Prosze o sprawdzenie loga
Prosze o sprawdzenie mojego loga, bede wdzięczny
Logfile of HijackThis v1.99.1
Scan saved at 22:47:21, on 2005–06–20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\phqghum.EXE
C:\WINDOWS\System32\runm.pif
C:\Program Files\G6 FTP Server\G6FTPSrv.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\netddeclnt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kartofel\Pulpit\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wer–mit–wem.webhop.net/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wer–mit–wem.webhop.net/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 – Hosts: 204.9.190.180 onlineaccounts2.abbeynational.co.uk
O1 – Hosts: 204.9.190.180 www3.aibgbonline.co.uk
O1 – Hosts: 204.9.190.180 www.bank.alliance–leicester.co.uk
O1 – Hosts: 204.9.190.180 login.iblogin.com
O1 – Hosts: 204.9.190.180 ww2.bankofscotlandhalifax–online.co.uk
O1 – Hosts: 204.9.190.180 inet.barclays.co.uk
O1 – Hosts: 204.9.190.180 iibank.barclays.co.uk
O1 – Hosts: 204.9.190.180 iibank.cahoot.com
O1 – Hosts: 204.9.190.180 www3.coventrybuildingsociety.co.uk
O1 – Hosts: 204.9.190.180 ww.hsbc.co.uk
O1 – Hosts: 204.9.190.180 login.ebank.offshore.hsbc.co.je
O1 – Hosts: 204.9.190.180 ww3.online–offshore.lloydstsb.com
O1 – Hosts: 204.9.190.180 ww3.online–business.lloydstsb.co.uk
O1 – Hosts: 204.9.190.180 ww3.online.lloydstsb.co.uk
O1 – Hosts: 204.9.190.180 ob2.nationet.com
O1 – Hosts: 204.9.190.180 ww3.onlinebanking.natwestoffshore.com
O1 – Hosts: 204.9.190.180 ww1.nwolb.com
O1 – Hosts: 204.9.190.180 ww1.onlinebanking.iombank.com
O1 – Hosts: 204.9.190.180 ww1.www.rbsdigital.com
O1 – Hosts: 204.9.190.180 welcome.smile.co.uk
O1 – Hosts: 204.9.190.180 login.365online.com
O1 – Hosts: 204.9.190.180 wvw.citizensbankonline.com
O1 – Hosts: 204.9.190.180 esecure.regionsnet.com
O1 – Hosts: 204.9.190.180 rollb.associatedbank.com
O1 – Hosts: 204.9.190.180 upb.unionplanters.com
O1 – Hosts: 204.9.190.180 www.onlinebanking.huntington.com
O1 – Hosts: 204.9.190.180 inet.southtrustonlinebanking.com
O1 – Hosts: 204.9.190.180 logon.personal.wamu.com
O1 – Hosts: 204.9.190.180 login.compassweb.com
O1 – Hosts: 204.9.190.180 logon.firstmeritib.com
O1 – Hosts: 204.9.190.180 login.ccfcuonline.org
O1 – Hosts: 204.9.190.180 ww3.etimebanker.bankofthewest.com
O1 – Hosts: 204.9.190.180 www.onlinebanking.lasallebank.com
O1 – Hosts: 204.9.190.180 wvw.totallyfreebanking.com
O1 – Hosts: 204.9.190.180 www.online.wellsfargo.com
O1 – Hosts: 204.9.190.180 ww2.onlinebanking.bankofoklahoma.com
O1 – Hosts: 204.9.190.180 accounts4.keybank.com
O1 – Hosts: 204.9.190.180 logon.bankone.com
O1 – Hosts: 204.9.190.180 www.secure.tdbanknorth.com
O1 – Hosts: 204.9.190.180 www.secure.mvnt4.com
O1 – Hosts: 204.9.190.180 ww.mynfbonline.com
O1 – Hosts: 204.9.190.180 login.forumcuonline.com
O1 – Hosts: 204.9.190.180 www.eds.usersonlnet.com
O1 – Hosts: 204.9.190.180 www.onlineid.bankofamerica.com
O1 – Hosts: 204.9.190.180 wvw.e–gold.com
O1 – Hosts: 204.9.190.180 pcbs.peoples.com
O1 – Hosts: 204.9.190.180 www.global1.onlinebank.com
