Proszę o sprawdzenie loga-Your computer is infected! Pomocy


(Bos Sebastian) #1

wyświetla mi się na pasku zadań informacja Your computer is infected

żadne programy antywirusowe nic nie wykryły

Logfile of HijackThis v1.99.1

Scan saved at 14:26:51, on 2005-11-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\mssearchnet.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\program files\multires\multires.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\Program Files\Opera\Opera.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\SEBAST~1\USTAWI~1\Temp\Rar$EX88.640\HijackThis.exe


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.telpol.net.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - (no file)

R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

O1 - Hosts: 85.128.138.124 www.telpol.net.pl

O1 - Hosts: 80.245.197.244 www.opera.pl

O1 - Hosts: 193.69.116.49 www.opera.com

O1 - Hosts: 207.46.250.116 shell.windows.com

O1 - Hosts: 204.157.7.84 filext.com

O1 - Hosts: 64.21.125.112 www.megastacja.net

O1 - Hosts: 62.75.216.126 www.pobieralnia.pl

O1 - Hosts: 221.229.127.119 download.bitcomet.com

O1 - Hosts: 83.149.73.25 www.overp2p.com

O1 - Hosts: 213.241.69.3 www.fullinstaller.a4.pl

O1 - Hosts: 83.149.73.130 www.fnt.pl

O1 - Hosts: 69.31.81.58 astalavista.box.sk

O1 - Hosts: 64.94.136.198 www.properhosting.net

O1 - Hosts: 66.111.54.180 www.cracksoft.com

O1 - Hosts: 69.93.242.90 www.esdirecto.com

O1 - Hosts: 66.111.54.182 www.alvensis.com

O1 - Hosts: 210.21.110.19 www.wqsky.com

O1 - Hosts: 80.87.206.99 freeserials.spb.ru

O1 - Hosts: 70.85.90.228 www.zionteam.ultrahost.pl

O1 - Hosts: 212.85.103.106 www.getinbank.pl

O1 - Hosts: 217.148.89.23 www.swiatopinii.com

O1 - Hosts: 4.78.20.4 jcontent.bns1.net

O1 - Hosts: 217.79.144.106 napisy.info

O1 - Hosts: 217.8.180.174 www.elektroda.pl

O1 - Hosts: 193.108.177.108 www.kartykredytowe.pl

O1 - Hosts: 83.17.80.50 spin.siedziba.pl

O1 - Hosts: 217.153.56.87 auto.search.msn.com

O1 - Hosts: 66.249.93.99 pagead2.googlesyndication.com

O1 - Hosts: 217.172.45.178 napisy.qwe.pl

O1 - Hosts: 217.172.44.226 www.podreczniki-gandalf.pl

O1 - Hosts: 213.218.116.36 www.merlin.com.pl

O1 - Hosts: 83.220.96.17 www.granie.eraomnix.pl

O1 - Hosts: 207.46.20.30 www.microsoft.com

O1 - Hosts: 205.209.152.85 mapa-polski-nec-java-download.nx.waw.pl

O1 - Hosts: 62.129.240.106 www.stopwariatom.pl

O1 - Hosts: 213.77.36.227 www.kujawski.pl

O1 - Hosts: 212.85.113.3 grakujawski.home.pl

O1 - Hosts: 69.1.72.252 foot.medicine-pills-health.com

O1 - Hosts: 66.230.190.146 www.tgpgallshost.com

O1 - Hosts: 198.65.164.240 mmm100.com

O1 - Hosts: 209.237.241.60 www.fuck-portal.com

O1 - Hosts: 64.156.213.198 iframe.adultfriendfinder.com

O1 - Hosts: 67.19.45.212 maycom.pl

O1 - Hosts: 217.30.156.59 www.asset.com.pl

O1 - Hosts: 85.128.165.30 www.canex.pl

O1 - Hosts: 80.190.214.119 www.telesfor.galicja.pl

O1 - Hosts: 83.149.101.180 www.megum.pl

O1 - Hosts: 81.210.38.173 firmy.pkt.pl

O1 - Hosts: 212.85.106.155 www.alan.pl

O1 - Hosts: 70.84.177.195 www.astra.media.pl

O1 - Hosts: 213.180.130.203 secure.onet.pl

O1 - Hosts: 213.180.130.201 webmajster.republika.onet.pl

O1 - Hosts: 12.5.107.146 www.uniden.com

O1 - Hosts: 193.23.48.134 www.allegro.pl

O1 - Hosts: 85.232.225.241 badania.hit.gemius.pl

O1 - Hosts: 67.18.222.66 www.moldo.pl

O1 - Hosts: 213.133.115.131 274833.myshoutbox.com

O1 - Hosts: 212.160.153.194 www.e-notebook.com.pl

O1 - Hosts: 217.97.235.10 jik.bazarek.pl

O1 - Hosts: 67.19.158.229 www.first-polska.com.pl

O1 - Hosts: 83.149.104.97 www. ********.pl

O1 - Hosts: 62.25.98.57 www.oki.com.pl

O1 - Hosts: 213.241.70.2 www.adampol.pl

O1 - Hosts: 80.55.8.90 80.55.8.90

O1 - Hosts: 195.205.26.85 www.eltersc.pl

O1 - Hosts: 209.0.144.12 www.shockingparties.com

O1 - Hosts: 212.239.40.78 212.239.40.78

O1 - Hosts: 63.236.75.87 www.popularscreensavers.com

O1 - Hosts: 62.250.9.72 www.tomtom.com

O1 - Hosts: 212.85.104.156 www.bajtel.pl

O1 - Hosts: 217.74.65.68 www.interia.pl

O1 - Hosts: 195.205.29.20 amt.ct.com.pl

O1 - Hosts: 72.9.235.108 www.exeemsite.com

O1 - Hosts: 67.15.101.8 gryonline.wp.pl

O1 - Hosts: 67.15.101.3 i.gryonline.wp.pl

O1 - Hosts: 217.17.36.244 megapanel.gem.pl

O1 - Hosts: 82.165.194.16 www.arctic.com

O1 - Hosts: 66.249.85.99 www.google.pl

O1 - Hosts: 157.25.56.19 www.pspolska.pl

O1 - Hosts: 194.116.252.20 www.autostrefa.pl

O1 - Hosts: 80.53.90.98 www.automix.pl

O1 - Hosts: 195.149.227.250 bron.pl

O1 - Hosts: 63.236.66.24 www.myfuncards.com

O1 - Hosts: 212.2.96.155 www.simplus.pl

O1 - Hosts: 193.83.75.5 www.megamuza.simplus.pl

O1 - Hosts: 207.250.236.120 pops.freeze.com

O1 - Hosts: 209.208.193.226 ad.yieldmanager.com

O1 - Hosts: 207.250.236.107 register.screensaver.com

O1 - Hosts: 66.77.124.20 www.doommovie.com

O1 - Hosts: 66.152.93.119 www.ysbweb.com

O1 - Hosts: 62.23.84.252 iem-pl-candidate.adeccoweb.net

O1 - Hosts: 66.194.38.206 advnt05.com

O1 - Hosts: 66.77.63.110 www.sonypictures.com

O1 - Hosts: 62.42.232.207 shop.pandasoftware.com

O1 - Hosts: 157.25.56.83 www.hbozabawa.pl

O1 - Hosts: 213.158.196.6 www.era.pl

O1 - Hosts: 213.158.196.13 i-boa.era.pl

O1 - Hosts: 213.158.194.150 www.eraomnix.pl

O1 - Hosts: 193.108.177.68 www.bph.pl

O1 - Hosts: 193.219.28.105 www.pandasoftware.com

O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\system32\hpF4F0.tmp

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll

O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)

O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [MultiRes] c:\program files\multires\multires.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Tłumacz na angielski - {CCCE5D70-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra 'Tools' menuitem: Tłumacz na angielski - {CCCE5D70-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra button: Tłumacz na polski - {CCCE5D71-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra 'Tools' menuitem: Tłumacz na polski - {CCCE5D71-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra button: Zachowaj przetłumaczoną stronę - {CCCE5D72-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)

O9 - Extra 'Tools' menuitem: Zachowaj przetłumaczoną stronę - {CCCE5D72-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122725231281

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_25.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5


(Gutek) #2

  1. Wyłączyć Przywracanie systemu w XP TU

  2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.

  4. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  5. Dokończyć skanerami online - Scanery do wyboru

  6. Pokazać nowy log :stuck_out_tongue:

Na ten syf co masz jest automat wpis i plik z O2: smitrem.exe. a opis działania TUTAJ


(Bos Sebastian) #3

trochę się pospieszyłem użyłem vundofix oraz spyware doctor pomogło badziewie znikło log wygląda tak

Logfile of HijackThis v1.99.1

Scan saved at 07:25:21, on 2005-11-15

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\SEBAST~1\USTAWI~1\Temp\Rar$EX00.750\HijackThis.exe


O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

(Gutek) #4

odinstaluj Spyware Doctor napisałem jak wyżej :wink: