prosze o sprawdzenie loga

[Gość: mamuśka]

Posypal mi się komputer, nie działa internet, gg, poczta. Bardzo proszę o
pomoc i wskazówki co mam zrobić.

Logfile of HijackThis v1.99.1
Scan saved at 18:36:40, on 2006-05-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\umikclac.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common
Files\Onet.pl\NewAutoUpdate.exe" /updateexe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SysTray] C:\Program Files\umikclac.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00001.exe"
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Analizuj za pomocą LeechGet - file://C:\Program
Files\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Pobierz przez Net Transport - C:\Program
Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Pobierz używając kreatora LeechGet -
file://C:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Pobierz używając LeechGet - file://C:\Program
Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Pobierz wszystko przez Net Transport -
C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {7C6E92FA-4429-4FB6-909B-798E2EFFAEF0} (NCWeb.Launcher) -
www.guildwars.co.kr/common/ocx/ncweb.cab
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32
\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32
\IDriverT.exe
O23 - Service: kavsvc - Unknown owner - C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

[Gość: k]

Zakoncz proces:
C:\Program Files\umikclac.exe

W hjt:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html <- usun plik z dysku.
O4 - HKLM\..\Run: [SysTray] C:\Program Files\umikclac.exe <- usun plik z dysku.
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe <- usun plik z
dysku.
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00001.exe" <- usun plik z dysku.
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {7C6E92FA-4429-4FB6-909B-798E2EFFAEF0} (NCWeb.Launcher) -
www.guildwars.co.kr/common/ocx/ncweb.cab
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll

Sciagnij:
users.telenet.be/marcvn/tools/haxfix.exe
Uruchom haxfix, wybierz opcje 3, jako nazwe do usuniecia wpisz: xptp
Log z usuwania wklej na forum.

Do tego zrob skan przy pomocy ewido.

[Gość: mamuśka]

Wyszło mi coś takiego, nie mam pojęcia co to znaczy, ale mam nadzieję że
wszystko zrobiłam ok
HAXFIX logfile - by Marckie
--------------
version 2.42
2006-05-19 20:02:42,50

checking for a3d files....
a3d files found
ps.a3d

checking for matching notify keys....
matching notify keys found
xptp

checking for matching services....
matching services found
xptptt
xptpmm

checking for matching safeboot services....
matching safeboot services found
xptptt.sys
xptpmm.sys

[Gość: k]

Mialbyc log z usuwania, a nie ten, ten jest z opcji 1 czyli sam skan i nic
wiecej, a ma byc z usuwania, czyli z opcji 3, log ktory utworzy sie juz po
usunieciu i resecie.

[Gość: mamuśka]

O przepraszam, już wklejam
Logfile of HijackThis v1.99.1
Scan saved at 21:02:33, on 2006-05-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5
\kwsprod.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common
Files\Onet.pl\NewAutoUpdate.exe" /updateexe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
for Workstation 5\kwsprod.exe" -run -n Workstation -v 5.0.0.0 -chkss
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Analizuj za pomocą LeechGet - file://C:\Program
Files\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Pobierz przez Net Transport - C:\Program
Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Pobierz używając kreatora LeechGet -
file://C:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Pobierz używając LeechGet - file://C:\Program
Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Pobierz wszystko przez Net Transport - C:\Program
Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32
\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32
\IDriverT.exe
O23 - Service: kavsvc - Unknown owner - C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner -
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5
\kavmm.exe" -run bl -n Workstation -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

[Gość: k]

Nie chcialem log'a z hjt, no ale nic bede Ci to pisal az to zrobisz:
Sciagnij:
users.telenet.be/marcvn/tools/haxfix.exe
Uruchom haxfix, wybierz opcje 3, jako nazwe do usuniecia wpisz: xptp
Log z usuwania wklej na forum.

[Gość: mamuśka]

HAXFIX logfile - by Marckie
--------------
version 2.42
2006-05-19 21:42:21,78

Manual Haxdoorfix

Adding haxdoorkeys to delete...
xptp
xptp


haxdoor key: xptp
searching for services....
services found
deleting services.....
[SWSC] DeleteService SUCCESS
[SWSC] DeleteService SUCCESS

haxdoor key: xptp
searching for services....
services found
deleting services.....
[SWSC] DeleteService FAIL


rebooting the computer.....


haxdoor key: xptp
searching for services....
services not found

checking if files are found.....
xptptt.dll

deleting files.....

checking if files are deleted.....


haxdoor key: xptp
searching for services....
services not found

checking if files are found.....

deleting files.....

checking if files are deleted.....


checking for other files.....
klgcptini.dat
sd.dll
fux87.ini
ps.a3d

deleting other files.....

checking if the files are deleted.....


Finished

[kolobos]

Widzisz, jak sie chce to mozna.

[Gość: mamuśka]

Ja jestem starsza pani i nie wszystko potrafie