Prosze o sprawdzenie loga

Korien · 13 Grudzień 2005 22:20

Logfile of HijackThis v1.99.1

Scan saved at 23:12:10, on 2005-12-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

D:\PROGRAMY\ANTYWIR\AVGUARD.EXE

C:\Program Files\AntiVirenKit\AVKService.exe

C:\Program Files\AntiVirenKit\AVKWCtl.exe

D:\programy\antywir\AVWUPSRV.EXE

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\SpeedFan\speedfan.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\P2P Networking\P2P Networking.exe

D:\programy\antywir\AVGNT.EXE

C:\windows\adtech2006a.exe

C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE

C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe

C:\Program Files\Gadu-Gadu\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\cidaemon.exe

D:\KAMIL\OPERA\OPERA.EXE

C:\WINDOWS\System32\msiexec.exe

D:\AntiSpyware\gcasDtServ.exe

D:\AntiSpyware\gcasServ.exe

C:\Program Files\7-Zip\7zFMn.exe

C:\WINDOWS\TEMP\7zO25A.tmp\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\kamil\ICQToolbar\toolbaru.dll

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

F3 - REG:win.ini: run=C:\WINDOWS\inet20009\services.exe

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\kamil\ICQToolbar\toolbaru.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [speedfan] C:\Program Files\SpeedFan\speedfan.exe

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\gry\PLAYER\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [CleanRegPath] C:\PROGRA~1\ADSLUT~1\CleanReg.exe

O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Program Files\ADSL USB Router\CnxTrApp.dll",AppEntry -REG "Conexant\Conexant USB Network"

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [AVGCtrl] "D:\programy\antywir\AVGNT.EXE" /min

O4 - HKLM\..\Run: [ICQ Lite] D:\kamil\ICQLite\ICQLite.exe -minimize

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\prcwry.exe reg_run

O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe

O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe

O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE"

O4 - HKLM\..\Run: [gcasServ] "D:\AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [CashFiesta] D:\kamil\Cashfiesta.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe

O4 - HKCU\..\Run: [fwif] C:\PROGRA~1\COMMON~1\fwif\fwifm.exe

O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe

O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20009\services.exe

O4 - HKCU\..\Run: [AVKBar] "C:\Program Files\AntiVirenKit\AVKBar.exe"

O4 - Startup: IMVU.lnk = D:\kamil\imw\IMVU\gui1.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\epson\Stms.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\kamil\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZR

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\kamil\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\kamil\ICQLite\ICQLite.exe

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Kalina\Menu Start\Programy\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 

O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\p64ulgh9164.dll

O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - C:\WINDOWS\system32\hhbjfqfe.dll (file missing)

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\PROGRAMY\ANTYWIR\AVGUARD.EXE

O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirenKit\AVKService.exe

O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirenKit\AVKWCtl.exe

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\programy\antywir\AVWUPSRV.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5

Gutek · 13 Grudzień 2005 22:33

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe” F3 - REG:win.ini: run=C:\WINDOWS\inet20009\services.exe O4 - HKLM…\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM…\Run: [winsync] C:\WINDOWS\system32\prcwry.exe reg_run O4 - HKLM…\Run: [timessquare] C:\windows\timessquare.exe O4 - HKLM…\Run: [adtech2006] C:\windows\adtech2006a.exe O4 - HKLM…\Run: [PayTime] C:\WINDOWS\system32\paytime.exe O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU…\Run: [shell] “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe” O4 - HKCU…\Run: [Windows installer] C:\winstall.exe O4 - HKCU…\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU…\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU…\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe O4 - HKCU…\Run: [fwif] C:\PROGRA~1\COMMON~1\fwif\fwifm.exe O4 - HKCU…\Run: [PayTime] C:\WINDOWS\system32\paytime.exe O4 - HKCU…\Run: [xp_system] C:\WINDOWS\inet20009\services.exe O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRO16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - C:\WINDOWS\system32\hhbjfqfe.dll (file missing)

Wyłączyć Przywracanie systemu w XP TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log

Usuwanie VX2.BetterInternet i daj log nr 1 z narzędzia L2Mfix

Korien · 14 Grudzień 2005 14:35

jestem troche zielony w tym temacie:) oczywiscie fix checked w Hijacku zrobiłem ale…nie potrafie usunąc ręcznie wybranych przez Ciebie plików:(

np.

O4 - HKLM…\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM…\Run: [winsync] C:\WINDOWS\system32\prcwry.exe reg_run

O4 - HKLM…\Run: [timessquare] C:\windows\timessquare.exe

O4 - HKLM…\Run: [adtech2006] C:\windows\adtech2006a.exe

O4 - HKLM…\Run: [PayTime] C:\WINDOWS\system32\paytime.exe

O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU…\Run: [shell] “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe”

O4 - HKCU…\Run: [Windows installer] C:\winstall.exe

O4 - HKCU…\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU…\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU…\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe

O4 - HKCU…\Run: [fwif] C:\PROGRA~1\COMMON~1\fwif\fwifm.exe

O4 - HKCU…\Run: [PayTime] C:\WINDOWS\system32\paytime.exe

O4 - HKCU…\Run: [xp_system] C:\WINDOWS\inet20009\services.exe

rozumiem że chodzi tutaj o polecenia a nie o konkretne pliki? tak? gdzie moge to znaleźć? wyszukaj próbowałem i nic:(

Gutek · 14 Grudzień 2005 14:46

Najpierw tryb awaryjny:

Skasowanie z dysku plików, które podkreśliłem na czerwono - pliki znajdziesz w danej lokalizacji np. C:\WINDOWS\system32\ i tutaj znajdujesz plik paytime.exe

I daj loga z narzędzia L2Mfix wejdź w linka jest wszystko opisane