Proszę o spr loga


(Kodo) #1

Załapałem parę wirów no i Kaspersky je usunął, wykrył też jakiś atak z sieci no i pozbył się tego ale ten atak się cały czas ponawia co jakiś czas: Helkern from address 60.238.252.81 !!

Logfile of HijackThis v1.99.1

Scan saved at 09:33, on 2005-12-13

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

D:\WINDOWS\SYSTEM\KERNEL32.DLL

D:\WINDOWS\SYSTEM\MSGSRV32.EXE

D:\WINDOWS\SYSTEM\MPREXE.EXE

D:\WINDOWS\HCOUNT.EXE

D:\WINDOWS\SYSTEM\MSTASK.EXE

D:\WINDOWS\SYSTEM\STIMON.EXE

D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAVSVC.EXE

D:\WINDOWS\SYSTEM\mmtask.tsk

D:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

D:\WINDOWS\EXPLORER.EXE

D:\WINDOWS\SYSTEM\INTERNAT.EXE

D:\WINDOWS\TASKMON.EXE

D:\WINDOWS\SYSTEM\SYSTRAY.EXE

D:\PROGRAM FILES\CREATIVE\NEWS\NEWSUPD.EXE

D:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE

D:\PROGRAM FILES\CREATIVE\AUDIO\PROGRAM\CTMIX32.EXE

D:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE

D:\WINDOWS\LOADQM.EXE

D:\WINDOWS\SYSTEM\HIDSERV.EXE

D:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE

D:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE

D:\WINDOWS\SYSTEM\WMIEXE.EXE

D:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE

D:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE

D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAV.EXE

D:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE

D:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE

D:\WINDOWS\SYSTEM\HPZIPM12.EXE

D:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE

D:\WINDOWS\SYSTEM\SPOOL32.EXE

D:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE

D:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE

D:\WINDOWS\SYSTEM\TAPISRV.EXE

D:\WINDOWS\SYSTEM\RNAAPP.EXE

D:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE

D:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

D:\PROGRAM FILES\GADU-GADU\GG.EXE

D:\WINDOWS\SYSTEM\DDHELP.EXE

D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

D:\PROGRAM FILES\WINRAR\WINRAR.EXE

C:\WINDOWS\TEMP\RAR$EX00.630\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

F1 - win.ini: run=D:\WINDOWS\INET20096\SERVICES.EXE

O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - D:\WINDOWS\inet20096\3.00.11.dll

O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [Windows Millennium Edition Intro Video] D:\WINDOWS\Applic~1\Micros~1\Intro\content.hta

O4 - HKLM\..\Run: [SelfHostUtil] D:\WINDOWS\selfhost.exe /L

O4 - HKLM\..\Run: [ScanRegistry] D:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] D:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] D:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [NewsUpd] D:\Program Files\Creative\News\NewsUpd.EXE /q

O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [CreativeMixer] D:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [autoclk] autoclk.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "D:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"

O4 - HKLM\..\Run: [xp_system] D:\WINDOWS\INET20096\SERVICES.EXE

O4 - HKLM\..\Run: [Microsoft standard protector] D:\WINDOWS\INET20096\SOCKS.EXE 20096

O4 - HKLM\..\Run: [PayTime] D:\WINDOWS\SYSTEM\paytime.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe

O4 - HKLM\..\Run: [Anti Trojan Elite] D:\PROGRAM FILES\ANTI TROJAN ELITE\TJENDER.EXE :NO

O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize

O4 - HKLM\..\RunServices: [HiberMonitor] HCount.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] D:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [StillImageMonitor] D:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [kavsvc] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"

O4 - HKLM\..\RunServices: [RNBOStart] D:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU\..\Run: [xp_system] D:\WINDOWS\INET20096\SERVICES.EXE

O4 - HKCU\..\Run: [Shell] "D:\WINDOWS\SYSTEM\ibm00001.exe"

O4 - HKCU\..\Run: [PayTime] D:\WINDOWS\SYSTEM\paytime.exe

O4 - Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O12 - Plugin for .pdf: D:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.modgik.lodz.pl/Mapa/mgaxctrl.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\AutoCAD 2002 Plk\AcPreview.ocx

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://D:\Program Files\AutoCAD 2002 Plk\AcDcToday.ocx

O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Program Files\AutoCAD 2002 Plk\InstBanr.ocx

O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://D:\Program Files\AutoCAD 2002 Plk\InstFred.ocx

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab

O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

(Gutek) #2
  1. Zastartować do trybu awaryjnego bez internetu(opis TU).

