Prosze o sprawdzenie mojego

Dla specjalistów Bezpieczeństwo
#1

od dluzszego czasu moj komp chodzi wolniej. znalazlem cos takiego. chce aby kto to sprawdzil. i niech ktos mi wyjasni co to jest ten winlogon itp.

Logfile of HijackThis v1.99.1

Scan saved at 16:41:58, on 2006-12-10

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!


Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

D:\Avast\aswUpdSv.exe

D:\Avast\ashServ.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\windows\System32\nod32cc.exe

C:\windows\System32\nod32m2.exe

C:\windows\System32\nvsvc32.exe

C:\windows\System32\svchost.exe

C:\windows\explorer.exe

C:\Program Files\Eset\amon.exe

C:\Program Files\Common Files\{9C87F7B7-04B0-1045-0531-011102000030}\Update.exe

C:\Windows\ADS.exe

C:\Program Files\RALINK\RT2400 Wireless LAN Card\Installer\WINXP\RaConfig.exe

C:\windows\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\explorer.exe

D:\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yoby.net/sb/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\windows\system32\awqra.dll/sp.html#88449%resultposition.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\windows\system32\boaam.dll/sp.html#88449%resultposition.net

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

F2 - REG:system.ini: Shell=explorer.exe 

O2 - BHO: (no name) - {0125D352-F431-AB07-E2B0-4258BCF7AC07} - (no file)

O2 - BHO: (no name) - {01455E70-B6DC-DF81-8323-ADC8CB9B6016} - (no file)

O2 - BHO: (no name) - {02A69FBB-7B0E-C07B-30E9-E43203460F06} - (no file)

O2 - BHO: (no name) - {02F9475B-0A72-319B-A436-13ADA3DC5EDE} - (no file)

O2 - BHO: (no name) - {0380055A-C0D9-061C-C13A-84A41A53AD12} - (no file)

O2 - BHO: (no name) - {08D88491-C3D0-D6C4-E988-D9B2DD87BA63} - (no file)

O2 - BHO: (no name) - {0A18D7B4-8485-B715-3461-EDCA233B81A2} - (no file)

O2 - BHO: (no name) - {1710DA8B-904F-0713-6DAB-2DCE844A53CB} - (no file)

O2 - BHO: (no name) - {19C147DB-0AAE-4BC9-7FA4-0291F21C5F33} - (no file)

O2 - BHO: (no name) - {1A0C07B1-8A80-8824-E4C8-9BF68E8BD009} - (no file)

O2 - BHO: (no name) - {1B056603-6606-516A-4D3F-B2CDA5116B5B} - (no file)

O2 - BHO: (no name) - {22CC3904-DA13-1238-41E9-8CC7058C6913} - (no file)

O2 - BHO: (no name) - {25875C41-654C-3C37-2635-D292CA0064CB} - (no file)

O2 - BHO: (no name) - {260410E4-D8EA-E7E1-BFA7-D23E7058C8ED} - (no file)

O2 - BHO: (no name) - {2912C8B2-64D9-3DD4-6CBD-88EDB5B90BB3} - (no file)

O2 - BHO: (no name) - {2C144E07-0F4D-6EC7-B4B1-B4C6479560E5} - (no file)

O2 - BHO: (no name) - {2DB1C7E6-C436-401E-0374-ECF3202CF49B} - (no file)

O2 - BHO: (no name) - {2FBDF490-35F1-E082-9FC5-FD05BCC228F1} - (no file)

O2 - BHO: (no name) - {3404F549-0178-E94E-7CF3-D11D3E41DF44} - (no file)

O2 - BHO: (no name) - {342544FC-9066-3A08-5442-F1039ADD4765} - (no file)

O2 - BHO: (no name) - {391F3C42-C5C4-ABD7-4631-39595BAC6740} - (no file)

O2 - BHO: (no name) - {3F168309-460C-3C13-633D-8B2D81732BD0} - (no file)

