Sprawdzenie loga

martab · 1 Styczeń 2006 13:20

Hej mam problem z wyskakującymi stronami niekoniecznie fajnymi. Jak mam sobie z tym poradzić?

Oto mój log

Logfile of HijackThis v1.99.1

Scan saved at 14:12:08, on 2006-01-01

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\SurfAccuracy\SAcc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\WeatherCast\Weather.exe

C:\Program Files\Save\Save.exe

C:\Program Files\WLAN\WConfig\WConfig.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\PC\USTAWI~1\Temp\Rar$EX00.218\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL

O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing)

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [WWcVh0g] C:\WINDOWS\gcbglcvf.exe

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [WWcVh$vůő›/‚˛‘ĆßBĎC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gcbglcvf.exe

O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [WeatherCast] "C:\Program Files\WeatherCast\Weather.exe" /q

O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WConfig.lnk = ?

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYPL

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GameDesire Soccer) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_8.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{59BA9362-49D4-4854-9F8D-2B7954CE3BBB}: NameServer = 10.0.0.1,194.204.159.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{59BA9362-49D4-4854-9F8D-2B7954CE3BBB}: NameServer = 10.0.0.1,194.204.159.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{59BA9362-49D4-4854-9F8D-2B7954CE3BBB}: NameServer = 10.0.0.1,194.204.159.1

O17 - HKLM\System\CS3\Services\Tcpip\..\{59BA9362-49D4-4854-9F8D-2B7954CE3BBB}: NameServer = 10.0.0.1,194.204.159.1

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

Z góry dziękuję za pomoc

Gutek · 1 Styczeń 2006 14:15

Ile masz komputerów?

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll (file missing) O4 - HKLM…\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe O4 - HKLM…\Run: [WWcVh0g] C:\WINDOWS\gcbglcvf.exe O4 - HKLM…\Run: [surfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM…\Run: [internet Optimizer] “C:\Program Files\Internet Optimizer\optimize.exe” O4 - HKLM…\Run: [WWcVh$vůő›/‚˛‘ĆßBĎC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\gcbglcvf.exe O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU…\Run: [WhenUSave] “C:\Program Files\Save\Save.exe” O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h … xdm119YYPL O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu … BInitialSe tup1.0.0.15.cab

Wpis R3 nie usuwasz hijackiem tylko usuniesz Registrar Lite, opis masz TUTAJ

Wyłączyć Przywracanie systemu w XP TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log

Użyj FxIstbar.exe.

martab · 1 Styczeń 2006 15:25

Zrobiłam co kazałeś a oto mój nowy log

Logfile of HijackThis v1.99.1 Scan saved at 16:11:41, on 2006-01-01 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\WeatherCast\Weather.exe C:\Program Files\WLAN\WConfig\WConfig.exe C:\WINDOWS\System32\imapi.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\PC\USTAWI~1\Temp\Rar$EX00.953\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [WeatherCast] “C:\Program Files\WeatherCast\Weather.exe” /q O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WConfig.lnk = ? O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GameDesire Soccer) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_8.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab O17 - HKLM\System\CCS\Services\Tcpip…{59BA9362-49D4-4854-9F8D-2B7954CE3BBB}: NameServer = 10.0.0.1,194.204.159.1 O17 - HKLM\System\CS1\Services\Tcpip…{59BA9362-49D4-4854-9F8D-2B7954CE3BBB}: NameServer = 10.0.0.1,194.204.159.1 O17 - HKLM\System\CS2\Services\Tcpip…{59BA9362-49D4-4854-9F8D-2B7954CE3BBB}: NameServer = 10.0.0.1,194.204.159.1 O17 - HKLM\System\CS3\Services\Tcpip…{59BA9362-49D4-4854-9F8D-2B7954CE3BBB}: NameServer = 10.0.0.1,194.204.159.1 O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

kacz2n · 1 Styczeń 2006 16:30

Czy zrobiłaś tak? Bo wpisy R3 nadal są widoczne w twoim logu.

Gutek · 1 Styczeń 2006 21:05

zostało jak mówi kacz2n pierwszy wpis przez Registrar Lite uusniesz drugi miałeś recznie usunąć folder w trybie awaryjnym