8517-2E885875CD5E}: NameServer = 85.255.115.37,85.255.112.93 O17 - HKLM\System\CCS\Services\Tcpip\..\{3FB9C67E-5E05-4D8A-B0CA-F8F50E2696BD}: NameServer = 193.231.233.8 193.231.233.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{A28996D2-F217-42EF-A9E2-7EDA86D3A8DE}: NameServer = 85.255.115.37,85.255.112.93 O17 - HKLM\System\CCS\Services\Tcpip\..\{CDD9013E-08AE-4012-ACB6-5E32A375D399}: NameServer = 85.255.115.37,85.255.112.93 O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Multumesc! |
#2
Posted 10 June 2006 - 19:33
1.Download SmithFraudFix .
- Dezarhiveaza pe desktop. - deschide folderul dezarhivat si dublu click pe smithfraud.cmd - alege optiunea 1 (scrie 1 si apasa enter) - la sfarsitul scanarii va aparea un log (C:\rapport.txt), copiaza ce scrie in logul rezultat si pune aici impreuna cu un nou log de HiJackThis. Nota: Dezactiveaza antivirusul, pentru ca unii antivirusi s-ar putea sa detecteze process.exe ca un risktool desi nu e nici o problema. 2.Deschide hijackthis, fa un scan, bifeaz urmatoarele linii: R3 - URLSearchHook: (no name) - {EC206636-B2AF-295A-A60C-94044BBC2B22} - TorontoMail.dll (file missing) R3 - URLSearchHook: (no name) - {8898C043-E36A-C4AB-7C4B-28CE64B0DB95} - FLKPT.dll (file missing) O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file) O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangoc...ece5b5b666353a7 si apasa "fix checked" Dupa ce ai efectuat aceste operatiuni pune logul smithfraudfix + un nou log hijackthis Edited by SE7EN, 10 June 2006 - 19:34. |
#3
Posted 10 June 2006 - 20:18
Esti un domn!
SmitFraudFix v2.58 Scan done at 21:11:50,73, 10.06.2003 Run from C:\Documents and Settings\DENYSA\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\atmclk.exe FOUND ! C:\WINDOWS\system32\dcomcfg.exe FOUND ! C:\WINDOWS\system32\hp???.tmp FOUND ! C:\WINDOWS\system32\hp????.tmp FOUND ! C:\WINDOWS\system32\icima.dll FOUND ! C:\WINDOWS\system32\ld????.tmp FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\regperf.exe FOUND ! C:\WINDOWS\system32\simpole.tlb FOUND ! C:\WINDOWS\system32\stdole3.tlb FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DENYSA\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DENYSA\FAVORI~1 C:\DOCUME~1\DENYSA\FAVORI~1\Antivirus Test Online.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Security Toolbar\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="about:Home" "SubscribedURL"="about:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of HiJackThis v1.99.1 Scan saved at 21:15:16, on 10.06.2003 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\htpatch.exe C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe C:\Program Files\Samsung\Digimax Viewer 2.0\STImgBrowser.exe C:\Program Files\AVerTV\QuickTV.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\DENYSA\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [CleanIt] C:\Program Files\CleanIt\cleanit.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe" O4 - Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe O4 - Global Startup: Digimax Viewer 2.0.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3F811D8E-9BFF-4559-8517-2E885875CD5E}: NameServer = 85.255.115.37,85.255.112.93 O17 - HKLM\System\CCS\Services\Tcpip\..\{3FB9C67E-5E05-4D8A-B0CA-F8F50E2696BD}: NameServer = 193.231.233.1 193.231.233.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{A28996D2-F217-42EF-A9E2-7EDA86D3A8DE}: NameServer = 85.255.115.37,85.255.112.93 O17 - HKLM\System\CCS\Services\Tcpip\..\{CDD9013E-08AE-4012-ACB6-5E32A375D399}: NameServer = 85.255.115.37,85.255.112.93 O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
#4
Posted 10 June 2006 - 21:27
Deschide SmithfraudFix.cmd din nou scrie 2 si apasa enter. Alege "yes" la toate intrebarile.