O2 - BHO: (no name) - {3FC5E7FF-9C2E-A849-46F5-BAC979D92B05} - (no file)

O2 - BHO: (no name) - {4009677E-2EA7-5398-CDCD-B1C87ED5239D} - (no file)

O2 - BHO: (no name) - {455D6804-4883-5E06-411A-293449DB3081} - (no file)

O2 - BHO: (no name) - {49E4D619-FF79-F449-07C0-2608E090B89A} - (no file)

O2 - BHO: (no name) - {50A0058B-9B7D-653D-AB07-A0A98CADC978} - (no file)

O2 - BHO: (no name) - {5966FB2A-7126-2ECE-BB59-C94BE0786C01} - (no file)

O2 - BHO: (no name) - {5C59F735-B9A9-0E5E-7F02-4AC713EE9662} - (no file)

O2 - BHO: (no name) - {5D772FBB-9CC3-C1B0-CAE9-1EB3FF0DB312} - (no file)

O2 - BHO: (no name) - {5F07395A-D985-8E7F-592F-1318F18930CF} - (no file)

O2 - BHO: (no name) - {62876854-EDA6-07DA-05A9-EA959624D86C} - (no file)

O2 - BHO: (no name) - {6CDF6A0C-8EC2-55AF-D52B-B41C47C0F1C6} - (no file)

O2 - BHO: (no name) - {6F47C207-166C-3E94-6EE5-48F3D02E50CD} - (no file)

O2 - BHO: (no name) - {6F8F6D52-E43E-F6A7-3704-C2291FA9AAF6} - (no file)

O2 - BHO: (no name) - {7429B660-821E-1F16-2AAC-597DCDB12248} - (no file)

O2 - BHO: (no name) - {75877E2E-FCC5-29D8-75DB-DF6BCC96E791} - (no file)

O2 - BHO: (no name) - {75C7424E-E5B4-289A-16E2-5131C7F1BFA8} - (no file)

O2 - BHO: (no name) - {78422535-0B83-4512-E72F-E424D322FD00} - (no file)

O2 - BHO: (no name) - {7C3F5115-13B8-F3E5-3A5F-4F6BD2411BED} - (no file)

O2 - BHO: (no name) - {7E2B26C6-E6A8-572A-26C8-F00ACBFAF0DA} - (no file)

O2 - BHO: (no name) - {894CE623-CF52-CC5D-EAE4-AE8C6849B369} - (no file)

O2 - BHO: (no name) - {8B39AA17-3978-F260-9FEA-931168F79497} - (no file)

O2 - BHO: (no name) - {8BE2C1A5-A5C1-8202-74CD-C68F8F4E10B0} - (no file)

O2 - BHO: (no name) - {924B4D7B-F300-E37F-AE93-3DD350DA5B57} - (no file)

O2 - BHO: (no name) - {93235C1A-4087-6BFB-2FBA-24A41BE46E88} - (no file)

O2 - BHO: (no name) - {932F05AE-5941-1C8D-8A0A-AF1CA446E213} - (no file)

O2 - BHO: (no name) - {96F3C2D7-B4E5-1EEB-30E7-FF9AA0CD064E} - (no file)

O2 - BHO: (no name) - {9AD28319-99FD-872D-AADE-9A73546279FA} - (no file)

O2 - BHO: (no name) - {A09E3A49-C5F2-CF30-088D-4102E426492C} - (no file)

O2 - BHO: (no name) - {A6070790-907B-35E6-CC6A-0313881F7970} - (no file)

O2 - BHO: (no name) - {A83F2621-E630-7943-FD17-24FC9321228A} - (no file)

O2 - BHO: (no name) - {ACBE2CFF-B343-C166-B49C-A19E8ECF15E9} - (no file)

O2 - BHO: (no name) - {AD0FC615-61D2-B369-4103-C982D3F6CBAB} - (no file)

