Komp muli proszę o pomoc log

jak w temacie oto log

Logfile of HijackThis v1.99.1

Scan saved at 20:46:22, on 2008-10-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CardDetector\ICON225\CardDetector.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe

C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe

C:\Program Files\OrangeBS\BEWInternet-PL\PhoneTools\TextMessaging.exe

C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\ppp\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [Lexmark X6100 Series] “C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe”

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe

O4 - HKLM…\Run: [bEWINTERNET-PLSessionManager] C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe

O4 - HKLM…\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM…\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM…\Run: [sSBkgdUpdate] “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot

O4 - HKLM…\Run: [OpwareSE4] “C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe”

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O17 - HKLM\System\CCS\Services\Tcpip…{13E3D48D-1203-4EAB-93E1-5CAD7AEB5783}: NameServer = 10.1.1.1

O17 - HKLM\System\CCS\Services\Tcpip…{E4C6C256-753C-4C31-B92D-3CD73BCE0E75}: NameServer = 217.116.100.65 217.116.100.66

O17 - HKLM\System\CS2\Services\Tcpip…{13E3D48D-1203-4EAB-93E1-5CAD7AEB5783}: NameServer = 10.1.1.1

O17 - HKLM\System\CS3\Services\Tcpip…{13E3D48D-1203-4EAB-93E1-5CAD7AEB5783}: NameServer = 10.1.1.1

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Czysto.

Daj log z -----> ComboFix (niżej na stronie linku)

==============================

K.

ComboFix 08-10-04.01 - ppp 2008-10-04 22:50:12.2 - NTFSx86

Uruchomiony z: D:\ComboFix.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA!!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Documents and Settings\ppp\Cookies\ppp@addserver.allegro[2].txt

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NTMLSVC

-------\Service_NtmlSvc

((((((((((((((((((((((((( Pliki utworzone od 2008-09-04 do 2008-10-04 )))))))))))))))))))))))))))))))

.

2008-09-29 17:32 . 2008-09-29 17:32 412 --a------ C:\WINDOWS\MAXLINK.INI

2008-09-29 17:31 . 2008-09-29 17:31

2008-09-29 17:31 . 2008-09-29 17:31

2008-09-29 17:31 . 2008-09-29 17:31

2008-09-29 17:31 . 2008-09-29 17:31

2008-09-29 17:30 . 2008-09-29 17:30

2008-09-29 17:28 . 2008-09-29 17:28

2008-09-29 17:25 . 2008-09-29 17:25

2008-09-29 17:25 . 2007-03-18 22:00 215,040 --a------ C:\WINDOWS\system32\CNMLM8T.DLL

2008-09-29 17:24 . 2008-09-29 17:24

2008-09-29 17:24 . 2008-09-29 17:24

2008-09-29 17:24 . 2007-03-23 09:30 1,400,832 --a------ C:\WINDOWS\system32\CNC220C.DLL

2008-09-29 17:24 . 2007-03-19 03:18 200,704 --a------ C:\WINDOWS\system32\CNC220L.DLL

2008-09-29 17:24 . 2007-03-15 07:12 188,416 --a------ C:\WINDOWS\system32\CNC220O.DLL

2008-09-29 17:24 . 2007-03-23 09:29 98,304 --a------ C:\WINDOWS\system32\CNC220I.DLL

2008-09-29 17:23 . 2008-09-29 17:33

2008-09-25 16:19 . 2008-09-25 16:19

2008-09-25 16:19 . 2006-03-01 18:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll

2008-09-25 16:19 . 2003-09-23 10:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys

2008-09-25 16:19 . 2006-03-01 18:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys

2008-09-25 16:13 . 2008-09-25 16:13

2008-09-25 16:13 . 2003-03-19 04:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2008-09-25 16:12 . 2007-11-14 00:29 95,744 -ra------ C:\WINDOWS\system32\drivers\Gt51Ip.sys

2008-09-25 16:12 . 2007-11-14 00:29 8,064 -ra------ C:\WINDOWS\system32\drivers\gtptser.sys

2008-09-25 16:11 . 2007-11-14 00:29 51,968 -ra------ C:\WINDOWS\system32\drivers\gt72ubus.sys

2008-09-25 16:10 . 2008-09-25 16:10

2008-09-19 16:03 . 2008-09-19 16:04

2008-09-19 15:59 . 2008-09-19 17:23

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-04 21:06 --------- d-----w C:\Documents and Settings\ppp\Dane aplikacji\Skype

2008-09-29 15:31 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-08-17 13:54 --------- d-----w C:\Program Files\Satel

