czy ktos moze sprawdzic log z hijackthis plizzzz

IP: *.82-139.bia.tkb.net.pl 22.12.04, 14:32
Witam serdecznie mam pytanie i prośbe może zacznę od pytania co i raz pojawia
mi się okienko przy zegarku żułta tarcza z wykrzyknikiem i wyswietla sie
komunikat ""your compputer might be at risik your status protection is bad
spy ware actiwiti detect click this ballon to fix this problem""
kolejna sprawa to wyskakuje mi co jakis czas okno windows seciuryti center i
tez cos tam o spy i wirusach "do you want to download a certifited softare
and protect your system"
i także co i raz wyskakuje mi dosc spore okno z reklamami a najczesciej to
play poker z nagimi paniami :)
na dodatek (podam przykład) wchodze na onet klikam link poczta i wyskakuje mi
jakaś inna strona o tematyce nagich dziewczyn a klikałem przeciez poczte
wysyłam log z nowego hijackthis i silent runners

Logfile of HijackThis v1.99.0
Scan saved at 14:15:30, on 2004-12-22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\System32\pingnet.exe
C:\WINDOWS\System32\odcfg.exe
C:\WINDOWS\System32\getdns.exe
C:\WINDOWS\System32\pingnet.exe
C:\WINDOWS\System32\pingnet.exe
C:\WINDOWS\System32\pingnet.exe
C:\WINDOWS\System32\pingnet.exe
C:\WINDOWS\System32\pingnet.exe
C:\WINDOWS\System32\pingnet.exe
C:\WINDOWS\System32\pingnet.exe
C:\WINDOWS\System32\pingnet.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
D:\PROGRAMY\anty spy\HijackThis1.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\JOGO\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.pl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {179E227A-A349-9919-85AE-C5271FF68D83} -
forces_elite.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium
Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
lang 1033
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash
Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [___] SAPSTR.exe
O4 - HKLM\..\Run: [dePloy] driver32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DNSCacheBoost] C:\WINDOWS\System32\dnsping.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [UserSp1] Brong32.exe
O4 - HKCU\..\Run: [34763] bhoserv.exe
O4 - HKCU\..\Run: [ERTYDF] XTermInit.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /0
O4 - Startup: SpySubtract.lnk = C:\Program
Files\interMute\SpySubtract\SpySub.exe
O4 - Startup: UniSpiker-2.2.lnk = C:\Program Files\ivo\UniSpiker-2.2
\uni_spiker-2.2.exe
O4 - Startup: UniSpiker-2.6.lnk = C:\Program Files\ivo\UniSpiker-2.6
\uni_spiker-2.6.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1
\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1
\FLASHGET\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O15 - Trusted Zone: http://*.63.219.181.7
O15 - Trusted Zone: http://*.search-soft.net
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) -
http://67.15.101.3/g_bin/pl/slots90_2_0_0_20.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuwe
b_site.cab?1102618242186
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C585FA8-90C2-4DF0-84CB-
F72A17510CD6}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC008D79-2037-4447-AD3E-
9BE501435FD9}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C585FA8-90C2-4DF0-84CB-
F72A17510CD6}: NameServer = 69.50.166.94,69.31.80.244
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program
Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda
Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
O23 - Service: Panda IManager Service - Panda Software Internacional -
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. -
C:\Program Files\Sygate\SPF\smc.exe






silent runners
"Silent Runners.vbs", revision 27, launched at: 14:27
Operating System: Windows XP


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
"IncrediMail" = "C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c" ["IncrediMail,
Ltd."]
"Gadu-Gadu" = ""C:\PROGRA~1\GADU-G~1\gg.exe" /tray" ["sms-express.com"]
"WareOut" = ""C:\Program Files\WareOut\WareOut.exe"" [file not found]
"UserSp1" = "Brong32.exe" [file not found]
"34763" = "bhoserv.exe" [file not found]
"ERTYDF" = "XTermInit.exe" [file not found]
"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0"
["Webroot Software, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
"APVXDWIN" = ""C:\Program Files\Panda Software\Panda Titanium Antivirus 2004
\APVXDWIN.EXE" /s" ["Panda Software International"]
"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033"
["DAEMON'S HOME"]
"WINDVDPatch" = "CTHELPER.EXE" ["Cr
    • Gość: jogofrugo czy ktos moze sprawdzic log z hijackthis pliz IP: *.82-139.bia.tkb.net.pl 22.12.04, 14:34
      nie dokończyło silent runa tak wiec wysyłam jeszcze raz log z silent runns