O2 - BHO: (no name) - {ADF786D4-3BE2-4FBC-1986-9152CE2C1BD3} - (no file)

O2 - BHO: (no name) - {B633BCDC-38EC-73AE-FEEA-9B58E16711BC} - (no file)

O2 - BHO: (no name) - {B92B55D0-942B-B4C8-95ED-EAF52085D740} - (no file)

O2 - BHO: (no name) - {B94286B3-9087-D351-F81A-C5079026EC35} - (no file)

O2 - BHO: (no name) - {CB9ECF31-C71E-EDA4-0EFC-69E2CE1C212E} - (no file)

O2 - BHO: (no name) - {D1BC0FB9-49D7-E899-A1BF-5E6CDA0B8463} - (no file)

O2 - BHO: (no name) - {DC344D27-A0D6-DAA1-7B75-1A69A9603122} - (no file)

O2 - BHO: (no name) - {E2440651-7FE0-4276-6917-766C9FA742A6} - (no file)

O2 - BHO: (no name) - {E616513A-40E1-2657-5238-EAF908483D9A} - (no file)

O2 - BHO: (no name) - {E805B64D-52F9-FE92-3C46-452087A31638} - (no file)

O2 - BHO: (no name) - {E86D22B7-C656-24F6-633A-03A13BAB127D} - (no file)

O2 - BHO: (no name) - {EA196353-618C-D58B-907A-4C6567ABB42B} - (no file)

O2 - BHO: (no name) - {EA1C9599-38EA-A706-7B47-FE7D9CD0589B} - (no file)

O2 - BHO: (no name) - {EC0BF822-7720-175B-2901-9FA68F761D30} - (no file)

O2 - BHO: (no name) - {F0F99313-97A7-5376-9365-6479CBB57457} - (no file)

O2 - BHO: (no name) - {F3B901D1-3AC6-2D8C-183D-6BFCBCEC7405} - (no file)

O2 - BHO: (no name) - {FA24E3A3-830C-7CE5-9AA3-9E1D994407F0} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Amon] "C:\Program Files\Eset\amon.exe"

O4 - HKLM\..\Run: [Nod32CC] "C:\windows\System32\nod32cc.exe" -DONTSHOW

O4 - HKCU\..\Run: [ADS] C:\Windows\ADS.exe

O4 - Global Startup: Raconfig.lnk = C:\Program Files\RALINK\RT2400 Wireless LAN Card\Installer\WINXP\RaConfig.exe

O8 - Extra context menu item: &Szukaj w NetSprint.pl - res://D:\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - D:\FlashCapture\fciext.dll (file missing)

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://webcam5.hrz.tu-darmstadt.de/activex/AMC.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6F76876A-B816-4DAE-817A-41B12B88DAB3}: NameServer = 194.204.152.34,192.168.0.254

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·şÄÖ`I) - - (no file)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Avast\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Avast\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - (no file)

O23 - Service: avast! Web Scanner - Unknown owner - (no file)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NOD32 Control Center Service (NOD32ControlCenter) - Unknown owner - C:\windows\System32\nod32cc.exe" -service (file missing)

O23 - Service: NOD32 Service (NOD32Service) - Unknown owner - C:\windows\System32\nod32m2.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
#2

Wchodzisz w Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługe Remote Procedure Call (RPC) Helper (nie pomyl z usługą systemową “Remote Procedure Call (RPC)”.

W HJT zaznaczasz wpisy i klikasz na dole “Fix checked” :

Po zabiegach nowe logi z HiJacka oraz Silent Runners (zaznaczasz No i czekasz aż skończy pracować w tle). :slight_smile:

#3

zrobilem tak ja pisales. NOI KIPA.

masz ktos jeszcze jakis pomysl??

Złączono Posta : 10.12.2006 (Nie) 19:18

aha ja chcialem jeszcze napisac ze te napisy (co w logu dalem fix checked) np. winlogon to ich juz nie bylo. ale jak patrze na procesy to nadal tam sa.

