Flajo16 Zverejnené 26. Január, 2007 Zverejnené 26. Január, 2007 Logfile of HijackThis v1.99.1 Scan saved at 12:16:38, on 26. 1. 2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\TULA\LOCALS~1\TEMP\{BA820A24-704B-428D-9904-71A10DAC1372}\qttask.exe E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\vsnpstd.exe E:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\PROGRA~1\MESSEN~1\Msmsgs.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe E:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe E:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\dwwin.exe E:\Program Files\totalcmd\TOTALCMD.EXE H:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azet.sk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\windows\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [QuickTime Task] "C:\DOCUME~1\TULA\LOCALS~1\TEMP\{BA820A24-704B-428D-9904-71A10DAC1372}\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] E:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [HPHUPD08] E:\Program Files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [iCQ Lite] "E:\Program Files\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVG7\avgemc.exe O4 - HKLM\..\Run: [AVG7_RegCleaner] E:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background O4 - HKCU\..\Run: [OM_Monitor] E:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [LoadWatcher] Test O4 - HKCU\..\RunOnce: [iCQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B23EB306-3A10-4A03-89D7-B9094D52ED5A}: NameServer = 195.168.1.2 195.168.1.6 O20 - Winlogon Notify: msldr32 - C:\WINDOWS\SYSTEM32\msldr32.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Sniper Zverejnené 26. Január, 2007 Zverejnené 26. Január, 2007 Tento proces: C:WINDOWSvsnpstd.exe nepoznám. Podľa záznamov by to malo byť niečo s web kamerou. Ak máš, alebo si inštaloval drivery na web kameru tak by to malo byť bezpečné. Tento proces: O20 - Winlogon Notify: msldr32 - C:\WINDOWS\SYSTEM32\msldr32.dll je už zrejme niečo horšie. Najprv to skús odstrániť nejakým antispyware, stiahni si SpyBot Search and Destroy, aktualizuj ho a preskenuj systém. Odporúčam si stiahnúť aj CWShredder, ktorým tiež preskenuj systém (pri teste stlač Fix). Potom reštartuj PC a spusť znovu HijackThis. Ak tam budeš mať stále túto hodnotu: O20 - Winlogon Notify: msldr32 - C:\WINDOWS\SYSTEM32\msldr32.dll tak ju v HijackThis fixni a reštartuj PC v núdzovom režime. V zložke C:\WINDOWS\SYSTEM32\ nájdi súbor msldr32.dll a zmaž ho. Potom normálne reštartuj PC a už by všetko malo byť v poriadku.
Odporúčané príspevky
Vytvorte si účet alebo sa prihláste, aby ste mohli písať príspevky
Ak chcete odoslať príspevok, musíte byť členom
Vytvoriť konto
Zaregistrujte si nový účet v našej komunite. Je to ľahké!
Zaregistrovať si nové kontoPrihlásiť sa
Máte už konto? Prihláste sa tu.
Prihlásiť sa teraz