Log i duzy problemik


(Abdull1) #1

wklejam loga i napiszcie co usunac bo widze ze jest tego duzo ale dokladnie niewiem co usunac siedze na trybie awaryjnym bo normalnie nic sie nieda zrobic

to nie moj komp :wink:

Logfile of HijackThis v1.99.1

Scan saved at 13:20:20, on 2005-08-10

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\init32m.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\sys96.exe

C:\WINDOWS\System32\cssrs.exe

C:\WINDOWS\System32\symcsvc.exe

C:\Documents and Settings\Patrycja\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=Explorer.exe init32m.exe

O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com

O1 - Hosts: 127.0.0.3 x.full-tgp.net

O1 - Hosts: 127.0.0.3 counter.sexmaniack.com

O1 - Hosts: 127.0.0.3 autoescrowpay.com

O1 - Hosts: 127.0.0.3 www.autoescrowpay.com

O1 - Hosts: 127.0.0.3 www.awmdabest.com

O1 - Hosts: 127.0.0.3 www.sexfiles.nu

O1 - Hosts: 127.0.0.3 awmdabest.com

O1 - Hosts: 127.0.0.3 sexfiles.nu

O1 - Hosts: 127.0.0.3 allforadult.com

O1 - Hosts: 127.0.0.3 www.allforadult.com

O1 - Hosts: 127.0.0.3 www.iframe.biz

O1 - Hosts: 127.0.0.3 iframe.biz

O1 - Hosts: 127.0.0.3 www.newiframe.biz

O1 - Hosts: 127.0.0.3 newiframe.biz

O1 - Hosts: 127.0.0.3 www.vesbiz.biz

O1 - Hosts: 127.0.0.3 vesbiz.biz

O1 - Hosts: 127.0.0.3 www.pizdato.biz

O1 - Hosts: 127.0.0.3 pizdato.biz

O1 - Hosts: 127.0.0.3 www.aaasexypics.com

O1 - Hosts: 127.0.0.3 aaasexypics.com

O1 - Hosts: 127.0.0.3 www.virgin-tgp.net

O1 - Hosts: 127.0.0.3 virgin-tgp.net

O1 - Hosts: 127.0.0.3 www.awmcash.biz

O1 - Hosts: 127.0.0.3 awmcash.biz

O1 - Hosts: 127.0.0.3 buldog-stats.com

O1 - Hosts: 127.0.0.3 www.buldog-stats.com

O1 - Hosts: 127.0.0.3 fregat.drocherway.com

O1 - Hosts: 127.0.0.3 slutmania.biz

O1 - Hosts: 127.0.0.3 www.slutmania.biz

O1 - Hosts: 127.0.0.3 toolbarpartner.com

O1 - Hosts: 127.0.0.3 www.toolbarpartner.com

O1 - Hosts: 127.0.0.3 www.megapornix.com

O1 - Hosts: 127.0.0.3 megapornix.com

O1 - Hosts: 127.0.0.3 www.sp2fucked.biz

O1 - Hosts: 127.0.0.3 sp2fucked.biz

O1 - Hosts: 127.0.0.3 greg-tut.com

O1 - Hosts: 127.0.0.3 www.greg-tut.com

O1 - Hosts: 127.0.0.3 nylonsexy.com

O1 - Hosts: 127.0.0.3 www.nylonsexy.com

O1 - Hosts: 127.0.0.3 vparivalka.com

O1 - Hosts: 127.0.0.3 www.vparivalka.com

O1 - Hosts: 127.0.0.3 iframeprofit.com

O1 - Hosts: 127.0.0.3 www.iframeprofit.com

O1 - Hosts: 127.0.0.3 topsearch10.com

O1 - Hosts: 127.0.0.3 www.topsearch10.com

O1 - Hosts: 127.0.0.3 statscash.biz

O1 - Hosts: 127.0.0.3 www.statscash.biz

O1 - Hosts: 127.0.0.3 vxiframe.biz

O1 - Hosts: 127.0.0.3 www.vxiframe.biz

O1 - Hosts: 127.0.0.3 crazy-toolbar.com

O1 - Hosts: 127.0.0.3 www.crazy-toolbar.com

O1 - Hosts: 127.0.0.3 topcash.biz

O1 - Hosts: 127.0.0.3 www.topcash.biz

O1 - Hosts: 127.0.0.3 loadcash.biz

O1 - Hosts: 127.0.0.3 www.loadcash.biz

O1 - Hosts: 127.0.0.3 txiframe.biz

O1 - Hosts: 127.0.0.3 www.txiframe.biz

O1 - Hosts: 127.0.0.3 procounter.biz

O1 - Hosts: 127.0.0.3 www.procounter.biz

O1 - Hosts: 127.0.0.3 advadmin.biz

O1 - Hosts: 127.0.0.3 www.advadmin.biz

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll

O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM\..\Run: [Service Process] C:\WINDOWS\system32\config\service.exe