Fa un scan cu kasperski si pune logul aici.La fel un nou lgo de hijackthis Edited by SE7EN, 10 June 2006 - 21:30. |
#5
Posted 11 June 2006 - 10:46
Logfile of HiJackThis v1.99.1
Scan saved at 11:43:43, on 11.06.2003 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\htpatch.exe C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe C:\Program Files\Samsung\Digimax Viewer 2.0\STImgBrowser.exe C:\Program Files\AVerTV\QuickTV.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\DENYSA\Desktop\HijackThis.exe F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [CleanIt] C:\Program Files\CleanIt\cleanit.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe" O4 - Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe O4 - Global Startup: Digimax Viewer 2.0.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3F811D8E-9BFF-4559-8517-2E885875CD5E}: NameServer = 85.255.115.37,85.255.112.93 O17 - HKLM\System\CCS\Services\Tcpip\..\{3FB9C67E-5E05-4D8A-B0CA-F8F50E2696BD}: NameServer = 193.231.233.8 193.231.233.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{A28996D2-F217-42EF-A9E2-7EDA86D3A8DE}: NameServer = 85.255.115.37,85.255.112.93 O17 - HKLM\System\CCS\Services\Tcpip\..\{CDD9013E-08AE-4012-ACB6-5E32A375D399}: NameServer = 85.255.115.37,85.255.112.93 O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Log KAV Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindUpdates.zip/AdTools.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindUpdates.zip ZIP: suspicious - 1 skipped |
#8
Posted 22 June 2006 - 12:15
Mai am o problema pe alt calculator. Daca se poate...
Logfile of HiJackThis v1.99.1 Scan saved at 3:11:24 AM, on 6/22/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WIND\System32\smss.exe C:\WIND\system32\winlogon.exe C:\WIND\system32\services.exe C:\WIND\system32\lsass.exe C:\WIND\system32\svchost.exe C:\WIND\System32\svchost.exe C:\WIND\system32\spoolsv.exe C:\WIND\Explorer.EXE C:\WIND\System32\atmclk.exe C:\WIND\System32\dcomcfg.exe C:\Program Files\Winamp\winampa.exe C:\WIND\System32\ctfmon.exe C:\winstall.exe C:\Program Files\Eset\nod32krn.exe C:\WIND\System32\nvsvc32.exe C:\WIND\system32\srvany.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WIND\system32\resetservice.exe C:\WIND\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE c:\ann.exe C:\Documents and Settings\domi\Desktop\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WIND\System32\hp100.tmp O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WIND\System32\hp100.tmp O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WIND\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WIND\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WIND\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WIND\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [funk] funk.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WIND\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WIND\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WIND\web\related.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6D392F58-4F99-468D-8E0B-5E306F1D9973}: NameServer = 85.255.115.85,85.255.112.236 O17 - HKLM\System\CCS\Services\Tcpip\..\{9E216420-2404-4586-9279-91371E262CF5}: NameServer = 85.255.115.85,85.255.112.236 O17 - HKLM\System\CCS\Services\Tcpip\..\{F67E5FED-67F1-4CEC-A355-D3DF018D2841}: NameServer = 193.231.238.2 193.231.238.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: reset5 - C:\WIND\SYSTEM32\reset5.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WIND\System32\vbsys2.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WIND\System32\nvsvc32.exe O23 - Service: Reset 5 - Unknown owner - C:\WIND\system32\srvany.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Multumesc |
#9
Posted 22 June 2006 - 20:34
Imi pare rau la al doilea PC nu te pot ajuta pentru ca se pare ca folosesti o copie ilegala de Windows.
Primul PC mai are o problema. Posteaza log proaspat ca sa o putem fixa. |
#10
Posted 23 June 2006 - 10:19
OK. Nici o problema. Oricum nu-i al meu al doilea.
De fapt nici primul. De-aia nici nu pot sa pun momentan un nou log iar proprietarul nu stie cum. Revin cand se poate. Multumesc! |
|
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users