Axel_15
(Axel 14)
21 Listopad 2006 11:29
#1
Witam.
Otoz komp mi chodzi masakrycznie, tnie sie itp. Nie moge sie zalogowac na wiekszosc meili (onet,wp,interia, gmail dziala jedynie) Za kazdym razem gdy sie zaloguje np. na forum to przy nastepnym wejsciu znow musze sie logowac
Logfile of HijackThis v1.99.1 Scan saved at 12:28:48, on 2006-11-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.418.0\QOELoader.exe C:\PROGRA~1\Wapster\AQQ\AQQ.exe C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe C:\Program Files\foobar2000\foobar2000.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\WgaTray.exe C:\Documents and Settings\Axel\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe” O4 - HKLM…\Run: [cctray] “C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe” O4 - HKLM…\Run: [CAVRID] “C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe” O4 - HKLM…\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl O4 - HKLM…\Run: [capfaem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe O4 - HKLM…\Run: [QOELOADER] “C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.418.0\QOELoader.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - Startup: Neo.lnk = ? O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{B94BE138-B924-48EC-84A2-E6BE6DBCB828}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit” [MS] “AQQ” = “C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [“AQQ Sp. z o.o.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “AudioDeck” = "C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 " [“VIA Technologies, Inc.”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “RegistryMechanic” = “(empty string)” [file not found] “cctray” = ““C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe”” [“CA, Inc.”] “(Default)” = “(empty string)” [file not found] “CAVRID” = ““C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe”” [“CA, Inc.”] “cafwc” = “C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl” [“CA, Inc.”] “capfaem” = “C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe” [“CA, Inc.”] “QOELOADER” = ““C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.0.418.0\QOELoader.exe”” [“CA”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll” [“Alcohol Soft Development Team”] “{1CE2AA40-1317-11D3-9922-00104B0AD431}” = “CA_AntiVirus” -> {HKLM…CLSID} = “CA_AntiVirus” \InProcServer32(Default) = “C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll” [“CA, Inc.”] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> PFW\DLLName = “UmxWnp.Dll” [“CA”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ CA_AntiVirus(Default) = “{1CE2AA40-1317-11D3-9922-00104B0AD431}” -> {HKLM…CLSID} = “CA_AntiVirus” \InProcServer32(Default) = “C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll” [“CA, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ CA_AntiVirus(Default) = “{1CE2AA40-1317-11D3-9922-00104B0AD431}” -> {HKLM…CLSID} = “CA_AntiVirus” \InProcServer32(Default) = “C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\avshlext.dll” [“CA, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Axel\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “Axel” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\Axel\Menu Start\Programy\Autostart “Neo” -> shortcut to: “” [file not found] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “gwum” -> shortcut to: “C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe” [empty string] Enabled Scheduled Tasks: ------------------------ “CAAntiSpywareScan_Daily as Axel at 14 35” -> launches: “C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /showScan” [“CA, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\VetRedir.dll [“Computer Associates International, Inc.”], 01 - 03, 17 %SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ CA Pest Patrol Realtime Protection Service, ITMRTSVC, ““C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe”” [“CA, Inc.”] CAISafe, CAISafe, “C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe” [“Computer Associates International, Inc.”] HIPS Configuration Interpreter, UmxCfg, ““C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe”” [“CA”] HIPS Event Manager, UmxAgent, ““C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe”” [“CA”] HIPS Firewall Helper, UmxFwHlp, ““C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe”” [“CA”] HIPS Policy Manager, UmxPol, ““C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe”” [“CA”] StarWind iSCSI Service, StarWindService, “C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”] VET Message Service, VETMSGNT, “C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe” [“CA, Inc.”] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 24 seconds. ---------- (total run time: 117 seconds)
JNJN
(JNJN)
21 Listopad 2006 13:10
#2
Proszę zmienić temat postu na konkretny i używać polskich znaków,opcja zmień i popraw.JNJN
Bieniol
(Bbieniol)
21 Listopad 2006 16:17
#3
Usuń kosmetycznie ten wpis:
Opisz dokładniej problem