2008-08-13 09:16 --------- d-----w C:\Program Files\MatematykaDlaDzieci

2008-08-13 09:02 --------- d-----w C:\Program Files\Angielski dla dzieci

2007-03-21 16:25 3,106 ----a-w C:\Program Files\install.ini

2004-07-15 11:11 89,080 ----a-w C:\Program Files\install.bmp

2004-06-25 13:30 159,744 ----a-w C:\Program Files\uninstall.exe

2004-03-11 12:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

2002-07-22 11:39 8,132,648 ----a-w C:\Program Files\m4.wav

2002-07-22 11:38 9,520,136 ----a-w C:\Program Files\m1.wav

2002-07-22 11:38 13,358,856 ----a-w C:\Program Files\m2.wav

2002-07-22 11:31 8,771,880 ----a-w C:\Program Files\m3.wav

2002-06-20 14:22 51 ----a-w C:\Program Files\am.url

1999-09-14 18:30 357,888 ----a-w C:\Program Files\KM.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-02-05 25451048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2004-10-29 4620288]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2004-10-29 86016]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 155648]

“Lexmark X6100 Series”=“C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe” [2003-09-23 57344]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-15 35328]

“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2008-09-26 579584]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 132496]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2008-01-31 282624]

“CardDetectorICON225”=“C:\Program Files\CardDetector\ICON225\CardDetector.exe” [2007-11-14 278528]

“BEWINTERNET-PLSessionManager”=“C:\Program Files\OrangeBS\BEWInternet-PL\SessionManager\SessionManager.exe” [2008-01-08 107248]

“CanonSolutionMenu”=“C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe” [2007-05-14 644696]

“CanonMyPrinter”=“C:\Program Files\Canon\MyPrinter\BJMyPrt.exe” [2007-04-03 1603152]

“SSBkgdUpdate”=“C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2006-10-25 210472]

“OpwareSE4”=“C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe” [2007-02-04 79400]

“SoundMan”=“SOUNDMAN.EXE” [2004-11-15 C:\WINDOWS\SOUNDMAN.EXE]

“nwiz”=“nwiz.exe” [2004-10-29 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-09-28 443968]

“AVG7_Run”=“C:\PROGRA~1\Grisoft\AVG7\avgw.exe” [2007-12-17 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.I420”= i420vfw.dll

“VIDC.X264”= x264vfw.dll

“VIDC.HFYU”= huffyuv.dll

“vidc.i263”= i263_32.drv

“vidc.yv12”= yv12vfw.dll

“msacm.l3fhg”= mp3fhg.acm

“msacm.imc”= imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Grisoft\AVG7\avginet.exe”=

“C:\Program Files\Grisoft\AVG7\avgamsvr.exe”=

“C:\Program Files\Grisoft\AVG7\avgcc.exe”=

“C:\Program Files\Grisoft\AVG7\avgemc.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

“C:\Program Files\OrangeBS\BEWInternet-PL\Connectivity\ConnectivityManager.exe”=

R1 UserPort;UserPort;C:\WINDOWS\system32\Drivers\UserPort.sys [2000-11-28 4256]

R3 GT72NDISIPXP;GT 72 IP NDIS;C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys [2007-11-14 95744]

R3 GT72UBUS;GT 72 U BUS;C:\WINDOWS\system32\DRIVERS\gt72ubus.sys [2007-11-14 51968]

R3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-11-14 8064]

S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ab1db074-ac43-11dc-b939-00304f53305b}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ab1db075-ac43-11dc-b939-00304f53305b}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b16d8cd0-8b0b-11dd-b9df-00304f53305b}]

\Shell\AutoRun\command - G:\AutoRunCardDetector.exe

.

.

------- Skan uzupełniający -------

.

FireFox -: Profile - C:\Documents and Settings\ppp\Dane aplikacji\Mozilla\Firefox\Profiles\rxct2jol.default\

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-04 23:05:14

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe

C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\OrangeBS\BEWInternet-PL\Systray\SystrayApp.exe

C:\Program Files\OrangeBS\BEWInternet-PL\Connectivity\ConnectivityManager.exe

C:\Program Files\OrangeBS\BEWInternet-PL\Connectivity\corecom\CoreCom.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Program Files\OrangeBS\BEWInternet-PL\Connectivity\corecom\OraConfigRecover.exe

.

**************************************************************************

.

Czas ukończenia: 2008-10-04 23:09:10 - komputer został uruchomiony ponownie [ppp]

ComboFix-quarantined-files.txt 2008-10-04 21:09:04

Przed: 7,769,706,496 bajtów wolnych

Po: 9,188,425,728 bajtów wolnych

169

Pobierz ComboFix, ale nie uruchamiaj

Otwórz notatnik i wklej do niego:

Driver::

AvFlt


Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab1db074-ac43-11dc-b939-00304f53305b}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab1db075-ac43-11dc-b939-00304f53305b}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b16d8cd0-8b0b-11dd-b9df-00304f53305b}]

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu->

cfscript10uc2.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link

aniak.82 ,

“Komp muli” - to ujdzie w rozmowie z kolegami - tytuł tematu winien być konkretny, zrozumiały. Zapoznaj się z tematem Ważny komunikat dotyczący tytułowania tematów - popraw tytuł na konkretny, mówiący o problemie. W celu dokonania zaleconej korekty - proszę użyć przycisku ac7a4cd89050aa6e.gif

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów w tym dziale, przeczytaj i stosuj się do Tematu