prosze o sprawdzenie loga.

29.12.04, 23:06
Logfile of HijackThis v1.99.0
Scan saved at 22:05:30, on 2004-12-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\Xerox One Touch\OneTouchMon.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\janusz\LOCALS~1\Temp\Temporary Directory 1 for
hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.eircom.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program
Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1
\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program
Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 Reminder] "C:\Program
Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program
Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One
Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0
\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [XeroxScannerDaemon] C:\Program
Files\Xerox\NWWia\XrxFTPLt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0
\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program
Files\McAfee\McAfee Shared Components\Instant
Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program
Files\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program
Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program
Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program
Files\COMOne\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - (no
file)
O9 - Extra button: (no name) - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - (no
file)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=www.mcafee.com
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: cpan.dll
O23 - Service: ArcaBit NetMonitor - ArcaBit sp. z o.o. - C:\Program
Files\MKS\Bin\NetMonSV.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32
\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION -
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD Helper - Ahead Software AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program
Files\McAfee\McAfee Firewall\CPD.EXE
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc -
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
Files\MKS\bin\MkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor - Unknown - C:\Program
Files\MKS\Bin\mksmonsv.exe
O23 - Service: MkS_Scan - Unknown - C:\Program Files\MKS\Bin\mks_scan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) - H+H Software
GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

nie wiem czy to dobrze zrobilem.. prosze o pomoc.
    • Gość: Kuba Re: prosze o sprawdzenie loga. IP: *.terminus.pl / 62.233.169.* 29.12.04, 23:16
      Na pewno skasuj plik 12 od góry C:\Program Files\Xerox One
      Touch\OneTouchMon.exe. Na reszcie się nie znam. A tego wirusa miałem sam, więc
      wiem, że to trzeba usunąć. Poczekaj na mądrzejszą głowę. Ten wirus w IE
      w "ulubionych" tworzy nową zakładkę "links", której nie mmożna usunąć.
      Pozdrawiam
      • januszmadej Re: prosze o sprawdzenie loga. 29.12.04, 23:19
        jesli chodzi o xeroxsa to kilka dni temu instalowalem skaner xeroxa i ten wpis
        moze jest od niego?
    • Gość: piecyk gazowy Re: prosze o sprawdzenie loga. IP: *.tpnet.pl / *.tpnet.pl 29.12.04, 23:27
      Zaznaczasz wymienione pozycje i wciskasz Fix Checked, z gwiazdką wpisy
      poprawne, ale według mnie zbędne (decyduj sam):

      > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
      > Settings,ProxyOverride = localhost;

      *> O4 - HKLM\..\Run: [CloneCDTray] "C:\Program
      > Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      *> O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

      *> O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec
      > Shared\ccRegVfy.exe

      *> O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0
      > \Bin\REGIST~1.EXE

      *> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      *> O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0
      > \Bin\REGIST~1.EXE
      *> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

      *> O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program
      > Files\TextBridge Pro 9.0\Bin\Ereg\Remind32.exe
      > O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      > O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

      > O9 - Extra button: (no name) - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - (no
      > file)
      > O9 - Extra button: (no name) - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - (no
      > file)

      > O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
      > file)

      > O19 - User stylesheet: (file missing)
      > O20 - AppInit_DLLs: cpan.dll

      Masz dwa programy antywirusowe. KONIECZNIE jeden odinstaluj.
    • januszmadej Re: prosze o sprawdzenie loga. 29.12.04, 23:35
      dzieki zaraz tak zrobie..
Pełna wersja