#4

Wklej nowe logi :slight_smile:

#5

to jest z hijackthis;

Scan saved at 19:31:58, on 2006-12-10

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

D:\Avast\aswUpdSv.exe

D:\Avast\ashServ.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\windows\System32\nod32m2.exe

C:\windows\System32\nvsvc32.exe

C:\windows\System32\svchost.exe

C:\Program Files\Eset\amon.exe

C:\Program Files\Common Files{9C87F7B7-04B0-1045-0531-011102000030}\Update.exe

C:\Windows\ADS.exe

C:\Program Files\RALINK\RT2400 Wireless LAN Card\Installer\WINXP\RaConfig.exe

C:\windows\explorer.exe

D:\Emule\emule.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\explorer.exe

C:\windows\System32\WScript.exe

D:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yoby.net/sb/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\windows\system32\awqra.dll/sp.html#88449%resultposition.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\windows\system32\boaam.dll/sp.html#88449%resultposition.net

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/def … .yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: (no name) - {0125D352-F431-AB07-E2B0-4258BCF7AC07} - (no file)

O2 - BHO: (no name) - {01455E70-B6DC-DF81-8323-ADC8CB9B6016} - (no file)

O2 - BHO: (no name) - {02A69FBB-7B0E-C07B-30E9-E43203460F06} - (no file)

O2 - BHO: (no name) - {02F9475B-0A72-319B-A436-13ADA3DC5EDE} - (no file)

O2 - BHO: (no name) - {0380055A-C0D9-061C-C13A-84A41A53AD12} - (no file)

O2 - BHO: (no name) - {08D88491-C3D0-D6C4-E988-D9B2DD87BA63} - (no file)

O2 - BHO: (no name) - {0A18D7B4-8485-B715-3461-EDCA233B81A2} - (no file)

O2 - BHO: (no name) - {1710DA8B-904F-0713-6DAB-2DCE844A53CB} - (no file)

O2 - BHO: (no name) - {19C147DB-0AAE-4BC9-7FA4-0291F21C5F33} - (no file)

O2 - BHO: (no name) - {1A0C07B1-8A80-8824-E4C8-9BF68E8BD009} - (no file)

O2 - BHO: (no name) - {1B056603-6606-516A-4D3F-B2CDA5116B5B} - (no file)

O2 - BHO: (no name) - {22CC3904-DA13-1238-41E9-8CC7058C6913} - (no file)

O2 - BHO: (no name) - {25875C41-654C-3C37-2635-D292CA0064CB} - (no file)

O2 - BHO: (no name) - {260410E4-D8EA-E7E1-BFA7-D23E7058C8ED} - (no file)

O2 - BHO: (no name) - {2912C8B2-64D9-3DD4-6CBD-88EDB5B90BB3} - (no file)

O2 - BHO: (no name) - {2C144E07-0F4D-6EC7-B4B1-B4C6479560E5} - (no file)

O2 - BHO: (no name) - {2DB1C7E6-C436-401E-0374-ECF3202CF49B} - (no file)

O2 - BHO: (no name) - {2FBDF490-35F1-E082-9FC5-FD05BCC228F1} - (no file)

O2 - BHO: (no name) - {3404F549-0178-E94E-7CF3-D11D3E41DF44} - (no file)

O2 - BHO: (no name) - {342544FC-9066-3A08-5442-F1039ADD4765} - (no file)

O2 - BHO: (no name) - {391F3C42-C5C4-ABD7-4631-39595BAC6740} - (no file)

O2 - BHO: (no name) - {3F168309-460C-3C13-633D-8B2D81732BD0} - (no file)

O2 - BHO: (no name) - {3FC5E7FF-9C2E-A849-46F5-BAC979D92B05} - (no file)

O2 - BHO: (no name) - {4009677E-2EA7-5398-CDCD-B1C87ED5239D} - (no file)

O2 - BHO: (no name) - {455D6804-4883-5E06-411A-293449DB3081} - (no file)

O2 - BHO: (no name) - {49E4D619-FF79-F449-07C0-2608E090B89A} - (no file)

O2 - BHO: (no name) - {50A0058B-9B7D-653D-AB07-A0A98CADC978} - (no file)

O2 - BHO: (no name) - {5966FB2A-7126-2ECE-BB59-C94BE0786C01} - (no file)

O2 - BHO: (no name) - {5C59F735-B9A9-0E5E-7F02-4AC713EE9662} - (no file)

O2 - BHO: (no name) - {5D772FBB-9CC3-C1B0-CAE9-1EB3FF0DB312} - (no file)

O2 - BHO: (no name) - {5F07395A-D985-8E7F-592F-1318F18930CF} - (no file)

O2 - BHO: (no name) - {62876854-EDA6-07DA-05A9-EA959624D86C} - (no file)

O2 - BHO: (no name) - {6CDF6A0C-8EC2-55AF-D52B-B41C47C0F1C6} - (no file)

O2 - BHO: (no name) - {6F47C207-166C-3E94-6EE5-48F3D02E50CD} - (no file)

O2 - BHO: (no name) - {6F8F6D52-E43E-F6A7-3704-C2291FA9AAF6} - (no file)

O2 - BHO: (no name) - {7429B660-821E-1F16-2AAC-597DCDB12248} - (no file)

O2 - BHO: (no name) - {75877E2E-FCC5-29D8-75DB-DF6BCC96E791} - (no file)

O2 - BHO: (no name) - {75C7424E-E5B4-289A-16E2-5131C7F1BFA8} - (no file)

O2 - BHO: (no name) - {78422535-0B83-4512-E72F-E424D322FD00} - (no file)

O2 - BHO: (no name) - {7C3F5115-13B8-F3E5-3A5F-4F6BD2411BED} - (no file)

O2 - BHO: (no name) - {7E2B26C6-E6A8-572A-26C8-F00ACBFAF0DA} - (no file)

O2 - BHO: (no name) - {894CE623-CF52-CC5D-EAE4-AE8C6849B369} - (no file)

O2 - BHO: (no name) - {8B39AA17-3978-F260-9FEA-931168F79497} - (no file)

O2 - BHO: (no name) - {8BE2C1A5-A5C1-8202-74CD-C68F8F4E10B0} - (no file)

O2 - BHO: (no name) - {924B4D7B-F300-E37F-AE93-3DD350DA5B57} - (no file)

O2 - BHO: (no name) - {93235C1A-4087-6BFB-2FBA-24A41BE46E88} - (no file)

O2 - BHO: (no name) - {932F05AE-5941-1C8D-8A0A-AF1CA446E213} - (no file)

O2 - BHO: (no name) - {96F3C2D7-B4E5-1EEB-30E7-FF9AA0CD064E} - (no file)

O2 - BHO: (no name) - {9AD28319-99FD-872D-AADE-9A73546279FA} - (no file)

O2 - BHO: (no name) - {A09E3A49-C5F2-CF30-088D-4102E426492C} - (no file)

O2 - BHO: (no name) - {A6070790-907B-35E6-CC6A-0313881F7970} - (no file)

O2 - BHO: (no name) - {A83F2621-E630-7943-FD17-24FC9321228A} - (no file)

O2 - BHO: (no name) - {ACBE2CFF-B343-C166-B49C-A19E8ECF15E9} - (no file)

O2 - BHO: (no name) - {AD0FC615-61D2-B369-4103-C982D3F6CBAB} - (no file)

O2 - BHO: (no name) - {ADF786D4-3BE2-4FBC-1986-9152CE2C1BD3} - (no file)

O2 - BHO: (no name) - {B633BCDC-38EC-73AE-FEEA-9B58E16711BC} - (no file)

