Mam zamulonego kompa, pomocy

[Gość: Lukaszek.k]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:46:55, on 2007-03-23
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\smcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\syscv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\runservice2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\adirka.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\msyts.exe
c:\mqusagpb.exe
C:\WINDOWS\System32\tcpipmon.exe
C:\DOCUME~1\UKASZ~1\USTAWI~1\Temp\Rar$EX02.990\HiJackThis_v2.exe
C:\WINDOWS\System32\tcpipmon.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Shell Doc Object and Control Helper Class - {00009E9F-DDD7-AA59-
AA7D-AA4B7D6BE000} - C:\WINDOWS\System32\shdocvs.dll
O2 - BHO: Shell Event Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} -
C:\WINDOWS\System32\cscentfy.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -
C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {3F7808CC-894F-4429-89EF-8E198E9B769B} -
C:\WINDOWS\System32\ljhii.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program
Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} -
C:\WINDOWS\system32\jkkljii.dll
O2 - BHO: (no name) - {75682646-178D-486B-8E3D-319C667D038a} -
C:\WINDOWS\System32\vtkdjuhk.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} -
C:\WINDOWS\System32\cemurlfe.dll
O2 - BHO: (no name) - {FC8EE8C2-464C-46BC-A82B-646BD7C4AE31} -
C:\WINDOWS\System32\vtkdjuhk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program
Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32
\hocqmymp.dll",setvm
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SvcManager] runservice2.exe
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\System32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\System32\lnwin.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [pas_check] C:\Program Files\SystemDoctor 2006
Free\pasmon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32
\gngdptqs.dll",setvm
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [adirka] C:\WINDOWS\System32\adirka.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all links using BitComet -
res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet -
res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet -
res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) -
67.15.101.3/g_bin/pl/poker_2_0_0_44.cab
O16 - DPF: {A1FE3DE0-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Demon) -
67.15.101.3/g_bin/pl/demon_2_0_0_25.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
67.15.101.3/g_bin/pl/billard8_2_0_0_30.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) -
67.15.101.3/g_bin/pl/billard9_2_0_0_28.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) -
67.15.101.3/g_bin/pl/billardt_2_0_0_28.cab
O20 - Winlogon Notify: jkkljii - C:\WINDOWS\SYSTEM32\jkkljii.dll
O20 - Winlogon Notify: ljhii - C:\WINDOWS\System32\ljhii.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browse

[Gość: Lukaszek.k]

reszta loga

O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-
11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Disk Monitor Manager - Unknown owner - C:\WINDOWS\system32
\smcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32
\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Shell Reader - Unknown owner - C:\WINDOWS\system32
\syscv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program
Files\Spyware Doctor\sdhelp.exe
O24 - Desktop Component 0: (no name) -
www.wawel.net/images/forty/archiw_wawel/11_A.jpg
--
End of file - 8483 bytes

[Gość: Kolobos]

Zamknij porty przy pomocy wwdc.exe

Uzyj:
www.atribune.org/ccount/click.php?id=4
securityresponse.symantec.com/avcenter/FixVundo.exe
oraz:
siri.urz.free.fr/Fix/SmitfraudFix_En.php zrob to co masz
opisane pod "Clean".

W menadzerze zadan zakoncz:
C:\WINDOWS\System32\runservice2.exe
C:\WINDOWS\System32\adirka.exe
c:\msyts.exe
c:\mqusagpb.exe
C:\WINDOWS\System32\tcpipmon.exe
C:\WINDOWS\System32\tcpipmon.exe
Pliki usun z dysku.

W hjt usun:
O2 - BHO: Shell Doc Object and Control Helper Class - {00009E9F-DDD7-AA59-
AA7D-AA4B7D6BE000} - C:\WINDOWS\System32\shdocvs.dll <- plik usun z dysku.
O2 - BHO: Shell Event Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} -
C:\WINDOWS\System32\cscentfy.dll <- i ten.
itd:
O2 - BHO: (no name) - {3F7808CC-894F-4429-89EF-8E198E9B769B} -
C:\WINDOWS\System32\ljhii.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program
Files\VSAdd-in\VSAdd-in.dll <- katalog VSAdd-in usun z dysku.
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} -
C:\WINDOWS\system32\jkkljii.dll
O2 - BHO: (no name) - {75682646-178D-486B-8E3D-319C667D038a} -
C:\WINDOWS\System32\vtkdjuhk.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} -
C:\WINDOWS\System32\cemurlfe.dll
O2 - BHO: (no name) - {FC8EE8C2-464C-46BC-A82B-646BD7C4AE31} -
C:\WINDOWS\System32\vtkdjuhk.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program
Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\System32
\hocqmymp.dll",setvm <- plik hocqmymp usun z dysku.
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe <- i ten
O4 - HKLM\..\Run: [SvcManager] runservice2.exe <- itd.
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\System32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\System32\lnwin.exe
O4 - HKLM\..\Run: [pas_check] C:\Program Files\SystemDoctor 2006
Free\pasmon.exe <- katalog SystemDoctor... usun z dysku.
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32
\gngdptqs.dll",setvm <- plik gngdp.. usun z dysku.
O4 - HKCU\..\Run: [adirka] C:\WINDOWS\System32\adirka.exe <- plik usun z dysku.
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: rsvp32_2.dll <- sciagnij z google lspfix.exe i usun plik rsvp32_2.dll (po wszystkim usun te plik z dysku).

