Prosze osprawdzenie loga


(W Szczur) #1
# Logfile of HijackThis v1.99.1

# Scan saved at 18:56:48, on 2008-02-12

# Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

# MSIE: Internet Explorer v7.00 (7.00.6000.16574)

#  

# Running processes:

# C:\WINDOWS\System32\smss.exe

# C:\WINDOWS\SYSTEM32\winlogon.exe

# C:\WINDOWS\system32\services.exe

# C:\WINDOWS\system32\lsass.exe

# C:\WINDOWS\system32\svchost.exe

# C:\WINDOWS\System32\svchost.exe

# C:\WINDOWS\system32\svchost.exe

# C:\WINDOWS\system32\spoolsv.exe

# C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

# C:\WINDOWS\system32\nvsvc32.exe

# D:\ochrona\PC Tools\PC Tools AntiVirus\PCTAVSvc.exe

# C:\WINDOWS\Explorer.EXE

# C:\WINDOWS\system32\PnkBstrA.exe

# C:\WINDOWS\system32\svchost.exe

# C:\WINDOWS\SOUNDMAN.EXE

# C:\Program Files\Common Files\Real\Update_OB\realsched.exe

# C:\WINDOWS\vsnpstd2.exe

# C:\WINDOWS\system32\rundll32.exe

# C:\WINDOWS\system32\BtUsrBdg.exe

# C:\WINDOWS\system32\BTSetBootKey.exe

# C:\WINDOWS\mrofinu1188.exe

# C:\WINDOWS\System32\Rundll32.exe

# C:\WINDOWS\system32\ctfmon.exe

# C:\Program Files\Drmupgds\Drmupgds.exe

# C:\Program Files\Internet Explorer\IEXPLORE.EXE

# D:\Programy\keyboard\MagicKey.exe

# C:\WINDOWS\system32\wscntfy.exe

# D:\Programy\keyboard\OSD.EXE

# C:\Program Files\Extended Systems\XTNDConnect Blue Manager\XTNDConnect Blue Manager\XCBluMgr.exe

# C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\SUSHIM~1.EXE

# C:\Program Files\Extended Systems\XTNDConnect Blue Manager\btprot.exe

# C:\PROGRA~1\EXTEND~1\XTNDCO~1\XTNDCO~1\BTUI_M~1.EXE

# C:\WINDOWS\system32\WgaTray.exe

# C:\Program Files\Mozilla Firefox\firefox.exe

# D:\Programy\hijck this\HijackThis.exe

#  

# R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/

# R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

# R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

# R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

# R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

# R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

# R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

# O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programy\bitcomet\tools\BitCometBHO.dll

# O2 - BHO: (no name) - {6FB04CBD-26B4-4043-8775-26134567F6C9} - C:\WINDOWS\system32\jkklm.dll

# O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

# O2 - BHO: rightonads optimizer - {7D9362F8-77D8-4b29-97B5-621D550890C0} - C:\WINDOWS\system32\gzmrt.dll

# O2 - BHO: {29712736-d230-d90a-ab34-4dc5b1a5a478} - {874a5a1b-5cd4-43ba-a09d-032d63721792} - C:\WINDOWS\system32\ecgdpkqc.dll (file missing)

# O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - C:\WINDOWS\system32\yayayyw.dll (file missing)

# O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\SYSTEM32\xphzzubz.dll (file missing)

# O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

# O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

# O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

# O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

# O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

# O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

# O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

# O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe

# O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

# O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programy\nokia 6300\Nokia PC Suite 6\LaunchApplication.exe -startup

# O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe

# O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe

# O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

# O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

# O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47

# O4 - HKLM\..\Run: [5847c88d] rundll32.exe "C:\WINDOWS\system32\uyfskjfu.dll",b

# O4 - HKLM\..\Run: [PCTAVApp] "D:\ochrona\PC Tools\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN

# O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart

# O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

# O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe

# O4 - HKCU\..\Run: [Drmupgds] C:\Program Files\Drmupgds\Drmupgds.exe

# O4 - Global Startup: Media Key.lnk = D:\Programy\keyboard\MagicKey.exe

# O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

# O4 - Global Startup: Startup.exe

# O8 - Extra context menu item: Add to AMV Convert Tool... - D:\MP 4\AMVConverter\grab.html

# O8 - Extra context menu item: Add to AMV Converter... - D:\MP 4\AMVConverter\grab.html

# O8 - Extra context menu item: Download all links using BitComet - res://D:\Programy\bitcomet\BitComet.exe/AddAllLink.htm

# O8 - Extra context menu item: Download all videos using BitComet - res://D:\Programy\bitcomet\BitComet.exe/AddVideo.htm

# O8 - Extra context menu item: Download link using &BitComet - res://D:\Programy\bitcomet\BitComet.exe/AddLink.htm

# O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

# O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\MP 4\MediaManager\grab.html

# O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

# O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

# O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

# O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

# O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

# O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

# O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

# O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll

# O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll

# O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll

# O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll

# O11 - Options group: [INTERNATIONAL] International*

# O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

# O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

# O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

# O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

# O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

# O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_34.cab

# O17 - HKLM\System\CCS\Services\Tcpip\..\{B95BDDEA-8FAF-4692-899E-1B9BFF60D069}: NameServer = 213.158.194.1 213.158.193.38

# O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

# O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

# O20 - Winlogon Notify: xphzzubz - xphzzubz.dll (file missing)

# O20 - Winlogon Notify: yayayyw - yayayyw.dll (file missing)

# O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

# O23 - Service: DirectX Service (DirectJicw) - Unknown owner - c:\windows\system32\directx.exe (file missing)

# O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

# O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

# O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

# O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - D:\ochrona\PC Tools\PC Tools AntiVirus\PCTAVSvc.exe

# O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

# O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

(Asterisk) #2

Proszę zastosować się do tego Tematu i edytować własnego posta

w celu zmiany jego tytułu na konkretny oraz opisania problemu.

W przeciwnym razie topic wyląduje w Śmietniku.

Proszę o dostosowanie się do tematu

Nowe zasady wklejania logów na forum


(Gutek) #3

Pobierz program SDFix

-


(W Szczur) #4

sorki ze namieszalem. gdzie nie wejde to zaraz opier....l niestety jestem laikiem

prosilem sprawdzenie mojego loga z powodu dosc widocznego spowolnienia mojego kompa, a do tego po właczeniu przegladarki ie czy modzilla po minucie ładuja mi sie same jakies niepozadane okienka\

z gory dziekuje z pomoc.

SDFix: Version 1.142

Run by adam on 2008-02-14 at 17:06

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Name:

DirectJicw

Path:

c:\windows\system32\directx.exe

DirectJicw - Deleted

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting...

Normal Mode:

Checking Files:

Trojan Files Found:

C:\Documents and Settings\adam\Ustawienia lokalne\Temp\tmp56.tmp.exe - Deleted

C:\Documents and Settings\adam\Ustawienia lokalne\Temp\tmp5A.tmp.exe - Deleted

C:\Program Files\drmupgds\Drmupgds.exe - Deleted

C:\Program Files\Router\dupa jpg - Deleted

C:\Program Files\Common Files\Yazzle1560OinAdmin.exe - Deleted

C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe - Deleted

C:\WINDOWS\b128.exe - Deleted

C:\WINDOWS\b122.exe - Deleted

C:\WINDOWS\b151.exe - Deleted

C:\WINDOWS\mrofinu1188.exe - Deleted

Folder C:\Program Files\drmupgds - Removed

Folder C:\Program Files\InetGet2 - Removed

Folder C:\Program Files\Router - Removed

Folder C:\Program Files\Temporary - Removed

Removing Temp Files...

ADS Check:

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-14 17:26:41

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"D:\Programy\bitcomet\BitComet.exe"="D:\Programy\bitcomet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

"D:\Programy\emule\eMule\eMule.exe"="D:\Programy\emule\eMule\eMule.exe:*:Enabled:eMule Plus"

"D:\Programy\GG\Gadu-Gadu\gg.exe"="D:\Programy\GG\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny"

"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"

"C:\WINDOWS\Installer\IEXPLORE.EXE"="C:\WINDOWS\Installer\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"C:\WINDOWS\System32\MSconfig.exe"="C:\WINDOWS\System32\MSconfig.exe:*:Disabled:MSconfig"

"C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe"="C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"

"D:\Programy\Skype\Phone\Skype.exe"="D:\Programy\Skype\Phone\Skype.exe:*:Enabled:Skype"

"D:\Programy\ferguson\Nowa lisra\Work World Premiere Key ok 26.07.07\Editor.Keys digital 6.02.exe"="D:\Programy\ferguson\Nowa lisra\Work World Premiere Key ok 26.07.07\Editor.Keys digital 6.02.exe:*:Enabled:wininit"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\Installer\IEXPLORE.EXE"="C:\WINDOWS\Installer\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 22 Aug 2006 220 ..SH. --- "C:\WINDOWS\dwin.sys"

Sun 3 Feb 2008 210 ..SH. --- "C:\WINDOWS\system32\xphzzubz.dllbox"

Sat 6 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\216837dddbb5e0f13d9d75f5b622ba9f\BIT22.tmp"

Sat 19 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!


(jessica) #5

To wygląda na infekcję VUNDO, więc daj log z ComboFix

Log wklej na http://wklej.org/, a w poście daj tylko link.(czyli skopiuj adres z paska adresów)

jessi