Log HijacThis - dwa problemy

fi_dell · 24 Grudzień 2006 13:45

Dwie rzeczy szczególnie mnie niepokoją; komunikat Critical system warning - wykrzyknik w żółtym trójkąciku oraz mrugający na zmianę z ikonką dysku znak zapytania wyswietlający komunikat System Alert. Proszę bardzo o pomoc w pozbyciu się tego. Wesołych Świąt

Logfile of HijackThis v1.99.1 Scan saved at 14:48:14, on 2006-12-24 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Video ActiveX Object\isamonitor.exe C:\Program Files\Video ActiveX Object\pmsngr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Video ActiveX Object\isamini.exe C:\Program Files\Video ActiveX Object\pmmon.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE c:\program files\panda software\panda platinum 2006 internet security\WebProxy.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Opera\Opera.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimreal.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe C:\DOCUME~1\BUDZYN~1\USTAWI~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\BUDZYN~1\USTAWI~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\BUDZYN~1\USTAWI~1\Temp\Rar$EX00.547\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Program Files\Video ActiveX Object\isaddon.dll O2 - BHO: ChangerBHO Class - {1D4C7057-EAD2-44C6-AD18-9092905F28F1} - C:\WINDOWS\system32\acledita.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: WeeklyExecuter Class - {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - C:\WINDOWS\inetloader.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: SpoofBHO Class - {a62d2213-2d9b-4d25-b52d-0bc282501d5b} - C:\WINDOWS\se_spoof.dll (file missing) O2 - BHO: Clicker Class - {A97B5EF1-CA64-466F-AC40-F770ED52DB92} - C:\WINDOWS\system32\mscoriezz.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE” /s O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [sCANINICIO] “C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe” O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\Budzynski\Ustawienia lokalne\Temp{A6F6894C-9FC7-4668-97A6-9C33C9EBC8DB}{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packa … anager.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{A3A2BC22-C353-4F1C-9E7F-F2EA8186D108}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\System32\cthkpcv.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\BUDZYN~1\USTAWI~1\Temp\hpdj.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe O23 - Service: WPEServ - Unknown owner - C:\Program Files\Common Files\WPE\wpeserv.exe

Bieniol · 24 Grudzień 2006 13:51

Użyj narzędzia -> SmitFraudFix (w trybie awaryjnym z opcji 2 )

Po zabiegach nowy log z Hijacka + log z Silent Runners + raport ze SmitFraudFix

squeet · 24 Grudzień 2006 22:30

Proszę zmienić tytuł swojego tematu na konkretny, mówiący o problemie.

W tym celu proszę użyć przycisku