Prosze o sprawdzenie loga

Logfile of HijackThis v1.99.0
Scan saved at 14:28:02, on 2005–02–17
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1A4TechKeyboardIkeymain.exe
C:WINDOWSSystem32atiptaxx.exe
C:Program FilesJavaj2re1.4.2_01injusched.exe
C:Program FilesAlcatelSpeedTouch USBDragdiag.exe
C:PROGRA~1WANADOOTaskbarIcon.exe
C:Program FilesWinampwinampa.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb07.exe
C:WINDOWSSystem32ap9h4qmo.exe
C:Program FilesWindows FormatAdWinForm.exe
C:DOCUME~1ŁUKASZUSTAWI~1TempSAHAGE~1.EXE
C:WINDOWSSystem32ctfmon.exe
C:Program FilesTlen.pl len.exe
C:Program FilesWindows FormatAdWinFormKeep.exe
C:Program FilesWanadooEspaceWanadoo.exe
C:Program FilesWanadooComComp.exe
C:Program FilesWanadooWatch.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:PROGRA~1MOZILL~1FIREFOX.EXE
C:Program FilesGadu–Gadugg.exe
C:HijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll
O2 – BHO: FlashFXP Helper for Internet Explorer – {E5A1691B–D188–4419–AD02–90002030B8EE} – C:PROGRA~1FlashFXPIEFlash.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll
O4 – HKLM..Run: [iKeyWorks] C:PROGRA~1A4TechKeyboardIkeymain.exe
O4 – HKLM..Run: [AtiPTA] atiptaxx.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_01injusched.exe
O4 – HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesAlcatelSpeedTouch USBDragdiag.exe" /icon
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1WANADOOWatch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:PROGRA~1WANADOOTaskbarIcon.exe
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [Onet.pl AutoUpdate] "C:Program FilesCommon FilesOnet.plNewAutoUpdate.exe" /updateexetsr
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb07.exe
O4 – HKLM..Run: [ap9h4qmo] C:WINDOWSSystem32ap9h4qmo.exe
O4 – HKLM..Run: [Windows FormatAd] C:Program FilesWindows FormatAdWinForm.exe
O4 – HKLM..Run: [SAHBundle] C:DOCUME~1ŁUKASZUSTAWI~1TempSAHAGE~1.EXE run
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_01in pjpi142_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_01in pjpi142_01.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c: osuxxx.mht!http://www.kazaalite.pl/stats/loudklite.chm::/bridge–c46.cab
O16 – DPF: {631FF594–EC25–4CFF–B869–402DF294E1D6} (Instalator oprogramowania Onet.pl) – http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O16 – DPF: {AB8638BB–79E8–4E9D–ABF2–8F33054E3941} (Guesser Class) – http://czat.onet.pl/client/kalambury/NetPunGame1.dll
O17 – HKLMSystemCCSServicesTcpip..{DAB34112–370C–4CE2–A4FE–62D08EA7FE04}: NameServer = 194.204.152.34 217.98.63.164

Mam blad o ktorym pisze w tym temacie http://www.centrumxp.pl/forum/viewtopic.php?t=30749

Wylaczasz przywracanie, zakanczasz w menedzerze zadan nastepujace procesy:

ap9h4qmo.exe
WinForm.exe
SAHAGE~1.EXE

i wywalasz je z dysku (jesli nie bedzie sie dalo to sprobuj w trybie awaryjnym). Na koniec fix ponizszych pozycji:

C:WINDOWSSystem32ap9h4qmo.exe
C:Program FilesWindows FormatAdWinForm.exe
C:DOCUME~1ŁUKASZUSTAWI~1TempSAHAGE~1.EXE
O4 – HKLM..Run: [ap9h4qmo] C:WINDOWSSystem32ap9h4qmo.exe
O4 – HKLM..Run: [Windows FormatAd] C:Program FilesWindows FormatAdWinForm.exe
O4 – HKLM..Run: [SAHBundle] C:DOCUME~1ŁUKASZUSTAWI~1TempSAHAGE~1.EXE run
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its;mhtml;file;//c: osuxxx.mht!http://www.kazaalite.pl/stats/loudklite.chm::/bridge–c46.cab

wins

Dodano: 17.02.2005 15:53:09

Wylaczasz przywracanie, zakanczasz w menedzerze zadan nastepujace procesy:

ap9h4qmo.exe
WinForm.exe
SAHAGE~1.EXE

i wywalasz je z dysku (jesli nie bedzie sie dalo to sprobuj w trybie awaryjnym). Na koniec fix ponizszych pozycji:

C:WINDOWSSystem32ap9h4qmo.exe
C:Program FilesWindows FormatAdWinForm.exe
C:DOCUME~1ŁUKASZUSTAWI~1TempSAHAGE~1.EXE
O4 – HKLM..Run: [ap9h4qmo] C:WINDOWSSystem32ap9h4qmo.exe
O4 – HKLM..Run: [Windows FormatAd] C:Program FilesWindows FormatAdWinForm.exe
O4 – HKLM..Run: [SAHBundle] C:DOCUME~1ŁUKASZUSTAWI~1TempSAHAGE~1.EXE run
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its;mhtml;file;//c: osuxxx.mht!http://www.kazaalite.pl/stats/loudklite.chm::/bridge–c46.cab

wins

Dodano: 17.02.2005 15:53:09

Prosze o sprawdzenie loga

Odpowiedzi: 2