Zwolnił komp

MariuszListecki · 8 Październik 2007 18:28

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:25:37, on 2007-10-08

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

D:\Avast4\aswUpdSv.exe

D:\Avast4\ashServ.exe

C:\WINDOWS\soundman.exe

D:\Jetico Personal Firewall\fwsrv.exe

D:\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\BitComet\BitComet.exe

D:\WinCleaner Memory Optimizer\WinMemOpt.exe

D:\Ares\Ares.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Kalendarz XP\Kalendarz.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

D:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe

D:\Avast4\ashMaiSv.exe

D:\Avast4\ashWebSv.exe

D:\Gadu-Gadu\gg.exe

D:\Programy do muzyki\Winamp\winamp.exe

D:\Gadu-Gadu\gg.exe

D:\Mozilla Firefox\firefox.exe

D:\High jack\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2BDEC973-B5AC-4e5b-8AB3-5A0500880DA2} - (no file)

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\Expressivo Demo\integr\ih-iexplorer\IH_iexplorer.dll

O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll

O2 - BHO: (no name) - {BE756CFF-ADB4-4bc5-A35F-19E546E5710E} - (no file)

O2 - BHO: (no name) - {F6104497-54FD-4688-9162-5115CC8AB0FB} - (no file)

O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)

O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\Expressivo Demo\integr\ih-iexplorer\IH_iexplorer.dll

O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu6\AOL_security_toolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SoundMan] soundman.exe

O4 - HKLM\..\Run: [JeticoPFStartup] "D:\Jetico Personal Firewall\fwsrv.exe"

O4 - HKLM\..\Run: [avast!] D:\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [jv16PT - Privacy Protector] D:\jv16 PowerTools 2006\jv16pt.exe -ExecTask "D:\jv16 PowerTools 2006\Tasks\_PrivacyProtector\Task.jvb"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [WinMem] D:\WinCleaner Memory Optimizer\WinMemOpt.exe

O4 - HKCU\..\Run: [ares] "D:\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Acrobat\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Acrobat\Reader\AdobeCollabSync.exe

O4 - Global Startup: Kalendarz XP.lnk = C:\Kalendarz XP\Kalendarz.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - D:\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm

O8 - Extra context menu item: &Webshots Photo Search - res://D:\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM

O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183134635953

O22 - SharedTaskScheduler: COM+ Service - {2BDEC973-B5AC-4e5b-8AB3-5A0500880DA2} - (no file)

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - D:\Avast4\ashWebSv.exe

O23 - Service: CA Personal Firewall ASEM - Unknown owner - D:\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\

O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - D:\DAP\SPEEDB~1\VideoAcceleratorEngine.exe

O23 - Service: Usługa udostępniania w sieci programu Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)


--

End of file - 8020 bytes

Gutek · 8 Październik 2007 22:12

usuń wpisy HJT

Daj log z ComboFix

MariuszListecki · 9 Październik 2007 16:11

Jak to zrobić szukać czy sam wyszuka w raporcie

LostWorld · 9 Październik 2007 18:02

->Hijack->scan(Do a system scan only)->zaznacz je ->Fix checked.

MariuszListecki · 9 Październik 2007 19:29

Dobra a czy w tym logu da sie coś znaleźć co powoduje restart kompa co około 2,5 godziny

Złączono Posta : 09.10.2007 (Wto) 21:32

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:31, on 2007-10-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE D:\Avast4\aswUpdSv.exe D:\Avast4\ashServ.exe C:\WINDOWS\soundman.exe D:\Jetico Personal Firewall\fwsrv.exe D:\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BitComet\BitComet.exe D:\WinCleaner Memory Optimizer\WinMemOpt.exe D:\Ares\Ares.exe C:\Kalendarz XP\Kalendarz.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe D:\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe D:\Gadu-Gadu\gg.exe D:\Avast4\ashMaiSv.exe D:\Avast4\ashWebSv.exe D:\MOZILL~1\FIREFOX.EXE D:\EVEREST Home Edition\everest.bin D:\High jack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\Expressivo Demo\integr\ih-iexplorer\IH_iexplorer.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: XBTP01621 Class - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~1\MediaBar.dll (file missing) O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing) O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:\Expressivo Demo\integr\ih-iexplorer\IH_iexplorer.dll O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu6\AOL_security_toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [soundMan] soundman.exe O4 - HKLM…\Run: [JeticoPFStartup] “D:\Jetico Personal Firewall\fwsrv.exe” O4 - HKLM…\Run: [avast!] D:\Avast4\ashDisp.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” O4 - HKCU…\Run: [bitComet] “C:\Program Files\BitComet\BitComet.exe” /tray O4 - HKCU…\Run: [WinMem] D:\WinCleaner Memory Optimizer\WinMemOpt.exe O4 - HKCU…\Run: [ares] “D:\Ares\Ares.exe” -h O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Acrobat\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Acrobat\Reader\AdobeCollabSync.exe O4 - Global Startup: Kalendarz XP.lnk = C:\Kalendarz XP\Kalendarz.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - D:\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm O8 - Extra context menu item: &Webshots Photo Search - res://D:\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 3134635953 O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - D:\Avast4\ashWebSv.exe O23 - Service: CA Personal Firewall ASEM - Unknown owner - D:\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\WINDOWS\ O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - D:\DAP\SPEEDB~1\VideoAcceleratorEngine.exe O23 - Service: Usługa udostępniania w sieci programu Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing) – End of file - 7501 bytes

Gutek · 9 Październik 2007 22:14

usuń wpisy HJT

Daj log z ComboFix