O1 – Hosts: 204.9.190.180 ww2.mybranch.lafcu.com
O1 – Hosts: 204.9.190.180 login.webbanking.comerica.com
O1 – Hosts: 204.9.190.180 web.banking.firsttennessee.com
O1 – Hosts: 204.9.190.180 logon.members1st.org
O1 – Hosts: 204.9.190.180 www.cib.ibanking–services.com
O1 – Hosts: 204.9.190.180 www.miwebbusbank.ebanking–services.com
O1 – Hosts: 204.9.190.180 wvw.paypal.com
O1 – Hosts: 204.9.190.180 www.signin.ebay.com
O1 – Hosts: 204.9.190.180 www.bvi.bancodevalencia.es
O1 – Hosts: 204.9.190.180 extrant.banesto.es
O1 – Hosts: 204.9.190.180 banesnt.banesto.es
O1 – Hosts: 204.9.190.180 activia.caixagalicia.es
O1 – Hosts: 204.9.190.180 www.bancae.caixapenedes.com
O1 – Hosts: 204.9.190.180 login.caixasabadell.net
O1 – Hosts: 204.9.190.180 oii.cajamadrid.es
O1 – Hosts: 204.9.190.180 login.cajamar.es
O1 – Hosts: 204.9.190.180 login.ccm.es
O1 – Hosts: 204.9.190.180 ww.unicaja.es
O1 – Hosts: 204.9.190.180 ww.bayernlb.de
O1 – Hosts: 204.9.190.180 ww2.berliner–volksbank.de
O1 – Hosts: 204.9.190.180 ww7.homebanking–berlin.de
O1 – Hosts: 204.9.190.180 portal09.commerzbanking.de
O1 – Hosts: 204.9.190.180 www.onlinebanking.huntington.com
O1 – Hosts: 204.9.190.180 www.meine.deutsche–bank.de
O1 – Hosts: 204.9.190.180 ww2.dresdner–privat.de
O1 – Hosts: 204.9.190.180 ww.e–banking.helaba.de
O1 – Hosts: 204.9.190.180 ww.hsh–nordbank.de
O1 – Hosts: 204.9.190.180 www.my.hypovereinsbank.de
O1 – Hosts: 204.9.190.180 ww3.homebanking–berlin.de
O1 – Hosts: 204.9.190.180 www.banking.lbbw.de
O1 – Hosts: 204.9.190.180 lrp.sparkasse–banking.de
O1 – Hosts: 204.9.190.180 ww3.homebanking–niedersachsen.de
O1 – Hosts: 204.9.190.180 www.onlinebanking.norisbank.de
O1 – Hosts: 204.9.190.180 www.banking.postbank.de
O1 – Hosts: 204.9.190.180 ww.bics.fr
O1 – Hosts: 204.9.190.180 www.co.caixabank.fr
O1 – Hosts: 204.9.190.180 ww.creditmutuel.fr
O1 – Hosts: 204.9.190.180 internetbank.intesabci.it
O1 – Hosts: 204.9.190.180 ww.extensive.bancalombarda.it
O1 – Hosts: 204.9.190.180 wvw.csebanking.it
O1 – Hosts: 204.9.190.180 www.mybank.bybank.it
O1 – Hosts: 204.9.190.180 ww.isideonline.it
O1 – Hosts: 204.9.190.180 ww3.sella.it
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: FlashFXP Helper for Internet Explorer – {E5A1691B–D188–4419–AD02–90002030B8EE} – C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [KYM Control Settings] phqghum.EXE
O4 – HKLM\..\Run: [Microsoftf DDEs ContrDL] runm.pif
O4 – HKLM\..\RunServices: [KYM Control Settings] phqghum.EXE
O4 – HKLM\..\RunServices: [Microsoftf DDEs ContrDL] runm.pif
O4 – HKCU\..\Run: [serwer ftp] C:\\Program Files\\G6 FTP Server\\G6FTPSrv.exe
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [KYM Control Settings] phqghum.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: Network DDE Client (NetDDEclnt) – Unknown owner – C:\WINDOWS\System32\netddeclnt.exe
Odpowiedzi: 2
ok,dzieki
Wyłącz przywracanie systemu
Zakoncz procesy:
phqghum.EXE
runm.pif
netddeclnt.exe
Pozbądz się:
Sposób usuwania tego ostatniego wpisu masz w przyklejonym temacie w tym dziale.