      "Silent Runners.vbs", revision 27, launched at: 14:27
      Operating System: Windows XP


      Startup items buried in registry:
      ---------------------------------

      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
      "IncrediMail" = "C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c" ["IncrediMail, Ltd."]
      "Gadu-Gadu" = ""C:\PROGRA~1\GADU-G~1\gg.exe" /tray" ["sms-express.com"]
      "WareOut" = ""C:\Program Files\WareOut\WareOut.exe"" [file not found]
      "UserSp1" = "Brong32.exe" [file not found]
      "34763" = "bhoserv.exe" [file not found]
      "ERTYDF" = "XTermInit.exe" [file not found]
      "SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0"
      ["Webroot Software, Inc."]

      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
      "APVXDWIN" = ""C:\Program Files\Panda Software\Panda Titanium Antivirus 2004
      \APVXDWIN.EXE" /s" ["Panda Software International"]
      "DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033"
      ["DAEMON'S HOME"]
      "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
      "UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
      "Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe""
      [empty string]
      "CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run"
      ["Creative Technology Ltd."]
      "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
      "___" = "SAPSTR.exe" [file not found]
      "dePloy" = "driver32.exe" [file not found]
      "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
      "SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate
      Technologies, Inc."]
      "DNSCacheBoost" = "C:\WINDOWS\System32\dnsping.exe" [(path error)]
      "" = (data in unrecognized format!)

      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
      "" = (data in unrecognized format!)

      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

      HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
      "PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}"
      -) resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\system32
      \SHELL32.dll" [MS]
      "CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}"
      -) resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\system32
      \SHELL32.dll" [MS]
      "WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
      -) resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\System32
      \webcheck.dll" [MS]
      "SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"
      -) resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\System32
      \stobject.dll" [MS]


      Startup items in "JOGO" & "All Users" startup folders:
      ------------------------------------------------------

      C:\Documents and Settings\JOGO\Menu Start\Programy\Autostart
      "SpySubtract" -) shortcut to: "C:\Program
      Files\interMute\SpySubtract\SpySub.exe -autostart" [file not found]
      "UniSpiker-2.2" -) shortcut to: "C:\Program Files\ivo\UniSpiker-2.2\uni_spiker-
      2.2.exe" [null data]
      "UniSpiker-2.6" -) shortcut to: "C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-
      2.6.exe" [null data]

      C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
      "Microsoft Office" -) shortcut to: "C:\Program Files\Microsoft
      Office\Office\OSA9.EXE -b -l" [MS]


      Running Services (Display Name, Service Name, Path {Service DLL}):
      ------------------------------------------------------------------

