Prosze o sprawdzenie loga


(Bartekmaczkowski) #1
Logfile of HijackThis v1.99.1

Scan saved at 15:40:59, on 2006-02-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\SOUNDMAN.EXE

F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

F:\WINDOWS\system32\paytime.exe

C:\windows\winsysban5.exe

F:\WINDOWS\system32\ctfmon.exe

E:\Gadu-Gadu\gg.exe

c:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\winstall.exe

F:\WINDOWS\system32\wscntfy.exe

F:\Program Files\Internet Explorer\IEXPLORE.EXE

F:\PROGRA~1\COMMON~1\mqwr\mqwrm.exe

F:\PROGRA~1\COMMON~1\mqwr\mqwra.exe

F:\WINDOWS\system32\wuauclt.exe

E:\IHP_Kitchen.EXE

E:\Hijack\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PayTime] F:\WINDOWS\system32\paytime.exe

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe

O4 - HKLM\..\Run: [Microsoft Office] F:\WINDOWS\system32\msvcp.exe

O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban5.exe

O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [mqwr] F:\PROGRA~1\COMMON~1\mqwr\mqwrm.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: htproc - F:\WINDOWS\SYSTEM32\htproc32.dll

O20 - Winlogon Notify: ssldr - F:\WINDOWS\SYSTEM32\ssldr32.dll

O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe

(Gutek) #2
  1. Wyłączyć Przywracanie systemu w XP TU

  2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.

  4. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  5. Dokończyć skanerami online - Scanery do wyboru

  6. Pokazać nowy log :stuck_out_tongue:

Zastosuj Usuwanie tapety SpySheriff


(Bartekmaczkowski) #3
Logfile of HijackThis v1.99.1

Scan saved at 10:40:04, on 2006-02-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\SOUNDMAN.EXE

F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\winsysban5.exe

F:\WINDOWS\system32\ctfmon.exe

E:\Gadu-Gadu\gg.exe

C:\winstall.exe

F:\PROGRA~1\COMMON~1\mqwr\mqwrm.exe

F:\PROGRA~1\COMMON~1\mqwr\mqwra.exe

F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

F:\WINDOWS\system32\wscntfy.exe

F:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\Hijack\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PayTime] F:\WINDOWS\system32\paytime.exe

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe

O4 - HKLM\..\Run: [Microsoft Office] F:\WINDOWS\system32\msvcp.exe

O4 - HKLM\..\Run: [winsysban] C:\WINDOWS\winsysban5.exe

O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [mqwr] F:\PROGRA~1\COMMON~1\mqwr\mqwrm.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O20 - Winlogon Notify: htproc - F:\WINDOWS\SYSTEM32\htproc32.dll

O20 - Winlogon Notify: ssldr - F:\WINDOWS\SYSTEM32\ssldr32.dll

O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe

Złączono Posta : 09.02.2006 (Czw) 10:40

Logfile of HijackThis v1.99.1

Scan saved at 10:40:04, on 2006-02-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\SOUNDMAN.EXE

F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\winsysban5.exe

F:\WINDOWS\system32\ctfmon.exe

E:\Gadu-Gadu\gg.exe

C:\winstall.exe

F:\PROGRA~1\COMMON~1\mqwr\mqwrm.exe

F:\PROGRA~1\COMMON~1\mqwr\mqwra.exe

F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

F:\WINDOWS\system32\wscntfy.exe

F:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\Hijack\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PayTime] F:\WINDOWS\system32\paytime.exe

O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe

O4 - HKLM\..\Run: [Microsoft Office] F:\WINDOWS\system32\msvcp.exe

O4 - HKLM\..\Run: [winsysban] C:\WINDOWS\winsysban5.exe

O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe

O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [mqwr] F:\PROGRA~1\COMMON~1\mqwr\mqwrm.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O20 - Winlogon Notify: htproc - F:\WINDOWS\SYSTEM32\htproc32.dll

O20 - Winlogon Notify: ssldr - F:\WINDOWS\SYSTEM32\ssldr32.dll

O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe

(Jacolok) #4

:o mACZKOWSKIB nic nie usunąłeś. Zastosuj się do porad Gutka2222