Proszę o sprawdzenie loga


(Bbieniol) #1

Proszę o sprawdzenie logów:

Logfile of HijackThis v1.99.1

Scan saved at 20:03:58, on 2005-06-26

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

G:\WINDOWS\System32\smss.exe

G:\WINDOWS\system32\winlogon.exe

G:\WINDOWS\system32\services.exe

G:\WINDOWS\system32\lsass.exe

G:\WINDOWS\system32\svchost.exe

G:\WINDOWS\System32\svchost.exe

G:\WINDOWS\Explorer.EXE

G:\WINDOWS\system32\LEXBCES.EXE

G:\WINDOWS\system32\LEXPPS.EXE

G:\WINDOWS\system32\spoolsv.exe

G:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

G:\Program Files\AVPersonal\AVWUPSRV.EXE

G:\WINDOWS\System32\nvsvc32.exe

G:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

G:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

G:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

G:\WINDOWS\System32\svchost.exe

G:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

G:\Program Files\ISTsvc\istsvc.exe

G:\WINDOWS\System32\wyyqadi.exe

G:\Program Files\TimeSink\AdGateway\TsAdBot.exe

G:\WINDOWS\System32\rundll32.exe

G:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

G:\Program Files\Common Files\CMEII\CMESys.exe

G:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE

G:\WINDOWS\fmehqfkj.exe

G:\Program Files\Windows ControlAd\WinCtlAd.exe

G:\Program Files\Windows ControlAd\WinCtlAdAlt.exe

C:\Program Files\Hounow\Frfjyu.exe

G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

G:\Program Files\Common Files\Real\Update_OB\realsched.exe

G:\Program Files\Netropa\Onscreen Display\OSD.exe

G:\Program Files\p2dpldql\p2dpldql.exe

G:\Program Files\Common Files\GMT\GMT.exe

G:\WINDOWS\System32\ctfmon.exe

G:\Program Files\Messenger\msmsgs.exe

G:\Program Files\Tlen.pl\tlen.exe

G:\Program Files\eMule\emule.exe

G:\GG\Gadu-Gadu\gg.exe

G:\Program Files\PrecisionTime\PrecisionTime.exe

G:\Program Files\Web_Rebates\WebRebates1.exe

G:\Program Files\Web_Rebates\WebRebates0.exe

G:\Program Files\p2dpldql\90410464.exe

G:\Program Files\p2dpldql\p2dpldql.exe

G:\Program Files\Winamp\Winamp.exe

G:\Program Files\Internet Explorer\iexplore.exe

G:\Documents and Settings\Właściciel\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c=27440&b=17862&t=0&ce=DI&m=NDgwNzg4NDcx&ver=2.1.0.0

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=56715

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.interia.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - G:\Program Files\TV Media\TvmBho.dll

O2 - BHO: (no name) - {00000000-0000-4264-B53D-C12A5B12C6AE} - G:\Program Files\p2dpldql\p2dpldql.dll

O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - G:\WINDOWS\localNRD.dll

O2 - BHO: (no name) - {019DDCE3-8DC2-4652-837D-BFB78E366055} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {03403D7B-9544-4064-B467-5BA004CF2B33} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {08258A8F-2B44-4F91-988B-D5F7A93E5204} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {0B704A82-D0A3-4CC4-844C-4D6F9D39E639} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {0DFDB1C9-E60F-4450-B3C0-5CC28327AEC6} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {19B5DAF9-DDF7-47AF-AAE0-1BD54321470C} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - G:\PROGRA~1\SEARCH~2\SEARCH~1.DLL