      Bufor wydruku, Spooler, "C:\WINDOWS\system32\spoolsv.exe" [MS]
      Dziennik zdarzeń, Eventlog, "C:\WINDOWS\system32\services.exe" [MS]
      Harmonogram zadań, Schedule, "C:\WINDOWS\System32\svchost.exe -k netsvcs"
      {"C:\WINDOWS\system32\schedsvc.dll" [MS]}
      Instrumentacja zarządzania Windows, winmgmt, "C:\WINDOWS\system32\svchost.exe -
      k netsvcs" {"C:\WINDOWS\system32\wbem\WMIsvc.dll" [MS]}
      Klient DHCP, Dhcp, "C:\WINDOWS\System32\svchost.exe -k netsvcs"
      {"C:\WINDOWS\System32\dhcpcsvc.dll" [MS]}
      Klient DNS, Dnscache, "C:\WINDOWS\System32\svchost.exe -k NetworkService"
      {"C:\WINDOWS\System32\dnsrslvr.dll" [MS]}
      Klient śledzenia łączy rozproszonych, TrkWks, "C:\WINDOWS\system32\svchost.exe -
      k netsvcs" {"C:\WINDOWS\system32\trkwks.dll" [MS]}
      Kompozycje, Themes, "C:\WINDOWS\System32\svchost.exe -k netsvcs"
      {"C:\WINDOWS\System32\shsvcs.dll" [MS]}
      Konfiguracja zerowej sieci bezprzewodowej, WZCSVC, "C:\WINDOWS\System32
      \svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wzcsvc.dll" [MS]}
      Logowanie pomocnicze, seclogon, "C:\WINDOWS\System32\svchost.exe -k netsvcs"
      {"C:\WINDOWS\System32\seclogon.dll" [MS]}
      Magazyn chroniony, ProtectedStorage, "C:\WINDOWS\system32\lsass.exe" [MS]
      Menedżer autopołączenia dostępu zdalnego, RasAuto, "C:\WINDOWS\System32
      \svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasauto.dll" [MS]}
      Menedżer dysków logicznych, dmserver, "C:\WINDOWS\System32\svchost.exe -k
      netsvcs" {"C:\WINDOWS\System32\dmserver.dll" ["Microsoft Corp."]}
      Menedżer kont zabezpieczeń, SamSs, "C:\WINDOWS\system32\lsass.exe" [MS]
      Menedżer połączeń usługi Dostęp zdalny, RasMan, "C:\WINDOWS\System32
      \svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasmans.dll" [MS]}
      Menedżer przekazywania, uploadmgr, "C:\WINDOWS\System32\svchost.exe -k netsvcs"
      {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]}
      Numer seryjny nośnika przenośnego, WmdmPmSp, "C:\WINDOWS\System32\svchost.exe -
      k netsvcs" {"C:\WINDOWS\System32\mspmspsv.dll" [MS]}
      NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA
      Corporation"]
      Panda anti-virus service, PAVSRV, "C:\Program Files\Panda Software\Panda
      Titanium Antivirus 2004\Pavsrv51.exe" ["Panda Software"]
      Panda IManager Service, PSIMSVC, ""C:\Program Files\Panda Software\Panda
      Titanium Antivirus 2004\PsImSvc.exe"" ["Panda Software Internacional"]
      Panda Process Protection Service, PavPrSrv, "C:\Program Files\Common
      Files\Panda Software\PavShld\pavprsrv.exe" ["Panda Software"]
      Plug and Play, PlugPlay, "C:\WINDOWS\system32\services.exe" [MS]
      Pomoc i obsługa techniczna, helpsvc, "C:\WINDOWS\System32\svchost.exe -k
      netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]}
      Pomoc TCP/IP NetBIOS, LmHosts, "C:\WINDOWS\System32\svchost.exe -k
      LocalService" {"C:\WINDOWS\System32\lmhsvc.dll" [MS]}
      Połączenia sieciowe, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs"
      {"C:\WINDOWS\System32\netman.dll" [MS]}
      Przeglądarka komputera, Browser, "C:\WINDOWS\System32\svchost.exe -k netsvcs"
      {"C:\WINDOWS\System32\browser.dll" [MS]}
      Rejestr zdalny, RemoteRegistry, "C:\WINDOWS\system32\svchost.exe -k
      LocalService" {"C:\WINDOWS\system32\regsvc.dll" [MS]}
      Rozpoznawanie lokalizacji w sieci (NLA), Nla, "C:\WINDOWS\System32\svchost.exe -
      k netsvcs" {"C:\WINDOWS\System32\mswsock.dll" [MS]}
      Serwer, lanmanserver, "C:\WINDOWS\System32\svchost.exe -k netsvcs"
      {"C:\WINDOWS\System32\srvsvc.dll" [MS]}
      Stacja robocza, lanmanworkstation, "C:\WINDOWS\System32\svchost.exe -k netsvcs"
      {"C:\WINDOWS\System32\wkssvc.dll" [MS]}
      Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe"
      ["Sygate Technologies, Inc."]
      System zdarzeń COM+, EventSystem, "C:\WINDOWS\System32\svchost.exe -k netsvcs"
      {"C:\WINDOWS\System32\es.dll" [MS]}
      Telefonia, TapiSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs"
      {"C:\WINDOWS\System32\tapisrv.dll" [MS]}
      Usługa bramy warstwy aplikacji, ALG, "C:\WINDOWS\System32\alg.exe" [MS]
      Usługa inteligentnego transferu w tle, BITS, "C:\WINDOWS\System32\svchost.exe -
      k netsvcs" {"C:\WINDOWS\System32\qmgr.dll" [MS]}
      Usługa odnajdywania SSDP, SSDPSRV, "C:\WINDOWS\System32\svchost.exe -k
      LocalService" {"C:\WINDOWS\System32\ssdpsrv.dll" [MS]}
      Usługa przywracania systemu, srservice, "C:\WINDOWS\System32\svchost.exe -k
      netsvcs" {"C:\WINDOWS\System32\srsvc.dll" [MS]}
      Usługi kryptograficzne, CryptSvc, "C:\WINDOWS\system32\svchost.exe -k netsvcs"
      {"C:\WINDOWS\System32\cryptsvc.dll" [MS]}
      Usługi terminalowe, TermService, "C:\WINDOWS\System32\svchost.exe -k nets
Pełna wersja