Prosze o sprawdzenie loga

Logfile of HijackThis v1.99.1

Scan saved at 00:52:55, on 2005-10-16

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\PROGRA~1\GADU-G~1\gg.exe

C:\WINDOWS\System32\??plorer.exe

C:\WINDOWS\System32\Fast.exe

C:\Program Files\ohdp\nbcu.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\Winamp\winamp.exe

D:\czysciciel\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: (no name) - {003CA4E2-713E-369B-0681-30B8FBC0A6F0} - C:\WINDOWS\System32\gjkweoan.dll

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: (no name) - {0B005D01-D38C-CD27-EB9F-9172C7F7F2FE} - C:\WINDOWS\System32\tgct.dll (file missing)

O2 - BHO: (no name) - {351194E2-5C0D-03AF-2BB1-0095CBF08BC0} - C:\WINDOWS\System32\gjkweoan.dll

O2 - BHO: (no name) - {9A499272-1AF3-5954-C34D-5CDEDD1469A3} - C:\WINDOWS\System32\avs.dll (file missing)

O2 - BHO: (no name) - {A328284E-FA9C-EE6E-F43E-BB80E88B0FF7} - C:\WINDOWS\System32\lxtbcuar.dll (file missing)

O2 - BHO: (no name) - {B5E83FB8-B53A-A79F-5534-FBA42A3F12F1} - C:\WINDOWS\System32\srzhvx.dll (file missing)

O2 - BHO: (no name) - {B9EE1F75-CEAA-D408-C06D-8E93794A48F5} - C:\WINDOWS\System32\fre.dll (file missing)

O2 - BHO: (no name) - {C0732847-F4CA-EB66-FE7E-BF30B37168F4} - C:\WINDOWS\System32\xsrzun.dll (file missing)

O2 - BHO: (no name) - {F985DD70-0DA7-1C57-9E18-193A130F0EFF} - C:\WINDOWS\System32\txmrjh.dll (file missing)

O2 - BHO: (no name) - {FCFEA4AE-7725-37D0-4BF5-3788685B08A3} - C:\WINDOWS\System32\smq.dll (file missing)

O3 - Toolbar: iCompanion - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ICOMPA~1\TOOLBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Rewolucja\kpp.exe" "C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp" /SYSTRAY

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray

O4 - HKCU\..\Run: [Bfq] C:\WINDOWS\System32\??plorer.exe

O4 - HKCU\..\Run: [Toto] "C:\Program Files\ohdp\nbcu.exe" -vt ndrv

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &RSDN Search - res://C:\PROGRA~1\ICOMPA~1\TOOLBAR.DLL/GoRSDN.dll.htm

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk546YYPL

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge-c18.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab

O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/kgr.chm::/gcon.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1105642915020

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - ms-its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/mt.chm::/MediaTicketsInstaller.cab

O16 - DPF: {DA694446-E25F-11D5-8FF6-0001021C7D4C} (Modem Access) - ms-its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/kgr.chm::/accessmul.ocx

O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1064475.exe

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{416286FD-89D1-4E47-AD03-64887D197594}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{416286FD-89D1-4E47-AD03-64887D197594}: NameServer = 194.204.152.34 217.98.63.164

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5

  1. Wyłączyć Przywracanie systemu w XP TU

  2. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  3. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.

  4. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  5. Dokończyć skanerami online - Scanery do wyboru

  6. Pokazać nowy log :stuck_out_tongue:

023 - Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz

Power Manager

Usuwanie plików “z pytajnikiem” typu ??plorer.exe - http://www.searchengines.pl/phpbb203/in … ntry106066