O4 - HKLM\..\Run: [sys1336] C:\WINDOWS\sys1336.exe

O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{0E8B0C3D-E39E-440A-B1FC-9A8FF0A41D4D}\SVCHOST.EXE

O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe

O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{0E8B0C3D-E39E-440A-B1FC-9A8FF0A41D4D}\SECURITY.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [sys1336] C:\WINDOWS\sys1336.exe

O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\symcsvc.exe

O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symcsvc.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC6E31E-5196-447C-9817-482BD03F061E}: NameServer = 192.168.1.1

O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll

O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - C:\WINDOWS\System32\Dahdqkfe.dll

O21 - SSODL: System - {B6710A60-42C7-4EC0-B1F0-421BFC977843} - vr_sys.dll (file missing)

(Musg) #2

ŁAł :o :o cudo poprostu ,znam jeden sposob tylko na to ......

Ale zacznij od przeskanowania systemu:

http://forum.dobreprogramy.pl/viewtopic.php?t=8175

i daj nowy log :smiley:


(Damian) #3

Przeskanuj system tym, a potem wklej nowego loga:

:arrow: CWShredder 2.15

:arrow: SpyBot - Search & Destroy v1.4 PL

:arrow: Ad-aware SE Personal 1.06

:arrow: PestPatrol

:arrow: Microsoft AntiSpyware 1.0.614 Beta


(Abdull1) #4

musg a mozesz mi podac linka do javy chyba bo mi niewczytuje skanerow a mi troche muli net


(Musg) #5

http://www.dobreprogramy.pl/index.php?dz=2&t=40&id=485


(Abdull1) #6

przeskanowalem tym co sie dalo bo niektore zawiesza kompa albo muli

Logfile of HijackThis v1.99.1

Scan saved at 14:26:27, on 2005-08-10

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\init32m.exe

C:\WINDOWS\sys4146.exe

C:\WINDOWS\System32\cssrs.exe

C:\WINDOWS\System32\symcsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Patrycja\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=Explorer.exe init32m.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM\..\Run: [Service Process] C:\WINDOWS\system32\config\service.exe

O4 - HKLM\..\Run: [sys1336] C:\WINDOWS\sys1336.exe

O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{0E8B0C3D-E39E-440A-B1FC-9A8FF0A41D4D}\SVCHOST.EXE

O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe

O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{0E8B0C3D-E39E-440A-B1FC-9A8FF0A41D4D}\SECURITY.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [sys1336] C:\WINDOWS\sys1336.exe

O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\symcsvc.exe

O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symcsvc.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CBC6E31E-5196-447C-9817-482BD03F061E}: NameServer = 192.168.1.1

O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll

O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - C:\WINDOWS\System32\Dahdqkfe.dll (file missing)

(Damian) #7

W trybie awaryjnym kasujesz:

Ręcznie:

Fixując w Hijacku, a pogrubione ręcznie:

To kasujesz programem LSPFIX

Po zabiegu wklejasz nowego loga.


(Abdull1) #8

napisz mi co mam zrobic tam w tym lspfix bo w tabelce sa 3 jakies file

niewiem o co tam chodzi


(Musg) #9

zostaw ten program w spokoju i te wpisy w tym programie ,damian wprowadził cie w blad :slight_smile:


(Musg) #10

zobacz sposob usuwania TU