Dodaj do ulubionych

prosze o zbadanie loga, jest w calosci

05.01.07, 11:31
Odinstalowalem norton wiec zeknowlem jeszcze raz. Mam problm ze strona
startowa, pojawiaja sie komunikaty critical system itp, otwieraja sie strony
z bingo. dzieki.
to moj log /sprawdzilem, jest w calosci/



Logfile of HijackThis v1.99.1
Scan saved at 10:02:10, on 2007-01-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} -
C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program
Files\Key Generator\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -
C:\Program Files\Key Generator\iesplugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba
Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming
Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program
Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program
Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common
Files\Onet.pl\AutoUpdate.exe /tsr
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FreeCall] "C:\Program
Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and
Settings\gosia\Local Settings\Temporary Internet Files\Content.IE5\J6WZNDC5
\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program
Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: OfficeWebCenter.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows
Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN
Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} -
C:\WINDOWS\system32\cthkpcv.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown
owner - C:\Program Files\Adobe\Photoshop Elements 3.0
\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32
\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program
Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. -
C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32
\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1
\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect
(PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program
Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel
Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) -
Obserwuj wątek
      • snake07 Re: prosze o zbadanie loga, jest w calosci 05.01.07, 11:56
        Odinstalowalem norton wiec zeknowlem jeszcze raz. Mam problm ze strona
        startowa, pojawiaja sie komunikaty critical system itp, otwieraja sie strony
        z bingo. dzieki.
        to moj log /sprawdzilem, jest w calosci/



        Logfile of HijackThis v1.99.1
        Scan saved at 10:02:10, on 2007-01-05
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
        g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.onet.pl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
        www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver=
        {SUB_PVER}&ar=home
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
        g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-
        784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} -
        C:\Program Files\Windows Desktop Search\dsWebAllow.dll
        O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
        C:\WINDOWS\System32\DLA\DLASHX_W.DLL
        O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program
        Files\Key Generator\isaddon.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
        C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
        C:\Program Files\MSN Toolbar Suite\msntb.dll
        O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
        C:\Program Files\MSN Toolbar Suite\msntb.dll
        O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -
        C:\Program Files\Key Generator\iesplugin.dll
        O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
        O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba
        Applet\thotkey.exe
        O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
        O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
        O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
        O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming
        Utility\SmoothView.exe
        O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
        O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
        O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program
        Files\Intel\Wireless\bin\ZCfgSvc.exe"
        O4 - HKLM\..\Run: [IntelWireless] "C:\Program
        Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
        atboottime
        O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
        O4 - HKLM\..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common
        Files\Onet.pl\AutoUpdate.exe /tsr
        O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
        O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [FreeCall] "C:\Program
        Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
        O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and
        Settings\gosia\Local Settings\Temporary Internet Files\Content.IE5\J6WZNDC5
        \HijackThis.exe /startupscan
        O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
        O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
        Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office10\OSA.EXE
        O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program
        Files\Nikon\PictureProject\NkbMonitor.exe
        O4 - Global Startup: OfficeWebCenter.lnk = ?
        O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
        O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows
        Desktop Search\WindowsSearch.exe
        O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN
        Toolbar Suite\msntb.dll/search.htm
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
        O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} -
        C:\WINDOWS\system32\cthkpcv.dll (file missing)
        O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown
        owner - C:\Program Files\Adobe\Photoshop Elements 3.0
        \PhotoshopElementsFileAgent.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32
        \Ati2evxx.exe
        O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
        C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program
        Files\TOSHIBA\ConfigFree\CFSvcs.exe
        O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. -
        C:\WINDOWS\system32\DVDRAMSV.exe
        O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel
        Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
        Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32
        \IDriverT.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1
        \Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: Photoshop Elements Device Connect
        (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program
        Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
        O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel
        Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

        O23 - Service: Intel(R) PROSet/Wireless Ser
        vice (S24EventMonitor) - Intel Corporation - C:\Program
        Files\Intel\Wireless\Bin\S24EvMon.exe
        O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. -
        C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
        O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1
        \X10\Common\x10nets.exe

        Te trzy ostatnie wycinaly mi sie, sorry
        • Gość: Kolobos Re: prosze o zbadanie loga, jest w calosci IP: *.crowley.pl 05.01.07, 12:15
          Uzyj: siri.urz.free.fr/Fix/SmitfraudFix_En.php zrob to co masz
          opisane pod "Clean" po uzyciu utworzy sie log, ktory wklej na forum.

          Do tego przeskanuj system przy pomocy ewido oraz zainstaluj AntiVir PE i nim rowniez przeskanuj system.

          W hjt usun:
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
          g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
          g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.onet.pl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
          www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
          www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver=
          {SUB_PVER}&ar=home
          R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
          g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
          O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} -
          C:\Program Files\Windows Desktop Search\dsWebAllow.dll <- pewnie to blokuje strone, odinstaluj Windows Desktop Search.
          O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program
          Files\Key Generator\isaddon.dll
          O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -
          C:\Program Files\Key Generator\iesplugin.dll

          O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE <- wylacz to w msconfig.

          O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe <- plik usun z dysku.
          O4 - HKCU\..\Run: [FreeCall] "C:\Program
          Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized <- katalog freecall.com usun z dysku.
          O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and
          Settings\gosia\Local Settings\Temporary Internet Files\Content.IE5\J6WZNDC5
          \HijackThis.exe /startupscan
          O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
          res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} -
          C:\WINDOWS\system32\cthkpcv.dll (file missing)

          Po wszystkim wklej nowy log z hijackthis (moze juz bedzie widac procesy...).
          • snake07 Re: prosze o zbadanie loga, SmitFraudFix v2.132 05.01.07, 21:16
            Wyczyscilem przez SmitfraudFix
            oto log:

            SmitFraudFix v2.132

            Scan done at 19:30:22,03, 2007-01-05
            Run from C:\Documents and Settings\gosia\Desktop\SmitfraudFix
            OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
            The filesystem type is NTFS
            Fix run in safe mode

            »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
            !!!Attention, following keys are not inevitably infected!!!

            SrchSTS.exe by S!Ri
            Search SharedTaskScheduler's .dll

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTas
            kScheduler]
            "{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"

            [HKEY_CLASSES_ROOT\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
            @="C:\WINDOWS\system32\cthkpcv.dll"

            [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-
            7b56fb11140b}\InProcServer32]
            @="C:\WINDOWS\system32\cthkpcv.dll"


            »»»»»»»»»»»»»»»»»»»»»»»» Killing process


            »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

            GenericRenosFix by S!Ri


            »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

            C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
            C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
            C:\Program Files\Key Generator\ Deleted

            »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


            »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
            !!!Attention, following keys are not inevitably infected!!!

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
            "System"=""


            »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

            Registry Cleaning done.

            »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
            !!!Attention, following keys are not inevitably infected!!!

            SrchSTS.exe by S!Ri
            Search SharedTaskScheduler's .dll


            »»»»»»»»»»»»»»»»»»»»»»»» End

            Na razie strona startowa jest ok.

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka