PROSZE O SPRAWDZENIE LOGU HT

10.08.05, 18:11
Logfile of HijackThis v1.99.1
Scan saved at 17:58:56, on 2005-08-10
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\Documents and Settings\Adam\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
195.95.218.172/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.e-
finder.cc/search/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
195.95.218.172/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
195.95.218.172/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.e-
finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
195.95.218.172/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) =
www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
www.e-finder.cc/search/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe init32m.exe
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} -
D:\Programy\Imesh5\iMeshBHO.dll
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} -
E:\WINXP\system32\appwiz.dll
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} -
E:\WINXP\dped.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
E:\WINXP\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_04
\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Programy\Winamp51\winampa.exe
O4 - HKLM\..\Run: [conscorr] E:\WINXP\conscorr.exe
O4 - HKLM\..\Run: [Windows TaskAd] E:\Program Files\Windows
TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [Media Access] E:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Media Gateway] E:\Program Files\Media
Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [SysMemory manager] e:\winxp\system32\mdms.exe
O4 - HKLM\..\Run: [PayTime] E:\WINXP\System32\paytime.exe
O4 - HKLM\..\Run: [secboot] E:\WINXP\System32\mszx23.exe !!
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [PayTime] E:\WINXP\System32\paytime.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] E:\WINXP\tool2.exe
O4 - HKCU\..\Run: [aupd] E:\WINXP\System32\symcsvc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
E:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - E:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %
windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file
missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
E:\WINXP\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - E:\WINXP\web\related.htm
O13 - WWW. Prefix:
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 81.222.131.59
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
public.windupdates.com/get_file.php?bt=ie&p=7fd1b1487ea24557e81cb1f266ef2780947d11d735d3f73d567bbcc1cd65aeb860d24e
26488494fe11db2684f9909f72dc77fd77a214:2e5848e0a9d3ad577e6a6478c1291781
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c420.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer
Start) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj) -
installs.hotbar.com/installs/hotbar/programs/hotbar.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -
www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) -
www.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {E7
    • neder Re: PROSZE O SPRAWDZENIE LOGU HT 10.08.05, 18:36
      nie zakładaj 3 wątków - to nie ułatwia w zorientowaniu się o co chodzi.
      Tu masz linki do MicrosoftAntiSpyware, i ewido :
      forum.gazeta.pl/forum/72,2.html?f=430&w=27500175&a=27504199

      Ściągnij tez CWSShrederr
      www.majorgeeks.com/download4086.html (wybierasz Fix)
      przed skanem czymkolwiek nie zapomnij o aktualizacjach!


      Nie mas zfirewalla, antywirusa? Do tego niezaktualizowany system, za chwile będzie tyle samo syfu.


      Jak przeskanujesz to wklej nowy log.
    • andronn Re: PROSZE O SPRAWDZENIE LOGU HT 10.08.05, 19:05
      :( nie moge zainstalowac tego programu antypsyware... wyskakuje mi blad jakis :
      ( co mam robic :(
      • Gość: Antek Re: PROSZE O SPRAWDZENIE LOGU HT IP: *.neoplus.adsl.tpnet.pl 10.08.05, 20:01
        > wyskakuje mi blad jakis :( co mam robic :(

        Niech zgadne - napisac jaki???
    • andronn Re: PROSZE O SPRAWDZENIE LOGU HT 10.08.05, 20:47
      dzieki neder pomogloz tymi spywaterami ale i tak jeszcze jest cos ale dzieki za
      zainteresowanie sie
      • neder Re: PROSZE O SPRAWDZENIE LOGU HT 10.08.05, 21:07

        to wklej loga z HijackThis -> tamte programy miały pomóc tylko w jakims tam stopniu, żeby chociażby log się zmieścił (bo pierwszy się nie zmieścił). I nie zakładaj kolejnych wątków, proszę.
        • andronn Re: PROSZE O SPRAWDZENIE LOGU HT 10.08.05, 21:13
          Logfile of HijackThis v1.99.1
          Scan saved at 21:09:44, on 2005-08-10
          Platform: Windows XP (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 (6.00.2600.0000)

