Proszę o sprawdzenie loga... i małe pytanie


(Kamil Mi) #1

Nie mam pojęcia co robić dalej, przeinstalowuje windowsa chyba już 3 raz, 2 rzy formatowałem dysk, a włącze komputer pochodzi z 2 dni i znowu są na nim jakieś syfy:

  • co chwila wyskakuje jakaś ramka "preparing to active plugin"

  • strona główna zmienia się z każdym otwarciem systemu

  • wchodzę na jakoś stronę z wyszukiwarki włącza się strona innej wyszukiwarki jakiś optmiser

  • na pulpicie ikona z jakieś porno strony, a na żadną do ku**y nędzy nie wchodziłem

Chciałbym się jeszcze zapytać czy jeśli zainstaluje sobie "firefox'a", bęzie trochę lepiej?


Logfile of HijackThis v1.99.1

Scan saved at 13:48:19, on 2005-02-19

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:/WINDOWS/System32/smss.exe

C:/WINDOWS/system32/winlogon.exe

C:/WINDOWS/system32/services.exe

C:/WINDOWS/system32/lsass.exe

C:/WINDOWS/system32/svchost.exe

C:/WINDOWS/System32/svchost.exe

C:/WINDOWS/system32/spoolsv.exe

C:/WINDOWS/Mixer.exe

C:/WINDOWS/System32/RUNDLL32.EXE

C:/temp/salm.exe

C:/Program Files/AdTools Service/AdTools.exe

C:/WINDOWS/System32/gah95on6.exe

C:/Program Files/Win Comm/WinComm.exe

C:/WINDOWS/System32/ctfmon.exe

C:/Program Files/Messenger/msmsgs.exe

C:/Program Files/Win Comm/WinLock.exe

C:/Program Files/AdTools Service/AdToolsKeep.exe

C:/Program Files/KWORLD/MpegTV Station PCITV/RemoteCtl.exe

C:/WINDOWS/System32/nvsvc32.exe

C:/WINDOWS/System32/wuauclt.exe

C:/WINDOWS/System32/systime.exe

C:/WINDOWS/toolbar.exe

C:/WINDOWS/System32/ntddetect.exe

C:/WINDOWS/System32/systime.exe

C:/WINDOWS/toolbar.exe

C:/Documents and Settings/Misztal/Dane aplikacji/wctu.exe

C:/WINDOWS/explorer.exe

C:/WINDOWS/system32/r?gedit.exe

C:/Program Files/Internet Explorer/IEXPLORE.EXE

E:/Programy/Tlen.pl/tlen.exe

E:/hijackthis/HijackThis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = [http]

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/DOCUME~1/Misztal/USTAWI~1/Temp/se.dll/sp.html

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = about:blank

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = [http]

R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = [http]

R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/DOCUME~1/Misztal/USTAWI~1/Temp/se.dll/sp.html

R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = about:blank

R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page = [http]

R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = about:blank

R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = about:blank

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Local Page = [http]

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,HomeOldSP = about:blank

R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Local Page = [http]

R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)

O1 - Hosts: 127.0.0.3 [www.greg-tut.com]

O1 - Hosts: 127.0.0.3 nylonsexy.com

O1 - Hosts: 127.0.0.3 [www.nylonsexy.com]

O1 - Hosts: 127.0.0.3 vparivalka.com

O1 - Hosts: 127.0.0.3 [www.vparivalka.comtoescrowpay.com]

O1 - Hosts: 127.0.0.3 [www.awmdabest.com]

O1 - Hosts: 127.0.0.3 [www.sexfiles.nu]

O1 - Hosts: 127.0.0.3 awmdabest.com

O1 - Hosts: 127.0.0.3 sexfiles.nu

O1 - Hosts: 127.0.0.3 allforadult.com

O1 - Hosts: 127.0.0.3 [www.allforadult.com]

O1 - Hosts: 127.0.0.3 [www.iframe.biz]

O1 - Hosts: 127.0.0.3 iframe.biz

O1 - Hosts: 127.0.0.3 [www.newiframe.biz]

O1 - Hosts: 127.0.0.3 newiframe.biz

O1 - Hosts: 127.0.0.3 [www.vesbiz.biz]

