Bardzo prosze o sprawdzenie mojego loga

Soltys19 · 3 Luty 2006 23:28

Logfile of HijackThis v1.99.1

Scan saved at 00:23:49, on 2006-02-04

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Porzadki\Avast\aswUpdSv.exe

D:\Porzadki\Avast\ashServ.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\SMSC\Seticon.exe

C:\WINDOWS\TPPALDR.EXE

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Eset\nod32kui.exe

D:\Porzadki\Avast\ashDisp.exe

D:\Porzadki\Avast\ashMaiSv.exe

C:\winstall.exe

D:\Porzadki\Avast\ashWebSv.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

D:\Bankrut\bankrut.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe

C:\PROGRA~1\NEOSTR~1\ComComp.exe

C:\PROGRA~1\NEOSTR~1\Watch.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\totalcmd\TOTALCMD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\SpySheriff\SpySheriff.exe

D:\Porzadki\usuwanie spy sheriff\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{43EE3FEC-AB2F-A1A5-5497-F24A358EA8CB} - (no file)

R3 - URLSearchHook: (no name) - _{76C30FEC-861C-9491-79A7-C26705BE85FB} - (no file)

R3 - URLSearchHook: (no name) - {43EE3FEC-AB2F-A1A5-5497-F24A358EA8CB} - C:\WINDOWS\System32\bizy.dll

R3 - URLSearchHook: (no name) - {76C30FEC-861C-9491-79A7-C26705BE85FB} - C:\WINDOWS\System32\bizy.dll

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: (no name) - {0459A75C-23FD-6D7B-C7AC-671DC293A5AB} - (no file)

O2 - BHO: (no name) - {04CD6237-B991-F346-FACB-F44404C8A6AF} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {25015FAA-8509-CB87-6771-9F02C0D182F8} - (no file)

O2 - BHO: (no name) - {40FD7C35-A891-B84E-FC78-EA35639CB3F9} - (no file)

O2 - BHO: (no name) - {43EE3FEC-AB2F-A1A5-5497-F24A358EA8CB} - C:\WINDOWS\System32\bizy.dll

O2 - BHO: (no name) - {4AB1A829-2CD6-3A5E-E65A-3D982A6DBEFF} - (no file)

O2 - BHO: (no name) - {76C30FEC-861C-9491-79A7-C26705BE85FB} - C:\WINDOWS\System32\bizy.dll

O2 - BHO: (no name) - {A5DF8901-05F2-4F25-CE4B-193A130E09F1} - (no file)

O2 - BHO: (no name) - {B16BBFAC-370C-74DD-60E2-764CF4474CAA} - (no file)

O2 - BHO: (no name) - {D09D35DE-E229-F0A6-49B2-A32151197AA4} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe

O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [avast!] D:\Porzadki\Avast\ashDisp.exe

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [Weihbys] C:\WINDOWS\System32\??rss.exe

O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [Oror] "C:\Program Files\srna\ctll.exe" -vt mt

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - Startup: Bankrut.lnk = D:\Bankrut\bankrut.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.blazefind.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchbarcash.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotch.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 67.19.185.246

O15 - Trusted IP range: 67.19.185.246 (HKLM)

O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB

O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://content.sms.priv.pl/sms_auto2.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuklc.mht!http://kazaalite.pl/stats/loud.chm::/Bridge-c139.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 

O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://67.19.185.246/i/8/loader2.ocx

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?uid=32&id=60902&1s&ex&ppd=4

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - ms-its:mhtml:file://c:\nosukmt.mht!http://kazaalite.pl/stats/mta.chm::/MediaTicketsInstaller.cab

O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB

O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} - http://advnt01.com/dialer/internazionale_ver10.CAB

O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB

O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB

O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB

O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} - http://install.mp3bereich.de/InstallationsAssistent.ocx

O16 - DPF: {F96D229F-129A-43B5-9B51-B7820E1BF2D3} (GameControl2 Control) - http://www.miastoplusa.pl/applets/GameControl104.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{ED83648A-31BE-447A-8204-A73625B32CEC}: NameServer = 194.204.152.34 217.98.63.164

