Proszę o sprawdzenie loga

krecik10 · 26 Kwiecień 2005 17:55

Logfile of HijackThis v1.99.0

Scan saved at 17:21:17, on 2005-04-26

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\System32\nvsvc32.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Winamp\winampa.exe

E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe

E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

E:\Program Files\HP\hpcoretech\hpcmpmgr.exe

E:\WINDOWS\System32\hphmon06.exe

E:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

E:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe

E:\Program Files\Common Files\Real\Update_OB\realsched.exe

E:\Program Files\RamCleaner\RamCleaner.exe

E:\PROGRA~1\GADU-G~1\gg.exe

E:\Program Files\Tlen.pl\tlen.exe

E:\Program Files\Messenger\msmsgs.exe

E:\Program Files\Skype\Phone\Skype.exe

E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

E:\WINDOWS\System32\HPZipm12.exe

E:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe

E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

E:\Program Files\WinAce\WinAce.exe

E:\Program Files\eMule\emule.exe

E:\Program Files\WinAce\WinAce.exe

c:\dkload.exe

E:\WINDOWS\tool.exe

E:\Program Files\totalcmd\TOTALCMD.EXE

E:\Downloads\HijackThis.exe

E:\WINDOWS\System32\paytime.exe

E:\WINDOWS\System32\tibs.exe

c:\125016.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe

O4 - HKLM…\Run: [HPHUPD06] E:\Program Files\HP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM…\Run: [HP Software Update] “E:\Program Files\HP\HP Software Update\HPWuSchd2.exe”

O4 - HKLM…\Run: [HP Component Manager] “E:\Program Files\HP\hpcoretech\hpcmpmgr.exe”

O4 - HKLM…\Run: [HPHmon06] E:\WINDOWS\System32\hphmon06.exe

O4 - HKLM…\Run: [CamMonitor] E:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM…\Run: [share-to-Web Namespace Daemon] E:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM…\Run: [TkBellExe] “E:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKCU…\Run: [RamCleaner] E:\Program Files\RamCleaner\RamCleaner.exe

O4 - HKCU…\Run: [Gadu-Gadu] “E:\PROGRA~1\GADU-G~1\gg.exe” /tray

O4 - HKCU…\Run: [Komunikator] E:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [MSMSGS] “E:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [skype] “E:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\digital imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = E:\Program Files\HP\digital imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microtek Scanner Finder.lnk = E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - E:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - E:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.xxxtoolbar.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.blazefind.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchbarcash.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotch.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 81.222.131.59

O15 - Trusted IP range: 81.222.131.59 (HKLM)

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} -

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip…{CB7772EA-F6F7-416D-85F6-1424BC6ABAF6}: NameServer = 80.244.128.1,195.136.250.201

O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - E:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\System32\HPZipm12.exe

musg · 26 Kwiecień 2005 18:12

to ciachasz kosmetycznie hijackiem

nastepnie sciagasz program:

http://www.searchengines.pl/phpbb203/in … ost&id=459

i wywalasz:

krecik10:

O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 81.222.131.59 O15 - Trusted IP range: 81.222.131.59 (HKLM)

nastepnie zainstaluj sp2

http://www.microsoft.com/poland/windows … fault.mspx

i daj raz jeszcze log

pamietaj o wylaczeniu przywracania systemu podczas usuwania

wywal jeszcze:

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} -

Phylby · 26 Kwiecień 2005 19:13

Najnowsza wersja HijackThis http://www.dobreprogramy.pl/index.php?dz=2&id=730&t=82

A Ty masz jakiegoś anyt witursa ?? Bo Sp2 to na pewmo brak.

Sprawdż jeszcze system programem :

Hitman Pro 2

http://forum.dobreprogramy.pl/viewtopic.php?t=23036 na dole.

Gutek · 26 Kwiecień 2005 20:22

LUDZIE analizujcie dokłądnie wpisy 015 nie robią sie od tak:

krecik10 · 26 Kwiecień 2005 21:07

Logfile of HijackThis v1.99.0

Scan saved at 23:02:26, on 2005-04-26

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.exe

E:\Program Files\Winamp\winampa.exe

E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe

E:\Program Files\HP\HP Software Update\HPWuSchd2.exe

E:\Program Files\HP\hpcoretech\hpcmpmgr.exe

E:\WINDOWS\System32\hphmon06.exe

E:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

E:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe

E:\Program Files\Common Files\Real\Update_OB\realsched.exe

E:\Program Files\RamCleaner\RamCleaner.exe

E:\PROGRA~1\GADU-G~1\gg.exe

E:\Program Files\Tlen.pl\tlen.exe

E:\Program Files\Messenger\msmsgs.exe

E:\Program Files\Skype\Phone\Skype.exe

E:\Documents and Settings\Renia\Dane aplikacji\temh.exe

E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

E:\WINDOWS\System32\nvsvc32.exe

E:\WINDOWS\System32\svchost.exe

E:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe

E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

E:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

E:\WINDOWS\System32\HPZipm12.exe

E:\WINDOWS\System32\msiexec.exe

E:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\Program Files\totalcmd\TOTALCMD.EXE

E:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=Explorer.exe init32m.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll

O2 - BHO: (no name) - {E9ADADF0-693D-4E9E-6805-6BB35BB90DC4} - E:\WINDOWS\System32\paws.dll