Log


(rysryt) #1

Proszęo sprawdzenie logaLogfile of HijackThis v1.99.0

Scan saved at 11:43:42, on 2005-02-10

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe

C:\Program Files\MemStat XP\MemStat.exe

C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\YDP\YdpDict\Watch.exe

C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

C:\Program Files\G DATA\AntiVirenKit InternetSecurity\Firewall\kavpf.exe

C:\Program Files\G DATA\AntiVirenKit InternetSecurity\AVK\AVKService.exe

C:\Program Files\G DATA\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe

C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE

C:\Program Files\Opera\Opera.exe

H:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\sfg1783.dll

O4 - HKLM..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg1783.dll"

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM..\Run: [wpkontakt] C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe -autostart

O4 - HKLM..\Run: [AVK Mail Checker] "C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE"

O4 - HKCU..\Run: [MemStat] C:\Program Files\MemStat XP\MemStat.exe

O4 - HKCU..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg1783.dll"

O4 - HKCU..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

O4 - HKCU..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [Play_PC_Backup] C:\Program Files\PC Backup 2004\pcbackup.exe -silent

O4 - Global Startup: Aktywacja Testera.lnk = C:\Program Files\YDP\YdpDict\Watch.exe

O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

O4 - Global Startup: Webfilter.lnk = ?

O4 - Global Startup: Firewall.lnk = ?

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BINGOOO - {D999117D-8649-4C01-8BD9-9A8661597A61} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll

O23 - Service: AVK Service - Unknown - C:\Program Files\G DATA\AntiVirenKit InternetSecurity\AVK\AVKService.exe

O23 - Service: Strażnik AVK - Unknown - C:\Program Files\G DATA\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe

O23 - Service: InCD Helper - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC - Unknown - C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe


(Musg) #2

O4 - HKCU..\Run: [MemStat] C:\Program Files\MemStat XP\MemStat.exe

robak

wylacz przywracanie systemu >tryb awaryjny f8 i usun go za pomocą hijacka