Niebieska tapeta,warning,trojan,rozpaczliwa potrzeba pomocy

dziubi21 · 14 Sierpień 2008 13:31

Oto log z hijackthis’a

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:54, on 2002-01-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\XpertVision\TBPanel.exe

C:\Program Files\G DATA AntiVirus Trial\AVKTray\AVKTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Documents and Settings\LocalService\svchost.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Documents and Settings\Rom\Menu Start\Programy\Autostart\userinit.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe

O2 - BHO: (no name) - {10F03378-071B-4127-8ECD-18BC10BA8D64} - C:\WINDOWS\system32\capesnp.dll

O2 - BHO: Rmn plugin - {D21D9540-6415-4288-BDD0-4453088D9D38} - pns32.dll (file missing)

O2 - BHO: (no name) - {E3BBAFBC-B9FD-4F34-9B04-CF0E1C1E72BA} - C:\WINDOWS\system32\capesnp.dll

O4 - HKLM…\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [iEUpdate] C:\WINDOWS\system32\3com_dmiw.exe

O4 - HKLM…\Run: [winlogon] C:\Documents and Settings\LocalService\svchost.exe

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”

O4 - HKLM…\RunServices: [iEUpdate] C:\WINDOWS\system32\3com_dmiw.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe

O4 - HKCU…\Run: [iEUpdate] C:\WINDOWS\system32\3com_dmiw.exe

O4 - HKCU…\Run: [winlogon] C:\Documents and Settings\Rom\svchost.exe

O4 - HKCU…\RunServices: [iEUpdate] C:\WINDOWS\system32\3com_dmiw.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: userinit.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip…{B2A652F0-DD5C-45DE-BD52-8AAF63D74443}: NameServer = 194.204.159.1 217.98.63.164

O21 - SSODL: WinStr - {650A1292-19B4-9A90-23DC-015B6FC6F6A6} - C:\Program Files\mghayjg\WinStr.dll

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Harmonogram zadań (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe

–

End of file - 4919 bytes

Gutek · 14 Sierpień 2008 16:00

Nie podpinaj się pod cudzy temat

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe

O2 - BHO: (no name) - {10F03378-071B-4127-8ECD-18BC10BA8D64} - C:\WINDOWS\system32\capesnp.dll

O2 - BHO: Rmn plugin - {D21D9540-6415-4288-BDD0-4453088D9D38} - pns32.dll (file missing)

O2 - BHO: (no name) - {E3BBAFBC-B9FD-4F34-9B04-CF0E1C1E72BA} - C:\WINDOWS\system32\capesnp.dll

O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe

O4 - HKLM\..\Run: [IEUpdate] C:\WINDOWS\system32\3com_dmiw.exe

O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\LocalService\svchost.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\3com_dmiw.exe

O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe

O4 - HKCU\..\Run: [IEUpdate] C:\WINDOWS\system32\3com_dmiw.exe

O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Rom\svchost.exe

O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\3com_dmiw.exe

O4 - Startup: userinit.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O21 - SSODL: WinStr - {650A1292-19B4-9A90-23DC-015B6FC6F6A6} - C:\Program Files\mghayjg\WinStr.dll

O23 - Service: Harmonogram zadań (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe

wpisy usuń HJT

Daj log z ComboFix