Te pliki usun z dysku:
O20 - Winlogon Notify: jkkljii - C:\WINDOWS\SYSTEM32\jkkljii.dll
O20 - Winlogon Notify: ljhii - C:\WINDOWS\System32\ljhii.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll

Uslugi do kasacji:
O23 - Service: Disk Monitor Manager - Unknown owner - C:\WINDOWS\system32
\smcs.exe
O23 - Service: Remote Shell Reader - Unknown owner - C:\WINDOWS\system32
\syscv.exe

Po kasacji uslug usun oba pliki z dysku.

Start->Uruchom->cmd
i tam wpisujesz:
sc stop "Disk Monitor Manager"
sc stop "Remote Shell Reader"
sc delete "Disk Monitor Manager"
sc delete "Remote Shell Reader"

Na koniec skan:
www.pandasoftware.com/activescan/pol/activescan_principal.htm
www.spywareinfo.com/xscan.php
www.bitdefender.com/scan8/ie.html
Jak juz to wszystko zrobisz to wklej nowy log z hijackthis, nie zaszkodzi tez jak mi wyslesz na maila (kolobos (at) gazeta.pl log z comboscan.

[Gość: Lukaszek.k]

Witam, dziekuje z pomoc, teraz jest o niebo lepiej
Nie moglem usunac plików

O20 - Winlogon Notify: jkkljii - C:\WINDOWS\SYSTEM32\jkkljii.dll
O20 - Winlogon Notify: ljhii - C:\WINDOWS\System32\ljhii.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll

mialem komunikat ze sa uzywane przez inne osoby lub program

Nie moge tez sciagnac programu comboscan, moze masz jakis link który dziala

Wkleje do sprawdzenia jeszcze log z hijackthisa

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:50:45, on 2007-03-25
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\UKASZ~1\USTAWI~1\Temp\Rar$EX00.368\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -
C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} -
C:\WINDOWS\system32\jkkljii.dll
O2 - BHO: (no name) - {75682646-178D-486B-8E3D-319C667D038a} -
C:\WINDOWS\System32\npdivtbk.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} -
C:\WINDOWS\System32\tgsvkwpd.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} -
C:\WINDOWS\System32\hlrqsalr.dll (file missing)
O2 - BHO: (no name) - {EFC306E7-70C9-4C61-A800-CADA66C49301} -
C:\WINDOWS\System32\ljhii.dll
O2 - BHO: (no name) - {FC8EE8C2-464C-46BC-A82B-646BD7C4AE31} -
C:\WINDOWS\System32\npdivtbk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32
\csixocgs.dll",setvm
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all links using BitComet -
res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet -
res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program
Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%
\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) -
67.15.101.3/g_bin/pl/poker_2_0_0_44.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1FE3DE0-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Demon) -
67.15.101.3/g_bin/pl/demon_2_0_0_25.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
67.15.101.3/g_bin/pl/billard8_2_0_0_30.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) -
67.15.101.3/g_bin/pl/billard9_2_0_0_28.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) -
67.15.101.3/g_bin/pl/billardt_2_0_0_28.cab
O20 - Winlogon Notify: jkkljii - C:\WINDOWS\SYSTEM32\jkkljii.dll
O20 - Winlogon Notify: ljhii - C:\WINDOWS\System32\ljhii.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-
11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32
\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Drive

[Gość: Lukaszek.k]

reszta loga

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program
Files\Spyware Doctor\sdhelp.exe

--
End of file - 7004 bytes

[Gość: Kolobos]

> mialem komunikat ze sa uzywane przez inne osoby lub program

Uzyj killbox! Opis masz w przyklejonym.

> Nie moge tez sciagnac programu comboscan, moze masz jakis link który dziala

Link ktory podalem dziala! Tutaj masz inne:
www.google.pl/search?client=opera&rls=pl&q=comboscan
Dalej jest zle:
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} -
C:\WINDOWS\system32\jkkljii.dll
O2 - BHO: (no name) - {75682646-178D-486B-8E3D-319C667D038a} -
C:\WINDOWS\System32\npdivtbk.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} -
C:\WINDOWS\System32\tgsvkwpd.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} -
C:\WINDOWS\System32\hlrqsalr.dll (file missing)
O2 - BHO: (no name) - {EFC306E7-70C9-4C61-A800-CADA66C49301} -
C:\WINDOWS\System32\ljhii.dll
O2 - BHO: (no name) - {FC8EE8C2-464C-46BC-A82B-646BD7C4AE31} -
C:\WINDOWS\System32\npdivtbk.dll
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32
\csixocgs.dll",setvm
O20 - Winlogon Notify: jkkljii - C:\WINDOWS\SYSTEM32\jkkljii.dll
O20 - Winlogon Notify: ljhii - C:\WINDOWS\System32\ljhii.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll

Uzyles w ogole vundofix itd?

[Gość: Lukaszek.k]

wczesniej tylko zeskanowalem vundofixem,
uzylem killboxa
sciagam comboscan, na razie log z hjt

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:40:54, on 2007-03-25
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Łukasz\Pulpit\Łukasz\Naprawa\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -
C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {57360D93-AE9F-4917-BA29-235B9307BD93} -
C:\WINDOWS\System32\ljhii.dll (file missing)
O2 - BHO: (no name) - {75682646-178D-486B-8E3D-319C667D038a} -
C:\WINDOWS\System32\npdivtbk.dll (file missing)
O2 - BHO: (no name) - {FC8EE8C2-464C-46BC-A82B-646BD7C4AE31} -
C:\WINDOWS\System32\npdivtbk.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32
\csixocgs.dll",setvm
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
(User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all links using BitComet -
res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet -
res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program
Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%
\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) -
67.15.101.3/g_bin/pl/poker_2_0_0_44.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1FE3DE0-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Demon) -
67.15.101.3/g_bin/pl/demon_2_0_0_25.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
67.15.101.3/g_bin/pl/billard8_2_0_0_30.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) -
67.15.101.3/g_bin/pl/billard9_2_0_0_28.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) -
67.15.101.3/g_bin/pl/billardt_2_0_0_28.cab
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-
11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32
\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program
Files\Spyware Doctor\sdhelp.exe

--
End of file - 6662 bytes

[Gość: Kolobos]

Przeciez miales te wszystkie wpisy usunac w hjt:
O2 - BHO: (no name) - {57360D93-AE9F-4917-BA29-235B9307BD93} -
C:\WINDOWS\System32\ljhii.dll (file missing)
O2 - BHO: (no name) - {75682646-178D-486B-8E3D-319C667D038a} -
C:\WINDOWS\System32\npdivtbk.dll (file missing)
O2 - BHO: (no name) - {FC8EE8C2-464C-46BC-A82B-646BD7C4AE31} -
C:\WINDOWS\System32\npdivtbk.dll (file missing)
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32
\csixocgs.dll",setvm <- plik csix... usun z dysku.
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)

Nie wklejaj juz nowego log'a z hjt tylko jak bedziesz usuwal to zobacz czy usunales zamiast wklejac takie cos.
Myslalem, ze adres mojego mail'a jest malo czytelny tylko dla spambotow, a tu prosze taka niespodzianka (mala podpowiedz at = @).

[Gość: Lukaszek.k]

udalo mi sie wszystko usunac w hjt,
mam kolejny problem, po kazdym uruchomieniu kompa mam komunikat:

Wystąpił błąd podczas ładowania C:\WINDOWS\System32\csixocgs.dll
Nie można odnaleźć określonego modułu

troszk mnie to wnerwia, co zrobic??

a jeszcze jedno, pierwszy raz sie spotkalem ze skrotem at, mozna powiedziec ze
jestem cienki w kompach.

Jeszcze jedno pytanie, panda wykryl u mnie cos kolo 400 szpiegujacych i cos tam
jeszcze, jak sie tego pozbyc??

Pozdrawiam

[Gość: Kolobos]

> Wystąpił błąd podczas ładowania C:\WINDOWS\System32\csixocgs.dll
> Nie można odnaleźć określonego modułu

Usun wpis w hjt, ktory Ci podalem, eh...

> Jeszcze jedno pytanie, panda wykryl u mnie cos kolo 400 szpiegujacych i cos
> tam > jeszcze, jak sie tego pozbyc??

Skoro wykryla to niech usunie, pewnie same ciastka.

[Gość: Lukaszek.k]

mam comboscan, na jaki adres mam go wyslac??
to co podales wczesniej jest dla mnie malo czytelne (adres)
pozdrawiam