Logfile of Trend Micro HijackThis v2.0.2


(| Rasta |) #1

Nie wiem czy dobrze zrobilem :wink:

Bo nie bardzo wiem o co chodzi w tym poradniku http://www.cscenter.pl/baza_poradnikow_ ... zania.html

:wink:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:00:56, on 2009-07-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

E:\mateusz\Programy Do Cs\cFosSpeed.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

E:\mateusz\Programy Do Cs\spd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2233703

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\slawek\Dane aplikacji\Nowe Gadu-Gadu_userdata\ggbho.1.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll

O4 - HKLM..\Run: [skyTel] SkyTel.EXE

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM..\Run: [cFosSpeed] E:\mateusz\Programy Do Cs\cFosSpeed.exe

O4 - HKLM..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'US艁UGA LOKALNA')

O4 - HKUS\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'US艁UGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'US艁UGA SIECIOWA')

O4 - HKUS\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'US艁UGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe

O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm

O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - E:\mateusz\Programy Do Cs\spd.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--

End of file - 6162 bytes


(WooQash) #2

PS. Logi wklejamy na http://www.wklej.org/ lub http://www.wklej.to/


(| Rasta |) #3

eee...o to chodzi ?

wklei艂em tak to co mialem w notatniku i mam cos takiego :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:00:56, on 2009-07-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

E:\mateusz\Programy Do Cs\cFosSpeed.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

E:\mateusz\Programy Do Cs\spd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2233703

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\slawek\Dane aplikacji\Nowe Gadu-Gadu_userdata\ggbho.1.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll

O4 - HKLM..\Run: [skyTel] SkyTel.EXE

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM..\Run: [cFosSpeed] E:\mateusz\Programy Do Cs\cFosSpeed.exe

O4 - HKLM..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM..\Run: [4shared Update] "C:\Program Files\4shared Desktop\checkUpdate.exe"

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'US艁UGA LOKALNA')

O4 - HKUS\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'US艁UGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'US艁UGA SIECIOWA')

O4 - HKUS\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'US艁UGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe

O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm

O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - E:\mateusz\Programy Do Cs\spd.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--

End of file - 6162 bytes


(Leon$) #4

w艂膮cz HijackThis >> Do a system scan only >> w oknie programu poka偶e si臋 log >> zaznacz kratki przy podanych wpisach >> klikasz Fix checked

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczy艣膰 rejestr.

zr贸b optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

Wy艂膮cz I w艂膮cz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar M贸j komputer http://www.kaspersky.pl/virusscanner.html gdy b臋d膮 wirusy poka偶 raport

lub

Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2& ... It!+4.44.5

:slight_smile:


(| Rasta |) #5

np w ccleaner wchodze w rejestr " skanuj by znalesc problemy " a pozniej nacisnac " napraw zaznaczone problemy " ?

i rowiez mam problem z tym http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

niektorych nie moge usunac bo nie wiem jak do nich sie dostac/nie wiem gdzie sa :wink:


(Leon$) #6

tak

zak艂adka ccleaner >> uruchom Ccleaner

pod podanym linkiem masz podane zb臋dniki kt贸re mo偶esz wy艂膮czy膰 z uruchamiania

ty masz u siebie

z kt贸rych mo偶esz wy艂膮czy膰 np te

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

je艣li nie u偶ywasz wielu j臋zyk贸w

Panel sterowania >> opcje regionalne i j臋zykowe >> j臋zyki >> zaawansowane >> zaznacz Wy艂膮cz zaawansowane us艂ugi tekstowe

:slight_smile:


(| Rasta |) #7

a gdzie je bd mog艂 wy艂aczyc ?

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


(Leon$) #8

start >> uruchom >> msconfig >> uruchamianie

druga mo偶liwo艣膰

Ccleaner >> zak艂adka narz臋dzia >> Autostart

:slight_smile:


(| Rasta |) #9

usunelem ponad polowe tych rzeczy ale i tak podobny ping :frowning:

-- Dodane 26.07.2009 (N) 17:24 --

zleksza nie rozumiem co tutaj trzeba zrobic :stuck_out_tongue_winking_eye: za trudneto jest

jakby ktos mial opis co i jak pokolei gdzie trzeba kliknac itp to by by艂o super :wink:


(Agatonster) #10

**| Rasta |** ,

Prosz臋 zapozna膰 si臋 z tematem Wa偶ny komunikat dotycz膮cy tytu艂owania temat贸w i poprawi膰 tytu艂 na konkretny, m贸wi膮cy o problemie, w po艣cie dok艂adnie opisa膰 problem.

Prosz臋 poprawi膰 pisowni臋 w opisie problemu. W celu edycji swojego posta prosz臋 skorzysta膰 z przycisku Edytuj przy po艣cie otwieraj膮cym temat.

Zignorowanie zalecenia b臋dzie skutkowa艂o usuni臋ciem tematu do Kosza.

W zwi膮zku ze zmian膮, jaka obowi膮zuje przy wklejaniu log贸w na forum - przeczytaj i zastosuj si臋 do Tematu