O18 - Filter: text/html - {2F5198F8-7929-42B0-B2EA-9C6EF1A253C8} - C:\Documents and Settings\Celeron\Ustawienia lokalne\Dane aplikacji\microsoft\internet explorer\V0.39.dat

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Porzadki\Avast\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Porzadki\Avast\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Porzadki\Avast\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Porzadki\Avast\ashWebSv.exe" /service (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Gutek · 4 Luty 2006 09:30

C:\Program Files\SpySheriff\SpySheriff.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - _{43EE3FEC-AB2F-A1A5-5497-F24A358EA8CB} - (no file) R3 - URLSearchHook: (no name) - _{76C30FEC-861C-9491-79A7-C26705BE85FB} - (no file) R3 - URLSearchHook: (no name) - {43EE3FEC-AB2F-A1A5-5497-F24A358EA8CB} - C:\WINDOWS\System32\bizy.dll R3 - URLSearchHook: (no name) - {76C30FEC-861C-9491-79A7-C26705BE85FB} - C:\WINDOWS\System32\bizy.dll F2 - REG:system.ini: Shell=explorer.exe"C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O2 - BHO: (no name) - {0459A75C-23FD-6D7B-C7AC-671DC293A5AB} - (no file) O2 - BHO: (no name) - {04CD6237-B991-F346-FACB-F44404C8A6AF} - (no file) O2 - BHO: (no name) - {25015FAA-8509-CB87-6771-9F02C0D182F8} - (no file) O2 - BHO: (no name) - {40FD7C35-A891-B84E-FC78-EA35639CB3F9} - (no file) O2 - BHO: (no name) - {43EE3FEC-AB2F-A1A5-5497-F24A358EA8CB} - C:\WINDOWS\System32\bizy.dll O2 - BHO: (no name) - {4AB1A829-2CD6-3A5E-E65A-3D982A6DBEFF} - (no file) O2 - BHO: (no name) - {76C30FEC-861C-9491-79A7-C26705BE85FB} - C:\WINDOWS\System32\bizy.dll O2 - BHO: (no name) - {A5DF8901-05F2-4F25-CE4B-193A130E09F1} - (no file) O2 - BHO: (no name) - {B16BBFAC-370C-74DD-60E2-764CF4474CAA} - (no file) O2 - BHO: (no name) - {D09D35DE-E229-F0A6-49B2-A32151197AA4} - (no file) O4 - HKLM…\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile O4 - HKLM…\Run: [surfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM…\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKCU…\Run: [Weihbys] C:\WINDOWS\System32??rss.exe O4 - HKCU…\Run: [Oror] “C:\Program Files\srna\ctll.exe” -vt m O4 - HKCU…\Run: [shell] “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe” O4 - HKCU…\Run: [Windows installer] C:\winstall.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 67.19.185.246 O15 - Trusted IP range: 67.19.185.246 (HKLM) O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://content.sms.priv.pl/sms_auto2.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuklc.mht!http://kazaalite.pl/stats/loud.chm::/Bridge-c139.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares … _adult.cab O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://67.19.185.246/i/8/loader2.ocx O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.xxxtoolbar.com/ist/softwares … egular.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?ui … s&ex&ppd=4 O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - ms-its:mhtml:file://c:\nosukmt.mht!http://kazaalite.pl/stats/mta.chm::/MediaTicketsInstaller.cab O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} - http://advnt01.com/dialer/internazionale_ver10.CAB O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} - http://install.mp3bereich.de/InstallationsAssistent.ocx

Wpis R3 nie usuwasz hijackiem tylko usuniesz Registrar Lite, opis masz TUTAJ

Wyłączyć Przywracanie systemu w XP TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. Dodatkowo O15 może będzie stawiać opór więc ściągnij KillTrusted 0.7
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log

Zastosuj Usuwanie tapety SpySheriff

Masz plik “z pytajnikiem” - ??rss.exe , jak usunąć zobacz TU