Hmm nie wiem co sie dzieje POMOCY :)


(Srokul) #1

hello Mam problem i jak by był ktos tak łaskawy i mi pomogł :slight_smile: pewnie mam jakies trojany ale za kazdym skanem są nowe i przy uruchomieniu Internet Explorer otwiera sie jakas dziwna stronka :confused: daje mojego loga jezeli ktos sie zna na tym i wie jak łatwo usunąc to niech mi pomoze z góry dzieki :slight_smile:

Logfile of HijackThis v1.98.2

Scan saved at 13:47:03, on 2004-12-10

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\inet10055\services.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\WINDOWS\System32\systime.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\systime.exe

C:\Documents and Settings\Sikora\Dane aplikacji\euis.exe

C:\WINDOWS\System32\w?nspool.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\Program Files\AVPersonal\AVGUARD.EXE

C:\Program Files\AVPersonal\AVGNT.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Sikora\Pulpit\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

F3 - REG:win.ini: run=C:\WINDOWS\inet10055\services.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet10055\1.02.05.dll

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O2 - BHO: (no name) - {DED0CCFB-0768-2B98-1C52-5EF07CCD3BC2} - C:\WINDOWS\System32\atpd.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [xp_system] C:\WINDOWS\inet10055\services.exe

O4 - HKLM..\Run: [sysTime] C:\WINDOWS\System32\systime.exe

O4 - HKLM..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [wingo] C:\WINDOWS\System32\wingo.exe

O4 - HKCU..\Run: [xp_system] C:\WINDOWS\inet10055\services.exe

O4 - HKCU..\Run: [sysTime] C:\WINDOWS\System32\systime.exe

O4 - HKCU..\Run: [ssch] C:\Documents and Settings\Sikora\Dane aplikacji\euis.exe

O4 - HKCU..\Run: [Xbfhyci] C:\WINDOWS\System32\w?nspool.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe (file missing)

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.crazywinnings.com

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.topconverting.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.xxxtoolbar.com

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTickets ... refid=2732

O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} (HDPluginCtrl Class) - http://webpdp.gator.com/4/download/hdpl ... 3v5d33.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip..{3235CFCC-BB92-4E90-8C01-9F61A4EBE583}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CCS\Services\Tcpip..{5E01EFB2-AB2A-4A1C-BA29-44771366C6DF}: NameServer = 62.121.128.51,62.121.128.52

O17 - HKLM\System\CS1\Services\Tcpip..{3235CFCC-BB92-4E90-8C01-9F61A4EBE583}: NameServer = 194.204.152.34 217.98.63.164


(lazikar) #2

Przeskanuj CWShredder

:arrow: CWShredder


(Srokul) #3

danke :slight_smile: juz sie otwiera tak jak powinno ale jak by ktos sie nudził i mógł sprawdzic jeszcze mojego loga. Pozdrawiam

Logfile of HijackThis v1.98.2

Scan saved at 14:25:06, on 2004-12-10

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\inet10055\services.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Sikora\Dane aplikacji\euis.exe

C:\WINDOWS\System32\w?nspool.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\Program Files\AVPersonal\AVGUARD.EXE

C:\Program Files\AVPersonal\AVGNT.EXE

C:\Program Files\AVPersonal\INETUPD.EXE

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Sikora\Pulpit\HijackThis & CWShredder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

F3 - REG:win.ini: run=C:\WINDOWS\inet10055\services.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet10055\1.02.05.dll (file missing)

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O2 - BHO: (no name) - {DED0CCFB-0768-2B98-1C52-5EF07CCD3BC2} - C:\WINDOWS\System32\atpd.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [xp_system] C:\WINDOWS\inet10055\services.exe

O4 - HKLM..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [wingo] C:\WINDOWS\System32\wingo.exe

O4 - HKCU..\Run: [xp_system] C:\WINDOWS\inet10055\services.exe

O4 - HKCU..\Run: [ssch] C:\Documents and Settings\Sikora\Dane aplikacji\euis.exe

O4 - HKCU..\Run: [Xbfhyci] C:\WINDOWS\System32\w?nspool.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe (file missing)

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.crazywinnings.com

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.topconverting.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.xxxtoolbar.com

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTickets ... refid=2732

O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} (HDPluginCtrl Class) - http://webpdp.gator.com/4/download/hdpl ... 3v5d33.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip..{3235CFCC-BB92-4E90-8C01-9F61A4EBE583}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CCS\Services\Tcpip..{5E01EFB2-AB2A-4A1C-BA29-44771366C6DF}: NameServer = 62.121.128.51,62.121.128.52

O17 - HKLM\System\CS1\Services\Tcpip..{3235CFCC-BB92-4E90-8C01-9F61A4EBE583}: NameServer = 194.204.152.34 217.98.63.164


(wieszak) #4

Wyłacz przywracanie systemu.

Przeskanuj tym co kazał Lazikar.

Przeskanuj w trybie awaryjnym

Log sprawdzą specjaliści ale już widać że coś siedzi.


(Adarek) #5

Log ma już sprwadony w "LOGI - HIJACK THIS"


(lazikar) #6

To mu pomogło czytaj co napisał wyżej. :?

:lol:


(wieszak) #7

Też już zakumałem ale jak pisałem co ma zrobić on był szybszy i wyszło jak wyszło :?

Inna sprawa że wkleił logi w trzech różnych topikach.

A po za tym ten log i tak jest zaśmiecony. :twisted:


(Srokul) #8

Prosze o sprawdzenie loga :slight_smile: wielka prosba !!

Logfile of HijackThis v1.99.0

Scan saved at 18:18:44, on 2004-12-24

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Mixer.exe

C:\WINDOWS\System32\LXSUPMON.EXE

C:\Program Files\Admilli Service\AdmilliServ.exe

C:\Program Files\Admilli Service\AdmilliKeep.exe

C:\temp\salm.exe

C:\WINDOWS\System32\SahAgent.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\toolbar.exe

C:\Program Files\Internet Optimizer\optimize.exe

C:\Program Files\Internet Optimizer\actalert.exe

C:\Program Files\BullsEye Network\bin\bargains.exe

C:\Documents and Settings\USER\Dane aplikacji\smao.exe

C:\WINDOWS\System32\eohp.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\USER\Ustawienia lokalne\Temp\Katalog tymczasowy 2 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://zakladka.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://zakladka.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL

O2 - BHO: dpvacbu - {F453E002-B889-71A9-ADB7-4F5A35D71F1E} - C:\WINDOWS\System32\dpvacbu.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll

O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\Program Files\IEMenuExtension\tbextn.dll

O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM..\Run: [scanRegistry] C:\W

O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN

O4 - HKLM..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe

O4 - HKLM..\Run: [salm] c:\temp\salm.exe

O4 - HKLM..\Run: [zazuvov] C:\WINDOWS\zazuvov.exe

O4 - HKLM..\Run: [sAHAgent] C:\WINDOWS\System32\SahAgent.exe

O4 - HKLM..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM..\Run: [iE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB

O4 - HKLM..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU..\Run: [Atus] C:\Documents and Settings\USER\Dane aplikacji\smao.exe

O4 - HKCU..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.xxxtoolbar.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.blazefind.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchbarcash.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotch.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: 213.159.117.202 (HKLM)

O16 - DPF: {11117711-1111-1711-7121-111177111157} - ms-its:mhtml:file://c:\bebe.mht! http://www.frontieraurora.com/tx.chm::/ai.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTIn ... e-c282.cab

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTickets ... refid=2732

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab

O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - C:\WINDOWS\System32\Oidfgq32.dll

O23 - Service: ipxctrl - Unknown - C:\WINDOWS\System32\ipxctrl.exe

O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe

O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NetDDEeipxs - Unknown - C:\WINDOWS\System32\eohp.exe


(Djkarolek) #9

CWShredder-Ten Program jest Naprawde Dobry :wink: Gdzie Moge go pobrac :wink:


(Damian) #10

Srokul... Log jest jeszcze nie do końca czysty...

Przeskanuj programami:

:arrow: CWShredder 2.1

:arrow: Spybot Search & Destroy 1.3

:arrow: Ad-aware SE Personal 1.05


(lazikar) #11

Czytać nie umiesz. :? Drugi post w tym temacie. :!:


(Marsmo) #12

Powiem lepiej - jest jeszcze gorszy niż był niegdyś , zanim mu go Phylby wyczyścił! :smiley:

Piszę "niegdyś" - bo ten log został na świeżo wklejony, po 14 dniach w tym samym temacie. Z tamtym sprawa była już rozwiązana; i tu - i w dziale "Logi"!

Czyli wypada znowu przejrzeć... :lol:


(dżasny) #13

wszedzie tu sa wiry!!


(Jablek 88) #14

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.xxxtoolbar.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.blazefind.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchbarcash.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotch.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: 213.159.117.202 (HKLM)

O16 - DPF: {11117711-1111-1711-7121-111177111157} - ms-its:mhtml:file://c:\bebe.mht! http://www.frontieraurora.com/tx.chm::/ai.exe

KoSz

O4 - HKCU..\Run: [surfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe

kosz

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll

C:\WINDOWS\inet10055\services.exe

O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet10055\1.02.05.dll (file missing)

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKCU..\Run: [wingo] C:\WINDOWS\System32\wingo.exe

O4 - HKCU..\Run: [xp_system] C:\WINDOWS\inet10055\services.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} (HDPluginCtrl Class) - http://webpdp.gator.com/4/download/hdpl ... 3v5d33.cab

affa wykasuj troche tych rzeczy z autostartu :wink: