Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    Proszę sprawdż o loga!! Pomóz mi

    IP: *.net152.okay.pl 19.02.06, 11:32
    Logfile of HijackThis v1.99.1
    Scan saved at 11:28:56, on 2006-02-19
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
    C:\RECYCLER\services.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-
    8876480.exe
    C:\Program Files\Camfrog\Camfrog Video Chat 3.4\Camfrog Video Chat.exe
    C:\WINDOWS\wupdmgr.exe
    C:\WINDOWS\osaupd.exe
    C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\WINDOWS\system32\shell386.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Konrad\Pulpit\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.onet.pl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,AutoConfigURL = www.zetosa.com.pl/400/06.shtml
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer =
    ftp=80.85.224.10:8080;gopher=80.85.224.10:8080;http=80.85.224.10:8080;https=80
    .85.224.10:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\svchost32.exe,C:\WINDOWS\system32
    \userinit.exe,C:\RECYCLER\services.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1e1b2879-88ff-11d3-8d96-d7acac95951a} - (no file)
    O2 - BHO: (no name) - {2bc43670-c0bd-4794-bb11-f60f3e001dc5} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: winapi32.MyBHO - {86A0607D-6126-45AE-8A29-46C181AFF4D6} -
    C:\WINDOWS\system32\winapi32.dll
    O2 - BHO: (no name) - {8702d9e1-890b-4bf2-a233-fa44e582b2de} - (no file)
    O2 - BHO: (no name) - {9819c369-5f62-4d37-9a42-44043a742c1e} - (no file)
    O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-000000000000} - (no file)
    O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - (no file)
    O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-716d74632608} - (no file)
    O2 - BHO: (no name) - {d53b810f-6219-11d4-95b6-0040950375e7} - (no file)
    O2 - BHO: (no name) - {dd6f50c0-9f8f-a41c-291e-7b3fb818ef18} - (no file)
    O2 - BHO: (no name) - {f21bd77e-0cce-c6cd-4f85-aa3b7895988e} - (no file)
    O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} -
    C:\WINDOWS\system32\iasada.dll
    O2 - BHO: (no name) - {ff731508-cd28-e0b0-3e85-0cf55fde9fba} - (no file)
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
    AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32
    \spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP
    Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
    Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
    \NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06
    \bin\jusched.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
    Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
    Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Dynamic Desktop Media] C:\WINDOWS\system32\sysu.exe
    O4 - HKLM\..\Run: [Adware.Admess] C:\WINDOWS\system32\tcpservice2.exe
    O4 - HKLM\..\Run: [Personal AntiSpy keylogger] C:\WINDOWS\system32\johnwb.dll
    O4 - HKLM\..\Run: [AdwareAdmess] C:\WINDOWS\system32\wstart.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [cme] C:\WINDOWS\system32\cme.exe
    O4 - HKLM\..\Run: [cmesys] C:\WINDOWS\system32\cmesys.exe
    O4 - HKLM\..\Run: [cmeupd] C:\WINDOWS\system32\cmeupd.exe
    O4 - HKLM\..\Run: [gator] C:\WINDOWS\system32\gator.exe
    O4 - HKLM\..\Run: [gmt] C:\WINDOWS\system32\gmt.exe
    O4 - HKLM\..\Run: [Cydoor] C:\WINDOWS\system32\cd_load.exe
    O4 - HKLM\..\Run: [CWS hijacker] C:\WINDOWS\dpe.dll
    O4 - HKCU\..\Run: [SMS Express] "C:\Program Files\SMS
    Express\smsexpr.exe" /tray
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
    Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program
    Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat 3.4
    \CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat 3.4\Camfrog
    Video Chat.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480
    \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O4 - Startup: asheriff.lnk = C:\Program Files\AdwareSheriff\asheriff.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\Program
    Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program
    Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
    00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: M
    Obserwuj wątek
      • kolobos Re: Proszę sprawdż o loga!! Pomóz mi 19.02.06, 13:17
        Odinstaluj Logitech Desktop Messenger.

        Zakoncz:
        C:\RECYCLER\services.exe
        C:\Program Files\Camfrog\Camfrog Video Chat 3.4\Camfrog Video Chat.exe
        C:\WINDOWS\wupdmgr.exe
        C:\WINDOWS\osaupd.exe
        C:\WINDOWS\system32\shell386.exe
        Pliki usun.

