Prośba o sprawdzenie Loga
Prosze o sprawdzenie loga, gdyz mam od paru dni problemy z okinkami pop up i stroną startową oto mój log:
Logfile of HijackThis v1.99.1
Scan saved at 11:50:43, on 2005–05–14
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\WINDOWS\System32\rundll32.exe
D:\allegro progsy\myspy\svhosts.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Peer2Mail\P2M.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Tlen.pl\tlen.exe
D:\INSTALKI\programy AntyVirusowe\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\pawel\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\pawel\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 – REG:system.ini: Shell=explorer.exe
O1 – Hosts: 69.50.166.12 www.go.com
O1 – Hosts: 69.50.166.12 go.com
O1 – Hosts: 69.50.166.13 astalavista.com
O1 – Hosts: 69.50.166.13 www.astalavista.com
O1 – Hosts: 69.50.166.13 astalavista.box.sk
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: BHOMoneyGainer Class – {2559D0B1–AF60–4BD5–965D–0E51383A6367} – C:\WINDOWS\shginas.dll
O2 – BHO: (no name) – {E63E9F89–F0F0–45B0–A260–18DDBA109B5A} – C:\WINDOWS\System32\jlge.dll
O3 – Toolbar: (no name) – {44BE0690–5429–47f0–85BB–3FFD8020233E} – (no file)
O4 – HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 – HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\pawel\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKLM\..\Run: [msservice] D:\allegro progsy\myspy\svhosts.exe
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:\PROGRA~1\DAP\DAP.EXE
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Microsoft AntiSpyware helper – {59627326–1B03–4D59–B705–0E29BB4471B3} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {59627326–1B03–4D59–B705–0E29BB4471B3} – (no file) (HKCU)
O9 – Extra button: Microsoft AntiSpyware helper – {A0AD4721–E568–4E7D–8FA6–7135B64D303D} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {A0AD4721–E568–4E7D–8FA6–7135B64D303D} – (no file) (HKCU)
O9 – Extra button: Microsoft AntiSpyware helper – {CC605366–8DA8–4904–92F8–0A7E4C2A57E4} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {CC605366–8DA8–4904–92F8–0A7E4C2A57E4} – (no file) (HKCU)
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge–c7.cab
O16 – DPF: {D7BF3304–138B–4DD5–86EE–491BB6A2286C} (CParamWr Class) – http://toolbar.azesearch.com/install/azesearch.cab
O18 – Filter: text/html – {D34DA32D–BFDA–48D5–9B59–AC5DFE5D17CB} – C:\WINDOWS\System32\jlge.dll
O18 – Filter: text/plain – {D34DA32D–BFDA–48D5–9B59–AC5DFE5D17CB} – C:\WINDOWS\System32\jlge.dll
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:50:43, on 2005–05–14
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\WINDOWS\System32\rundll32.exe
D:\allegro progsy\myspy\svhosts.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Peer2Mail\P2M.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Tlen.pl\tlen.exe
D:\INSTALKI\programy AntyVirusowe\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\pawel\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\pawel\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 – REG:system.ini: Shell=explorer.exe
O1 – Hosts: 69.50.166.12 www.go.com
O1 – Hosts: 69.50.166.12 go.com
O1 – Hosts: 69.50.166.13 astalavista.com
O1 – Hosts: 69.50.166.13 www.astalavista.com
O1 – Hosts: 69.50.166.13 astalavista.box.sk
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: BHOMoneyGainer Class – {2559D0B1–AF60–4BD5–965D–0E51383A6367} – C:\WINDOWS\shginas.dll
O2 – BHO: (no name) – {E63E9F89–F0F0–45B0–A260–18DDBA109B5A} – C:\WINDOWS\System32\jlge.dll
