CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Prosze o sprawdzenie loga !!

Prosze o sprawdzenie loga !!

Logfile of HijackThis v1.99.0
Scan saved at 20:47:46, on 2004–12–20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:DOCUME~1WiolettaUSTAWI~1TempKatalog tymczasowy 5 dla hijackthis.zipHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = res://C:PROGRA~1Toolbar oolbar.dll/sa
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = res://C:PROGRA~1Toolbar oolbar.dll/sa
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – C:PROGRA~1Toolbar oolbar.dll (file missing)
O2 – BHO: LocalNRDObj Class – {00320615–B6C2–40A6–8F99–F1C52D674FAD} – C:WINDOWSlocalNRD.dll (file missing)
O2 – BHO: (no name) – {83DE62E0–5805–11D8–9B25–00E04C60FAF2} – C:WINDOWS2_0_1browserhelper2.dll (file missing)
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:PROGRA~1COMMON~1WinToolsWToolsB.dll
O2 – BHO: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – C:PROGRA~1Toolbar oolbar.dll (file missing)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll (file missing)
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSsystem32msbe.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll (file missing)
O3 – Toolbar: &Search Toolbar – {339BB23F–A864–48C0–A59F–29EA915965EC} – C:PROGRA~1Toolbar oolbar.dll (file missing)
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [gbluiankfo] C:WINDOWSSystem32kjhiki.exe
O4 – HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..Run: [conscorr] C:WINDOWSconscorr.exe
O4 – HKLM..Run: [Windows AdControl] C:Program FilesWindows AdControlWinAdCtl.exe
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [yrojgnkv] C:WINDOWSyrojgnkv.exe
O4 – HKLM..Run: [Windows TaskAd] C:Program FilesWindows TaskAdWinTaskAd.exe
O4 – HKLM..Run: [WinTools] C:PROGRA~1COMMON~1WinToolsWToolsA.exe
O4 – HKLM..Run: [eDonkey2000] C:Program FileseDonkey2000eDonkey2000.exe –t
O4 – HKLM..Run: [TBPS] C:PROGRA~1ToolbarTBPS.exe
O4 – HKLM..Run: [saap] c:progra~12findm~1partnersaap.exe
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKLM..Run: [WhenUSave] C:PROGRA~1SaveSave.exe
O4 – HKLM..Run: [yvovsxir] C:WINDOWSyvovsxir.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [NAV CfgWiz] C:Program FilesCommon FilesSymantec SharedCfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 – HKLM..RunOnce: [WinTools] C:PROGRA~1COMMON~1WinToolsWToolsA.exe /boot
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O8 – Extra context menu item: Download All by FlashGet – C:PROGRA~1FLASHGETjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:PROGRA~1FLASHGETjc_link.htm
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe (file missing)
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe (file missing)
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=f32ea71f93289f61b4dbf30a04a6a1144dbe14cda02fcaaa9fafbced2952791a768a1a41688817425fa5c9751a6be7b24046:f22d67e45739a8712f7edadac81f3fd5
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540006} (CInstall Class) – http://www.errorguard.com/installation/Install.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O18 – Protocol: tpro – {FF76A5DA–6158–4439–99FF–EDC1B3FE100C} – C:PROGRA~1Toolbar oolbar.dll (file missing)
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: SAVScan – Symantec Corporation – C:Program FilesNorton AntiVirusSAVScan.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
O23 – Service: ZESOFT – Unknown – C:WINDOWSzeta.exe (file missing)

Odpowiedzi: 2

Do wykoszenia z loga i dysku:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = res://C:PROGRA~1Toolbar oolbar.dll/sa
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = res://C:PROGRA~1Toolbar oolbar.dll/sa
R3 – URLSearchHook: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – C:PROGRA~1Toolbar oolbar.dll (file missing)
O2 – BHO: LocalNRDObj Class – {00320615–B6C2–40A6–8F99–F1C52D674FAD} – C:WINDOWSlocalNRD.dll (file missing)
O2 – BHO: (no name) – {83DE62E0–5805–11D8–9B25–00E04C60FAF2} – C:WINDOWS2_0_1browserhelper2.dll (file missing)
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:PROGRA~1COMMON~1WinToolsWToolsB.dll
O2 – BHO: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – C:PROGRA~1Toolbar oolbar.dll (file missing)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll (file missing)