        W hijackthis:
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        searchbar.findthewebsiteyouneed.com
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        searchbar.findthewebsiteyouneed.com
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
        searchbar.findthewebsiteyouneed.com
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
        searchbar.findthewebsiteyouneed.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        searchbar.findthewebsiteyouneed.com
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        F2 - REG:system.ini: UserInit=C:\WINDOWS\svchost32.exe,C:\WINDOWS\system32
        \userinit.exe,C:\RECYCLER\services.exe <- usun plik svchost32.exe oraz
        services.exe ale userinit.exe nie ruszaj!
        O2 - BHO: (no name) - {1e1b2879-88ff-11d3-8d96-d7acac95951a} - (no file)
        O2 - BHO: (no name) - {2bc43670-c0bd-4794-bb11-f60f3e001dc5} - (no file)
        Te wszystkie dll i exe usun:
        O2 - BHO: winapi32.MyBHO - {86A0607D-6126-45AE-8A29-46C181AFF4D6} -
        C:\WINDOWS\system32\winapi32.dll
        O2 - BHO: (no name) - {8702d9e1-890b-4bf2-a233-fa44e582b2de} - (no file)
        O2 - BHO: (no name) - {9819c369-5f62-4d37-9a42-44043a742c1e} - (no file)
        O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-000000000000} - (no file)
        O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - (no file)
        O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-716d74632608} - (no file)
        O2 - BHO: (no name) - {d53b810f-6219-11d4-95b6-0040950375e7} - (no file)
        O2 - BHO: (no name) - {dd6f50c0-9f8f-a41c-291e-7b3fb818ef18} - (no file)
        O2 - BHO: (no name) - {f21bd77e-0cce-c6cd-4f85-aa3b7895988e} - (no file)
        O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} -
        C:\WINDOWS\system32\iasada.dll
        O2 - BHO: (no name) - {ff731508-cd28-e0b0-3e85-0cf55fde9fba} - (no file)
        O4 - HKLM\..\Run: [Dynamic Desktop Media] C:\WINDOWS\system32\sysu.exe
        O4 - HKLM\..\Run: [Adware.Admess] C:\WINDOWS\system32\tcpservice2.exe
        O4 - HKLM\..\Run: [Personal AntiSpy keylogger] C:\WINDOWS\system32\johnwb.dll
        O4 - HKLM\..\Run: [AdwareAdmess] C:\WINDOWS\system32\wstart.dll
        O4 - HKLM\..\Run: [cme] C:\WINDOWS\system32\cme.exe
        O4 - HKLM\..\Run: [cmesys] C:\WINDOWS\system32\cmesys.exe
        O4 - HKLM\..\Run: [cmeupd] C:\WINDOWS\system32\cmeupd.exe
        O4 - HKLM\..\Run: [gator] C:\WINDOWS\system32\gator.exe
        O4 - HKLM\..\Run: [gmt] C:\WINDOWS\system32\gmt.exe
        O4 - HKLM\..\Run: [Cydoor] C:\WINDOWS\system32\cd_load.exe
        O4 - HKLM\..\Run: [CWS hijacker] C:\WINDOWS\dpe.dll
        O4 - Startup: asheriff.lnk = C:\Program Files\AdwareSheriff\asheriff.exe <-
        odinstaluj i usun jego katalog!

        Log sie nie zmiescil wiec jak wszystko zrobisz to wklej nowy:
        O9 - Extra button: M

        Zrob skan tym:
        ftp://download.hirekmedia.hu/ssfsetup1_0.exe <- zrob update przed skanowaniem,
        po przeskanowaniu odinstaluj.
        download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
        przeskanowaniu odinstaluj.
        Zamknij porty w wwdc:
        www.firewallleaktester.com/tools/wwdc.exe
      • kolobos Re: Proszę sprawdż o loga!! Pomóz mi 19.02.06, 13:22
        wklejanie log'a dwa razy = brak pomocy!

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.
    Wybrane treści z serwisu Sport.pl są dostępne po wykupieniu płatnej subskrypcji