Log, co mam zrobić?

cinnamon_girl · 16 Maj 2005 11:01

Co to znaczy, czy wogóle to cos znaczy ?

Logfile of HijackThis v1.99.1

Scan saved at 12:49:27, on 2005-05-16

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

D:\Dialer Killer\DiaKill.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\QuickTime\qttask.exe

D:\Winamp\winampa.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Tweak-XP\blads.exe

D:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

D:\calendar\birthen.exe

C:\Program Files\AntyDialer\AntyDialer.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\WINDOWS\msagent\AgentSvr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\HijackThis\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.interia.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customi … /www.yahoo.

com/ext/search/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customi … /www.yahoo.

com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Łącza

O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: TChkBHO Class - {4DA7A3F6-BDCE-4ADC-8945-116EE144E343}

C:\WINDOWS\system32\shpiipe.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no

file)

O4 - HKLM…\Run: [sysR] C:\WINDOWS\sysmd.exe m

O4 - HKLM…\Run: [MediaFace Integration] C:\Program

Files\Fellowes\MediaFACE 4.0\SetHook.exe

O4 - HKLM…\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM…\Run: [DialerKiller] D:\Dialer Killer\DiaKill.exe -h

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [New.net Startup] rundll32

C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe”

-atboottime

O4 - HKLM…\Run: [WinampAgent] D:\Winamp\winampa.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe”

/background

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU…\Run: [blockAds] C:\Program Files\Tweak-XP\blads.exe

O4 - HKCU…\Run: [Yahoo! Pager] D:\Program

Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU…\Run: [Morpheus] “D:\StreamCast\Morpheus\Morpheus.exe” -min

O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - Startup: BIRTHDAY! millennium.lnk = D:\calendar\birthen.exe

O4 - Startup: AntyDialer.lnk = C:\Program Files\AntyDialer\AntyDialer.exe

O4 - Startup: Pandion.lnk = D:\Program Files\Pandion\Pandion.exe

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone

Labs\ZoneAlarm\zonealarm.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll

O9 - Extra button: (no name) - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} -

(no file)

O9 - Extra button: (no name) - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} -

(no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra ‘Tools’ menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE

O10 - Hijacked Internet access by New.Net

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -

http://poczta.wp.pl/autoryzacja/mailcfg.ocx

O16 - DPF: {70AA7362-0A16-11D4-877B-008048C4AC6F} (MainControl

Class) - http://download.mks.com.pl/files/webscan/WebScan.cab

O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper

Class) - file://C:\DOCUME~1\z\USTAWI~1\Temp\ThereInstallHelper.dll

O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice

Trainer) - file://C:\Program Files\There\ThereClient\ThereVoiceTrainer.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) -

file://C:\Program Files\There\ThereClient\ThereLauncher.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl

Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 -

HKLM\System\CCS\Services\Tcpip…{C4A4B59C-F1CE-4945-83C8-3308B452

503E}: NameServer = 217.30.137.200 217.30.129.149

O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program

Files\Palick Soft\HDD Temperature\HDDTsvc.exe

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program

Files\MKS\Bin\mksmonsv.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Securom User Access for Windows 2000 and Windows XP a

technology by Sony DADC (UserAccess) - Unknown owner - C:\Program

Files\Common Files\YDP\UserAccessManager\useraccess.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -

C:\WINDOWS\system32\ZONELABS\vsmon.exe

Gutek · 16 Maj 2005 14:47

A ty jak LOG wklejasz potem sie człowiek męczy

Wyłączyć Przywracanie systemu w XP.
Zastartować do trybu awaryjnego bez internetu.
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.
Skasować z dysku pliki i folder, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log

LSP-Fix usuniesz wpisy 010 TU opis działania

detektyw · 16 Maj 2005 16:29

jak nie uzywasz messengera to mozesz go wywalić tym:

http://www.amnezja.org/modules.php?name … e&sid=1014

cinnamon_girl · 16 Maj 2005 19:03

Dzieki za porady, co do wklejania loga postaram sie poprawic. Zrobiłam jak radziliscie, co doplików i folderów które miałam skasować to ich nie ma, szukałam przez wyszukaj i tak na piechotę i nie widze juz nic takiego a oto nowy log :

Logfile of HijackThis v1.99.1

Scan saved at 20:56:24, on 2005-05-16

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

D:\Dialer Killer\DiaKill.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

D:\Winamp\winampa.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Tweak-XP\blads.exe

C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

D:\calendar\birthen.exe

C:\Program Files\AntyDialer\AntyDialer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HijackThis\hijackthis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi … earch.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi … .yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM…\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM…\Run: [DialerKiller] D:\Dialer Killer\DiaKill.exe -h

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [WinampAgent] D:\Winamp\winampa.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU…\Run: [blockAds] C:\Program Files\Tweak-XP\blads.exe

O4 - HKCU…\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU…\Run: [Morpheus] “D:\StreamCast\Morpheus\Morpheus.exe” -min

O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - Startup: BIRTHDAY! millennium.lnk = D:\calendar\birthen.exe

O4 - Startup: AntyDialer.lnk = C:\Program Files\AntyDialer\AntyDialer.exe

O4 - Startup: Pandion.lnk = D:\Program Files\Pandion\Pandion.exe

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O10 - Hijacked Internet access by New.Net

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/autoryzacja/mailcfg.ocx

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {70AA7362-0A16-11D4-877B-008048C4AC6F} (MainControl Class) - http://download.mks.com.pl/files/webscan/WebScan.cab

O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://C:\Program Files\There\ThereClient\ThereVoiceTrainer.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://C:\Program Files\There\ThereClient\ThereLauncher.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip…{C4A4B59C-F1CE-4945-83C8-3308B452503E}: NameServer = 217.30.137.200 217.30.129.149

O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) - Unknown owner - C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

moze nie wszystko poszło mi jak trzeba , ale sie starałam

Gutek · 16 Maj 2005 21:05

usun wpis 03 hijackie a co do wpisów 010 zrób tak: zobacz na usuwanie Usuwanie szpiegów z łańcucha Winsock tam jest przykład u ciebie będzie to wpis NewDotNet w tej ramce który masz usunąc

kuz5 · 16 Maj 2005 21:57

A konkretnie odpal LSP-Fix zaznacz “I know what I’m doing” następnie w okienku Keep zaznacz plik który chcesz usunąć i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish

cinnamon_girl · 17 Maj 2005 08:41

Naprawde wielkie dzieki, teraz chyba ok???

Logfile of HijackThis v1.99.1

Scan saved at 10:38:42, on 2005-05-17