Bardzo prosze o sprawdzenie loga!

Lysy_cienias · 12 Lipiec 2005 18:42

komputer jest troszke a nawet bardzo zamulony

Logfile of HijackThis v1.99.1

musg · 12 Lipiec 2005 18:50

na poczatek zainstaluj program antywirusowy,fajerłola,przelec kompa scanerami:

http://forum.dobreprogramy.pl/viewtopic.php?t=8175

masz spory bałagan w systemie ale do naprawienia.

Bez zabezpieczen bedziesz tu stałym gosciem

tu masz fajerłole:

http://www.dobreprogramy.pl/index.php?dz=1&t=84

a tu antywiry:

http://www.dobreprogramy.pl/index.php?dz=1&t=30

ps

po tych czynnosciach dajesz log do sprawdzenia

kuz5 · 12 Lipiec 2005 18:51

Coś czuje że nie bedzie tak łatwo z tym twoim syfem

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi … earch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi … .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi … .yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi … earch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi … .yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi … .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php O4 - HKLM…\Run: [sysTime] C:\WINDOWS\System32\systime.exe O4 - HKLM…\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM…\Run: [_Cat4] C:\WINDOWS\msmsgr2.exe O4 - HKLM…\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\System32\Drivers\svchost.exe O4 - HKLM…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKCU…\Run: [sysTime] C:\WINDOWS\System32\systime.exe O4 - HKCU…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKCU…\Run: [Windows installer] C:\winstall.exe O4 - HKCU…\Run: [spySheriff] C:\Program Files\SpySheriff\SpySheriff.exe O15 - Trusted Zone: *.iframedollars.biz O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.iframedollars.biz (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted IP range: 81.222.131.59 O15 - Trusted IP range: 81.222.131.59 (HKLM) O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Pliki na czerwono usun ręcznie z dysku

Jeżeli wpisy 015 będą stawiać opór to usuń je narzędziem KillTrusted 0.7

Odinstaluj dziadostwo Logitecha

Lysy_cienias · 12 Lipiec 2005 20:44

Logfile of HijackThis v1.99.1

Scan saved at 22:43:23, on 2005-07-12

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\WANADOO\TaskbarIcon.exe

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\3.0M SD DSC\Console\Watch.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Fryderyk 2004\fryderyk.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\user\USTAWI~1\Temp\Rar$EX00.415\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\pl-pl\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\pl-pl\msntb.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM…\Run: [sysTime] C:\WINDOWS\System32\systime.exe

O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM…\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Fryderyk 2004] C:\Program Files\Fryderyk 2004\fryderyk.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Watch.lnk = C:\Program Files\3.0M SD DSC\Console\Watch.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip…{8DEE8E04-725A-4CBB-A75D-FA94596B114D}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

boczi · 12 Lipiec 2005 20:51

Jeszcze kasacja tego:

C:\WINDOWS\system32\ *P2P Networking*

PS Jakich używasz P2P?

Znajdź jeszcze:

C:\WINDOWS\System32\ systime.exe

Jeśli nie będzie, kasacja wpisu z Hijacka:

O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe

Reszta OK.

Opróżnij katalogi TEMP, Prefetch z katalogu systemowego WINDOWS.

MSN Messenger jeśli nie używasz, usuń tym:

http://www.amnezja.org/modules.php?name … e&sid=4369

Zainstaluj SP2.

Lysy_cienias · 13 Lipiec 2005 01:22

jeszcze jest cos takiego na pulpicie kumpeli

server not responding critical warning system has been stopeed due to a serious malfunction spyware activity has been detected

i nic nie mozna ustawic innego

Damian · 13 Lipiec 2005 03:49

Niech kumpela wejdzie w Panel Sterowania>>>ekran>>>pulpit>>>dostosuj pulpit>>>sieć WEB>>>i kasacja wszystkiego co znajduje się w okienku…

boczi · 13 Lipiec 2005 08:10

I poczytaj sobie jeszcze ten temat:

http://www.searchengines.pl/phpbb203/in … opic=31936