Loog pls help!
No więc tak : Mojego kolegi siostra wlazła na maila sciągneła jakiś plik, i teraz ma problemy dostaje wiadomości typu " Jestem bogiem, klekni na kolana to dam Ci spokoj " Prosze, powiedzcie co ma zrobić. Co sciągnać itp. tutaj daje loga; z góry dzięki.
Logfile of HijackThis v1.99.1
Scan saved at 23:17:47, on 2005–09–17
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\HbTools\Bin\4.6.4.1\HbtWeatherOnTray.exe
C:\Program Files\HbTools\Bin\4.6.4.1\HbtOEAddOn.exe
C:\program files\180searchassistant\salm.exe
C:\WINDOWS\system32\b034livs.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\dhhfehya.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\system32\msxct.exe
C:\Program Files\Ulkl\Llrldao.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
D:\Konnekt\konnekt.exe
C:\PROGRA~1\COMMON~1\qkwq\qkwqm.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\PROGRA~1\COMMON~1\qkwq\qkwqa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe
Myślik (17–09–2005 23:32)
czekaj jeszcze jedną połowe
Myślik (17–09–2005 23:33)
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res/shdoclc.dll/hardAdmin.htm
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem220.dll
O2 – BHO: Yahoo! Companion BHO – {02478D38–C3F9–4efb–9B51–7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – c:\program files\180searchassistant\salmhook.dll
O2 – BHO: ShprRprts – {2A8A997F–BB9F–48F6–AA2B–2762D50F9289} – C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: HbTools – {74CC49F7–EB32–4A08–B204–948962A6E3DB} – C:\Program Files\HbTools\Bin\4.6.4.1\HbtHostIE.dll
O2 – BHO: BHObj Class – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:\WINDOWS\wsem303.dll
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:\Program Files\SideFind\sfbho.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:\FLASCH~1\jccatch.dll
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:\WINDOWS\system32\msbe.dll
O3 – Toolbar: @msdxmLC.dll,–1@1033,&Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\system32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:\FLASCH~1\fgiebar.dll
O3 – Toolbar: Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 – Toolbar: H&otbar – {74CC49F7–EB32–4A08–B204–948962A6E3DB} – C:\Pr
Logfile of HijackThis v1.99.1
Scan saved at 23:17:47, on 2005–09–17
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\HbTools\Bin\4.6.4.1\HbtWeatherOnTray.exe
C:\Program Files\HbTools\Bin\4.6.4.1\HbtOEAddOn.exe
C:\program files\180searchassistant\salm.exe
C:\WINDOWS\system32\b034livs.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\dhhfehya.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\system32\msxct.exe
C:\Program Files\Ulkl\Llrldao.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
D:\Konnekt\konnekt.exe
C:\PROGRA~1\COMMON~1\qkwq\qkwqm.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\PROGRA~1\COMMON~1\qkwq\qkwqa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe
Myślik (17–09–2005 23:32)
czekaj jeszcze jedną połowe
Myślik (17–09–2005 23:33)
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res/shdoclc.dll/hardAdmin.htm
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem220.dll
O2 – BHO: Yahoo! Companion BHO – {02478D38–C3F9–4efb–9B51–7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – c:\program files\180searchassistant\salmhook.dll
O2 – BHO: ShprRprts – {2A8A997F–BB9F–48F6–AA2B–2762D50F9289} – C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: HbTools – {74CC49F7–EB32–4A08–B204–948962A6E3DB} – C:\Program Files\HbTools\Bin\4.6.4.1\HbtHostIE.dll
O2 – BHO: BHObj Class – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:\WINDOWS\wsem303.dll
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:\Program Files\SideFind\sfbho.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:\FLASCH~1\jccatch.dll
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:\WINDOWS\system32\msbe.dll
O3 – Toolbar: @msdxmLC.dll,–1@1033,&Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\system32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:\FLASCH~1\fgiebar.dll
O3 – Toolbar: Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 – Toolbar: H&otbar – {74CC49F7–EB32–4A08–B204–948962A6E3DB} – C:\Pr
Odpowiedzi: 2
dri, swoj wklejony log powinienes sobie najpierw sprawdzic sam. Jest tu w tym celu przyklejony temat.
W pierwszej kolejnosci z Dodaj/usun programy odinstaluj wszystko to co widac ponizej, o ile oczywscie jesli bedzie taka mozliwosc:
Poza tym:
Wpis:
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
usuniesz recznie z rejestru. Wyszukaj w rejestrze ciag "_{CFBFAE00–17A6–11D0–99CB–00C04FD64497}"
Uciales koncowke loga.
W pierwszej kolejnosci z Dodaj/usun programy odinstaluj wszystko to co widac ponizej, o ile oczywscie jesli bedzie taka mozliwosc:
Jesli nie bedzie takiej mozliwosci, zaznaczasz w HiJacku i usuwasz. Pliki i foldery z Program files rowniez.C:\Program Files\HbTools\Bin\4.6.4.1\HbtWeatherOnTray.exe
C:\Program Files\HbTools\Bin\4.6.4.1\HbtOEAddOn.exe
C:\program files\180searchassistant\salm.exe
C:\WINDOWS\system32\b034livs.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\dhhfehya.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\system32\msxct.exe
C:\Program Files\Ulkl\Llrldao.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\PROGRA~1\COMMON~1\qkwq\qkwqm.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\PROGRA~1\COMMON~1\qkwq\qkwqa.exe
Poza tym:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res/shdoclc.dll/hardAdmin.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem220.dll
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – c:\program files\180searchassistant\salmhook.dll
O2 – BHO: ShprRprts – {2A8A997F–BB9F–48F6–AA2B–2762D50F9289} – C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll
O2 – BHO: HbTools – {74CC49F7–EB32–4A08–B204–948962A6E3DB} – C:\Program Files\HbTools\Bin\4.6.4.1\HbtHostIE.dll
O2 – BHO: BHObj Class – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:\WINDOWS\wsem303.dll
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:\Program Files\SideFind\sfbho.dll
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:\WINDOWS\system32\msbe.dll
O3 – Toolbar: H&otbar – {74CC49F7–EB32–4A08–B204–948962A6E3DB} – C:\Pr
Wpis:
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
usuniesz recznie z rejestru. Wyszukaj w rejestrze ciag "_{CFBFAE00–17A6–11D0–99CB–00C04FD64497}"
Uciales koncowke loga.
W trybie awaryjnym wywalasz:
____________
Ahas jestem początkujący w sprawdzaniu logów więc niech ktoś mnie poprawi jak coś mu źle wpisałem. (i to co wpisałem to nie jest wszystko co naleźy wywalić)
C:\program files\180searchassistant\salm.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\dhhfehya.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\system32\msxct.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\PROGRA~1\COMMON~1\qkwq\qkwqm.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\PROGRA~1\COMMON~1\qkwq\qkwqa.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res/shdoclc.dll/hardAdmin.htm
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem220.dll
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – c:\program files\180searchassistant\salmhook.dll
O2 – BHO: ShprRprts – {2A8A997F–BB9F–48F6–AA2B–2762D50F9289} – C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll
O2 – BHO: BHObj Class – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:\WINDOWS\wsem303.dll
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:\Program Files\SideFind\sfbho.dll
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:\WINDOWS\system32\msbe.dll
____________
Ahas jestem początkujący w sprawdzaniu logów więc niech ktoś mnie poprawi jak coś mu źle wpisałem. (i to co wpisałem to nie jest wszystko co naleźy wywalić)
Strona 1 / 1