Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    Do sprawdzenia log

    IP: 195.205.75.* 12.03.06, 17:38
    Parę dni temu miałem wirusa secure32 proszę o sprawdzenie loga co mam usunąc
    za pomoc z góry dziękuje

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
    C:\PROGRAM FILES\KAZAA LITE REWOLUCJA\KAZAALITE.KPP
    C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
    C:\WINDOWS\SYSTEM\MDMS.EXE
    C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
    C:\PROGRAM FILES\GADU-GADU\GG.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    www.wp.pl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.wp.pl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    www.wp.pl/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-
    3FFD8020233E} - C:\PROGRAM FILES\THESEARCHACCELERATOR\UCMTSAIE.DLL (file
    missing)
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
    Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
    O4 - HKLM\..\Run: [KAZAA] "C:\PROGRAM FILES\KAZAA LITE
    REWOLUCJA\KPP.EXE" "C:\PROGRAM FILES\KAZAA LITE
    REWOLUCJA\KAZAALITE.KPP" /SYSTRAY
    O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
    O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system\mdms.exe
    O4 - HKLM\..\Run: [Spik] C:\Program Files\Spik\Spik.exe -autostart
    O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna
    Polska\wpkontakt\wpkontakt.exe -autostart
    O4 - HKLM\..\Run: [keyboard] C:\\KEYBOARD1.exe
    O4 - HKLM\..\Run: [gimmysmileys] C:\\GIMMYSMILEYS1.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [Skype] "C:\PROGRAM
    FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - Startup: PowerGG.lnk = C:\Program Files\Gadu-Gadu\PowerGG.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
    00aa003c157a} - C:\WINDOWS\web\related.htm
    O15 - Trusted Zone: *.gateone.ath.cx
    O15 - Trusted Zone: *.zangocash.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.loudcash.com
    O15 - Trusted Zone: *.gateone.ath.cx (HKLM)
    O15 - Trusted Zone: *.zangocash.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.loudcash.com (HKLM)
    O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire
    Marbles&Diamonds&Runes) - 67.15.101.3/g_bin/pl/marbles_2_0_0_23.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
    its:mhtml:file://c:\nosuxxx.mht!
    kazaalite.pl/stats/script/loud.chm::/Bridge-c139.cab
    O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) -
    67.15.101.3/g_bin/pl/mahjong_2_0_0_20.cab
    O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) -
    67.15.101.3/g_bin/pl/boards_2_0_0_24.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
    67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = poczta.wp.pl
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 195.205.75.1
    O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\PROGRAM
    FILES\WIRTUALNA POLSKA\WPKONTAKT\URL_WPMSG.DLL (file missing)
    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} -
    C:\WINDOWS\SYSTEM\hbndjapc.dll

    Obserwuj wątek
      • Gość: k Re: Do sprawdzenia log IP: *.warszawa.sdi.tpnet.pl 12.03.06, 18:06
        Alt+ctrl+del i zakoncz:
        C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
        C:\WINDOWS\SYSTEM\MDMS.EXE
        C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE

        W hijackthis:
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        searchbar.findthewebsiteyouneed.com
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        searchbar.findthewebsiteyouneed.com
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
        searchbar.findthewebsiteyouneed.com
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        c:\secure32.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
        searchbar.findthewebsiteyouneed.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        c:\secure32.html
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        searchbar.findthewebsiteyouneed.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        c:\secure32.html <- usun plik
        O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-
        3FFD8020233E} - C:\PROGRAM FILES\THESEARCHACCELERATOR\UCMTSAIE.DLL (file
        missing)
        O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
        Optimizer\optimize.exe" <- usun katalog ineternet op...
        O4 - HKLM\..\Run: [salm] c:\temp\salm.exe <- usun wszystko z temp
        O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe <-
        usun katalog Media Access
        O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system\mdms.exe <- usun plik +
        opis usuwania:
        www.searchengines.pl/phpbb203/index.php?showtopic=12510&st=30&p=188758&#entry188758

        O4 - HKLM\..\Run: [keyboard] C:\\KEYBOARD1.exe <- usun plik
        O4 - HKLM\..\Run: [gimmysmileys] C:\\GIMMYSMILEYS1.exe <- usun plik
        O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe <- usun plik
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O15 - Trusted Zone: *.gateone.ath.cx
        O15 - Trusted Zone: *.zangocash.com
        O15 - Trusted Zone: *.windupdates.com
        O15 - Trusted Zone: *.loudcash.com
        O15 - Trusted Zone: *.gateone.ath.cx (HKLM)
        O15 - Trusted Zone: *.zangocash.com (HKLM)
        O15 - Trusted Zone: *.windupdates.com (HKLM)
        O15 - Trusted Zone: *.loudcash.com (HKLM)
        O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
        its:mhtml:file://c:\nosuxxx.mht!
        kazaalite.pl/stats/script/loud.chm::/Bridge-c139.cab
        O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\PROGRAM
        FILES\WIRTUALNA POLSKA\WPKONTAKT\URL_WPMSG.DLL (file missing)
        O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} -
        C:\WINDOWS\SYSTEM\hbndjapc.dll <- usun plik

        Do tego zrob skan:
        linorg.ciagri.usp.br/ftp/pub/windows/anti-spyware/ssfsetup1_0.exe
        Przed skanowaniem zrob update definicji, po przeskanowaniu odinstaluj.
        www.safer-networking.org/pl/mirrors/index.html

        Po wszystkim wklej nowy log.

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.
    Wybrane treści z serwisu Sport.pl są dostępne po wykupieniu płatnej subskrypcji