Prośba o sprawdzenie LOGA! pilne!

ofca · 4 Listopad 2004 17:49

Jak może mi ktoś sprawdzić loga! coś tam siedzi a żaden antywirus nie chce sie zainstalować z góry wielkie dzięki!!

Logfile of HijackThis v1.98.2

Scan saved at 18:39:25, on 2004-11-04

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\fred\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.pl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir.dl … cid=0x0415

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\Z698E2~1.DLL

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\winrnr.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\rsvpsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc … wflash.cab

O17 - HKLM\System\CCS\Services\Tcpip…{AAE2400F-3035-43C6-88A3-B0BC7A9D36A9}: NameServer = 80.48.108.2

O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll (file missing)

O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll

O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: ipp - (no CLSID) - (no file)

O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll

O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll (file missing)

O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll

O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll (file missing)

O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - %SystemRoot%\System32\inetcomm.dll (file missing)

O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll

O18 - Protocol: ms-its - (no CLSID) - (no file)

O18 - Protocol: msdaipp - (no CLSID) - (no file)

O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll (file missing)

O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\System32\mshtml.dll (file missing)

O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll

O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll (file missing)

O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx

O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll

O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll

O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll

O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll

O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll

O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll

O20 - AppInit_DLLs: 4x3nl7nw29j.dll

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (file missing)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (file missing)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\System32\webcheck.dll (file missing)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll

Kamcia_18 · 4 Listopad 2004 20:56

kasujesz tak /tryb awaryjny/

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\Z698E2~1.DLL

O20 - AppInit_DLLs: 4x3nl7nw29j.dll

INFO:

O18 - Extra protokoły i protokoły zmienione przez szpiegow

Sciagasz

SpySubtractPRO+CWShredder_v2.00

http://im0.intermute.com/bin/downloads/ … btract.EXE

ewent.

CWShredder_v2.00

http://cwshredder.net/bin/CWSInstall.exe

dalej PestPatrol

http://download.zonelabs.com/bin/free/p … olHome.exe

INFO:

skanujesz partycje systemowa

Ustawiasz na stale ochrone rzeczywista

Options/AutomaticScans

dajesz Launch

w PPMem, PPControl, CookiePatrol

Nastepnie

Spybot Search and Destroy V1.3.2b

http://js-http.skycn.net:8181/down/spybotsd132b.exe

/mirror/

http://xj-http.skycn.net:8080/down/spybotsd132b.exe

Skanujesz skanerami AV

–GeCAD (RAV)–

http://www.ravantivirus.com/scan/

–F-Secure–

http://support.f-secure.com/enu/home/ols.shtml

dla zasady jeszcze

–Trend Micro (PC-cillin)–

http://housecall.trendmicro.com/houseca … t_corp.asp

Na koniec

zabezpieczasz przegladarki SpywareBlaster

http://www.javacoolsoftware.com/sbdownload.html

oraz porty Windows Worms Doors Cleaner v1.4.1

http://www.firewallleaktester.com/tools/wwdc.exe

INFO:

http://forum.dobreprogramy.pl/viewtopic … ht=blaster

ps.

sciagasz jeszcze SP1 ,lub SP2 obowiazkowo

potem instalujesz antywira np. BitDefender Free Edition v7

http://www.bitdefender.com/bd/site/down … enu_id=21#

lub avast! 4 Home Edition

http://dobreprogramy.com/index.php?dz=2&id=533&t=30