prosze o spr. loga

[Gość: crazy_woman]

Logfile of HijackThis v1.99.1
Scan saved at 08:35:35, on 2005-12-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\usr\MYSQL\bin\mysqld.exe
C:\WINDOWS\Explorer.EXE
C:\Adalex\BelferCommander2\Belfer.exe
C:\WINDOWS\System32\sistray.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\combop.exe
C:\Program Files\Beniamin\tguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\DOCUME~1\admin\USTAWI~1\Temp\Katalog tymczasowy 6 dla
hijackthis1.99.1.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: <html><head><title>Dostęp zabroniony</title><meta http-
equiv="Content-Type" content="text/html; charset=iso-8859-2"><style
type="text/css"><!--p { font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 12px}.big { font-size: 18px; color: #FF6600; font-family: Arial,
Helvetica, sans-serif; font-weight: bold}.form_txt { font-family: "MS Sans
Serif", Arial, Helvetica; font-size: 12px; color: #000000}.white { font-
family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color:
#FFFFFF}a:visited{color: #0000FF}--></style></head><body bgcolor="#DDDDDD"
text="#000000"><form> <table width="50%" border="0" cellspacing="1"
cellpadding="8" align="center" bgcolor="#999999"> <tr> <td bgcolor="#EEEEEE">
<p align="center" class="big"><b>DOSTĘP ZABRONIONY!</b></p> </td> </tr> <tr>
<td bgcolor="#eeeeee"> <p align="center">Dostęp do
strony:<br><strong>http://85.255.113.4/troys/hosts.txt</strong> </p> </td>
</tr> <tr> <td bgcolor="#FF9900" align="center"> <table width="70%"
border="0" cellspacing="0"
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} -
C:\WINDOWS\system32\appwiy.dll
O2 - BHO: (no name) - {91259102-F52D-E42A-57ed-EDA392644311} -
C:\WINDOWS\System32\svcpy.dll
O4 - HKLM\..\Run: [BelferC] C:\Adalex\BelferCommander2\Belfer.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05
\bin\jusched.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [tguard] C:\Program Files\Beniamin\tguard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129973721812
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B3E6626-EAF5-488F-A5EF-
2127C2F3804E}: NameServer = 192.168.90.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe

[Gość: k]

Zakoncz proces:
C:\WINDOWS\system32\combop.exe

W hijackthis usun:

O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} -
C:\WINDOWS\system32\appwiy.dll <- usun plik
O2 - BHO: (no name) - {91259102-F52D-E42A-57ed-EDA392644311} -
C:\WINDOWS\System32\svcpy.dll <- usun plik
O4 - HKLM\..\Run: [combop.exe] combop.exe <- usun plik z dysku
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe <- i ten
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe <- i ten

Naprawa tapety:
www.searchengines.pl/phpbb203/index.php?showtopic=31936

download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
przeskanowaniu odinstaluj.