Dodaj do ulubionych

Bardzo proszę o sprawdzenie loga.

IP: *.sistbg.net / 80.50.247.* 20.02.06, 13:34
Logfile of HijackThis v1.99.1
Scan saved at 13:32:02, on 2006-02-20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\inet20010\winlogon.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\kernels64.exe
C:\windows\winsysban9.exe
C:\WINDOWS\smss.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\Documents and Settings\a\Moje dokumenty\Gadu-Gadu\Gadu-Gadu\gg.exe
C:\PROGRA~1\REGIST~1\RegClean.exe
C:\Program Files\22M WLAN Adapter\WLANMON.exe
C:\Program Files\Network Monitor\netmon.exe
C:\PROGRA~1\SOFTWA~1\soproc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\winlogon.exe
C:\WINDOWS\inet20010\mm4.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\a\USTAWI~1\Temp\Rar$EX04.p20\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini:
Shell=explorer.exe
"C:\Program Files\Common
Files\Microsoft Shared\Web Folders\ibm00003.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} -
C:\WINDOWS\inet20010\3.01.00.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} -
C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky Lab\Kaspersky Anti-
Virus\avpcc.exe /wait
O4 - HKLM\..\Run: [Firebird] C:\Program Files\Firebird\bin\ibserver.exe -a
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy
Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy
Client\sunasServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
\bin\jusched.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20010\winlogon.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels64.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames9.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem]
C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Documents and Settings\a\Moje
dokumenty\Gadu-Gadu\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [pro] C:\WINDOWS\System32\vxh8jkdq2.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00003.exe"
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20010\winlogon.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [iwoi] C:\PROGRA~1\COMMON~1\iwoi\iwoim.exe
O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\RegClean.exe
O4 - HKCU\..\Run: [SOProc_SoRefRegSoAlertAjMiniTest] rundll32
shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack
SoRefRegSoAlertAjMiniTest
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program
Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program
Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program
Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program
Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: www.mks.com.pl
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnl
Obserwuj wątek
    • Gość: ania Re: Bardzo proszę o sprawdzenie loga. IP: *.sistbg.net / 80.50.247.* 20.02.06, 13:40
      Logfile of HijackThis v1.99.1
      Scan saved at 13:32:02, on 2006-02-20
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\inet20010\winlogon.exe
      C:\Program Files\Firebird\bin\ibserver.exe
      C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
      C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
      C:\WINDOWS\System32\paytime.exe
      C:\WINDOWS\System32\kernels64.exe
      C:\windows\winsysban9.exe
      C:\WINDOWS\smss.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\MKS\Bin\mksmonsv.exe
      C:\Documents and Settings\a\Moje dokumenty\Gadu-Gadu\Gadu-Gadu\gg.exe
      C:\PROGRA~1\REGIST~1\RegClean.exe
      C:\Program Files\22M WLAN Adapter\WLANMON.exe
      C:\Program Files\Network Monitor\netmon.exe
      C:\PROGRA~1\SOFTWA~1\soproc.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\MKS\Bin\mks_scan.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\WINDOWS\winlogon.exe
      C:\WINDOWS\inet20010\mm4.exe
      C:\Program Files\Opera\Opera.exe
      C:\WINDOWS\System32\dllcache\IExplore.exe
      C:\WINDOWS\System32\dllcache\IExplore.exe
      C:\Program Files\WinRAR\WinRAR.exe
      C:\DOCUME~1\a\USTAWI~1\Temp\Rar$EX04.p20\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      c:\secure32.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      searchbar.findthewebsiteyouneed.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      searchbar.findthewebsiteyouneed.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      searchbar.findthewebsiteyouneed.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      c:\secure32.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      c:\secure32.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      searchbar.findthewebsiteyouneed.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      c:\secure32.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      searchbar.findthewebsiteyouneed.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      c:\secure32.html
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      c:\secure32.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      F2 - REG:system.ini:
      Shell=explorer.exe
      "C:\Program Files\Common Files\Microsoft
      Shared\Web Folders\ibm00003.exe"
      F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
      O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} -
      C:\WINDOWS\inet20010\3.01.00.dll (file missing)
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} -
      C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
      \NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky Lab\Kaspersky Anti-
      Virus\avpcc.exe /wait
      O4 - HKLM\..\Run: [Firebird] C:\Program Files\Firebird\bin\ibserver.exe -a
      O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy
      Client\sunasDtServ.exe
      O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy
      Client\sunasServ.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
      \bin\jusched.exe
      O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
      O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe
      O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20010\winlogon.exe
      O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels64.exe
      O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
      O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames9.exe
      O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem]
      C:\WINDOWS\smss.exe
      O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program
      Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Documents and Settings\a\Moje dokumenty\Gadu-
      Gadu\Gadu-Gadu\gg.exe" /tray
      O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
      O4 - HKCU\..\Run: [pro] C:\WINDOWS\System32\vxh8jkdq2.exe
      O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web
      Folders\ibm00003.exe"
      O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20010\winlogon.exe
      O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
      O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
      O4 - HKCU\..\Run: [iwoi] C:\PROGRA~1\COMMON~1\iwoi\iwoim.exe
      O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\RegClean.exe
      O4 - HKCU\..\Run: [SOProc_SoRefRegSoAlertAjMiniTest] rundll32
      shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack
      SoRefRegSoAlertAjMiniTest
      O4 - Global Startup: 22M WLAN Adapter.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office\OSA9.EXE
      O8 - Extra context menu item: &Google Search - res://C:\Program
      Files\Google\googletoolbar.dll/cmsearch.html
      O8 - Extra context menu item: Backward &Links - res://C:\Program
      Files\Google\googletoolbar.dll/cmbacklinks.html
      O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program
      Files\Google\googletoolbar.dll/cmcache.html
      O8 - Extra context menu item: Si&milar Pages - res://C:\Program
      Files\Google\googletoolbar.dll/cmsimilar.html
      O8 - Extra context menu item: Translate into English - res://C:\Program
      Files\Google\googletoolbar.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
      00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O15 - Trusted Zone: www.mks.com.pl
      O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
      poczta.wp.pl/autoryzacja/mailcfg.ocx
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
      a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
      www.pandasoftware.com/activescan/as5/asinst.cab
      O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnl
      • kolobos Re: Bardzo proszę o sprawdzenie loga. 20.02.06, 13:58
        Nie zmiesci sie caly w jednym poscie.