O1 - Hosts: 127.0.0.3 vesbiz.biz

O1 - Hosts: 127.0.0.3 [www.****ato.biz]

O1 - Hosts: 127.0.0.3 ****ato.biz

O1 - Hosts: 127.0.0.3 [www.aaasexypics.com]

O1 - Hosts: 127.0.0.3 aaasexypics.com

O1 - Hosts: 127.0.0.3 [www.virgin-tgp.net]

O1 - Hosts: 127.0.0.3 virgin-tgp.net

O1 - Hosts: 127.0.0.3 [www.awmcash.biz]

O1 - Hosts: 127.0.0.3 awmcash.biz

O1 - Hosts: 127.0.0.3 buldog-stats.com

O1 - Hosts: 127.0.0.3 [www.buldog-stats.com]

O1 - Hosts: 127.0.0.3 fregat.drocherway.com

O1 - Hosts: 127.0.0.3 slutmania.biz

O1 - Hosts: 127.0.0.3 [www.slutmania.biz]

O1 - Hosts: 127.0.0.3 toolbarpartner.com

O1 - Hosts: 127.0.0.3 [www.toolbarpartner.com]

O1 - Hosts: 127.0.0.3 [www.megapornix.com]

O1 - Hosts: 127.0.0.3 megapornix.com

O1 - Hosts: 127.0.0.3 [www.sp2fucked.biz]

O1 - Hosts: 127.0.0.3 sp2fucked.biz

O1 - Hosts: 127.0.0.3 greg-tut.com

O1 - Hosts: [http]

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:/WINDOWS/nem220.dll

O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:/WINDOWS/cerbmod.dll

O2 - BHO: (no name) - {4CF4965C-3648-4CEB-8713-95F3F365F9A9} - C:/WINDOWS/System32/iimi.dll

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O2 - BHO: (no name) - {F88DD224-6EEB-4F6F-B2FA-676471A84890} - C:/WINDOWS/System32/qdevulm.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx

O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:/Program Files/IEMenuExtension/tbextn.dll

O4 - HKLM/../Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup

O4 - HKLM/../Run: [nwiz] nwiz.exe /install

O4 - HKLM/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NvMcTray.dll,NvTaskbarInit

O4 - HKLM/../Run: [salm] c:/temp/salm.exe

O4 - HKLM/../Run: [pufirsp] C:/WINDOWS/pufirsp.exe

O4 - HKLM/../Run: [AdTools Service] C:/Program Files/AdTools Service/AdTools.exe

O4 - HKLM/../Run: [gah95on6] C:/WINDOWS/System32/gah95on6.exe

O4 - HKLM/../Run: [Win Comm] C:/Program Files/Win Comm/WinComm.exe

O4 - HKLM/../Run: [sysTime] C:/WINDOWS/System32/systime.exe

O4 - HKLM/../Run: [ntddetect] C:/WINDOWS/System32/ntddetect.exe

O4 - HKLM/../Run: [surfSideKick 2] C:/Program Files/SurfSideKick 2/Ssk.exe

O4 - HKLM/../Run: [iE Menu Extension toolbar] rundll32.exe "C:/PROGRA~1/IEMENU~1/tbextn.dll" DllShowTB

O4 - HKLM/../RunServices: [ntddetect] C:/WINDOWS/System32/ntddetect.exe

O4 - HKLM/../RunOnce: [Ad-aware] "C:/Program Files/Lavasoft/Ad-aware 6/Ad-aware.exe" "+b1"

O4 - HKCU/../Run: [CTFMON.EXE] C:/WINDOWS/System32/ctfmon.exe

O4 - HKCU/../Run: [MSMSGS] "C:/Program Files/Messenger/msmsgs.exe" /background

O4 - HKCU/../Run: [Gadu-Gadu] "D:/Gadu-Gadu/gg.exe" /tray

O4 - HKCU/../Run: [Komunikator] E:/Programy/Tlen.pl/tlen.exe

O4 - HKCU/../Run: [sysTime] C:/WINDOWS/System32/systime.exe

O4 - HKCU/../Run: [ntddetect] C:/WINDOWS/System32/ntddetect.exe

O4 - HKCU/../Run: [bawo] C:/Documents and Settings/Misztal/Dane aplikacji/wctu.exe

O4 - HKCU/../Run: [surfSideKick 2] C:/Program Files/SurfSideKick 2/Ssk.exe

O4 - HKCU/../Run: [Eajqnb] C:/WINDOWS/System32/r?gedit.exe

O4 - Global Startup: MpegTV Station PCITV Remote Control.lnk = C:/Program Files/KWORLD/MpegTV Station PCITV/RemoteCtl.exe

O4 - Global Startup: Microsoft Office.lnk = C:/Program Files/Microsoft Office/Office10/OSA.EXE

O8 - Extra context menu item: Download All by FlashGet - E:/Programy/FlashGet/jc_all.htm

O8 - Extra context menu item: Download using FlashGet - E:/Programy/FlashGet/jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:/PROGRA~1/MICROS~2/Office10/EXCEL.EXE/3000

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: 213.159.117.202 (HKLM)

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:/nosuxxx.mht![http]

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - [http]

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - [http]

O20 - Winlogon Notify: drct16 - C:/WINDOWS/SYSTEM32/drct16.dll

O20 - Winlogon Notify: WebCheck - C:/WINDOWS/system32/slnscfg.dll

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:/WINDOWS/System32/nvsvc32.exe


(Musg) #2

O20 - Winlogon Notify: drct16 - C:/WINDOWS/SYSTEM32/drct16.dll

O20 - Winlogon Notify: WebCheck - C:/WINDOWS/system32/slnscfg.dll

A dlaczego ma wywalic te aplikacje????????


(Qbek50) #3

do kasacji:

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: 213.159.117.202 (HKLM


(boczi) #4

Oczywiście, będzie lepiej. Zmień browsera.

Zainstaluj koniecznie Service Pack 2.

A to usuwasz, w trybie awaryjnym najlepiej [F8]:

C:/temp/salm.exe

   	C:/Program Files/AdTools Service/AdTools.exe

   	C:/WINDOWS/System32/gah95on6.exe

C:/Program Files/Win Comm/WinComm.exe

   	C:/Program Files/Win Comm/WinLock.exe

   	C:/Program Files/AdTools Service/AdToolsKeep.exe

   	C:/WINDOWS/System32/systime.exe

C:/WINDOWS/toolbar.exe

   	C:/WINDOWS/System32/ntddetect.exe

   	C:/WINDOWS/System32/systime.exe

   	C:/WINDOWS/toolbar.exe

   	C:/Documents and Settings/Misztal/Dane aplikacji/wctu.exe

   	C:/WINDOWS/system32/r?gedit.exe

   	R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = [http]

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/DOCUME~1/Misztal/USTAWI~1/Temp/se.dll/sp.html

   	R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = [http]

   	R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = [http]

R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/DOCUME~1/Misztal/USTAWI~1/Temp/se.dll/sp.html

R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page = [http]

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Local Page = [http]

   	R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Local Page = [http]

   	R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)

O1 - Hosts: 127.0.0.3 [www.greg-tut.com]

O1 - Hosts: 127.0.0.3 nylonsexy.com

O1 - Hosts: 127.0.0.3 [www.nylonsexy.com]

O1 - Hosts: 127.0.0.3 vparivalka.com

O1 - Hosts: 127.0.0.3 [www.vparivalka.comtoescrowpay.com]

O1 - Hosts: 127.0.0.3 [www.awmdabest.com]

O1 - Hosts: 127.0.0.3 [www.sexfiles.nu]

O1 - Hosts: 127.0.0.3 awmdabest.com

O1 - Hosts: 127.0.0.3 sexfiles.nu

O1 - Hosts: 127.0.0.3 allforadult.com

O1 - Hosts: 127.0.0.3 [www.allforadult.com]

O1 - Hosts: 127.0.0.3 [www.iframe.biz]

O1 - Hosts: 127.0.0.3 iframe.biz

O1 - Hosts: 127.0.0.3 [www.newiframe.biz]

O1 - Hosts: 127.0.0.3 newiframe.biz

O1 - Hosts: 127.0.0.3 [www.vesbiz.biz]

O1 - Hosts: 127.0.0.3 vesbiz.biz

O1 - Hosts: 127.0.0.3 [www. **** ato.biz]

O1 - Hosts: 127.0.0.3 **** ato.biz

O1 - Hosts: 127.0.0.3 [www.aaasexypics.com]

O1 - Hosts: 127.0.0.3 aaasexypics.com

O1 - Hosts: 127.0.0.3 [www.virgin-tgp.net]

O1 - Hosts: 127.0.0.3 virgin-tgp.net

O1 - Hosts: 127.0.0.3 [www.awmcash.biz]

O1 - Hosts: 127.0.0.3 awmcash.biz

O1 - Hosts: 127.0.0.3 buldog-stats.com

O1 - Hosts: 127.0.0.3 [www.buldog-stats.com]

O1 - Hosts: 127.0.0.3 fregat.drocherway.com

O1 - Hosts: 127.0.0.3 slutmania.biz

O1 - Hosts: 127.0.0.3 [www.slutmania.biz]

O1 - Hosts: 127.0.0.3 toolbarpartner.com

O1 - Hosts: 127.0.0.3 [www.toolbarpartner.com]

O1 - Hosts: 127.0.0.3 [www.megapornix.com]

O1 - Hosts: 127.0.0.3 megapornix.com

O1 - Hosts: 127.0.0.3 [www.sp2fucked.biz]

O1 - Hosts: 127.0.0.3 sp2fucked.biz

O1 - Hosts: 127.0.0.3 greg-tut.com 

   	O1 - Hosts: [http]

   	O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:/WINDOWS/nem220.dll

   	O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:/WINDOWS/cerbmod.dll

 	O2 - BHO: (no name) - {4CF4965C-3648-4CEB-8713-95F3F365F9A9} - C:/WINDOWS/System32/iimi.dll

   	O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) Unnecessarily

   	O2 - BHO: (no name) - {F88DD224-6EEB-4F6F-B2FA-676471A84890} - C:/WINDOWS/System32/qdevulm.dll

   	O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:/Program Files/IEMenuExtension/tbextn.dll

O4 - HKLM/../Run: [salm] c:/temp/salm.exe

 	O4 - HKLM/../Run: [pufirsp] C:/WINDOWS/pufirsp.exe

   	O4 - HKLM/../Run: [AdTools Service] C:/Program Files/AdTools Service/AdTools.exe

   	O4 - HKLM/../Run: [gah95on6] C:/WINDOWS/System32/gah95on6.exe

   	O4 - HKLM/../Run: [Win Comm] C:/Program Files/Win Comm/WinComm.exe

   	O4 - HKLM/../Run: [SysTime] C:/WINDOWS/System32/systime.exe

O4 - HKLM/../Run: [ntddetect] C:/WINDOWS/System32/ntddetect.exe

O4 - HKLM/../Run: [SurfSideKick 2] C:/Program Files/SurfSideKick 2/Ssk.exe

   	O4 - HKLM/../Run: [IE Menu Extension toolbar] rundll32.exe "C:/PROGRA~1/IEMENU~1/tbextn.dll" DllShowTB

O4 - HKLM/../RunServices: [ntddetect] C:/WINDOWS/System32/ntddetect.exe Unknown

   	O4 - HKCU/../Run: [SysTime] C:/WINDOWS/System32/systime.exe

 	O4 - HKCU/../Run: [ntddetect] C:/WINDOWS/System32/ntddetect.exe

O4 - HKCU/../Run: [Bawo] C:/Documents and Settings/Misztal/Dane aplikacji/wctu.exe

   	O4 - HKCU/../Run: [SurfSideKick 2] C:/Program Files/SurfSideKick 2/Ssk.exe

   	O4 - HKCU/../Run: [Eajqnb] C:/WINDOWS/System32/r?gedit.exe

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM) 

   	O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: 213.159.117.202 (HKLM)

   	O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:/nosuxxx.mht![http]

   	O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - [http]

   	O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - [http] Nasty

   	O20 - Winlogon Notify: drct16 - C:/WINDOWS/SYSTEM32/drct16.dll

   	O20 - Winlogon Notify: WebCheck - C:/WINDOWS/system32/slnscfg.dll

Widzę, że nie znasz podstawowych zasad niebezpieczeńśtwa. Dodatkowo koniecznie instalujesz antywirusa oraz firewalla!