Logfile of HijackThis v1.99.1
Scan saved at 15:40:59, on 2006-02-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\WINDOWS\system32\paytime.exe
C:\windows\winsysban5.exe
F:\WINDOWS\system32\ctfmon.exe
E:\Gadu-Gadu\gg.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\winstall.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\PROGRA~1\COMMON~1\mqwr\mqwrm.exe
F:\PROGRA~1\COMMON~1\mqwr\mqwra.exe
F:\WINDOWS\system32\wuauclt.exe
E:\IHP_Kitchen.EXE
E:\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PayTime] F:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
O4 - HKLM\..\Run: [Microsoft Office] F:\WINDOWS\system32\msvcp.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban5.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [mqwr] F:\PROGRA~1\COMMON~1\mqwr\mqwrm.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: htproc - F:\WINDOWS\SYSTEM32\htproc32.dll
O20 - Winlogon Notify: ssldr - F:\WINDOWS\SYSTEM32\ssldr32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
-
Wyłączyć Przywracanie systemu w XP TU
-
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
-
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.
-
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
-
Dokończyć skanerami online - Scanery do wyboru
-
Pokazać nowy log
Zastosuj Usuwanie tapety SpySheriff
Logfile of HijackThis v1.99.1
Scan saved at 10:40:04, on 2006-02-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\winsysban5.exe
F:\WINDOWS\system32\ctfmon.exe
E:\Gadu-Gadu\gg.exe
C:\winstall.exe
F:\PROGRA~1\COMMON~1\mqwr\mqwrm.exe
F:\PROGRA~1\COMMON~1\mqwr\mqwra.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PayTime] F:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
O4 - HKLM\..\Run: [Microsoft Office] F:\WINDOWS\system32\msvcp.exe
O4 - HKLM\..\Run: [winsysban] C:\WINDOWS\winsysban5.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [mqwr] F:\PROGRA~1\COMMON~1\mqwr\mqwrm.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O20 - Winlogon Notify: htproc - F:\WINDOWS\SYSTEM32\htproc32.dll
O20 - Winlogon Notify: ssldr - F:\WINDOWS\SYSTEM32\ssldr32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
Złączono Posta : 09.02.2006 (Czw) 10:40
Logfile of HijackThis v1.99.1
Scan saved at 10:40:04, on 2006-02-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\winsysban5.exe
F:\WINDOWS\system32\ctfmon.exe
E:\Gadu-Gadu\gg.exe
C:\winstall.exe
F:\PROGRA~1\COMMON~1\mqwr\mqwrm.exe
F:\PROGRA~1\COMMON~1\mqwr\mqwra.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PayTime] F:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
O4 - HKLM\..\Run: [Microsoft Office] F:\WINDOWS\system32\msvcp.exe
O4 - HKLM\..\Run: [winsysban] C:\WINDOWS\winsysban5.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [mqwr] F:\PROGRA~1\COMMON~1\mqwr\mqwrm.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O20 - Winlogon Notify: htproc - F:\WINDOWS\SYSTEM32\htproc32.dll
O20 - Winlogon Notify: ssldr - F:\WINDOWS\SYSTEM32\ssldr32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
:o mACZKOWSKIB nic nie usunąłeś. Zastosuj się do porad Gutka2222