        W menadzerze zadan zakoncz:
        C:\WINDOWS\inet20010\winlogon.exe
        C:\WINDOWS\System32\paytime.exe
        C:\WINDOWS\System32\kernels64.exe
        C:\windows\winsysban9.exe
        C:\WINDOWS\smss.exe
        C:\PROGRA~1\SOFTWA~1\soproc.exe
        C:\WINDOWS\winlogon.exe
        C:\WINDOWS\inet20010\mm4.exe

        W hijackthis usun:
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        c:\secure32.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        searchbar.findthewebsiteyouneed.com
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        searchbar.findthewebsiteyouneed.com
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
        searchbar.findthewebsiteyouneed.com
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        c:\secure32.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        c:\secure32.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
        searchbar.findthewebsiteyouneed.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        c:\secure32.html
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        searchbar.findthewebsiteyouneed.com
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        c:\secure32.html
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        c:\secure32.html <- usun plik
        F2 - REG:system.ini:
        Shell=explorer.exe
        "C:\Program Files\Common
        Files\Microsoft Shared\Web Folders\ibm00003.exe"
        F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
        O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} -
        C:\WINDOWS\inet20010\3.01.00.dll (file missing)
        O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} -
        C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL <- usun katalog MySearch
        O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe <- usun i reszte
        tych exe
        O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe
        O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20010\winlogon.exe
        O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels64.exe
        O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
        O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames9.exe <- i ten
        O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem]
        C:\WINDOWS\smss.exe <- usun plik
        O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe <-
        usun plik
        O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe <- usun plik
        O4 - HKCU\..\Run: [pro] C:\WINDOWS\System32\vxh8jkdq2.exe <- usun plik
        O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web
        Folders\ibm00003.exe" <- usun plik
        O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20010\winlogon.exe <- usun katalog
        inet20010
        O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe <-
        usun katalog vcclient
        O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
        O4 - HKCU\..\Run: [iwoi] C:\PROGRA~1\COMMON~1\iwoi\iwoim.exe <- usun katalog
        iwoi
        O4 - HKCU\..\Run: [SOProc_SoRefRegSoAlertAjMiniTest] rundll32
        shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack
        SoRefRegSoAlertAjMiniTest <- usun katalog SOFTWA~1
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm

        Zrob skan tym:
        ftp://download.hirekmedia.hu/ssfsetup1_0.exe <- zrob update przed skanowaniem,
        po przeskanowaniu odinstaluj.
        download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
        przeskanowaniu odinstaluj.
        Zamknij porty w wwdc:
        www.firewallleaktester.com/tools/wwdc.exe
        Po wszystkim wklej nowy log.
        • Gość: ania Re: Bardzo proszę o sprawdzenie loga. IP: *.sistbg.net / 80.50.247.* 20.02.06, 14:22
          Logfile of HijackThis v1.99.1
          Scan saved at 14:16:53, on 2006-02-20
          Platform: Windows XP (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\Program Files\Firebird\bin\ibserver.exe
          C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
          C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\Program Files\MKS\Bin\mksmonsv.exe
          C:\Documents and Settings\a\Moje dokumenty\Gadu-Gadu\Gadu-Gadu\gg.exe
          C:\PROGRA~1\REGIST~1\RegClean.exe
          C:\Program Files\22M WLAN Adapter\WLANMON.exe
          C:\Program Files\Network Monitor\netmon.exe
          C:\PROGRA~1\SOFTWA~1\soproc.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\MKS\Bin\mks_scan.exe
          C:\WINDOWS\winlogon.exe
          C:\WINDOWS\inet20010\mm4.exe
          C:\WINDOWS\System32\dllcache\IExplore.exe
          C:\WINDOWS\System32\dllcache\IExplore.exe
          C:\DOCUME~1\a\USTAWI~1\Temp\Rar$EX04.p20\HijackThis.exe
          C:\WINDOWS\System32\dllcache\IExplore.exe
          C:\WINDOWS\System32\dllcache\IExplore.exe
          C:\WINDOWS\System32\dllcache\IExplore.exe
          C:\WINDOWS\System32\dllcache\IExplore.exe
          C:\WINDOWS\System32\dllcache\IExplore.exe
          C:\WINDOWS\System32\dllcache\IExplore.exe
          C:\WINDOWS\System32\dllcache\IExplore.exe
          C:\Program Files\Messenger\msmsgs.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          c:\secure32.html
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          c:\secure32.html
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          c:\secure32.html
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
          c:\secure32.html
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          c:\secure32.html
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          c:\secure32.html
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
          C:\WINDOWS\System32\msdxm.ocx
          O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} -
          C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
          \NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky Lab\Kaspersky Anti-
          Virus\avpcc.exe /wait
          O4 - HKLM\..\Run: [Firebird] C:\Program Files\Firebird\bin\ibserver.exe -a
          O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy
          Client\sunasDtServ.exe
          O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy
          Client\sunasServ.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
          \bin\jusched.exe
          O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames9.exe
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [Skype] "C:\Program
          Files\Skype\Phone\Skype.exe" /nosplash /minimized
          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Documents and Settings\a\Moje dokumenty\Gadu-
          Gadu\Gadu-Gadu\gg.exe" /tray
          O4 - HKCU\..\Run: [Registry Cleaner] C:\PROGRA~1\REGIST~1\RegClean.exe
          O4 - Global Startup: 22M WLAN Adapter.lnk = ?
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
          Office\Office\OSA9.EXE
          O8 - Extra context menu item: &Google Search - res://C:\Program
          Files\Google\googletoolbar.dll/cmsearch.html
          O8 - Extra context menu item: Backward &Links - res://C:\Program
          Files\Google\googletoolbar.dll/cmbacklinks.html
          O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program
          Files\Google\googletoolbar.dll/cmcache.html
          O8 - Extra context menu item: Si&milar Pages - res://C:\Program
          Files\Google\googletoolbar.dll/cmsimilar.html
          O8 - Extra context menu item: Translate into English - res://C:\Program
          Files\Google\googletoolbar.dll/cmtrans.html
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
          C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
          00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
          O15 - Trusted Zone: www.mks.com.pl
          O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
          poczta.wp.pl/autoryzacja/mailcfg.ocx
          O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
          a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
          www.pandasoftware.com/activescan/as5/asinst.cab
          O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -
          www.ravantivirus.com/scan/ravonline.cab
          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
          skaner.mks.com.pl/SkanerOnline.cab
          O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\l42slef71h2.dll (file
          missing)
          O20 - Winlogon Notify: hpprintx - C:\WINDOWS\SYSTEM32\hpprintx.dll
          O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll
          O20 - Winlogon Notify: wancp - C:\WINDOWS\SYSTEM32\wancp.dll
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashMaiSv.exe" /service (file missing)
          O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashWebSv.exe" /service (file missing)
          O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program
          Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe" /Service (file missing)
          O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
          Files\MKS\Bin\mksmonsv.exe
          O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe
          O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown
          owner - C:\WINDOWS\winlogon.exe" -service (file missing)
          O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network
          Monitor\netmon.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
          C:\WINDOWS\System32\nvsvc32.exe