O2 - BHO: (no name) - {B92B55D0-942B-B4C8-95ED-EAF52085D740} - (no file)

O2 - BHO: (no name) - {B94286B3-9087-D351-F81A-C5079026EC35} - (no file)

O2 - BHO: (no name) - {CB9ECF31-C71E-EDA4-0EFC-69E2CE1C212E} - (no file)

O2 - BHO: (no name) - {D1BC0FB9-49D7-E899-A1BF-5E6CDA0B8463} - (no file)

O2 - BHO: (no name) - {DC344D27-A0D6-DAA1-7B75-1A69A9603122} - (no file)

O2 - BHO: (no name) - {E2440651-7FE0-4276-6917-766C9FA742A6} - (no file)

O2 - BHO: (no name) - {E616513A-40E1-2657-5238-EAF908483D9A} - (no file)

O2 - BHO: (no name) - {E805B64D-52F9-FE92-3C46-452087A31638} - (no file)

O2 - BHO: (no name) - {E86D22B7-C656-24F6-633A-03A13BAB127D} - (no file)

O2 - BHO: (no name) - {EA196353-618C-D58B-907A-4C6567ABB42B} - (no file)

O2 - BHO: (no name) - {EA1C9599-38EA-A706-7B47-FE7D9CD0589B} - (no file)

O2 - BHO: (no name) - {EC0BF822-7720-175B-2901-9FA68F761D30} - (no file)

O2 - BHO: (no name) - {F0F99313-97A7-5376-9365-6479CBB57457} - (no file)

O2 - BHO: (no name) - {F3B901D1-3AC6-2D8C-183D-6BFCBCEC7405} - (no file)

O2 - BHO: (no name) - {FA24E3A3-830C-7CE5-9AA3-9E1D994407F0} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [Amon] “C:\Program Files\Eset\amon.exe”

O4 - HKLM…\Run: [Nod32CC] “C:\windows\System32\nod32cc.exe” -DONTSHOW

O4 - HKLM…\Run: [NOD32POP3] “C:\Program Files\ESET\pop3scan.exe” /unregister

O4 - HKLM…\RunOnce: [Odkurzacz-FD] “D:\Odkurzacz\odk_fd.exe” /start

O4 - HKCU…\Run: [ADS] C:\Windows\ADS.exe

O4 - Global Startup: Raconfig.lnk = C:\Program Files\RALINK\RT2400 Wireless LAN Card\Installer\WINXP\RaConfig.exe

O8 - Extra context menu item: &Szukaj w NetSprint.pl - res://D:\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - D:\FlashCapture\fciext.dll (file missing)

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\windows\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)

O9 - Extra ‘Tools’ menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://webcam5.hrz.tu-darmstadt.de/activex/AMC.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip…{6F76876A-B816-4DAE-817A-41B12B88DAB3}: NameServer = 194.204.152.34,192.168.0.254

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·şÄÖ`I) - - (no file)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Avast\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Avast\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - (no file)

O23 - Service: avast! Web Scanner - Unknown owner - (no file)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NOD32 Control Center Service (NOD32ControlCenter) - Unknown owner - C:\windows\System32\nod32cc.exe" -service (file missing)

O23 - Service: NOD32 Service (NOD32Service) - Unknown owner - C:\windows\System32\nod32m2.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe

a tu z silent runners;

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

“{9C87F7B7-04B0-1045-0531-011102000030}” = ““C:\Program Files\Common Files{9C87F7B7-04B0-1045-0531-011102000030}\Update.exe” te-110-12-0000208” [null data]

“{9C87F7B7-04AF-1045-0531-011102000030}” = ““C:\Program Files\Common Files{9C87F7B7-04AF-1045-0531-011102000030}\Update.exe” mc-110-12-0000140” [null data]

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“ADS” = “C:\Windows\ADS.exe” [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“NvCplDaemon” = “RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup” [MS]

“Amon” = ““C:\Program Files\Eset\amon.exe”” [null data]

“Nod32CC” = ““C:\windows\System32\nod32cc.exe” -DONTSHOW” [null data]

“NOD32POP3” = ““C:\Program Files\ESET\pop3scan.exe” /unregister” [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

“Odkurzacz-FD” = ““D:\Odkurzacz\odk_fd.exe” /start” [“Franmo Software”]

HKLM\Software\Microsoft\Active Setup\Installed Components\

{306D6C21-C1B6-4629-986C-E59E1875B8AF}(Default) = (no title provided)

\StubPath = ““C:\WINDOWS\System32\rundll32.exe” “C:\Program Files\Messenger\msgsc.dll”,ShowIconsUser” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]

“{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”

-> {HKLM…CLSID} = “Microsoft Office Outlook”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS]

“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”

-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”

\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS]

“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS]

“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”

-> {HKLM…CLSID} = “Portable Media Devices Menu”

\InProcServer32(Default) = “C:\windows\System32\Audiodev.dll” [MS]

“{472083B0-C522-11CF-8763-00608CC02F24}” = “avast”

-> {HKLM…CLSID} = “avast”

\InProcServer32(Default) = “D:\Avast\ashShell.dll” [“ALWIL Software”]

“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”

-> {HKLM…CLSID} = “DesktopContext Class”

\InProcServer32(Default) = “C:\windows\System32\nvcpl.dll” [“NVIDIA Corporation”]

“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”

-> {HKLM…CLSID} = “NVIDIA CPL Extension”

\InProcServer32(Default) = “C:\windows\System32\nvcpl.dll” [“NVIDIA Corporation”]

“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”

-> {HKLM…CLSID} = “Desktop Explorer”

\InProcServer32(Default) = “C:\windows\System32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\windows\System32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”

-> {HKLM…CLSID} = “nView Desktop Context Menu”

\InProcServer32(Default) = “C:\windows\System32\nvshell.dll” [“NVIDIA Corporation”]

“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “D:\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”

-> {HKLM…CLSID} = “avast”

\InProcServer32(Default) = “D:\Avast\ashShell.dll” [“ALWIL Software”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “D:\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “D:\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”

-> {HKLM…CLSID} = “avast”

\InProcServer32(Default) = “D:\Avast\ashShell.dll” [“ALWIL Software”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “D:\WinRAR\rarext.dll” [null data]

Default executables:

HKLM\Software\Classes.cmd\ = (key not found)

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\

“LowRiskFileTypes” = (REG_SZ) .zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav

{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\Documents and Settings\X\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\X\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\windows\System32\ssstars.scr” [MS]

Startup items in “X” & “All Users” startup folders:

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

“Raconfig” -> shortcut to: “C:\Program Files\RALINK\RT2400 Wireless LAN Card\Installer\WINXP\RaConfig.exe” [“Ralink Technology, Corp.”]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided)

-> {HKLM…CLSID} = “Yahoo! Toolbar”

\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [file not found]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie”

Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

avast! iAVS4 Control Service, aswUpdSv, ““D:\Avast\aswUpdSv.exe”” [null data]

Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS]

NOD32 Service, NOD32Service, ““C:\windows\System32\nod32m2.exe”” [null data]

NVIDIA Display Driver Service, NVSvc, “C:\windows\System32\nvsvc32.exe” [“NVIDIA Corporation”]

Windows User Mode Driver Framework, UMWdf, “C:\windows\System32\wdfmgr.exe” [MS]

Print Monitors:

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS]

<>: Suspicious data at a malware launch point.

  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer “No” at the

first message box and “Yes” at the second message box.

---------- (total run time: 382 seconds, including 4 seconds for message boxes)

Logfile of HijackThis v1.99.1

#6

Michald333 nie usunołeś tych wpisów, o które prosiła Joan. :shock:

#7

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):

Po zabiegach nowe logi :slight_smile:

#8

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222