Ja widac jestem tu po raz pierwszy wiec na poczatek mowie czesc:)
W temacie komputerowym jestem absolutnym laikiem, ale jak mi sie zaczelo wszystko sypac to zaczelam szukac tu i tam;). Mam ewidentnie w kompie wirusy, ktore usuwa Kaspersky (na zmiane ze szczepionka), ale nie na dlugo:(. Efektem wszystkich tych zawirowan jest to, ze jestem odcieta od netu (dziala mi jedynie gg).
Wklejam loga i w Was cala moja nadzieja:)
Logfile of HijackThis v1.99.1
Scan saved at 19:37:18, on 2005-03-12
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE
C:\WINDOWS\MWW32\MANAGER\MWSSW32.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\internat.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Documents and Settings\Jacek\Pulpit\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\dskrfuoui.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://abc-find.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-glx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.polchat.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza
O2 - BHO: (no name) - {4934E343-D99C-4EEA-97D2-E2D44E7D0BA9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C439318C-BAB4-48D1-AB9D-5B56B1505638} - C:\WINDOWS\System32\dskrfuoui.dll (file missing)
O2 - BHO: Name - {C9874240-B1A6-4B9A-8FAA-21D49AB672AC} - C:\WINDOWS\System32\mstva.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: (no name) - {270B845C-712C-4773-BEE0-AE2D2001CD0F} - (no file)
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\system32\docntrop.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM…\Run: [internat.exe] internat.exe
O4 - HKLM…\Run: [synchronization Manager] mobsync.exe /logon
O4 - HKLM…\Run: [AWMON] “C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe”
O4 - HKLM…\Run: [dwcrnt.exe] dwcrnt.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: Launch Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Corel Network monitor worker - {2F041AC9-A8F1-4805-8593-191EA94107D5} - C:\WINDOWS\System32\iegfxfrw.dll
O9 - Extra ‘Tools’ menuitem: Corel Network monitor worker - {2F041AC9-A8F1-4805-8593-191EA94107D5} - C:\WINDOWS\System32\iegfxfrw.dll
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Translate - {99EFB53C-C965-43CF-9F45-52242D134187} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: &Translate Using Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Corel Network monitor worker - {2F041AC9-A8F1-4805-8593-191EA94107D5} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O9 - Extra ‘Tools’ menuitem: Corel Network monitor worker - {2F041AC9-A8F1-4805-8593-191EA94107D5} - C:\WINDOWS\System32\iegfxfrw.dll (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: ‘http’ protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ … 1/chat.cab
O16 - DPF: {16CBFD08-1D2E-4641-A3AE-5231633DE0D9} (Loader Class) - http://www.astri-online.com/hp/sponsor/dialrapid.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ … acscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab
O16 - DPF: {70AA7362-0A16-11D4-877B-008048C4AC6F} (MainControl Class) - http://download.mks.com.pl/files/webscan/WebScan.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 … scan53.cab
O16 - DPF: {7A95FA03-7007-11D3-BC67-00805FA16C19} (ProfitXControl) -
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.205.69.165/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D} (CopySafe3 Control) - http://www.artistscope.com/Plugin/Download/Copysafe.cab
O16 - DPF: {C3480415-A7F8-11D1-AA75-00C04FA34D72} (Microsoft Agent International DLL for Language 0x0415) - http://www.dmbigbg.pl/pobierz/asystent/AgtX0415.exe
O16 - DPF: {D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} (Microsoft Agent Control 2.0) - http://www.dmbigbg.pl/pobierz/asystent/MSagent.exe
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/se … loader.cab
O17 - HKLM\System\CCS\Services\Tcpip…{1B86EC17-307D-4CA1-B5E3-B206F89069F7}: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37
O21 - SSODL: System - {88935278-2271-46AD-81DA-B55AB41CAAAF} - C:\WINDOWS\system32\system32.dll
O23 - Service: AntiVir Service (AntiVirService) - A4Tech Co.,Ltd. - (no file)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Us3uga administracyjna Mened?era dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM Corporation - C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\System32\ZoneLabs\vsmon.exe