          Tak, wygląda po usunięciu wymeininych przez ciebie rzeczy. Niestey nie mogę
          znaleźć menagera zadań u siebie na kompie --> szukałam panelu sterowania.
          Niestey nie jestem zbyt zaawansowana. Dziękuję za pomoc :))
          • kolobos Re: Bardzo proszę o sprawdzenie loga. 20.02.06, 14:31
            Mialas usunac to co podalem i dopiero wkleic log!
            Do tego zostaw tylko jeden antyvirus (avast Ci wystarczy) reszte odinstaluj.

            Zakoncz:
            C:\PROGRA~1\SOFTWA~1\soproc.exe
            C:\WINDOWS\winlogon.exe
            C:\WINDOWS\inet20010\mm4.exe
            C:\WINDOWS\System32\dllcache\IExplore.exe
            C:\WINDOWS\System32\dllcache\IExplore.exe
            C:\WINDOWS\System32\dllcache\IExplore.exe
            C:\WINDOWS\System32\dllcache\IExplore.exe
            C:\WINDOWS\System32\dllcache\IExplore.exe
            C:\WINDOWS\System32\dllcache\IExplore.exe
            C:\WINDOWS\System32\dllcache\IExplore.exe
            C:\WINDOWS\System32\dllcache\IExplore.exe
            C:\WINDOWS\System32\dllcache\IExplore.exe

            W hijackthis:
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
            c:\secure32.html
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            c:\secure32.html
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
            c:\secure32.html
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
            c:\secure32.html
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            c:\secure32.html
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
            c:\secure32.html <- usun plik
            O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} -
            C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL <- usun katalog
            O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames9.exe <- usun plik
            O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\l42slef71h2.dll (file
            missing)
            O20 - Winlogon Notify: hpprintx - C:\WINDOWS\SYSTEM32\hpprintx.dll <- usun plik
            O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll <- usun plik
            O20 - Winlogon Notify: wancp - C:\WINDOWS\SYSTEM32\wancp.dll <- usun plik
            Usun uslugi:
            O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown
            owner - C:\WINDOWS\winlogon.exe" -service (file missing) -> Start->Uruchom->sc
            stop MSWinLogonProcService
            oraz:
            sc delete MSWinLogonProcService
            O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network
            Monitor\netmon.exe -> a tutaj sc stop "Network Monitor" oraz sc delete "Network
            Monitor"

            Do tego oczywiscie skan tym co podalem!
            I dopiero jak WSZYSTKO zrobisz to wklej nowy log.
          • neder Re: Bardzo proszę o sprawdzenie loga. 20.02.06, 14:41
            Niestey nie mogę
            > znaleźć menagera zadań u siebie na kompie --> szukałam panelu sterowania.

            menedźer zadań: ctrl+alt+del albo prawoklik na pasku zadań i... menedżer zadań

            --
            Destroy everything you touch today
            Please destroy me this way

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka