LOG

[lipolipo]

Witam mam prosbe
ponizej zamieszczam swoj log
prosze o jego sprawdzenie
z gory Thx!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
F:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
G:\steam\steam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lucas\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hot-
searches.com/search.php?v=6&aff=8354866
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hot-
searches.com/index.php?v=6&aff=8354866
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.greenday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.eu.microsoft.com/poland/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 82.179.166.164 lender-search.com
O1 - Hosts: 82.179.166.165 hot-searches.com
O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} -
C:\WINDOWS\System32\WStart.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] c:\program files\softwin\bitdefender8
\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8
\\bdswitch.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -
lang 1033
O4 - HKLM\..\Run: [KAZAA] "F:\Program Files\Kazaa Lite
K++\kpp.exe" "F:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "G:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Steam] "g:\steam\steam.exe" -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} -
www.emusic.com?fref=149133 (file missing)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: Win32 Classes -
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX
Control) - www.modgik.lodz.pl/Mapa/mgaxctrl.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{59E4B53C-0A01-4563-80EC-
103C5F17B3F3}: NameServer =
195.117.215.2,194.204.159.1,212.51.192.2,212.191.170.2,217.17.34.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tvsat364.lodz.pl
O17 - HKLM\System\CS1\Services\Tcpip\..\{59E4B53C-0A01-4563-80EC-
103C5F17B3F3}: NameServer =
195.117.215.2,194.204.159.1,212.51.192.2,212.191.170.2,217.17.34.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = tvsat364.lodz.pl
O17 - HKLM\System\CS2\Services\Tcpip\..\{59E4B53C-0A01-4563-80EC-
103C5F17B3F3}: NameServer =
195.117.215.2,194.204.159.1,212.51.192.2,212.191.170.2,217.17.34.10
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = tvsat364.lodz.pl
O17 - HKLM\System\CS3\Services\Tcpip\..\{59E4B53C-0A01-4563-80EC-
103C5F17B3F3}: NameServer =
195.117.215.2,194.204.159.1,212.51.192.2,212.191.170.2,217.17.34.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = tvsat364.lodz.pl
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} -
C:\WINDOWS\System32\xplugin.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program
Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: NVIDIA Display Driver Service (Omega 1.6177) (Q) (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program
Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program
Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

[neder]

D o wywalenia w HJ:

> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hot-
> searches.com/search.php?v=6&aff=8354866
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hot-
> searches.com/index.php?v=6&aff=8354866
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
> O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} -
> C:\WINDOWS\System32\WStart.dll
> O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
> C:\WINDOWS\web\related.htm
> O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
> 00aa003c157a} - C:\WINDOWS\web\related.htm


+ do wywalenia z autostaru (nie sa szkodliwe ale zbędne -> decyzja należy do
Ciebie):
> O4 - HKLM\..\Run: [KAZAA] "F:\Program Files\Kazaa Lite
> K++\kpp.exe" "F:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
> O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
> O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
> \spool\drivers\w32x86\3\hpztsb09.exe
> O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
> Files\Adobe\Calibration\Adobe Gamma Loader.exe



PS. loga następnym razem zamieszczaj na forum Wirusy :)

pzdr