Moźna ładnie prosic o sprawdzenie moge loga?
:roll:
Logfile of HijackThis v1.99.1
Scan saved at 22:01:50, on 2005–07–06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Wioleta\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Wioleta\USTAWI~1\Temp\se.dll/sp.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Wioleta\USTAWI~1\Temp\se.dll/sp.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\install\Adobe\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {56091D8E–FB17–4D92–A2DA–1BA1DBAE9488} – (no file)
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {00B71CFB–6864–4346–A978–C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://C:osuch.mht!http://81.222.131.59/dl/adv575/x.chm::/load.exe
O16 – DPF: {2917297F–F02B–4B9D–81DF–494B6333150B} (Minesweeper Flags Class) – http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {4F1E5B1A–2A80–42CA–8532–2D05CB959537} (MSN Photo Upload Tool) – http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120155376687
O16 – DPF: {8E0D4DE5–3180–4024–A327–4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {B8BE5E93–A60C–4D26–A2DC–220313175592} (ZoneIntro Class) – http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O18 – Filter: text/html – {A70148FD–9B25–4FF1–8754–8A5711A8CEB8} – (no file)
O18 – Filter: text/plain – {A70148FD–9B25–4FF1–8754–8A5711A8CEB8} – (no file)
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: kavsvc – Kaspersky Lab – D:\install\Kaspersky AntiVirus Pro\Kaspersky Anti–Virus Personal Pro\kavsvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 – Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) – Unknown owner – C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe :roll:
Logfile of HijackThis v1.99.1
Scan saved at 22:01:50, on 2005–07–06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Wioleta\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Wioleta\USTAWI~1\Temp\se.dll/sp.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Wioleta\USTAWI~1\Temp\se.dll/sp.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\install\Adobe\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {56091D8E–FB17–4D92–A2DA–1BA1DBAE9488} – (no file)
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {00B71CFB–6864–4346–A978–C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://C:osuch.mht!http://81.222.131.59/dl/adv575/x.chm::/load.exe
O16 – DPF: {2917297F–F02B–4B9D–81DF–494B6333150B} (Minesweeper Flags Class) – http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {4F1E5B1A–2A80–42CA–8532–2D05CB959537} (MSN Photo Upload Tool) – http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120155376687
O16 – DPF: {8E0D4DE5–3180–4024–A327–4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {B8BE5E93–A60C–4D26–A2DC–220313175592} (ZoneIntro Class) – http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O18 – Filter: text/html – {A70148FD–9B25–4FF1–8754–8A5711A8CEB8} – (no file)
O18 – Filter: text/plain – {A70148FD–9B25–4FF1–8754–8A5711A8CEB8} – (no file)
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: kavsvc – Kaspersky Lab – D:\install\Kaspersky AntiVirus Pro\Kaspersky Anti–Virus Personal Pro\kavsvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 – Service: Securom User Access for Windows 2000 and Windows XP a technology by Sony DADC (UserAccess) – Unknown owner – C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe :roll:
Odpowiedzi: 2
Z samego początku to wypadałoby polecieć z fixem na sp.dll, download w FAQ w tym dziale
1. Usuń wpisy:
2. Pokaź ukryte pliki:
http://viruscenter.pl/readarticle.php?article_id=13
3. Opróźnij foldery:
C:\Documents And Settings\Wioleta\Ustawienia Lokalne\TEMP
C:\Documents And Settings\Wioleta\Ustawienia Lokalne\Temporary Internet Files
[b]4. Przeskanuj Ad–Aware SE i Spybot S&D:
Ad–Aware SE:
http://viruscenter.pl/downloads/aawsepersonal.exe
Spybot S&D:
http://viruscenter.pl/downloads/spybotsd14.exe
Pozdrawiam :)
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Wioleta\USTAWI~1\Temp\se.dll/sp.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Wioleta\USTAWI~1\Temp\se.dll/sp.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 – BHO: (no name) – {56091D8E–FB17–4D92–A2DA–1BA1DBAE9488} – (no file)
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://C:osuch.mht!http://81.222.131.59/dl/adv575/x.chm::/load.exe
O18 – Filter: text/html – {A70148FD–9B25–4FF1–8754–8A5711A8CEB8} – (no file)
O18 – Filter: text/plain – {A70148FD–9B25–4FF1–8754–8A5711A8CEB8} – (no file)
2. Pokaź ukryte pliki:
http://viruscenter.pl/readarticle.php?article_id=13
3. Opróźnij foldery:
C:\Documents And Settings\Wioleta\Ustawienia Lokalne\TEMP
C:\Documents And Settings\Wioleta\Ustawienia Lokalne\Temporary Internet Files
[b]4. Przeskanuj Ad–Aware SE i Spybot S&D:
Ad–Aware SE:
http://viruscenter.pl/downloads/aawsepersonal.exe
Spybot S&D:
http://viruscenter.pl/downloads/spybotsd14.exe
Pozdrawiam :)
Strona 1 / 1