Witam poproszę o sprawdzenie loga


(Marchelmx) #1
Logfile of HijackThis v1.99.1

Scan saved at 17:40:36, on 2005-08-08

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Save\Save.exe

C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe

C:\Program Files\Windows TaskAd\WinTaskAd.exe

C:\Program Files\Windows TaskAd\WinSched.exe

C:\Program Files\Media Access\MediaAccK.exe

C:\PROGRA~1\INTERN~1\iexplore.exe

C:\Program Files\Media Access\MediaAccess.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Media Gateway\MediaGateway.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\zstatus.exe

C:\Program Files\gg.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Alwil Software\Avast4\setup\avast.setup

C:\Documents and Settings\Właściciel\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:// *******************

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=145499

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:// ***********

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startnow.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\webdlg32.dll

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O1 - Hosts: 213.239.0.226 *************

O2 - BHO: (no name) - {00000000-0000-43CC-8D45-E0CB66DFE62F} - C:\DOCUME~1\DOCUME~1.dll (file missing)

O2 - BHO: (no name) - {00000000-0000-4CAE-AAF3-8B465D999E06} - C:\Program Files\Lycos\IEagent\IEagent.dll

O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll

O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Adobe\Acrobat Reader 5\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\Downloaded Program Files\webdlg32.dll

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)

O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\webdlg32.dll

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Water Desktop] C:\Program Files\Water Desktop\Water Desktop.exe

O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [EleFunAnimatedWallpaper] "C:\Program Files\EleFun Multimedia\Fireplace Wallpaper\Fireplace.exe" DO_NOT_START

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\gg.exe" /tray

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Search cracks at *********- {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://*********** (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Search cracks at *******- {10954C80-4F0F-11d3-B17C-00C0DFE39736} - http://*********** (file missing) (HKCU)

O10 - Hijacked Internet access by New.Net

O10 - Broken Internet access because of LSP provider 'osmim.dll' missing

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=638c04efabf4090ab4c5fc024154ef

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab

O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games4.cab

O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.mtreexxx.nl/mt/dialers/fc/MultiDistFC.CAB

O18 - Filter: text/html - {1A4D2FCD-74D1-4517-8C67-06A4E4F5FAFD} - C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\microsoft\internet explorer\V0.34.dat

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

(Damian) #2

Straszny syf !!

Koniecznie przeskanuj system tymi programami, a potem wklej nowy log:

:arrow: Panda

:arrow: Kaspersky

:arrow: mks_vir

:arrow: Trend

:arrow: Dr.Web

:arrow: CWShredder 2.15

:arrow: SpyBot - Search Destroy v1.4 PL

:arrow: Ad-aware SE Personal 1.06

:arrow: PestPatrol

:arrow: Microsoft AntiSpyware 1.0.614 Beta

Log wstawiaj między znaczniki


(fiesta) #3

Z powodu łażenia po stronach z warezem.

Loga warunkowo zostawiam, linki do wiadomych stron zakrywam.

Następny taki log poleci z forum z wielkim hukiem :!: :!: :!:


(Marchelmx) #4

Przepraszam fiesta za loga, nie był to mój komp, także nawet nie spodziewałem się, iż jest w nim taki bałagan.

Po zapuszczeniu wszelkiej maści skanów system odmówił posłuszńetwa nawet reparacja z konsoli odzyskiwania nie pomogła.

Dzięki Damian za zerknięcie


(boczi) #5

A tryb awaryjny działa?

Daj z niego loga, jak się da.


(Kuz5) #6

W Dodaj/Usuń odinstaluj Media Access , Media Gateway , NewDotNet

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Wpisy 010 usuwasz programem LSPFix

Odpal LSP-Fix i napisz jakie pliki znajdują sie w oknie Keep a my ci napiszemy jak i jaki plik usunąć.

Znasz zostawiasz nie znasz usuwasz:

Pliki na czerwono usun ręcznie z dysku

Na koniec daj nowego loga


(Marchelmx) #7

Niestety tryb awaryjny również się nie uruchamia, udało mi się odzyskać najważniejsze dokumenty i przegrać je, system chyba najbezpieczniej będzie w takim układzie przeinstalować.

Dziękuję za zainteresowanie i pozdrawiam