Nie mogę wejść na dyski logiczne, proszę o sprawdzenie loga

marzencia2706 · 17 Styczeń 2009 11:46

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:54:54, on 2008-10-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\spoolsv.exe

H:\Documents and Settings\Marzena\skp66.exe

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\htpatch.exe

H:\WINDOWS\system32\RunDll32.exe

C:\ulead\calcheck.exe

H:\Program Files\HP\HP Software Update\HPWuSchd2.exe

H:\Program Files\PC Tools AntiVirus\PCTAV.exe

H:\Program Files\Common Files\Real\Update_OB\realsched.exe

H:\Program Files\Search Settings\SearchSettings.exe

H:\Program Files\Java\jre6\bin\jusched.exe

H:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe

H:\WINDOWS\system32\ctfmon.exe

C:\Gadu-Gadu\gg.exe

H:\WINDOWS\System32\FTRTSVC.exe

H:\WINDOWS\system32\svchost.exe

H:\Program Files\Java\jre6\bin\jqs.exe

H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

H:\WINDOWS\System32\svchost.exe

H:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\system32\wuauclt.exe

H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

H:\Program Files\Mozilla Firefox\firefox.exe

H:\Documents and Settings\Marzena\Pulpit\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - H:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - H:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb127\SearchSettings.dll

F2 - REG:system.ini: UserInit=H:\WINDOWS\system32\userinit.exe,skp66.exe

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - H:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - H:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - H:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - H:\Program Files\Dealio\kb127\Dealio.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb127\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - H:\Program Files\Dealio\kb127\Dealio.dll

O4 - HKLM…\Run: [HTpatch] H:\WINDOWS\htpatch.exe

O4 - HKLM…\Run: [siSUSBRG] H:\WINDOWS\SiSUSBrg.exe

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM…\Run: [ulead Photo Express Calendar Checker] C:\ulead\calcheck.exe

O4 - HKLM…\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [WinampAgent] C:\Winamp\winampa.exe

O4 - HKLM…\Run: [NeroCheck] H:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [WOOWATCH] H:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] H:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe

O4 - HKLM…\Run: [PCTAVApp] “H:\Program Files\PC Tools AntiVirus\PCTAV.exe” /MONITORSCAN

O4 - HKLM…\Run: [TkBellExe] “H:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [MyWebSearch Plugin] rundll32 H:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [au] H:\Program Files\Dealio\DealioAU.exe

O4 - HKLM…\Run: [searchSettings] H:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM…\Run: [Windows Network Data Management System Service] “skp66.exe” *

O4 - HKLM…\Run: [sunJavaUpdateSched] “H:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKLM…\Run: [iMJPMIG8.2] msime82.exe

O4 - HKCU…\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [ares] “H:\Program Files\Ares\Ares.exe” -h

O4 - HKCU…\Run: [Windows Network Data Management System Service] “skp66.exe” *

O4 - HKCU…\Run: [MsServer] msfun80.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Add to AMV Converter… - H:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html

O8 - Extra context menu item: Compare Prices with &Dealio - H:\Documents and Settings\Marzena\Dane aplikacji\Dealio\kb127\res\DealioSearch.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - H:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - H:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - H:\Program Files\Dealio\kb127\Dealio.dll

O9 - Extra ‘Tools’ menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - H:\Program Files\Dealio\kb127\Dealio.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach … .0.1.1.cab

O17 - HKLM\System\CCS\Services\Tcpip…{0E6A4018-0433-4C64-92B5-DA26D1FF0B10}: NameServer = 194.204.159.1 217.98.63.164

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - H:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - H:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe

–

End of file - 7960 bytes

Leon1 · 17 Styczeń 2009 11:56

włącz HijackThis >> Do a system scan only >> w oknie programu pokaże się log >> zaznacz kratki przy podanych wpisach >> klikasz Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/pl/ R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - H:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb127\SearchSettings.dll F2 - REG:system.ini: UserInit=H:\WINDOWS\system32\userinit.exe,skp66.exe O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - H:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - H:\Program Files\Search Settings\kb127\SearchSettings.dll O4 - HKLM…\Run: [MyWebSearch Plugin] rundll32 H:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF O4 - HKLM…\Run: [searchSettings] H:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM…\Run: [Windows Network Data Management System Service] “skp66.exe” * O4 - HKLM…\Run: [iMJPMIG8.2] msime82.exe O4 - HKCU…\Run: [Windows Network Data Management System Service] “skp66.exe” * O4 - HKCU…\Run: [MsServer] msfun80.exe O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - H:\Program Files\Dealio\kb127\Dealio.dll O9 - Extra ‘Tools’ menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - H:\Program Files\Dealio\kb127\Dealio.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach … .0.1.1.cab

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 uruchom dwuklikiem pokaż log

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

marzencia2706 · 17 Styczeń 2009 12:17

niestety nie mogę uruchomić combofixa

MichaelP · 17 Styczeń 2009 12:19

Spróbuj uruchomić go w trybie awaryjnym.

marzencia2706 · 17 Styczeń 2009 12:32

wszystko już działa xD Dziękuję za pomoc i pozdrawiam ;*

MichaelP · 17 Styczeń 2009 12:34

Daj log z Combofixa.