Prosze o sprawdzenie loga!

agaata21 · 16 Październik 2005 13:07

Logfile of HijackThis v1.99.1

Scan saved at 15:01:37, on 2005-10-16

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe

C:\Program Files\BearShare\BearShare.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\MIDNIG~1\ML1HEL~1.EXE

C:\Program Files\Media Gateway\MediaGateway.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\paytime.exe

C:\WINDOWS\System32\paytime.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\System32\mswind32.pif

C:\Program Files\Anti-Spyware Blocker\Anti-Virus.exe

C:\WINDOWS\etb\pokapoka76.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\WinRAR\WinRAR.exe

C:\Documents and Settings\uzutkownik\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchwebzone.com/sp2.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"

F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Windows Update System Shell] svhostcs32.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0

O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [System service67] C:\WINDOWS\\etb\pokapoka67.exe

O4 - HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [ML1HelperStartUp] C:\PROGRA~1\MIDNIG~1\ML1HEL~1.EXE /partner ML1

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KKO1l] C:\WINDOWS\hmpuvxgm.exe

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [AtiPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM\..\Run: [combop.exe] combop.exe

O4 - HKLM\..\Run: [combo.exe] combo.exe

O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe

O4 - HKLM\..\RunServices: [Windows Update System Shell] svhostcs32.exe

O4 - HKLM\..\RunServices: [microsft Updates] msupdate32.exe

O4 - HKLM\..\RunServices: [OS Security] mswind32.pif

O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [Windows Update System Shell] svhostcs32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] drwatson32.exe -run C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\System32\winupd.exe

O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"

O4 - HKCU\..\Run: [OS Security] mswind32.pif

O4 - HKCU\..\RunServices: [OS Security] mswind32.pif

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk766YYPL

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.popuppers.com

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c18.cab

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/d016/mailcfg.ocx

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab

O20 - Winlogon Notify: f3dsl - lsd_f3.dll (file missing)

O20 - Winlogon Notify: style32 - C:\WINDOWS\q2089724.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: KLBLMain - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe

O23 - Service: plugin - Unknown owner - C:\WINDOWS\plugin.exe (file missing)

O23 - Service: SCSMS32 (SCSMS) - Unknown owner - C:\WINDOWS\scmsm32.exe (file missing)

O23 - Service: service - Unknown owner - C:\WINDOWS\service.exe (file missing)

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5

Gutek · 16 Październik 2005 13:47

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchwebzone.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\ secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure32.html R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe” F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM…\Run: [Windows Update System Shell] svhostcs32.exe O4 - HKLM…\Run: [system service65] C:\WINDOWS\etb\pokapoka65.exe O4 - HKLM…\Run: [system service67] C:\WINDOWS\etb\pokapoka67.exe O4 - HKLM…\Run: [system service68] C:\WINDOWS\etb\pokapoka68.exe O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe O4 - HKLM…\Run: [KKO1l] C:\WINDOWS\hmpuvxgm.exe O4 - HKLM…\Run: [PayTime] C:\WINDOWS\System32\ paytime.exe O4 - HKLM…\Run: [combop.exe] combop.exe O4 - HKLM…\Run: [combo.exe] combo.exe O4 - HKLM…\Run: [system service76] C:\WINDOWS\etb\pokapoka76.exe O4 - HKLM…\RunServices: [Windows Update System Shell] svhostcs32.exe O4 - HKLM…\RunServices: [microsft Updates] msupdate32.exe O4 - HKLM…\RunServices: [OS Security] mswind32.pif O4 - HKCU…\Run: [Windows Update System Shell] svhostcs32.exe O4 - HKCU…\Run: [MyWebSearch Email Plugin] drwatson32.exe -run C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU…\Run: [Windows Update] C:\WINDOWS\System32\winupd.exe O4 - HKCU…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKCU…\Run: [shell] “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe” O4 - HKCU…\Run: [OS Security] mswind32.pif O4 - HKCU…\RunServices: [OS Security] mswind32.pif O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h … xmk766YYPL O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180so … ge-c18.cab O20 - Winlogon Notify: f3dsl - lsd_f3.dll (file missing) O20 - Winlogon Notify: style32 - C:\WINDOWS\color=red]q2089724.dll[(file missing) O23 - Service: plugin - Unknown owner - C:\WINDOWS\plugin.exe (file missing) O23 - Service: SCSMS32 (SCSMS) - Unknown owner - C:\WINDOWS\scmsm32.exe (file missing) O23 - Service: service - Unknown owner - C:\WINDOWS\service.exe (file missing)

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable. Po użyciu tego narzędzia wymagany jest reset sysa.

Wyłączyć Przywracanie systemu w XP TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. Dodatkowo O15 może będzie stawiać opór więc ściągnij KillTrusted 0.7
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log

Uzyj też: CWS.Systime Removal 3.5 oraz Usuwanie msupdate32.exe / msnethlp32.exe poczytaj http://www.searchengines.pl/phpbb203/in … ntry204512