Zmulony internet i komp - Log z HJT


(Bardock9) #1

Jest to log mojego kolegi.

Logfile of HijackThis v1.99.1

Scan saved at 20:04:22, on 2007-05-30

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

D:\Program Files\G DATA\AntiVirus 2007\AVK\AVKService.exe

D:\Program Files\G DATA\AntiVirus 2007\AVK\AVKWCtl.exe

D:\Program Files\cFosSpeed\spd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

C:\WINDOWS\system32\nvraidservice.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

D:\Program Files\G DATA\AntiVirus 2007\AVKTray\AVKTray.exe

C:\Program Files\LClock\LClock.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\NCLAUNCH.EXe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\D-Link AirPlus\AirPlus.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\DOCUME~1\xxx\USTAWI~1\Temp\{50B30C1B-7972-478B-B161-597513E4CF58}\sidebar.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\calc.exe

D:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\xxx\USTAWI~1\Temp\Rar$EX00.562\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: Peer2Mail Toolbar Helper - {4FB971C4-99FB-480d-BA3F-55B8263010FB} - C:\Program Files\Peer2Mail Toolbar\v2.0.0.0\Peer2Mail_Toolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing)

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll (file missing)

O2 - BHO: MU Online Toolbar Helper - {D3138B39-C8A6-440B-9D42-50F766AEA8C7} - C:\Program Files\MU Online Toolbar\v3.2.0.0\MU_Online_Toolbar.dll (file missing)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing)

O3 - Toolbar: MU Online Toolbar - {B9D1647F-A66A-4695-B249-07901A45FF59} - C:\Program Files\MU Online Toolbar\v3.2.0.0\MU_Online_Toolbar.dll (file missing)

O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (file missing)

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: Peer2Mail Toolbar - {43F2A7F9-06F6-48a5-B0DC-8530BF29CE66} - C:\Program Files\Peer2Mail Toolbar\v2.0.0.0\Peer2Mail_Toolbar.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [TXP] c:\program files\topthemesxp\txp.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [AVKTray] "D:\Program Files\G DATA\AntiVirus 2007\AVKTray\AVKTray.exe"

O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe

O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe

O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe

O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe

O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP

O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe

O4 - HKCU\..\Run: [WAITBONE] C:\DOCUME~1\xxx\DANEAP~1\OBJLOG~1\FILM TOOL GRID.exe

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: D-Link AirPlus.lnk = ?

O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - D:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\MSOFFI~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Subskrybuj w RSS Bandit - C:\Documents and Settings\xxx\Dane aplikacji\RssBandit\iecontext_subscribebandit.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{3F66899A-54CE-4AE8-A080-33BA2FEE387E}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS1\Services\Tcpip\..\{3F66899A-54CE-4AE8-A080-33BA2FEE387E}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS2\Services\Tcpip\..\{3F66899A-54CE-4AE8-A080-33BA2FEE387E}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: AVK Service (AVKService) - G DATA Software AG - D:\Program Files\G DATA\AntiVirus 2007\AVK\AVKService.exe

O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - D:\Program Files\G DATA\AntiVirus 2007\AVK\AVKWCtl.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - D:\Program Files\cFosSpeed\spd.exe" -service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: SysSrvc - Unknown owner - D:\Program Files\MaxCrypt2\SysSrvc.exe (file missing)

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

(Gutek) #2

usuń wpisy HJT, użyj narzędzia NoLop