Proszę o sprawdzenie loga
Logfile of HijackThis v1.98.2
Scan saved at 22:05:53, on 2005–04–10
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\spywarebegone\SpywareBeGone.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Documents and Settings\MAREK\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.onet.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.onet.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.idg.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Microsoft Internet Explorer dostarczony przez IDG.pl
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: PCTools Site Guard – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 – BHO: BHOmodObj Class – {7F6828CA–9E42–462C–BC60–418C8144012C} – c:\windows\system\BHOmod.dll
O2 – BHO: IE SP2 AddOn – {A7986343–74BA–49BB–A553–4177C1A824AA} – C:\WINDOWS\System32\spgdy.dll
O2 – BHO: PCTools Browser Monitor – {B56A7D7D–6927–48C8–A975–17DF180C71AC} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 – HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" –FastScan
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Microsoft AntiSpyware helper – {3EA296EA–C8F8–48A9–AB69–F5AC7525D980} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {3EA296EA–C8F8–48A9–AB69–F5AC7525D980} – (no file) (HKCU)
O9 – Extra button: Microsoft AntiSpyware helper – {E6154645–CA15–4F9F–AF7E–9E5F82C04A19} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {E6154645–CA15–4F9F–AF7E–9E5F82C04A19} – (no file) (HKCU)
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
DZIĘKI :D
Scan saved at 22:05:53, on 2005–04–10
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\spywarebegone\SpywareBeGone.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Documents and Settings\MAREK\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.onet.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.onet.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.idg.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Microsoft Internet Explorer dostarczony przez IDG.pl
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: PCTools Site Guard – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 – BHO: BHOmodObj Class – {7F6828CA–9E42–462C–BC60–418C8144012C} – c:\windows\system\BHOmod.dll
O2 – BHO: IE SP2 AddOn – {A7986343–74BA–49BB–A553–4177C1A824AA} – C:\WINDOWS\System32\spgdy.dll
O2 – BHO: PCTools Browser Monitor – {B56A7D7D–6927–48C8–A975–17DF180C71AC} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 – HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" –FastScan
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Microsoft AntiSpyware helper – {3EA296EA–C8F8–48A9–AB69–F5AC7525D980} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {3EA296EA–C8F8–48A9–AB69–F5AC7525D980} – (no file) (HKCU)
O9 – Extra button: Microsoft AntiSpyware helper – {E6154645–CA15–4F9F–AF7E–9E5F82C04A19} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {E6154645–CA15–4F9F–AF7E–9E5F82C04A19} – (no file) (HKCU)
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
DZIĘKI :D
Odpowiedzi: 2
Piękne dzięki :D
Hijack This jest stary, sciagnij nowego
Wylacz przywracanie
Zakoncz proces:
SpywareBeGone.exe (fałszywy soft anty)
Odinstaluj w/w i PC Tools Spyware Doctor
Jak na razie usun razem z plikami/katalogami:
+ jesli odinstalowany MS AntiSpyware:
Nie instaluj fałszywego softu antyspyware i innych felerów bo wiecej z nimi kłopotu niz pozytku
Wylacz przywracanie
Zakoncz proces:
SpywareBeGone.exe (fałszywy soft anty)
Odinstaluj w/w i PC Tools Spyware Doctor
Jak na razie usun razem z plikami/katalogami:
O2 – BHO: PCTools Site Guard – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 – BHO: BHOmodObj Class – {7F6828CA–9E42–462C–BC60–418C8144012C} – c:\windows\system\BHOmod.dll
O2 – BHO: IE SP2 AddOn – {A7986343–74BA–49BB–A553–4177C1A824AA} – C:\WINDOWS\System32\spgdy.dll
O2 – BHO: PCTools Browser Monitor – {B56A7D7D–6927–48C8–A975–17DF180C71AC} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 – HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" –FastScan
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
+ jesli odinstalowany MS AntiSpyware:
O9 – Extra button: Microsoft AntiSpyware helper – {3EA296EA–C8F8–48A9–AB69–F5AC7525D980} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {3EA296EA–C8F8–48A9–AB69–F5AC7525D980} – (no file) (HKCU)
O9 – Extra button: Microsoft AntiSpyware helper – {E6154645–CA15–4F9F–AF7E–9E5F82C04A19} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Microsoft AntiSpyware helper – {E6154645–CA15–4F9F–AF7E–9E5F82C04A19} – (no file) (HKCU)
Nie instaluj fałszywego softu antyspyware i innych felerów bo wiecej z nimi kłopotu niz pozytku
Strona 1 / 1