Prosze o sprawdzenie loga


(Leszek Szyc) #1
Logfile of HijackThis v1.99.1

Scan saved at 16:24:14, on 2005-12-05

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Magic Waterfall Screensaver\MW1Helper.exe

C:\Program Files\SurfAccuracy\SAcc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe

C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\GetRight\getright.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Accessories\Informant\PROGRAM\informnt.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\AppServ\mysql\bin\winmysqladmin.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Borland\InterBase\bin\ibguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\AppServ\mysql\bin\mysqld-nt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Borland\InterBase\bin\ibserver.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\Skype\toolbars\SKYPEF~1\Skype4IE.exe

C:\PROGRAMY\hijackthis\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mbank.com.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=

O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)

O2 - BHO: CBTB00001 - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\toolbars\SKYPEF~1\toolbar.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: (no name) - {40F2DEF6-3F44-6999-6FA2-67830FBDFD9D} - (no file)

O2 - BHO: (no name) - {41F2DEF7-3F36-1899-6FDA-17837BBBFD95} - (no file)

O2 - BHO: XBTP00558 - {96D39527-7C5C-4507-953B-4A665D5883F7} - (no file)

O2 - BHO: PhishingNet BHO - {DE3A0297-5EFF-4FF2-A48D-ABBC67D4D774} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll

O3 - Toolbar: (no name) - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - (no file)

O3 - Toolbar: Skype™ For Internet Explorer - {B13721C7-F507-4982-B2E5-502A71474FED} - C:\Program Files\Skype\toolbars\Skype for Internet Explorer\toolbar.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\Magic Waterfall Screensaver\MW1Helper.exe /partner MW1

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [SS1HelperStartUp] C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE /partner SS1

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"

O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Desktop Informant 2.0.lnk = C:\Program Files\Accessories\Informant\PROGRAM\informnt.exe

O4 - Startup: WinMySQLadmin.lnk = C:\AppServ\mysql\bin\winmysqladmin.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Bug Swatter Options - {99FEA1A2-7881-11D1-A9E2-00403320FCF2} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll

O9 - Extra button: Popup Slapdown Options - {A1100DDB-B277-4CAA-A640-B299D79FE25E} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll

O9 - Extra button: Phishing Net Options - {B1100DDB-B277-4CAA-A640-B299D79FE25E} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {296A1165-8DC1-4CDB-BB31-D3EF9A0BA968} (FlashSRPlugin Class) - http://www.englishon-line.com/pl/lekcje_microsoft/www/lekcje_liu/localplayer/rcg2flash.cab

O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - 

O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - 

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131614269546

O16 - DPF: {78AB15BF-0C99-4E52-87C9-5201394749EF} - 

O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - http://www.englishon-line.com/pl/lekcje_microsoft/www/lekcje_liu/localplayer/recording/yrecording.cab

O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - (no file)

O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - (no file)

O18 - Filter: text/html - (no CLSID) - (no file)

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Apache - Unknown owner - C:\AppServ\Apache\Apache.exe" --ntservice (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MySQL - Unknown owner - C:\AppServ\mysql\bin\mysqld-nt.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)

O23 - Service: Norton Ghost - Unknown owner - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe (file missing)

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

(Gutek) #2

Zakładaj swój temat nabu nie podpinaj się !!

  1. Wyłączyć Przywracanie systemu w XP TU

  2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.

  4. Skasować z dysku plik i foldery, które podkreśliłem na czerwono

  5. Dokończyć skanerami online - Scanery do wyboru

  6. Pokazać nowy log :stuck_out_tongue:

023 - Start Uruchom services.msc zatrzymaj i wyłącz System Startup Service i po tym plik ręcznie


(Kuz5) #3

nabu nie podpinaj sie pod nie swoje tematy, tylko zakładaj własne :? w przeciwnym wypadku posty tego typu będą leciały odrazu do śmietnika

Wydzielono z innego tematu