O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSsystem32msbe.dll

O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll (file missing)
O3 – Toolbar: &Search Toolbar – {339BB23F–A864–48C0–A59F–29EA915965EC} – C:PROGRA~1Toolbar oolbar.dll (file missing)
O4 – HKLM..Run: [gbluiankfo] C:WINDOWSSystem32kjhiki.exe
O4 – HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..Run: [conscorr] C:WINDOWSconscorr.exe
O4 – HKLM..Run: [Windows AdControl] C:Program FilesWindows AdControlWinAdCtl.exe
O4 – HKLM..Run: [yrojgnkv] C:WINDOWSyrojgnkv.exe
O4 – HKLM..Run: [Windows TaskAd] C:Program FilesWindows TaskAdWinTaskAd.exe
O4 – HKLM..Run: [WinTools] C:PROGRA~1COMMON~1WinToolsWToolsA.exe
O4 – HKLM..Run: [TBPS] C:PROGRA~1ToolbarTBPS.exe
O4 – HKLM..Run: [saap] c:progra~12findm~1partnersaap.exe
04 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKLM..Run: [WhenUSave] C:PROGRA~1SaveSave.exe
O4 – HKLM..Run: [yvovsxir] C:WINDOWSyvovsxir.exe
O4 – HKLM..RunOnce: [WinTools] C:PROGRA~1COMMON~1WinToolsWToolsA.exe /boot
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe (file missing)
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe (file missing)
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=f32ea71f93289f61b4dbf30a04a6a1144dbe14cda02fcaaa9fafbced2952791a768a1a41688817425fa5c9751a6be7b24046:f22d67e45739a8712f7edadac81f3fd5
O18 – Protocol: tpro – {FF76A5DA–6158–4439–99FF–EDC1B3FE100C} – C:PROGRA~1Toolbar oolbar.dll (file missing)
O23 – Service: ZESOFT – Unknown – C:WINDOWSzeta.exe (file missing)
Bobi
Dodano
20.12.2004 22:26:38
Mały bałagan masz, ale niektórzy user`zy mogą się od Ciebie uczyć, dlatego źe widać u Ciebie w log`u źe coś próbowałeś(aś) zrobić z bałaganem :wink:

OK Let`s Go :

Wyłącz przywracanie systemu,
Napraw (Fix) pozycje w log`u :

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = res://C:PROGRA~1Toolbar oolbar.dll/sa
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = res://C:PROGRA~1Toolbar oolbar.dll/sa
R3 – URLSearchHook: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – C:PROGRA~1Toolbar oolbar.dll (file missing)
O2 – BHO: LocalNRDObj Class – {00320615–B6C2–40A6–8F99–F1C52D674FAD} – C:WINDOWSlocalNRD.dll (file missing)
O2 – BHO: (no name) – {83DE62E0–5805–11D8–9B25–00E04C60FAF2} – C:WINDOWS2_0_1browserhelper2.dll (file missing)
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:PROGRA~1COMMON~1WinToolsWToolsB.dll
O2 – BHO: (no name) – {8952A998–1E7E–4716–B23D–3DBE03910972} – C:PROGRA~1Toolbar oolbar.dll (file missing)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll (file missing)
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSsystem32msbe.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll (file missing)
O3 – Toolbar: &Search Toolbar – {339BB23F–A864–48C0–A59F–29EA915965EC} – C:PROGRA~1Toolbar oolbar.dll (file missing)
O4 – HKLM..Run: [gbluiankfo] C:WINDOWSSystem32kjhiki.exe
O4 – HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..Run: [conscorr] C:WINDOWSconscorr.exe
O4 – HKLM..Run: [Windows AdControl] C:Program FilesWindows AdControlWinAdCtl.exe
O4 – HKLM..Run: [yrojgnkv] C:WINDOWSyrojgnkv.exe
O4 – HKLM..Run: [Windows TaskAd] C:Program FilesWindows TaskAdWinTaskAd.exe
O4 – HKLM..Run: [WinTools] C:PROGRA~1COMMON~1WinToolsWToolsA.exe
O4 – HKLM..Run: [TBPS] C:PROGRA~1ToolbarTBPS.exe
O4 – HKLM..Run: [saap] c:progra~12findm~1partnersaap.exe
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKLM..Run: [WhenUSave] C:PROGRA~1SaveSave.exe
O4 – HKLM..Run: [yvovsxir] C:WINDOWSyvovsxir.exe
O4 – HKLM..RunOnce: [WinTools] C:PROGRA~1COMMON~1WinToolsWToolsA.exe /boot
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe (file missing)
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe (file missing)
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=f32ea71f93289f61b4dbf30a04a6a1144dbe14cda02fcaaa9fafbced2952791a768a1a41688817425fa5c9751a6be7b24046:f22d67e45739a8712f7edadac81f3fd5
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540006} (CInstall Class) – http://www.errorguard.com/installation/Install.cab
O18 – Protocol: tpro – {FF76A5DA–6158–4439–99FF–EDC1B3FE100C} – C:PROGRA~1Toolbar oolbar.dll (file missing)
O23 – Service: ZESOFT – Unknown – C:WINDOWSzeta.exe (file missing)


Zakończ procesy :

kjhiki.exe
WebRebates0.exe
conscorr.exe
WinAdCtl.exe
yrojgnkv.exe
WinTaskAd.exe
WToolsA.exe
TBPS.exe
saap.exe
bargains.exe
Save.exe
yvovsxir.exe

Teraz wyszukaj zaznaczając ukryte i usuń.
Dodatkowo usuń :

toolbar.dll – gdy jest
WToolsB.dll
msbe.dll

Przy problemach z usuwaniem bibliotek wyrejestruj je z uźycia poleceniem z Uruchom regsvr32 /u *dll.
W razie dalszych problemów próbuj w awaryjnym lub za pomoca konsoli.

Włacz przywracanie.
Poza tym OK.
McScr@by
Dodano
20.12.2004 22:26:28
zuzka52
Dodano:
20.12.2004 21:48:57
Komentarzy:
2
Strona 1 / 1