Log do sprawdzenia


(Barokim) #1

Witam. Nic specjalnego w moim komputerze się nie dzieje, ale lepiej dmuchać na zimne - co nleżało by tu sfixować??

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:29:27, on 2008-04-28

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:/WINDOWS/System32/smss.exe

C:/WINDOWS/system32/winlogon.exe

C:/WINDOWS/system32/services.exe

C:/WINDOWS/system32/lsass.exe

C:/WINDOWS/system32/svchost.exe

C:/WINDOWS/System32/svchost.exe

C:/WINDOWS/system32/LEXBCES.EXE

C:/WINDOWS/system32/spoolsv.exe

C:/WINDOWS/system32/LEXPPS.EXE

C:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus 7.0/avp.exe

C:/WINDOWS/system32/nvsvc32.exe

C:/WINDOWS/system32/PnkBstrA.exe

C:/WINDOWS/Explorer.EXE

C:/Program Files/D-Tools/daemon.exe

C:/Program Files/FlashGet/flashget.exe

C:/WINDOWS/SOUNDMAN.EXE

C:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus 7.0/avp.exe

C:/Program Files/Java/jre1.6.0_05/bin/jusched.exe

C:/Program Files/Winamp/winampa.exe

C:/Program Files/Common Files/Real/Update_OB/realsched.exe

C:/Program Files/Gadu-Gadu/gg.exe

C:/WINDOWS/system32/ctfmon.exe

C:/Documents and Settings/Administrator/Ustawienia lokalne/Dane aplikacji/qufib.exe

C:/Program Files/Trend Micro/HijackThis/HijackThis.exe

C:/Program Files/Mozilla Firefox/firefox.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.neostrada.pl

R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Program Files/Common Files/Adobe/Acrobat/ActiveX/AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:/Program Files/Skype/Toolbars/Internet Explorer/SkypeIEPlugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:/Program Files/FlashGet/jccatch.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:/Program Files/Real/RealPlayer/rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:/Program Files/BitComet/tools/BitCometBHO_1.1.3.28.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:/PROGRA~1/MEGAUP~2/MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:/Program Files/Java/jre1.6.0_05/bin/ssv.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:/Program Files/TGTSoft/StyleXP/TGT_BHO.dll

O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:/Program Files/Kwyshell/MidpX/JadInvoker/MidpInvoker.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:/Program Files/FlashGet/getflash.dll

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:/Program Files/Kwyshell/MidpX/JadInvoker/MidpInvoker.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:/PROGRA~1/MEGAUP~2/MEGAUP~1.DLL

O4 - HKLM/../Run: [DAEMON Tools-1033] "C:/Program Files/D-Tools/daemon.exe" -lang 1033

O4 - HKLM/../Run: [Flashget] C:/Program Files/FlashGet/flashget.exe /min

O4 - HKLM/../Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/system32/NvCpl.dll,NvStartup

O4 - HKLM/../Run: [AVP] "C:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus 7.0/avp.exe"

O4 - HKLM/../Run: [sunJavaUpdateSched] "C:/Program Files/Java/jre1.6.0_05/bin/jusched.exe"

O4 - HKLM/../Run: [WinampAgent] C:/Program Files/Winamp/winampa.exe

O4 - HKLM/../Run: [TkBellExe] "C:/Program Files/Common Files/Real/Update_OB/realsched.exe" -osboot

O4 - HKCU/../Run: [sTYLEXP] C:/Program Files/TGTSoft/StyleXP/StyleXP.exe -Hide

O4 - HKCU/../Run: [Gadu-Gadu] "C:/Program Files/Gadu-Gadu/gg.exe" /tray

O4 - HKCU/../Run: [CTFMON.EXE] C:/WINDOWS/system32/ctfmon.exe

O4 - HKCU/../Run: [qufib] c:/documents and settings/administrator/ustawienia lokalne/dane aplikacji/qufib.exe qufib

O4 - HKUS/S-1-5-19/../Run: [CTFMON.EXE] C:/WINDOWS/system32/CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS/S-1-5-19/../RunOnce: [nLite] %systemroot%/inf/nlite.cmd (User 'USŁUGA LOKALNA')

O4 - HKUS/S-1-5-20/../Run: [CTFMON.EXE] C:/WINDOWS/system32/CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS/S-1-5-20/../RunOnce: [tscuninstall] %systemroot%/system32/tscupgrd.exe (User 'USŁUGA SIECIOWA')

O4 - HKUS/S-1-5-18/../Run: [CTFMON.EXE] C:/WINDOWS/system32/CTFMON.EXE (User 'SYSTEM')

O4 - HKUS/S-1-5-18/../RunOnce: [tscuninstall] %systemroot%/system32/tscupgrd.exe (User 'SYSTEM')

O4 - HKUS/.DEFAULT/../Run: [CTFMON.EXE] C:/WINDOWS/system32/CTFMON.EXE (User 'Default user')

O4 - HKUS/.DEFAULT/../RunOnce: [tscuninstall] %systemroot%/system32/tscupgrd.exe (User 'Default user')

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZNfox000

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:/Program Files/FlashGet/jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:/Program Files/FlashGet/jc_all.htm

O8 - Extra context menu item: Download all links using BitComet - res://C:/Program Files/BitComet/BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:/Program Files/BitComet/BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:/Program Files/BitComet/BitComet.exe/AddLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:/PROGRA~1/MICROS~2/Office12/EXCEL.EXE/3000

O8 - Extra context menu item: Link to &MidpX - C:/Program Files/Kwyshell/MidpX/JadInvoker/Extent/jad_wrap.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/Program Files/Java/jre1.6.0_05/bin/ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/Program Files/Java/jre1.6.0_05/bin/ssv.dll

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus 7.0/SCIEPlgn.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:/Program Files/Skype/Toolbars/Internet Explorer/SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/PROGRA~1/MICROS~2/Office12/REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:/Program Files/FlashGet/FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:/Program Files/FlashGet/FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe

O17 - HKLM/System/CCS/Services/Tcpip/../{14CA4BE1-C2D5-4DEC-AAEE-B27FABD48157}: NameServer = 213.241.79.37 83.238.255.76

O17 - HKLM/System/CS1/Services/Tcpip/../{14CA4BE1-C2D5-4DEC-AAEE-B27FABD48157}: NameServer = 213.241.79.37 83.238.255.76

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:/PROGRA~1/COMMON~1/Skype/SKYPE4~1.DLL

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus 7.0/avp.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:/Program Files/Common Files/Macrovision Shared/FLEXnet Publisher/FNPLicensingService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:/WINDOWS/system32/LEXBCES.EXE

O23 - Service: LGN - Unknown owner - C:/DOCUME~1/ADMINI~1/USTAWI~1/Temp/LGN.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:/WINDOWS/system32/nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:/WINDOWS/system32/PnkBstrA.exe

--

End of file - 7853 bytes


(Gutek) #2

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

Najpierw automat - daj log z ComboFix


(huber2t) #3

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:/documents and settings/administrator/ustawienia lokalne/dane aplikacji/qufib.exe

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.