Bardzo prosze o sprawdzenie loga. Przed wklejeniem tego loga miałem 602 wirusy itp. Prosze o opinie i poradę czy log jest czysty lub ewentualnie co jeszcze zrobić.
Logfile of HijackThis v1.99.1 Scan saved at 16:26:20, on 2006-02-21 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\KWorld\MpegTV Station PCITV\RemoteCtl.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Właściciel\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesearches.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesearches.com/search.php?qq=%1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesearches.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesearches.com/search.php?qq=%1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing O2 - BHO: C:\WINDOWS\system32\miamores.dll - {0393FE81-0BBD-4BCE-B4F2-C643AA7D77DD} - C:\WINDOWS\system32\miamores.dll O2 - BHO: C:\WINDOWS\system32\miazz.dll - {10BC40B5-5019-4A47-B033-308CA16D4959} - C:\WINDOWS\system32\miazz.dll O2 - BHO: C:\WINDOWS\system32\miamore.dll - {1559C6FD-8BDE-476E-98C7-871E59193FCE} - C:\WINDOWS\system32\miamore32.dll (file missing) O2 - BHO: C:\WINDOWS\system32\atmpvc.dll - {7DBA5E61-9C51-4365-ACD2-DE684E133F8C} - C:\WINDOWS\system32\atmpvc.dll (file missing) O2 - BHO: C:\WINDOWS\system32\trustac.dll - {C2E07B68-2F46-4DBB-8261-285794B7F8DE} - C:\WINDOWS\system32\trustac.dll (file missing) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing) O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp6C0B.tmp (file missing) O3 - Toolbar: Virtual Maid - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} - C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL (file missing) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing) O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing) O4 - HKLM…\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 “EPSON Stylus C66 Series” /O6 “USB002” /M “Stylus C66” O4 - HKLM…\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: MpegTV Station PCITV Remote Control.lnk = C:\Program Files\KWorld\MpegTV Station PCITV\RemoteCtl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\miamore.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\miamore.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra button: Microsoft AntiSpyware helper - {197549BA-4CD7-4D85-AC47-2CE21E7B190C} - C:\WINDOWS\system32\miamore.dll (HKCU) O9 - Extra ‘Tools’ menuitem: Microsoft AntiSpyware helper - {197549BA-4CD7-4D85-AC47-2CE21E7B190C} - C:\WINDOWS\system32\miamore.dll (HKCU) O15 - Trusted Zone: *.coolwebsearch.com O15 - Trusted Zone: *.searchmeup.com O16 - DPF: {4BA20CCA-922F-1F64-480E-0B8D1F1B550A} - http://216.118.71.185/1/rdgPL1828.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.netsecure.pl/scan8/oscan8.cab O16 - DPF: {6C54F21E-C8ED-762C-A9DE-5E937173D005} - http://216.118.71.185/1/gdnPL1865.exe O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O20 - Winlogon Notify: classes - C:\WINDOWS\system32\miamores.dll O20 - Winlogon Notify: clbcatex - C:\WINDOWS\system32\clbcatix.dll (file missing) O20 - Winlogon Notify: cll - C:\WINDOWS\system32\miazz.dll O20 - Winlogon Notify: eventss - C:\WINDOWS\system32\atmpvc.dll (file missing) O20 - Winlogon Notify: gg - C:\WINDOWS\system32\trustac.dll (file missing) O20 - Winlogon Notify: lindow - C:\WINDOWS\system32\miamore32.dll (file missing) O20 - Winlogon Notify: lindows - C:\WINDOWS\system32\miamore.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
Gutek
(Gutek)
21 Luty 2006 22:34
#2
Co to jest rudik77 ? :mrgreen:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesearches.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesearches.com/search.php?qq=%1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesearches.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesearches.com/search.php?qq=%1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing O2 - BHO: C:\WINDOWS\system32\miamores.dll - {0393FE81-0BBD-4BCE-B4F2-C643AA7D77DD} - C:\WINDOWS\system32\miamores.dll O2 - BHO: C:\WINDOWS\system32\miazz.dll - {10BC40B5-5019-4A47-B033-308CA16D4959} - C:\WINDOWS\system32\miazz.dll O2 - BHO: C:\WINDOWS\system32\miamore.dll - {1559C6FD-8BDE-476E-98C7-871E59193FCE} - C:\WINDOWS\system32\miamore32.dll (file missing) O2 - BHO: C:\WINDOWS\system32\atmpvc.dll - {7DBA5E61-9C51-4365-ACD2-DE684E133F8C} - C:\WINDOWS\system32\atmpvc.dll O2 - BHO: C:\WINDOWS\system32\trustac.dll - {C2E07B68-2F46-4DBB-8261-285794B7F8DE} - C:\WINDOWS\system32\trustac.dll (file missing) O2 - BHO: C:\WINDOWS\system32\trustac.dll - {C2E07B68-2F46-4DBB-8261-285794B7F8DE} - C:\WINDOWS\system32\trustac.dll (file missing) O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp6C0B.tmp (file missing) O3 - Toolbar: Virtual Maid - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} - C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL (file missing) O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing) O4 - HKLM…\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra button: Microsoft AntiSpyware helper - {197549BA-4CD7-4D85-AC47-2CE21E7B190C} - C:\WINDOWS\system32\miamore.dll (HKCU) O9 - Extra ‘Tools’ menuitem: Microsoft AntiSpyware helper - {197549BA-4CD7-4D85-AC47-2CE21E7B190C} - C:\WINDOWS\system32\miamore.dll (HKCU) O15 - Trusted Zone: *.coolwebsearch.com O15 - Trusted Zone: *.searchmeup.com O16 - DPF: {4BA20CCA-922F-1F64-480E-0B8D1F1B550A} - http://216.118.71.185/1/rdgPL1828.exe O20 - Winlogon Notify: classes - C:\WINDOWS\system32\miamores.dll O20 - Winlogon Notify: classes - C:\WINDOWS\system32\miamores.dll O20 - Winlogon Notify: clbcatex - C:\WINDOWS\system32\clbcatix.dll (file missing) O20 - Winlogon Notify: cll - C:\WINDOWS\system32\miazz.dll O20 - Winlogon Notify: eventss - C:\WINDOWS\system32\atmpvc.dll (file missing) O20 - Winlogon Notify: gg - C:\WINDOWS\system32\trustac.dll (file missing) O20 - Winlogon Notify: lindow - C:\WINDOWS\system32\miamore32.dll (file missing) O20 - Winlogon Notify: lindows - C:\WINDOWS\system32\miamore.dll
usuwaszw trybie awaryjynym wpisy a foldery i pliki recznie
Zastosuj Usuwanie SpyAxe i Szpieg ISTbar
kuz5
(Kuz5)
21 Luty 2006 22:56
#3
kuz5:
kuz5 napisał: - nie sprawdzaj loga po części, zawsze podawaj pełen komplet wpisów do usunięcia Wazny komunikat dla sprawdzających logi, nie przestrzeganie tego punktu (prośby) będzie nagradzana ostrzeżeniami a posty bedą leciały od razu do śmietnika bez żadnego informowania usera
Tak wiec rudik77 twój post leci w kosmos, sprawdzanie na raty nie bedzie tolerowane na tym forum
Sorry ale teraz juz nie wiem co mam zrobić? Kto ma racje i co zrobić? Prosze o wskazówki!
rudik77
(Haha)
22 Luty 2006 16:22
#6
ok. juz wbilem sobie to fo glowy…Przepraszam.!