O3 – Toolbar: (no name) – {44BE0690–5429–47f0–85BB–3FFD8020233E} – (no file)
O4 – HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 – HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\pawel\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKLM\..\Run: [msservice] D:\allegro progsy\myspy\svhosts.exe
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:\PROGRA~1\DAP\DAP.EXE
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Microsoft AntiSpyware helper – {59627326–1B03–4D59–B705–0E29BB4471B3} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {59627326–1B03–4D59–B705–0E29BB4471B3} – (no file) (HKCU)
O9 – Extra button: Microsoft AntiSpyware helper – {A0AD4721–E568–4E7D–8FA6–7135B64D303D} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {A0AD4721–E568–4E7D–8FA6–7135B64D303D} – (no file) (HKCU)
O9 – Extra button: Microsoft AntiSpyware helper – {CC605366–8DA8–4904–92F8–0A7E4C2A57E4} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {CC605366–8DA8–4904–92F8–0A7E4C2A57E4} – (no file) (HKCU)
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge–c7.cab
O16 – DPF: {D7BF3304–138B–4DD5–86EE–491BB6A2286C} (CParamWr Class) – http://toolbar.azesearch.com/install/azesearch.cab
O18 – Filter: text/html – {D34DA32D–BFDA–48D5–9B59–AC5DFE5D17CB} – C:\WINDOWS\System32\jlge.dll
O18 – Filter: text/plain – {D34DA32D–BFDA–48D5–9B59–AC5DFE5D17CB} – C:\WINDOWS\System32\jlge.dll
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
Odpowiedzi: 2
ok thx tak zrobiłem zobaczymy czy to pomoźe 8)
Wyłącz przywracanie i usun:
Temp oproznij w całosci
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\pawel\USTAWI~1\Temp\se.dll/spage.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\pawel\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 – REG:system.ini: Shell=explorer.exe
O1 – Hosts: 69.50.166.12 www.go.com
O1 – Hosts: 69.50.166.12 go.com
O1 – Hosts: 69.50.166.13 astalavista.com
O1 – Hosts: 69.50.166.13 www.astalavista.com
O1 – Hosts: 69.50.166.13 astalavista.box.sk
O2 – BHO: BHOMoneyGainer Class – {2559D0B1–AF60–4BD5–965D–0E51383A6367} – C:\WINDOWS\shginas.dll
O2 – BHO: (no name) – {E63E9F89–F0F0–45B0–A260–18DDBA109B5A} – C:\WINDOWS\System32\jlge.dll
O3 – Toolbar: (no name) – {44BE0690–5429–47f0–85BB–3FFD8020233E} – (no file)
O4 – HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 – HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\pawel\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKLM\..\Run: [msservice] D:\allegro progsy\myspy\svhosts.exe
O9 – Extra button: Microsoft AntiSpyware helper – {59627326–1B03–4D59–B705–0E29BB4471B3} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {59627326–1B03–4D59–B705–0E29BB4471B3} – (no file) (HKCU)
O9 – Extra button: Microsoft AntiSpyware helper – {A0AD4721–E568–4E7D–8FA6–7135B64D303D} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {A0AD4721–E568–4E7D–8FA6–7135B64D303D} – (no file) (HKCU)
O9 – Extra button: Microsoft AntiSpyware helper – {CC605366–8DA8–4904–92F8–0A7E4C2A57E4} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {CC605366–8DA8–4904–92F8–0A7E4C2A57E4} – (no file) (HKCU)
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge–c7.cab
O16 – DPF: {D7BF3304–138B–4DD5–86EE–491BB6A2286C} (CParamWr Class) – http://toolbar.azesearch.com/install/azesearch.cab
O18 – Filter: text/html – {D34DA32D–BFDA–48D5–9B59–AC5DFE5D17CB} – C:\WINDOWS\System32\jlge.dll
O18 – Filter: text/plain – {D34DA32D–BFDA–48D5–9B59–AC5DFE5D17CB} – C:\WINDOWS\System32\jlge.dll
Temp oproznij w całosci
Strona 1 / 1