Prosze o sprawdzenie mi loga

kowal000 · 14 Grudzień 2004 15:17

Logfile of HijackThis v1.98.2

Scan saved at 16:14:10, on 2004-12-14

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

D:\W\System32\smss.exe

D:\W\system32\winlogon.exe

D:\W\system32\services.exe

D:\W\system32\lsass.exe

D:\W\system32\svchost.exe

D:\W\System32\svchost.exe

D:\W\system32\spoolsv.exe

D:\W\System32\nvsvc32.exe

D:\W\system32\rundll32.exe

D:\W\Explorer.EXE

D:\PROGRA~1\NEOSTR~1\CnxMon.exe

D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

D:\Documents and Settings\kowal\Pulpit\userguard\UserGuard.exe

D:\Program Files\Windows ControlAd\WinCtlAd.exe

D:\temp\salm.exe

D:\W\system32\explorer.exe

D:\W\System32\systime.exe

D:\Program Files\Windows ControlAd\WinCtlAdAlt.exe

D:\Program Files\CashBack\bin\cashback.exe

D:\Program Files\Internet Optimizer\optimize.exe

D:\W\System32\ctfmon.exe

D:\W\System32\RUNDLL32.EXE

D:\W\System32\systime.exe

D:\Program Files\Internet Optimizer\actalert.exe

D:\Program Files\Neostrada TP\NeostradaTP.exe

D:\Program Files\Neostrada TP\ComComp.exe

D:\Program Files\Neostrada TP\Watch.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\BullsEye Network\bin\bargains.exe

D:\Program Files\WebSiteViewer\124490.dlr

D:\W\System32\wuauclt.exe

E:\setup\setup.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Documents and Settings\kowal\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)

R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - D:\Program Files\SurfSideKick 2\SskBho.dll

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\W\System32\msdxm.ocx

O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - D:\Program Files\IEMenuExtension\tbextn.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\W\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM…\Run: [ViP’s UserGuard] D:\Documents and Settings\kowal\Pulpit\userguard\UserGuard.exe

O4 - HKLM…\Run: [Windows ControlAd] D:\Program Files\Windows ControlAd\WinCtlAd.exe

O4 - HKLM…\Run: [salm] d:\temp\salm.exe

O4 - HKLM…\Run: [WebRebates0] “D:\Program Files\Web_Rebates\WebRebates0.exe”

O4 - HKLM…\Run: [dsjqr] D:\WINDOWS\dsjqr.exe

O4 - HKLM…\Run: [explorer] D:\W\system32\explorer.exe -go -c21 -w

O4 - HKLM…\Run: [sysTime] D:\W\System32\systime.exe

O4 - HKLM…\Run: [CashBack] D:\Program Files\CashBack\bin\cashback.exe

O4 - HKLM…\Run: [bullsEye Network] D:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM…\Run: [internet Optimizer] “D:\Program Files\Internet Optimizer\optimize.exe”

O4 - HKLM…\Run: [iE Menu Extension toolbar] rundll32.exe “D:\PROGRA~1\IEMENU~1\tbextn.dll” DllShowTB

O4 - HKLM…\Run: [surfSideKick 2] D:\Program Files\SurfSideKick 2\Ssk.exe

O4 - HKCU…\Run: [CTFMON.EXE] D:\W\System32\ctfmon.exe

O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE D:\W\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU…\Run: [ProtoWall] D:\Program Files\Dudez\ProtoWall\ProtoWall.exe

O4 - HKCU…\Run: [sysTime] D:\W\System32\systime.exe

O4 - HKCU…\Run: [surfSideKick 2] D:\Program Files\SurfSideKick 2\Ssk.exe

O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm

O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\W\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\W\web\related.htm

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.crazywinnings.com

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.topconverting.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.xxxtoolbar.com

O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT! http://213.159.117.150:80/iex/ofile.exe?url=http://213.159.117.150:80/rdgPL10.exe

O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe

O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab

O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. … 78c1291781

O16 - DPF: {36C374E9-C82E-6272-8E6D-3D2D78958A9F} - http://213.159.117.150/1/rdgPL333.exe

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.globalphon.com/dialer/russia.CAB

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx

O17 - HKLM\System\CCS\Services\Tcpip…{B741446C-15E8-451F-810A-69C2CE452466}: NameServer = 194.204.152.34 217.98.63.164