          Running processes:
          E:\WINXP\System32\smss.exe
          E:\WINXP\SYSTEM32\winlogon.exe
          E:\WINXP\system32\services.exe
          E:\WINXP\system32\lsass.exe
          E:\WINXP\system32\svchost.exe
          E:\WINXP\System32\svchost.exe
          E:\WINXP\system32\spoolsv.exe
          E:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
          D:\Programy\Microsoft AntiSpyware\gcasDtServ.exe
          E:\Program Files\ewido\security suite\ewidoguard.exe
          E:\Program Files\ewido\security suite\ewidoctrl.exe
          E:\Program Files\ewido\security suite\securitysuite.exe
          E:\Program Files\Internet Explorer\iexplore.exe
          E:\Documents and Settings\Adam\Pulpit\hijackthis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - E:\WINXP\system32
          \appwiz.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
          E:\WINXP\System32\msdxm.ocx
          O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_04
          \bin\jusched.exe
          O4 - HKLM\..\Run: [WinampAgent] D:\Programy\Winamp51\winampa.exe
          O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINXP\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
          O4 - HKLM\..\Run: [SysMemory manager] e:\winxp\system32\mdms.exe
          O4 - HKLM\..\Run: [gcasServ] "D:\Programy\Microsoft AntiSpyware\gcasServ.exe"
          O4 - HKLM\..\Run: [SpySweeper] "E:\Program Files\Webroot\Spy
          Sweeper\SpySweeper.exe" /startintray
          O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
          O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
          O4 - HKCU\..\Run: [aupd] E:\WINXP\System32\symcsvc.exe
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
          E:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
          00401C608501} - E:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
          O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%
          \bdoscandel.exe (file missing)
          O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
          {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
          O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
          E:\WINXP\web\related.htm
          O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
          00aa003c157a} - E:\WINXP\web\related.htm
          O15 - Trusted Zone: *.slotchbar.com
          O15 - Trusted Zone: *.ysbweb.com
          O15 - Trusted Zone: *.slotchbar.com (HKLM)
          O15 - Trusted Zone: *.ysbweb.com (HKLM)
          O15 - Trusted IP range: 81.222.131.59
          O15 - Trusted IP range: 81.222.131.59 (HKLM)
          O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer
          Start) -
          O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
          www.bitdefender.com/scan8/oscan8.cab
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
          www.pandasoftware.com/activescan/as5free/asinst.cab
          O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -
          www.ravantivirus.com/scan/ravonline.cab
          O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) -
          www.commandondemand.com/eval/cod/cabs/cssweb.cab
          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
          skaner.mks.com.pl/SkanerOnline.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{022EEBFD-8F3F-475A-9F9C-D5651723AD13}:
          NameServer = 195.94.208.165,10.0.26.5
          O17 - HKLM\System\CS1\Services\Tcpip\..\{022EEBFD-8F3F-475A-9F9C-D5651723AD13}:
          NameServer = 195.94.208.165,10.0.26.5
          O20 - AppInit_DLLs: PAVWAIT.DLL
          O20 - Winlogon Notify: drct16 - E:\WINXP\SYSTEM32\drct16.dll
          O20 - Winlogon Notify: tcpG4T - E:\WINXP\SYSTEM32\tcpG4T.dll
          O23 - Service: ewido security suite control - ewido networks - E:\Program
          Files\ewido\security suite\ewidoctrl.exe
          O23 - Service: ewido security suite guard - ewido networks - E:\Program
          Files\ewido\security suite\ewidoguard.exe
          O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner -
          E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
          O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software,
          Inc. - E:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

          • neder Re: PROSZE O SPRAWDZENIE LOGU HT 11.08.05, 10:05
            ściągasz Killboxa:
            www.downloads.subratam.org/KillBox.zip
            Uruchom windows w trybie awaryjnym (F8 przy starcie systemu)
            Rozpakuj killbox, zaznacz Delete on reboot wklej sciezke do pliku które masz usunąć (sam/a nie szukaj tylko wklejaj gotowa) i
            naciskaj czerwony przycisk ale na pytanie o
            reset odpowiadaj nie

            a ścieżki to:
            > e:\winxp\system32\mdms.exe
            > C:\winstall.exe
            > E:\WINXP\system32\appwiz.dll
            > E:\WINXP\system32\sndcfg16.exe
            > E:\WINXP\System32\symcsvc.exe

            doatkowa lektura na temat tych smieci - bo troche zmienioaja w rejestrze:
            > mdms.exe -> www.sophos.com/virusinfo/analyses/w32sdbotch.html
            > sndcfg16.exe -> www.f-secure.com/v-descs/sdbot_mb.shtml (sekcja detailed description)


            W HJ usuwasz (ciągle jesteś w awaryjnym)
            > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
            > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
            > O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - E:\WINXP\system3
            > 2
            > \appwiz.dll
            > O4 - HKLM\..\Run: [WinampAgent] D:\Programy\Winamp51\winampa.exe
            > O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINXP\system32\NeroCheck.exe
            > O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
            > O4 - HKLM\..\Run: [SysMemory manager] e:\winxp\system32\mdms.exe
            > O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
            > O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
            > O4 - HKCU\..\Run: [aupd] E:\WINXP\System32\symcsvc.exe
            > O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir
            > %
            > \bdoscandel.exe (file missing)
            > O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
            > {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
            > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
            > E:\WINXP\web\related.htm
            > O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
            > 00aa003c157a} - E:\WINXP\web\related.htm
            > O15 - Trusted Zone: *.slotchbar.com
            > O15 - Trusted Zone: *.ysbweb.com
            > O15 - Trusted Zone: *.slotchbar.com (HKLM)
            > O15 - Trusted Zone: *.ysbweb.com (HKLM)
            > O15 - Trusted IP range: 81.222.131.59
            > O15 - Trusted IP range: 81.222.131.59 (HKLM)
            > O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner -
            > E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing) -> to jakies resztki po Nortoni


            miałeś odinstalować ewido. Zamiast tego, zanim wejdziesz w awaryjny, ściągnij sobie avasta, link do rejestracji i ściągnięcia tu:
            forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=19472430

            zainstaluj tez firewalla _> kerio albo Zone Alarm. podaje linka do Kerio:
            forum.gazeta.pl/forum/72,2.html?f=430&w=14509272&a=14509386

            ściągnij też adaware i spybot Search&destroy
            forum.gazeta.pl/forum/72,2.html?f=23618&w=16148176

            teraz po usunięciu syfów wszystko instalujesz (może być juz w trybie normalnym), uaktualniasz i skanujesz dla pewności. Pomysl tez nad zmianą przeglądarki na Firefoxa albo Operę -> nie będziesz łapał tyl;u śmieci a przy Twoim niezaktualizowanym systemie to Ci raczej grozi. Nie masz szans zaktualizować?


            Po wszystkim robisz jeszcze raz reset i wklejasz dla pewności nowy log.
Pełna wersja