marthens
13 Grudzień 2005 20:30
#1
Załapałem parę wirów no i Kaspersky je usunął, wykrył też jakiś atak z sieci no i pozbył się tego ale ten atak się cały czas ponawia co jakiś czas: Helkern from address 60.238.252.81
Logfile of HijackThis v1.99.1
Scan saved at 09:33, on 2005-12-13
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\SYSTEM\KERNEL32.DLL
D:\WINDOWS\SYSTEM\MSGSRV32.EXE
D:\WINDOWS\SYSTEM\MPREXE.EXE
D:\WINDOWS\HCOUNT.EXE
D:\WINDOWS\SYSTEM\MSTASK.EXE
D:\WINDOWS\SYSTEM\STIMON.EXE
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAVSVC.EXE
D:\WINDOWS\SYSTEM\mmtask.tsk
D:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
D:\WINDOWS\EXPLORER.EXE
D:\WINDOWS\SYSTEM\INTERNAT.EXE
D:\WINDOWS\TASKMON.EXE
D:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAM FILES\CREATIVE\NEWS\NEWSUPD.EXE
D:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
D:\PROGRAM FILES\CREATIVE\AUDIO\PROGRAM\CTMIX32.EXE
D:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE
D:\WINDOWS\LOADQM.EXE
D:\WINDOWS\SYSTEM\HIDSERV.EXE
D:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
D:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
D:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
D:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAV.EXE
D:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
D:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
D:\WINDOWS\SYSTEM\HPZIPM12.EXE
D:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
D:\WINDOWS\SYSTEM\SPOOL32.EXE
D:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE
D:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE
D:\WINDOWS\SYSTEM\TAPISRV.EXE
D:\WINDOWS\SYSTEM\RNAAPP.EXE
D:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE
D:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
D:\PROGRAM FILES\GADU-GADU\GG.EXE
D:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\WINDOWS\TEMP\RAR$EX00.630\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F1 - win.ini: run=D:\WINDOWS\INET20096\SERVICES.EXE
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - D:\WINDOWS\inet20096\3.00.11.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Windows Millennium Edition Intro Video] D:\WINDOWS\Applic~1\Micros~1\Intro\content.hta
O4 - HKLM\..\Run: [SelfHostUtil] D:\WINDOWS\selfhost.exe /L
O4 - HKLM\..\Run: [ScanRegistry] D:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] D:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] D:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NewsUpd] D:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] D:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [xp_system] D:\WINDOWS\INET20096\SERVICES.EXE
O4 - HKLM\..\Run: [Microsoft standard protector] D:\WINDOWS\INET20096\SOCKS.EXE 20096
O4 - HKLM\..\Run: [PayTime] D:\WINDOWS\SYSTEM\paytime.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe
O4 - HKLM\..\Run: [Anti Trojan Elite] D:\PROGRAM FILES\ANTI TROJAN ELITE\TJENDER.EXE :NO
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\RunServices: [HiberMonitor] HCount.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] D:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] D:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [kavsvc] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"
O4 - HKLM\..\RunServices: [RNBOStart] D:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [xp_system] D:\WINDOWS\INET20096\SERVICES.EXE
O4 - HKCU\..\Run: [Shell] "D:\WINDOWS\SYSTEM\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] D:\WINDOWS\SYSTEM\paytime.exe
O4 - Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: D:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.modgik.lodz.pl/Mapa/mgaxctrl.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\AutoCAD 2002 Plk\AcPreview.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://D:\Program Files\AutoCAD 2002 Plk\AcDcToday.ocx
O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Program Files\AutoCAD 2002 Plk\InstBanr.ocx
O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://D:\Program Files\AutoCAD 2002 Plk\InstFred.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
marthens
13 Grudzień 2005 22:33
#3
Logfile of HijackThis v1.99.1
Scan saved at 11:32, on 2005-12-13
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\SYSTEM\KERNEL32.DLL
D:\WINDOWS\SYSTEM\MSGSRV32.EXE
D:\WINDOWS\SYSTEM\MPREXE.EXE
D:\WINDOWS\HCOUNT.EXE
D:\WINDOWS\SYSTEM\MSTASK.EXE
D:\WINDOWS\SYSTEM\STIMON.EXE
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAVSVC.EXE
D:\WINDOWS\SYSTEM\mmtask.tsk
D:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
D:\WINDOWS\EXPLORER.EXE
D:\WINDOWS\SYSTEM\INTERNAT.EXE
D:\WINDOWS\TASKMON.EXE
D:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\WINDOWS\SYSTEM\HIDSERV.EXE
D:\PROGRAM FILES\CREATIVE\NEWS\NEWSUPD.EXE
D:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
D:\PROGRAM FILES\CREATIVE\AUDIO\PROGRAM\CTMIX32.EXE
D:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE
D:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
D:\WINDOWS\LOADQM.EXE
D:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
D:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
D:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAV.EXE
D:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
D:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
D:\WINDOWS\SYSTEM\HPZIPM12.EXE
D:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
D:\WINDOWS\SYSTEM\SPOOL32.EXE
D:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE
D:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE
D:\WINDOWS\SYSTEM\TAPISRV.EXE
D:\WINDOWS\SYSTEM\RNAAPP.EXE
D:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE
D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
D:\PROGRAM FILES\GADU-GADU\GG.EXE
D:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - D:\WINDOWS\inet20096\3.00.11.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Windows Millennium Edition Intro Video] D:\WINDOWS\Applic~1\Micros~1\Intro\content.hta
O4 - HKLM\..\Run: [SelfHostUtil] D:\WINDOWS\selfhost.exe /L
O4 - HKLM\..\Run: [ScanRegistry] D:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] D:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] D:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NewsUpd] D:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] D:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [xp_system] D:\WINDOWS\INET20096\SERVICES.EXE
O4 - HKLM\..\Run: [Microsoft standard protector] D:\WINDOWS\INET20096\SOCKS.EXE 20096
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe
O4 - HKLM\..\Run: [Anti Trojan Elite] D:\PROGRAM FILES\ANTI TROJAN ELITE\TJENDER.EXE :NO
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\RunServices: [HiberMonitor] HCount.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] D:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] D:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [kavsvc] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [xp_system] D:\WINDOWS\INET20096\SERVICES.EXE
O4 - HKCU\..\Run: [PayTime] D:\WINDOWS\SYSTEM\paytime.exe
O4 - Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: D:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.modgik.lodz.pl/Mapa/mgaxctrl.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\AutoCAD 2002 Plk\AcPreview.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://D:\Program Files\AutoCAD 2002 Plk\AcDcToday.ocx
O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Program Files\AutoCAD 2002 Plk\InstBanr.ocx
O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://D:\Program Files\AutoCAD 2002 Plk\InstFred.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_ansi.cab
Gutek
13 Grudzień 2005 22:59
#4
Powtóz instrukcję usuwania, większość wsakzanych plików przeze mnie sie powtarza
marthens
14 Grudzień 2005 14:01
#5
no to jeszcze raz :? :shock:
i jak teraz?
Logfile of HijackThis v1.99.1
Scan saved at 03:02, on 2005-12-14
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\SYSTEM\KERNEL32.DLL
D:\WINDOWS\SYSTEM\MSGSRV32.EXE
D:\WINDOWS\SYSTEM\mmtask.tsk
D:\WINDOWS\SYSTEM\MPREXE.EXE
D:\WINDOWS\HCOUNT.EXE
D:\WINDOWS\SYSTEM\MSTASK.EXE
D:\WINDOWS\SYSTEM\STIMON.EXE
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAVSVC.EXE
D:\WINDOWS\EXPLORER.EXE
D:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
D:\WINDOWS\SYSTEM\INTERNAT.EXE
D:\WINDOWS\TASKMON.EXE
D:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\WINDOWS\SYSTEM\HIDSERV.EXE
D:\PROGRAM FILES\CREATIVE\NEWS\NEWSUPD.EXE
D:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
D:\PROGRAM FILES\CREATIVE\AUDIO\PROGRAM\CTMIX32.EXE
D:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE
D:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
D:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\WINDOWS\LOADQM.EXE
D:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
D:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
D:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAV.EXE
D:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
D:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
D:\WINDOWS\SYSTEM\HPZIPM12.EXE
D:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
D:\WINDOWS\SYSTEM\SPOOL32.EXE
D:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE
D:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE
D:\WINDOWS\SYSTEM\TAPISRV.EXE
D:\WINDOWS\SYSTEM\RNAAPP.EXE
D:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE
D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\WINDOWS\SYSTEM\DDHELP.EXE
D:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Windows Millennium Edition Intro Video] D:\WINDOWS\Applic~1\Micros~1\Intro\content.hta
O4 - HKLM\..\Run: [SelfHostUtil] D:\WINDOWS\selfhost.exe /L
O4 - HKLM\..\Run: [ScanRegistry] D:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] D:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] D:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NewsUpd] D:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] D:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "D:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe
O4 - HKLM\..\Run: [Anti Trojan Elite] D:\PROGRAM FILES\ANTI TROJAN ELITE\TJENDER.EXE :NO
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\RunServices: [HiberMonitor] HCount.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] D:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] D:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [kavsvc] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .pdf: D:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.modgik.lodz.pl/Mapa/mgaxctrl.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\AutoCAD 2002 Plk\AcPreview.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://D:\Program Files\AutoCAD 2002 Plk\AcDcToday.ocx
O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Program Files\AutoCAD 2002 Plk\InstBanr.ocx
O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://D:\Program Files\AutoCAD 2002 Plk\InstFred.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_ansi.cab