Te wszystkie wpisy usun edytujaąc plik hosts z C:\Windows\system32\drivers\etc w notatniku i usuwając linijki wszystkie oprócz localhost
Zakoncz procesy:
phqghum.EXE
runm.pif
netddeclnt.exe
Pozbądz się:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wer–mit–wem.webhop.net/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wer–mit–wem.webhop.net/
O4 – HKLM\..\Run: [KYM Control Settings] phqghum.EXE
O4 – HKLM\..\Run: [Microsoftf DDEs ContrDL] runm.pif
O4 – HKLM\..\RunServices: [KYM Control Settings] phqghum.EXE
O4 – HKLM\..\RunServices: [Microsoftf DDEs ContrDL] runm.pif
O4 – HKCU\..\Run: [KYM Control Settings] phqghum.EXE
O23 – Service: Network DDE Client (NetDDEclnt) – Unknown owner – C:\WINDOWS\System32\netddeclnt.exe
Sposób usuwania tego ostatniego wpisu masz w przyklejonym temacie w tym dziale.
Te wszystkie wpisy usun edytujaąc plik hosts z C:\Windows\system32\drivers\etc w notatniku i usuwając linijki wszystkie oprócz localhost
O1 – Hosts: 204.9.190.180 onlineaccounts2.abbeynational.co.uk
O1 – Hosts: 204.9.190.180 www3.aibgbonline.co.uk
O1 – Hosts: 204.9.190.180 www.bank.alliance–leicester.co.uk
O1 – Hosts: 204.9.190.180 login.iblogin.com
O1 – Hosts: 204.9.190.180 ww2.bankofscotlandhalifax–online.co.uk
O1 – Hosts: 204.9.190.180 inet.barclays.co.uk
O1 – Hosts: 204.9.190.180 iibank.barclays.co.uk
O1 – Hosts: 204.9.190.180 iibank.cahoot.com
O1 – Hosts: 204.9.190.180 www3.coventrybuildingsociety.co.uk
O1 – Hosts: 204.9.190.180 ww.hsbc.co.uk
O1 – Hosts: 204.9.190.180 login.ebank.offshore.hsbc.co.je
O1 – Hosts: 204.9.190.180 ww3.online–offshore.lloydstsb.com
O1 – Hosts: 204.9.190.180 ww3.online–business.lloydstsb.co.uk
O1 – Hosts: 204.9.190.180 ww3.online.lloydstsb.co.uk
O1 – Hosts: 204.9.190.180 ob2.nationet.com
O1 – Hosts: 204.9.190.180 ww3.onlinebanking.natwestoffshore.com
O1 – Hosts: 204.9.190.180 ww1.nwolb.com
O1 – Hosts: 204.9.190.180 ww1.onlinebanking.iombank.com
O1 – Hosts: 204.9.190.180 ww1.www.rbsdigital.com
O1 – Hosts: 204.9.190.180 welcome.smile.co.uk
O1 – Hosts: 204.9.190.180 login.365online.com
O1 – Hosts: 204.9.190.180 wvw.citizensbankonline.com
O1 – Hosts: 204.9.190.180 esecure.regionsnet.com
O1 – Hosts: 204.9.190.180 rollb.associatedbank.com
O1 – Hosts: 204.9.190.180 upb.unionplanters.com
O1 – Hosts: 204.9.190.180 www.onlinebanking.huntington.com
O1 – Hosts: 204.9.190.180 inet.southtrustonlinebanking.com
O1 – Hosts: 204.9.190.180 logon.personal.wamu.com
O1 – Hosts: 204.9.190.180 login.compassweb.com
O1 – Hosts: 204.9.190.180 logon.firstmeritib.com
O1 – Hosts: 204.9.190.180 login.ccfcuonline.org
O1 – Hosts: 204.9.190.180 ww3.etimebanker.bankofthewest.com
O1 – Hosts: 204.9.190.180 www.onlinebanking.lasallebank.com
O1 – Hosts: 204.9.190.180 wvw.totallyfreebanking.com
O1 – Hosts: 204.9.190.180 www.online.wellsfargo.com
O1 – Hosts: 204.9.190.180 ww2.onlinebanking.bankofoklahoma.com
O1 – Hosts: 204.9.190.180 accounts4.keybank.com
O1 – Hosts: 204.9.190.180 logon.bankone.com
O1 – Hosts: 204.9.190.180 www.secure.tdbanknorth.com
O1 – Hosts: 204.9.190.180 www.secure.mvnt4.com
O1 – Hosts: 204.9.190.180 ww.mynfbonline.com
O1 – Hosts: 204.9.190.180 login.forumcuonline.com
O1 – Hosts: 204.9.190.180 www.eds.usersonlnet.com
O1 – Hosts: 204.9.190.180 www.onlineid.bankofamerica.com
O1 – Hosts: 204.9.190.180 wvw.e–gold.com
O1 – Hosts: 204.9.190.180 pcbs.peoples.com
O1 – Hosts: 204.9.190.180 www.global1.onlinebank.com
O1 – Hosts: 204.9.190.180 ww2.mybranch.lafcu.com
O1 – Hosts: 204.9.190.180 login.webbanking.comerica.com
O1 – Hosts: 204.9.190.180 web.banking.firsttennessee.com
O1 – Hosts: 204.9.190.180 logon.members1st.org
O1 – Hosts: 204.9.190.180 www.cib.ibanking–services.com
O1 – Hosts: 204.9.190.180 www.miwebbusbank.ebanking–services.com
O1 – Hosts: 204.9.190.180 wvw.paypal.com
O1 – Hosts: 204.9.190.180 www.signin.ebay.com
O1 – Hosts: 204.9.190.180 www.bvi.bancodevalencia.es
O1 – Hosts: 204.9.190.180 extrant.banesto.es
O1 – Hosts: 204.9.190.180 banesnt.banesto.es
O1 – Hosts: 204.9.190.180 activia.caixagalicia.es
O1 – Hosts: 204.9.190.180 www.bancae.caixapenedes.com
O1 – Hosts: 204.9.190.180 login.caixasabadell.net
O1 – Hosts: 204.9.190.180 oii.cajamadrid.es
O1 – Hosts: 204.9.190.180 login.cajamar.es
O1 – Hosts: 204.9.190.180 login.ccm.es
O1 – Hosts: 204.9.190.180 ww.unicaja.es
O1 – Hosts: 204.9.190.180 ww.bayernlb.de
O1 – Hosts: 204.9.190.180 ww2.berliner–volksbank.de
O1 – Hosts: 204.9.190.180 ww7.homebanking–berlin.de
O1 – Hosts: 204.9.190.180 portal09.commerzbanking.de
O1 – Hosts: 204.9.190.180 www.onlinebanking.huntington.com
O1 – Hosts: 204.9.190.180 www.meine.deutsche–bank.de
O1 – Hosts: 204.9.190.180 ww2.dresdner–privat.de
O1 – Hosts: 204.9.190.180 ww.e–banking.helaba.de
O1 – Hosts: 204.9.190.180 ww.hsh–nordbank.de
O1 – Hosts: 204.9.190.180 www.my.hypovereinsbank.de
O1 – Hosts: 204.9.190.180 ww3.homebanking–berlin.de
O1 – Hosts: 204.9.190.180 www.banking.lbbw.de
O1 – Hosts: 204.9.190.180 lrp.sparkasse–banking.de
O1 – Hosts: 204.9.190.180 ww3.homebanking–niedersachsen.de
O1 – Hosts: 204.9.190.180 www.onlinebanking.norisbank.de
O1 – Hosts: 204.9.190.180 www.banking.postbank.de
O1 – Hosts: 204.9.190.180 ww.bics.fr
O1 – Hosts: 204.9.190.180 www.co.caixabank.fr
O1 – Hosts: 204.9.190.180 ww.creditmutuel.fr
O1 – Hosts: 204.9.190.180 internetbank.intesabci.it
O1 – Hosts: 204.9.190.180 ww.extensive.bancalombarda.it
O1 – Hosts: 204.9.190.180 wvw.csebanking.it
O1 – Hosts: 204.9.190.180 www.mybank.bybank.it
O1 – Hosts: 204.9.190.180 ww.isideonline.it
O1 – Hosts: 204.9.190.180 ww3.sella.it
Strona 1 / 1