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - D:\W\System32\vbsys2 (file missing)

minio · 14 Grudzień 2004 15:23

po co zakładasz nowy temat :evil:

kontynuuj w tym

nie rób bałaganu :evil:

Ford · 14 Grudzień 2004 15:24

Po co zakładasz 2 takie same tematy, jeden już jest

Phylby · 14 Grudzień 2004 15:54

Wyłącz przywracanie systemu

Start do trybu awaryjnego

Za pomocą HT usuń:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php 

R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file) 

O1 - Hosts: 69.20.16.183 auto.search.msn.com

O1 - Hosts: 69.20.16.183 search.netscape.com

O1 - Hosts: 69.20.16.183 ieautosearch 

O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - D:\Program Files\IEMenuExtension\tbextn.dll

O4 - HKLM\..\Run: [ViP's UserGuard] D:\Documents and Settings\kowal\Pulpit\userguard\UserGuard.exe

O4 - HKLM\..\Run: [Windows ControlAd] D:\Program Files\Windows ControlAd\WinCtlAd.exe

O4 - HKLM\..\Run: [salm] d:\temp\salm.exe

O4 - HKLM\..\Run: [WebRebates0] "D:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [dsjqr] D:\WINDOWS\dsjqr.exe

O4 - HKLM\..\Run: [explorer] D:\W\system32\explorer.exe -go -c21 -w

O4 - HKLM\..\Run: [SysTime] D:\W\System32\systime.exe

O4 - HKLM\..\Run: [CashBack] D:\Program Files\CashBack\bin\cashback.exe

O4 - HKLM\..\Run: [BullsEye Network] D:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "D:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB

O4 - HKLM\..\Run: [SurfSideKick 2] D:\Program Files\SurfSideKick 2\Ssk.exe 

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\W\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [ProtoWall] D:\Program Files\Dudez\ProtoWall\ProtoWall.exe

O4 - HKCU\..\Run: [SysTime] D:\W\System32\systime.exe

O4 - HKCU\..\Run: [SurfSideKick 2] D:\Program Files\SurfSideKick 2\Ssk.exe 

O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\W\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\W\web\related.htm

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.crazywinnings.com

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.topconverting.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.xxxtoolbar.com

O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT!http://213.159.117.150:80/iex/ofile.exe?url=http://213.159.117.150:80/rdgPL10.exe

O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe

O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab

O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab

O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=7fd1b1487ea24557e81cb1f266ef2780947d11d735d3f73d567bbcc1cd65aeb860d24e26488494fe11db2684f9909f72dc77fd77a214:2e5848e0a9d3ad577e6a6478c1291781

O16 - DPF: {36C374E9-C82E-6272-8E6D-3D2D78958A9F} - http://213.159.117.150/1/rdgPL333.exe

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.globalphon.com/dialer/russia.CAB

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx 

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - D:\W\System32\vbsys2 (file missing)

Ale masz syf na kompie. W dodatku brak Sp2. Następny log daj do sprawdzenia w dziale problemy a nie gry, ok?

Dalej użyj :

CWShredder Version 2.1

oraz

Pestpatrol

instrukcja

Ewido Free Security Suite

Odwiedz scanery online :

http://skaner.mks.com.pl/

http://security.symantec.com/sscv6/defa … &venid=sym

http://www.pandasoftware.com/activescan … IdPais=152

http://www.spywareinfo.com/xscan.php

http://www.webroot.com/services/spyaudit_03.htm

http://pl.trendmicro-europe.com/consume … ll_pre.php

Używaj :

Ad-aware SE Personal 1.05

http://www.dobreprogramy.com/index.php?dz=2&id=107&t=55

Zainstaluj jakiegoś antywira.

http://www.microsoft.com/athome/securit … fault.mspx

Następny log daj do sprawdzenia z Sp2.

Ford · 14 Grudzień 2004 16:03

buahaha jak on ma syf to co ja mam :shock:

Kamcia_18 · 14 Grudzień 2004 16:14

Phylby wlasnie widzimy robota na darmo jak niezaintaluje antywira i narzedzi antyszpiegowkich dzialajacyh w tle to znowu za dzien/dwa Log i to samo bo cos mi sie zdaje ze gdziesz widzialam Log usera kowal000

mial byc wybrany/zainstalowany antywir i cio; nic kaputo

,a potem problems