Proszę o sprawdzenie loga


(Krystian Wyrzycki) #1
Logfile of HijackThis v1.99.1

Scan saved at 14:14:01, on 2005-08-12

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v5.50 (5.50.4134.0100)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\WF2K.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\WINDOWS\SYSTEM\MDMS.EXE

C:\WINDOWS\MS3.EXE

C:\WINDOWS\SYSTEM\PAYTIME.EXE

C:\WINDOWS\TOOL2.EXE

C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE

C:\WINDOWS\SYSTEM\PAYTIME.EXE

C:\WINSTALL.EXE

C:\WINDOWS\TOOL2.EXE

C:\WINDOWS\TOOL2.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\RADIO\WINRADIO.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\MOJE DOKUMENTY\DONLOAD\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.0.3

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F1 - win.ini: run=c:\radio\wintimer.bat;c:\radio\wintimer.exe;c:\radio\wintimer.com;c:\radio\wintimer.scr;c:\radio\wintimer.vbs

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [WinFast_2K] C:\WINDOWS\SYSTEM\WF2K.EXE

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [InterBaseGuardian] C:\program files\Interbase\bin\ibguard.exe

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [WatchingService] c:\program files\digital surveillance\exes\uniwdsvc.exe sys_auto_run C:\Program Files\Digital Surveillance\Exes

O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system\mdms.exe

O4 - HKLM\..\Run: [MS3] C:\WINDOWS\MS3.EXE

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Pavsched.exe"

O4 - HKLM\..\RunServices: [PAVFIRES] C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O4 - HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized

O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\TOOL2.EXE

O4 - HKCU\..\Run: [MS3] C:\WINDOWS\MS3.EXE

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: Gadu-Gadu.lnk = C:\Program Files\Gadu-Gadu\gg.exe

O4 - Startup: RadioActive for windows.lnk = C:\RADIO\WINRADIO.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://192.168.0.220/Ctl/WinWebPush.cab

O16 - DPF: {C42003AC-64F5-4747-A6BF-A9D68153085F} (Vyuer Class) - http://213.76.162.119/sentry24.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_10.cab

O16 - DPF: {F255050F-988C-4683-AAEB-2523A2CE885D} (DVSView Control) - http://10.0.0.1/DvsView.cab

O16 - DPF: {EAA105FE-7BBD-4196-8B96-D46743894195} (MjpegControl Class) - http://80.55.41.126/plugin/mjpegcontrol.cab

O16 - DPF: {FC4EE151-0923-4495-9B21-AEC164EC9BAA} (WebWaveletLive Control) - http://10.0.0.20/WebWaveletLive.cab

O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://xj242.internetdsl.tpnet.pl/LNetCam.cab

O16 - DPF: {A1C54E16-0C95-4C77-8C4D-EB7C7C7E3960} (VideoControl Class) - http://10.0.0.21/activex/VideoControl.cab

O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab

O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab

O16 - DPF: {CF1C4A31-BD38-4DCB-BFDB-9E1854B6AAF1} (DVR Web Viewer) - http://www.dvrhost.com/control/viewer.cab

O16 - DPF: {4E2EAFA1-3B64-4101-83DA-D6BCD8CB50CE} (proMonitorOCX.Monitor) - http://www.tayama.pl/proMonitorOCX.CAB

O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbies&Diamonds) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab

O16 - DPF: {38C88149-DAFA-4CA5-A0CD-37E6DBD43DEA} (KamInt2.KamIntOcx2) - http://www.tayama.pl/KamInt2.CAB

O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_7.cab

O16 - DPF: {B2097609-E7A3-4DAE-B941-B5B5F2FE8395} (DynaRemote Control) - http://202.168.200.148/DynaRemote.cab

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://80.53.234.218:81/cab/OCXChecker_6100.cab

O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://207.229.32.203:20099/h263ctrl.cab

O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://207.229.32.203:20099/VatDec.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5


(Qbek50) #2

przeskanuj dysk tym i wywal wszystko :

Panda

http://www.pandasoftware.com/activescan … ncipal.htm

Kaspersky

http://kaspersky.pl/services.html?s=online_vir_chk

mks_vir

http://skaner.mks.com.pl/

CWShredder 2.15

http://cwshredder.net/bin/CWShredder.exe

SpyBot - Search & Destroy v1.4 PL

http://www.see-cure.de/files/spybotsd14.exe

Ad-aware SE Personal 1.06

ftp://ftp.download.com/pub/windows/aawsepersonal.exe

PestPatrol

http://download.zonelabs.com/bin/free/p … olHome.exe

potem wrzuc nowy log 8)


(Krystian Wyrzycki) #3
Logfile of HijackThis v1.99.1

Scan saved at 12:51:49, on 2005-08-16

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v5.50 (5.50.4134.0100)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\WF2K.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\PAYTIME.EXE

C:\WINDOWS\TOOL2.EXE

C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE

C:\WINDOWS\SYSTEM\PAYTIME.EXE

C:\WINDOWS\TOOL2.EXE

C:\WINSTALL.EXE

C:\WINDOWS\TOOL2.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\RADIO\WINRADIO.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\MOJE DOKUMENTY\DONLOAD\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.0.3

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F1 - win.ini: run=c:\radio\wintimer.bat;c:\radio\wintimer.exe;c:\radio\wintimer.com;c:\radio\wintimer.scr;c:\radio\wintimer.vbs

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [WinFast_2K] C:\WINDOWS\SYSTEM\WF2K.EXE

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [InterBaseGuardian] C:\program files\Interbase\bin\ibguard.exe

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [WatchingService] c:\program files\digital surveillance\exes\uniwdsvc.exe sys_auto_run C:\Program Files\Digital Surveillance\Exes

O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system\mdms.exe

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Pavsched.exe"

O4 - HKLM\..\RunServices: [PAVFIRES] C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O4 - HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized

O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [SNInstall] C:\WINSTALL.EXE

O4 - HKCU\..\Run: [MS3] C:\WINDOWS\MS3.EXE

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe

O4 - Startup: Gadu-Gadu.lnk = C:\Program Files\Gadu-Gadu\gg.exe

O4 - Startup: RadioActive for windows.lnk = C:\RADIO\WINRADIO.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://192.168.0.220/Ctl/WinWebPush.cab

O16 - DPF: {C42003AC-64F5-4747-A6BF-A9D68153085F} (Vyuer Class) - http://213.76.162.119/sentry24.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_10.cab

O16 - DPF: {F255050F-988C-4683-AAEB-2523A2CE885D} (DVSView Control) - http://10.0.0.1/DvsView.cab

O16 - DPF: {EAA105FE-7BBD-4196-8B96-D46743894195} (MjpegControl Class) - http://80.55.41.126/plugin/mjpegcontrol.cab

O16 - DPF: {FC4EE151-0923-4495-9B21-AEC164EC9BAA} (WebWaveletLive Control) - http://10.0.0.20/WebWaveletLive.cab

O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://xj242.internetdsl.tpnet.pl/LNetCam.cab

O16 - DPF: {A1C54E16-0C95-4C77-8C4D-EB7C7C7E3960} (VideoControl Class) - http://10.0.0.21/activex/VideoControl.cab

O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab

O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab

O16 - DPF: {CF1C4A31-BD38-4DCB-BFDB-9E1854B6AAF1} (DVR Web Viewer) - http://www.dvrhost.com/control/viewer.cab

O16 - DPF: {4E2EAFA1-3B64-4101-83DA-D6BCD8CB50CE} (proMonitorOCX.Monitor) - http://www.tayama.pl/proMonitorOCX.CAB

O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbies&Diamonds) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab

O16 - DPF: {38C88149-DAFA-4CA5-A0CD-37E6DBD43DEA} (KamInt2.KamIntOcx2) - http://www.tayama.pl/KamInt2.CAB

O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_7.cab

O16 - DPF: {B2097609-E7A3-4DAE-B941-B5B5F2FE8395} (DynaRemote Control) - http://202.168.200.148/DynaRemote.cab

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://80.53.234.218:81/cab/OCXChecker_6100.cab

O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://207.229.32.203:20099/h263ctrl.cab

O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://207.229.32.203:20099/VatDec.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab

(Kuz5) #4

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Znasz to?

Pliki na czerwono usun ręcznie z dysku

Po tych czynnościach dajesz jeszcze raz loga


(Krystian Wyrzycki) #5

Po tych operacjach teoretycznie wszystko wróciło do normy. Tapeta znikła moge ustawić sobie stronę domową, znikneły krzyżyki na pasku zadań. Natomiast jest jeden problem : otwieranie stron przez IE. Wiele stron próbuje si ładować wyświetla status gotowe a okno puste.

Dzięki za pomoc.

Mój kolejny log: 

Logfile of HijackThis v1.99.1

Scan saved at 14:27:29, on 2005-08-16

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v5.50 (5.50.4134.0100)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\WF2K.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE

C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\RADIO\WINRADIO.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\MOJE DOKUMENTY\DONLOAD\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.0.3

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F1 - win.ini: run=c:\radio\wintimer.bat;c:\radio\wintimer.exe;c:\radio\wintimer.com;c:\radio\wintimer.scr;c:\radio\wintimer.vbs

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [WinFast_2K] C:\WINDOWS\SYSTEM\WF2K.EXE

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [InterBaseGuardian] C:\program files\Interbase\bin\ibguard.exe

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [WatchingService] c:\program files\digital surveillance\exes\uniwdsvc.exe sys_auto_run C:\Program Files\Digital Surveillance\Exes

O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Pavsched.exe"

O4 - HKLM\..\RunServices: [PAVFIRES] C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O4 - HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized

O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: Gadu-Gadu.lnk = C:\Program Files\Gadu-Gadu\gg.exe

O4 - Startup: RadioActive for windows.lnk = C:\RADIO\WINRADIO.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://192.168.0.220/Ctl/WinWebPush.cab

O16 - DPF: {C42003AC-64F5-4747-A6BF-A9D68153085F} (Vyuer Class) - http://213.76.162.119/sentry24.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_10.cab

O16 - DPF: {F255050F-988C-4683-AAEB-2523A2CE885D} (DVSView Control) - http://10.0.0.1/DvsView.cab

O16 - DPF: {EAA105FE-7BBD-4196-8B96-D46743894195} (MjpegControl Class) - http://80.55.41.126/plugin/mjpegcontrol.cab

O16 - DPF: {FC4EE151-0923-4495-9B21-AEC164EC9BAA} (WebWaveletLive Control) - http://10.0.0.20/WebWaveletLive.cab

O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://xj242.internetdsl.tpnet.pl/LNetCam.cab

O16 - DPF: {A1C54E16-0C95-4C77-8C4D-EB7C7C7E3960} (VideoControl Class) - http://10.0.0.21/activex/VideoControl.cab

O16 - DPF: {CF1C4A31-BD38-4DCB-BFDB-9E1854B6AAF1} (DVR Web Viewer) - http://www.dvrhost.com/control/viewer.cab

O16 - DPF: {4E2EAFA1-3B64-4101-83DA-D6BCD8CB50CE} (proMonitorOCX.Monitor) - http://www.tayama.pl/proMonitorOCX.CAB

O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbies&Diamonds) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab

O16 - DPF: {38C88149-DAFA-4CA5-A0CD-37E6DBD43DEA} (KamInt2.KamIntOcx2) - http://www.tayama.pl/KamInt2.CAB

O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_7.cab

O16 - DPF: {B2097609-E7A3-4DAE-B941-B5B5F2FE8395} (DynaRemote Control) - http://202.168.200.148/DynaRemote.cab

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://80.53.234.218:81/cab/OCXChecker_6100.cab

O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://207.229.32.203:20099/h263ctrl.cab

O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://207.229.32.203:20099/VatDec.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab

(Damian) #6

Log czysty.

Nie odpowiedziałeś na to pytanie:

Zaktualizuj Internet Explorer, a problem powinien ustąpić.


(Krystian Wyrzycki) #7

Tego wpisu nie znam:

O4 - HKLM\..\Run: [WatchingService] c:\program files\digital surveillance\exes\uniwdsvc.exe sys_auto_run C:\Program Files\Digital Surveillance\Exes

(Kuz5) #8

Takie pytania zadawaj na pw

Odbierz pw

Log masz czysty