O2 - BHO: (no name) - {2BA6343E-A56D-4233-ADA8-3ACDD5D9F9E2} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {39007C89-8C17-4441-92D5-FEB6D40C147E} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {4082A14A-409F-41C6-980A-E9F1DCE968FD} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - G:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: (no name) - {4ED8FEC8-757E-4B26-855B-AE0AEF983F86} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {64DF599C-46FA-48EF-ADD4-B1FF1B5F54E3} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {7360A404-008A-4CD7-BFFE-1FB5B46C0DA4} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {75303F7D-6288-4623-8B5C-C03B7BAFDC0C} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {75B25F07-0638-4879-A1AE-1DBE5936FE9A} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {7E1070D4-1039-4F29-A6FC-25A7162ECC64} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {82B4BDD4-1BCB-4DE6-BD7F-E207D2ABDC7F} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {932E3053-FBD0-48F8-8B8F-3C355184436F} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {B2D29AFE-F77E-418B-B331-64C5381C13BF} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {B4E9E244-397B-401A-9914-D583C247C609} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {BB92270A-83CC-494A-BBDE-EF184F7D4C2E} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {BF48B5C8-98CE-4698-945D-DA1A8893C34F} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {C1A45403-D3F2-4E30-9527-FFBD1DC5C9A4} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {C3246E82-A38D-43A5-951B-10B7CC43E49E} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {DAA9677E-7F04-42FC-9AF5-0DEDA42985FE} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {E8A8ED89-E9DD-42A9-A570-E34656CFD13D} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {EEDC3C0C-0040-4448-8939-55B86958AA09} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {F2D79E8C-0756-46EE-9BF9-B1CDDE692A55} - G:\Program Files\CSBB\CSBB.dll (file missing)

O2 - BHO: (no name) - {F3049A23-19DD-4689-A2EA-21B69A716DBA} - G:\Program Files\CSBB\CSBB.dll (file missing)

O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - G:\Program Files\ISTbar\istbar.dll (file missing)

O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - G:\Program Files\DashBar\DashBar21.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [windows auto update] msblast.exe

O4 - HKLM\..\Run: [IST Service] G:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [Internet Optimizer] "G:\Program Files\Internet Optimizer\optimize313.exe"

O4 - HKLM\..\Run: [kfaedobki] G:\WINDOWS\System32\wyyqadi.exe

O4 - HKLM\..\Run: [conscorr] G:\WINDOWS\conscorr.exe

O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe

O4 - HKLM\..\Run: [B3570A33] G:\WINDOWS\System32\gjugpzraijqtiv.exe

O4 - HKLM\..\Run: [TimeSink Ad Client] "G:\Program Files\TimeSink\AdGateway\TsAdBot.exe"

O4 - HKLM\..\Run: [New.net Startup] rundll32 G:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [AVGCtrl] "G:\Program Files\AVPersonal\AVGNT.EXE" /min

O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] G:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [TV Media] G:\Program Files\TV Media\Tvm.exe

O4 - HKLM\..\Run: [Lexmark 2200 Series] "G:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "G:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [CMESys] "G:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKLM\..\Run: [AQ3HelperStartUp] G:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3

O4 - HKLM\..\Run: [NeroCheck] G:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WebRebates0] "G:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [brLdb] G:\WINDOWS\fmehqfkj.exe

O4 - HKLM\..\Run: [Windows ControlAd] G:\Program Files\Windows ControlAd\WinCtlAd.exe

O4 - HKLM\..\Run: [˘‰¸K0¨4W

}ďÁzî[8G:\Program Files\ISTsvc\istsvc.exe] G:\WINDOWS\fmehqfkj.exe

O4 - HKLM\..\Run: [˘‰¸K0Ô@ÔÁÔ]§ú"ü‰üžiG:\Program Files\ISTsvc\istsvc.exe] G:\WINDOWS\fmehqfkj.exe

O4 - HKLM\..\Run: [˘‰¸K0Ô@ÔÁÔ]§ú"ü‰¸K0G:\Program Files\ISTsvc\istsvc.exe] G:\WINDOWS\fmehqfkj.exe

O4 - HKLM\..\Run: [˘‰¸K0Ô@ÔÁÔÁÔ]§ú"ü‰üG:\Program Files\ISTsvc\istsvc.exe] G:\WINDOWS\fmehqfkj.exe

O4 - HKLM\..\Run: [˘‰¸K0Ô@ÔÁÔÁÔ]§ú"ü‰¸G:\Program Files\ISTsvc\istsvc.exe] G:\WINDOWS\fmehqfkj.exe

O4 - HKLM\..\Run: [˘‰¸K0¨4W

}ďÁzîžigÝG:\Program Files\ISTsvc\istsvc.exe] G:\WINDOWS\fmehqfkj.exe

O4 - HKLM\..\Run: [Fsltfwgv] C:\Program Files\Hounow\Frfjyu.exe

O4 - HKLM\..\Run: [˘‰¸K0ÔÁÔ]§ú"ü‰üžigÝG:\Program Files\ISTsvc\istsvc.exe] G:\WINDOWS\fmehqfkj.exe

O4 - HKLM\..\Run: [RemoteControl] "G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [SCANINICIO] "G:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "G:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [WINTASKS] taskgmr.exe

O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [wpkontakt] G:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe -autostart

O4 - HKLM\..\Run: [p2dpldql] G:\Program Files\p2dpldql\p2dpldql.exe

O4 - HKLM\..\RunServices: [WINTASKS] taskgmr.exe

O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Komunikator] G:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [TV Media] G:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\Run: [Skype] "G:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WINTASKS] taskgmr.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "G:\GG\Gadu-Gadu\PowerGG.exe"

O4 - HKCU\..\Run: [eMuleAutoStart] G:\Program Files\eMule\emule.exe -AutoStart

O4 - Global Startup: GStartup.lnk = G:\Program Files\Common Files\GMT\GMT.exe

O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: PrecisionTime.lnk = G:\Program Files\PrecisionTime\PrecisionTime.exe

O8 - Extra context menu item: &Google Search - res://g:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://g:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://g:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://g:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://g:\program files\google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Web Rebates - file://G:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINDOWS\web\related.htm

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=7fd1b1487ea24557e81cb1f266ef2780947d11d735d3f73d567bbcc1cd65aeb860d24e26488494fe11db2684f9909f72dc77fd77a214:2e5848e0a9d3ad577e6a6478c1291781

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://advnt01.com/dialer/russia.CAB

O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} - http://megapanel.gem.pl/temp/netp/9487/9946/5354/8800/5_9487994653548800.ocx

O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AFFBB} - http://esb.alcena.com/ESBBundleInstaller2.ocx

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - G:\Program Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll

O18 - Filter: text/html - {603F7898-DE8B-4239-A6EF-6F34F0E2C39B} - G:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\microsoft\internet explorer\V0.29.dat

O21 - SSODL: Web Event Logger - {7ABBACFE-EEC2-9152-A9EE-416592C5C738} - G:\WINDOWS\System32\Nbmjnhol.dll (file missing)

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - G:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - G:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - G:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - G:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - G:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Z góry dzięki - pozdrawiam


(Damian) #2

Pierwsze przeskanuj wszystko tymi programami, a potem wklej log, bo to co tu się dzieje to jest tragiedia...

:arrow: CWShredder 2.15

:arrow: SpyBot - Search & Destroy v1.4 PL

:arrow: Ad-aware SE Personal 1.06

:arrow:PestPatrol

http://forum.dobreprogramy.pl/viewtopic ... 347#187347


(Bbieniol) #3

To nie jest mój log, ale powiem kumplowi :slight_smile:


(Musg) #4

to sie ciesz :slight_smile:

kolo twoj ma niezlą masakre ale to uwalenia(jesli nie chce formatu)

zapros go tu osobiscie bo w ten sposob nie damy rady

potrzeba wiecej informacji :slight_smile:


(Bbieniol) #5

W tym problem, że koleś nie może nawet do neta wejść - cały czas jakieś błedy :frowning:

rozmawiałem z nim i powiedział, że nie ma nic wartościowego na dysku i że wybiera format - jegy wybór :slight_smile:

Dzięki za pomoc i zdrówka życzę


(Kuz5) #6

:o :o :o :o :o :o

Szczerze ma racje ale jak chce sobie powalczyć to na dole jest napisane co ma zrobić.

W Dodaj/Usuń odinstaluj NewDotNet

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Pliki i foldery na czerwono usun ręcznie z dysku

Ten wpis z kreseczką "_" usuniesz edytorem rejestru Registrar Lite

Uruchom edytor w pole Address wklej ścieżke

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks i kliknij Go poczym zostaniesz przeniesiony do tego klucza. Po prawej stronie będzie widoczny wpis _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} wszystkie inne wpisy z taką samą kreseczką także kasujesz i z prawokliku kasujesz wpisy.

Wpisy 010 usuwasz programem LSPFix

Odpal LSP-Fix i napisz jakie pliki znajdują sie w oknie Keep a my ci napiszemy jak i jaki plik usunąć.

Na koniec koniecznie dajesz nowego loga.

Zrób skan:

:arrow: Panda

:arrow: Kaspersky

:arrow: mks_vir

:arrow: Trend

:arrow: Dr.Web

Dodatkowy skan programami:

:arrow: PestPatrol

:arrow: Spybot Search & Destroy 1.4

:arrow: Ad-aware SE Personal

:arrow: CWShredder