  2. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. D

  3. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  4. Dokończyć skanerami online - Scanery do wyboru

  5. Pokazać nowy log :stuck_out_tongue:


(Kodo) #3
Logfile of HijackThis v1.99.1

Scan saved at 11:32, on 2005-12-13

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

D:\WINDOWS\SYSTEM\KERNEL32.DLL

D:\WINDOWS\SYSTEM\MSGSRV32.EXE

D:\WINDOWS\SYSTEM\MPREXE.EXE

D:\WINDOWS\HCOUNT.EXE

D:\WINDOWS\SYSTEM\MSTASK.EXE

D:\WINDOWS\SYSTEM\STIMON.EXE

D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAVSVC.EXE

D:\WINDOWS\SYSTEM\mmtask.tsk

D:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

D:\WINDOWS\EXPLORER.EXE

D:\WINDOWS\SYSTEM\INTERNAT.EXE

D:\WINDOWS\TASKMON.EXE

D:\WINDOWS\SYSTEM\SYSTRAY.EXE

D:\WINDOWS\SYSTEM\HIDSERV.EXE

D:\PROGRAM FILES\CREATIVE\NEWS\NEWSUPD.EXE

D:\WINDOWS\SYSTEM\WMIEXE.EXE

D:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE

D:\PROGRAM FILES\CREATIVE\AUDIO\PROGRAM\CTMIX32.EXE

D:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE

D:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE

D:\WINDOWS\LOADQM.EXE

D:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE

D:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE

D:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE

D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAV.EXE

D:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE

D:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE

D:\WINDOWS\SYSTEM\HPZIPM12.EXE

D:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE

D:\WINDOWS\SYSTEM\SPOOL32.EXE

D:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE

D:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE

D:\WINDOWS\SYSTEM\TAPISRV.EXE

D:\WINDOWS\SYSTEM\RNAAPP.EXE

D:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE

D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

D:\WINDOWS\SYSTEM\DDHELP.EXE

D:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

D:\PROGRAM FILES\GADU-GADU\GG.EXE

D:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - D:\WINDOWS\inet20096\3.00.11.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [Windows Millennium Edition Intro Video] D:\WINDOWS\Applic~1\Micros~1\Intro\content.hta

O4 - HKLM\..\Run: [SelfHostUtil] D:\WINDOWS\selfhost.exe /L

O4 - HKLM\..\Run: [ScanRegistry] D:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] D:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] D:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [NewsUpd] D:\Program Files\Creative\News\NewsUpd.EXE /q

O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [CreativeMixer] D:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [autoclk] autoclk.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "D:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"

O4 - HKLM\..\Run: [xp_system] D:\WINDOWS\INET20096\SERVICES.EXE

O4 - HKLM\..\Run: [Microsoft standard protector] D:\WINDOWS\INET20096\SOCKS.EXE 20096

O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe

O4 - HKLM\..\Run: [Anti Trojan Elite] D:\PROGRAM FILES\ANTI TROJAN ELITE\TJENDER.EXE :NO

O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize

O4 - HKLM\..\RunServices: [HiberMonitor] HCount.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] D:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [StillImageMonitor] D:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [kavsvc] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU\..\Run: [xp_system] D:\WINDOWS\INET20096\SERVICES.EXE

O4 - HKCU\..\Run: [PayTime] D:\WINDOWS\SYSTEM\paytime.exe

O4 - Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O12 - Plugin for .pdf: D:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.modgik.lodz.pl/Mapa/mgaxctrl.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\AutoCAD 2002 Plk\AcPreview.ocx

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://D:\Program Files\AutoCAD 2002 Plk\AcDcToday.ocx

O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Program Files\AutoCAD 2002 Plk\InstBanr.ocx

O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://D:\Program Files\AutoCAD 2002 Plk\InstFred.ocx

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_ansi.cab

(Gutek) #4

Powtóz instrukcję usuwania, większość wsakzanych plików przeze mnie sie powtarza :wink:


(Kodo) #5

no to jeszcze raz :? :shock:

i jak teraz?

Logfile of HijackThis v1.99.1

Scan saved at 03:02, on 2005-12-14

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

D:\WINDOWS\SYSTEM\KERNEL32.DLL

D:\WINDOWS\SYSTEM\MSGSRV32.EXE

D:\WINDOWS\SYSTEM\mmtask.tsk

D:\WINDOWS\SYSTEM\MPREXE.EXE

D:\WINDOWS\HCOUNT.EXE

D:\WINDOWS\SYSTEM\MSTASK.EXE

D:\WINDOWS\SYSTEM\STIMON.EXE

D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAVSVC.EXE

D:\WINDOWS\EXPLORER.EXE

D:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

D:\WINDOWS\SYSTEM\INTERNAT.EXE

D:\WINDOWS\TASKMON.EXE

D:\WINDOWS\SYSTEM\SYSTRAY.EXE

D:\WINDOWS\SYSTEM\HIDSERV.EXE

D:\PROGRAM FILES\CREATIVE\NEWS\NEWSUPD.EXE

D:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE

D:\PROGRAM FILES\CREATIVE\AUDIO\PROGRAM\CTMIX32.EXE

D:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE

D:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE

D:\WINDOWS\SYSTEM\WMIEXE.EXE

D:\WINDOWS\LOADQM.EXE

D:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE

D:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE

D:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE

D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL PRO\KAV.EXE

D:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE

D:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE

D:\WINDOWS\SYSTEM\HPZIPM12.EXE

D:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE

D:\WINDOWS\SYSTEM\SPOOL32.EXE

D:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE

D:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE

D:\WINDOWS\SYSTEM\TAPISRV.EXE

D:\WINDOWS\SYSTEM\RNAAPP.EXE

D:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE

D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

D:\WINDOWS\SYSTEM\DDHELP.EXE

D:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [Windows Millennium Edition Intro Video] D:\WINDOWS\Applic~1\Micros~1\Intro\content.hta

O4 - HKLM\..\Run: [SelfHostUtil] D:\WINDOWS\selfhost.exe /L

O4 - HKLM\..\Run: [ScanRegistry] D:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] D:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] D:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [NewsUpd] D:\Program Files\Creative\News\NewsUpd.EXE /q

O4 - HKLM\..\Run: [Disc Detector] D:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [CreativeMixer] D:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t

O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [autoclk] autoclk.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "D:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"

O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe

O4 - HKLM\..\Run: [Anti Trojan Elite] D:\PROGRAM FILES\ANTI TROJAN ELITE\TJENDER.EXE :NO

O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize

O4 - HKLM\..\RunServices: [HiberMonitor] HCount.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] D:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [StillImageMonitor] D:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\RunServices: [kavsvc] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Startup: HP Image Zone - szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL

O12 - Plugin for .pdf: D:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.modgik.lodz.pl/Mapa/mgaxctrl.cab

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\AutoCAD 2002 Plk\AcPreview.ocx

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://D:\Program Files\AutoCAD 2002 Plk\AcDcToday.ocx

O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Program Files\AutoCAD 2002 Plk\InstBanr.ocx

O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://D:\Program Files\AutoCAD 2002 Plk\InstFred.ocx

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_ansi.cab

(Gutek) #6

No juz Ok :wink:


(Kodo) #7

wielki dzięks Gutek :slight_smile: