ARISTOTELES
(Krystian Wyrzycki)
12 Sierpień 2005 12:34
#1
Logfile of HijackThis v1.99.1
Scan saved at 14:14:01, on 2005-08-12
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\WF2K.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\MDMS.EXE
C:\WINDOWS\MS3.EXE
C:\WINDOWS\SYSTEM\PAYTIME.EXE
C:\WINDOWS\TOOL2.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\WINDOWS\SYSTEM\PAYTIME.EXE
C:\WINSTALL.EXE
C:\WINDOWS\TOOL2.EXE
C:\WINDOWS\TOOL2.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\RADIO\WINRADIO.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\MOJE DOKUMENTY\DONLOAD\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.0.3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F1 - win.ini: run=c:\radio\wintimer.bat;c:\radio\wintimer.exe;c:\radio\wintimer.com;c:\radio\wintimer.scr;c:\radio\wintimer.vbs
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [WinFast_2K] C:\WINDOWS\SYSTEM\WF2K.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [InterBaseGuardian] C:\program files\Interbase\bin\ibguard.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [WatchingService] c:\program files\digital surveillance\exes\uniwdsvc.exe sys_auto_run C:\Program Files\Digital Surveillance\Exes
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system\mdms.exe
O4 - HKLM\..\Run: [MS3] C:\WINDOWS\MS3.EXE
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Pavsched.exe"
O4 - HKLM\..\RunServices: [PAVFIRES] C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O4 - HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\TOOL2.EXE
O4 - HKCU\..\Run: [MS3] C:\WINDOWS\MS3.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Gadu-Gadu.lnk = C:\Program Files\Gadu-Gadu\gg.exe
O4 - Startup: RadioActive for windows.lnk = C:\RADIO\WINRADIO.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://192.168.0.220/Ctl/WinWebPush.cab
O16 - DPF: {C42003AC-64F5-4747-A6BF-A9D68153085F} (Vyuer Class) - http://213.76.162.119/sentry24.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_10.cab
O16 - DPF: {F255050F-988C-4683-AAEB-2523A2CE885D} (DVSView Control) - http://10.0.0.1/DvsView.cab
O16 - DPF: {EAA105FE-7BBD-4196-8B96-D46743894195} (MjpegControl Class) - http://80.55.41.126/plugin/mjpegcontrol.cab
O16 - DPF: {FC4EE151-0923-4495-9B21-AEC164EC9BAA} (WebWaveletLive Control) - http://10.0.0.20/WebWaveletLive.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://xj242.internetdsl.tpnet.pl/LNetCam.cab
O16 - DPF: {A1C54E16-0C95-4C77-8C4D-EB7C7C7E3960} (VideoControl Class) - http://10.0.0.21/activex/VideoControl.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {CF1C4A31-BD38-4DCB-BFDB-9E1854B6AAF1} (DVR Web Viewer) - http://www.dvrhost.com/control/viewer.cab
O16 - DPF: {4E2EAFA1-3B64-4101-83DA-D6BCD8CB50CE} (proMonitorOCX.Monitor) - http://www.tayama.pl/proMonitorOCX.CAB
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbies&Diamonds) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 - DPF: {38C88149-DAFA-4CA5-A0CD-37E6DBD43DEA} (KamInt2.KamIntOcx2) - http://www.tayama.pl/KamInt2.CAB
O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_7.cab
O16 - DPF: {B2097609-E7A3-4DAE-B941-B5B5F2FE8395} (DynaRemote Control) - http://202.168.200.148/DynaRemote.cab
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://80.53.234.218:81/cab/OCXChecker_6100.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://207.229.32.203:20099/h263ctrl.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://207.229.32.203:20099/VatDec.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
====================================
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.
Pozdrawiam kuz5
detektyw
(Qbek50)
12 Sierpień 2005 12:35
#2
ARISTOTELES
(Krystian Wyrzycki)
16 Sierpień 2005 10:58
#3
Logfile of HijackThis v1.99.1
Scan saved at 12:51:49, on 2005-08-16
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\WF2K.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PAYTIME.EXE
C:\WINDOWS\TOOL2.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\WINDOWS\SYSTEM\PAYTIME.EXE
C:\WINDOWS\TOOL2.EXE
C:\WINSTALL.EXE
C:\WINDOWS\TOOL2.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\RADIO\WINRADIO.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MOJE DOKUMENTY\DONLOAD\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.0.3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F1 - win.ini: run=c:\radio\wintimer.bat;c:\radio\wintimer.exe;c:\radio\wintimer.com;c:\radio\wintimer.scr;c:\radio\wintimer.vbs
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [WinFast_2K] C:\WINDOWS\SYSTEM\WF2K.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [InterBaseGuardian] C:\program files\Interbase\bin\ibguard.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [WatchingService] c:\program files\digital surveillance\exes\uniwdsvc.exe sys_auto_run C:\Program Files\Digital Surveillance\Exes
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system\mdms.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Pavsched.exe"
O4 - HKLM\..\RunServices: [PAVFIRES] C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O4 - HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINSTALL.EXE
O4 - HKCU\..\Run: [MS3] C:\WINDOWS\MS3.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Startup: Gadu-Gadu.lnk = C:\Program Files\Gadu-Gadu\gg.exe
O4 - Startup: RadioActive for windows.lnk = C:\RADIO\WINRADIO.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://192.168.0.220/Ctl/WinWebPush.cab
O16 - DPF: {C42003AC-64F5-4747-A6BF-A9D68153085F} (Vyuer Class) - http://213.76.162.119/sentry24.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_10.cab
O16 - DPF: {F255050F-988C-4683-AAEB-2523A2CE885D} (DVSView Control) - http://10.0.0.1/DvsView.cab
O16 - DPF: {EAA105FE-7BBD-4196-8B96-D46743894195} (MjpegControl Class) - http://80.55.41.126/plugin/mjpegcontrol.cab
O16 - DPF: {FC4EE151-0923-4495-9B21-AEC164EC9BAA} (WebWaveletLive Control) - http://10.0.0.20/WebWaveletLive.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://xj242.internetdsl.tpnet.pl/LNetCam.cab
O16 - DPF: {A1C54E16-0C95-4C77-8C4D-EB7C7C7E3960} (VideoControl Class) - http://10.0.0.21/activex/VideoControl.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {CF1C4A31-BD38-4DCB-BFDB-9E1854B6AAF1} (DVR Web Viewer) - http://www.dvrhost.com/control/viewer.cab
O16 - DPF: {4E2EAFA1-3B64-4101-83DA-D6BCD8CB50CE} (proMonitorOCX.Monitor) - http://www.tayama.pl/proMonitorOCX.CAB
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbies&Diamonds) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 - DPF: {38C88149-DAFA-4CA5-A0CD-37E6DBD43DEA} (KamInt2.KamIntOcx2) - http://www.tayama.pl/KamInt2.CAB
O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_7.cab
O16 - DPF: {B2097609-E7A3-4DAE-B941-B5B5F2FE8395} (DynaRemote Control) - http://202.168.200.148/DynaRemote.cab
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://80.53.234.218:81/cab/OCXChecker_6100.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://207.229.32.203:20099/h263ctrl.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://207.229.32.203:20099/VatDec.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
kuz5
(Kuz5)
16 Sierpień 2005 11:51
#4
Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)
C:\WINDOWS\TOOL2.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php O4 - HKLM…\Run: [sysMemory manager] c:\windows\system\mdms.exe O4 - HKLM…\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe O4 - HKCU…\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe O4 - HKCU…\Run: [Windows installer] C:\winstall.exe O4 - HKCU…\Run: [sNInstall] C:\WINSTALL.EXE O4 - HKCU…\Run: [MS3] C:\WINDOWS\MS3.EXE O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
Znasz to?
Pliki na czerwono usun ręcznie z dysku
Po tych czynnościach dajesz jeszcze raz loga
ARISTOTELES
(Krystian Wyrzycki)
16 Sierpień 2005 12:36
#5
Po tych operacjach teoretycznie wszystko wróciło do normy. Tapeta znikła moge ustawić sobie stronę domową, znikneły krzyżyki na pasku zadań. Natomiast jest jeden problem : otwieranie stron przez IE. Wiele stron próbuje si ładować wyświetla status gotowe a okno puste.
Dzięki za pomoc.
Mój kolejny log:
Logfile of HijackThis v1.99.1
Scan saved at 14:27:29, on 2005-08-16
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\WF2K.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\RADIO\WINRADIO.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MOJE DOKUMENTY\DONLOAD\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.0.3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F1 - win.ini: run=c:\radio\wintimer.bat;c:\radio\wintimer.exe;c:\radio\wintimer.com;c:\radio\wintimer.scr;c:\radio\wintimer.vbs
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [WinFast_2K] C:\WINDOWS\SYSTEM\WF2K.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [InterBaseGuardian] C:\program files\Interbase\bin\ibguard.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [WatchingService] c:\program files\digital surveillance\exes\uniwdsvc.exe sys_auto_run C:\Program Files\Digital Surveillance\Exes
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Pavsched.exe"
O4 - HKLM\..\RunServices: [PAVFIRES] C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O4 - HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Gadu-Gadu.lnk = C:\Program Files\Gadu-Gadu\gg.exe
O4 - Startup: RadioActive for windows.lnk = C:\RADIO\WINRADIO.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://192.168.0.220/Ctl/WinWebPush.cab
O16 - DPF: {C42003AC-64F5-4747-A6BF-A9D68153085F} (Vyuer Class) - http://213.76.162.119/sentry24.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_10.cab
O16 - DPF: {F255050F-988C-4683-AAEB-2523A2CE885D} (DVSView Control) - http://10.0.0.1/DvsView.cab
O16 - DPF: {EAA105FE-7BBD-4196-8B96-D46743894195} (MjpegControl Class) - http://80.55.41.126/plugin/mjpegcontrol.cab
O16 - DPF: {FC4EE151-0923-4495-9B21-AEC164EC9BAA} (WebWaveletLive Control) - http://10.0.0.20/WebWaveletLive.cab
O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://xj242.internetdsl.tpnet.pl/LNetCam.cab
O16 - DPF: {A1C54E16-0C95-4C77-8C4D-EB7C7C7E3960} (VideoControl Class) - http://10.0.0.21/activex/VideoControl.cab
O16 - DPF: {CF1C4A31-BD38-4DCB-BFDB-9E1854B6AAF1} (DVR Web Viewer) - http://www.dvrhost.com/control/viewer.cab
O16 - DPF: {4E2EAFA1-3B64-4101-83DA-D6BCD8CB50CE} (proMonitorOCX.Monitor) - http://www.tayama.pl/proMonitorOCX.CAB
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbies&Diamonds) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 - DPF: {38C88149-DAFA-4CA5-A0CD-37E6DBD43DEA} (KamInt2.KamIntOcx2) - http://www.tayama.pl/KamInt2.CAB
O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_7.cab
O16 - DPF: {B2097609-E7A3-4DAE-B941-B5B5F2FE8395} (DynaRemote Control) - http://202.168.200.148/DynaRemote.cab
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://80.53.234.218:81/cab/OCXChecker_6100.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://207.229.32.203:20099/h263ctrl.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://207.229.32.203:20099/VatDec.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
Damian
(Damian)
16 Sierpień 2005 12:42
#6
Log czysty.
Nie odpowiedziałeś na to pytanie:
Zaktualizuj Internet Explorer, a problem powinien ustąpić.
ARISTOTELES
(Krystian Wyrzycki)
16 Sierpień 2005 13:01
#7
Tego wpisu nie znam:
O4 - HKLM\..\Run: [WatchingService] c:\program files\digital surveillance\exes\uniwdsvc.exe sys_auto_run C:\Program Files\Digital Surveillance\Exes
kuz5
(Kuz5)
16 Sierpień 2005 13:09
#8
detektyw:
po co to kasować ?
Takie pytania zadawaj na pw
Odbierz pw
ARISTOTELES:
Tego wpisu nie znam:
Log masz czysty