bardzo pilna o sprawdzenie loga

**Posty:** 39 · przez **marek14** 19 Lut 2006, 00:32

mam prblem mojakolezanka mnie poprosiła zebym jej pomógł bo komp wolno chodzi napiszcie co ona usunac oto jej logo

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 22:16:26, on 2006-02-18 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RmFsa293c2th\command.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe C:\WINDOWS\inet20010\winlogon.exe C:\WINDOWS\System32\paytime.exe C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe C:\WINDOWS\inet20010\mm4.exe C:\WINDOWS\System32\mpcsvc.exe C:\Program Files\Acxc\Ededqe.exe C:\Program Files\Save\Save.exe C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe C:\WINDOWS\System32\rundll32.exe E:\Common\Bin\WinCinemaMgr.exe C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\dwwin.exe C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe C:\DOCUME~1\gosc\USTAWI~1\Temp\update.tmp C:\WINDOWS\System32\dllcache\IExplore.exe C:\WINDOWS\System32\dllcache\IExplore.exe C:\WINDOWS\System32\dllcache\IExplore.exe C:\WINDOWS\System32\dllcache\IExplore.exe C:\WINDOWS\System32\dwwin.exe C:\WINDOWS\System32\dllcache\IExplore.exe C:\WINDOWS\System32\dllcache\IExplore.exe C:\WINDOWS\System32\dllcache\IExplore.exe C:\WINDOWS\System32\cmd.exe C:\WINDOWS\System32\dllcache\IExplore.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\dwwin.exe C:\Documents and Settings\gosc\Pulpit\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://zakladka.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe" F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com O1 - Hosts: 127.0.0.3 x.full-tgp.net O1 - Hosts: 127.0.0.3 counter.cenzura-spam.com O1 - Hosts: 127.0.0.3 autoescrowpay.com O1 - Hosts: 127.0.0.3 www.autoescrowpay.com O1 - Hosts: 127.0.0.3 www.awmdabest.com O1 - Hosts: 127.0.0.3 www.cenzura-spam.nu O1 - Hosts: 127.0.0.3 awmdabest.com O1 - Hosts: 127.0.0.3 cenzura-spam.nu O1 - Hosts: 127.0.0.3 allforadult.com O1 - Hosts: 127.0.0.3 www.allforadult.com O1 - Hosts: 127.0.0.3 www.iframe.biz O1 - Hosts: 127.0.0.3 iframe.biz O1 - Hosts: 127.0.0.3 www.newiframe.biz O1 - Hosts: 127.0.0.3 newiframe.biz O1 - Hosts: 127.0.0.3 www.vesbiz.biz O1 - Hosts: 127.0.0.3 vesbiz.biz O1 - Hosts: 127.0.0.3 www.cenzura!.biz O1 - Hosts: 127.0.0.3 cenzura!.biz O1 - Hosts: 127.0.0.3 www.aaasexypics.com O1 - Hosts: 127.0.0.3 aaasexypics.com O1 - Hosts: 127.0.0.3 www.virgin-tgp.net O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20010\3.01.00.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KnapSrv32] C:\WINDOWS\knapsrv.exe O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20010\winlogon.exe O4 - HKLM\..\Run: [E-nrgyPlus] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames9.exe O4 - HKLM\..\Run: [SiS Mpc Service] C:\WINDOWS\System32\mpcsvc.exe O4 - HKLM\..\Run: [Mnpuo] C:\Program Files\Acxc\Ededqe.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20010\winlogon.exe O4 - HKCU\..\Run: [DCOM Server] rundll32.exe "C:\WINDOWS\System32\dcom_14.dll",run O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = E:\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: ¤âľ÷łs±µµ{¦ˇ.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32 \msjava.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.crazywinnings.com (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.iframedollars.biz (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.topconverting.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 213.159.117.202 (HKLM) O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM) O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM) O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c282.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://advnt01.com/dialer/russia.CAB O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_16.cab O16 - DPF: {41AFD086-1BC5-400B-67FF-46A10B9C6778} - http://213.159.117.150/1/rdgPL10.exe O16 - DPF: {5551D331-0EC3-6FB9-CEF2-2CA1246AC0E9} - http://213.159.117.150/1/rdgPL10.exe O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=2732 O17 - HKLM\System\CCS\Services\Tcpip\..\{C064A385-FF50-477B-AF0E-1CAF1DB6A159}: NameServer = 194.204.159.1,194.204.152.34,192.168.1.2 O20 - Winlogon Notify: dvd4free - C:\WINDOWS\SYSTEM32\dvd4free.dll O20 - Winlogon Notify: hpprintx - C:\WINDOWS\SYSTEM32\hpprintx.dll O20 - Winlogon Notify: sndr32 - C:\WINDOWS\SYSTEM32\sndr32.dll O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\irn6l55s1.dll O21 - SSODL: Web Event Logger - {7FFBADFF-E102-1332-ACDE-44659325C679} - C:\WINDOWS\System32\Nbibjn32.dll (file missing) O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\System32\gokimoii.dll O21 - SSODL: siren.dll - {72817324-5351-131a-57ed-92d682644311} - (no file) O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_14.dll O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\System32\edddjojc.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RmFsa293c2th\command.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing) O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySql - Unknown owner - D:\Program Files\usr/MYSQL/bin/mysqld.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

przez **jeff** 19 Lut 2006, 00:50

hard signal

niech przeskane dysk tym i wywali wszystko :

Panda
Kaspersky
mks_vir
CWShredder 2.15
SpyBot - Search & Destroy v1.4 PL
Ad-aware SE Personal 1.06
PestPatrol

potem log z HijackThis

**Posty:** 1620 · przez **mafia435** 19 Lut 2006, 00:57

Posłuchaj rady detektywa bo masz tu syfu jak kasy w NBP.

**Posty:** 39 · przez **marek14** 19 Lut 2006, 00:58

ale to mojej qumpeli

przez **jeff** 19 Lut 2006, 00:59

marek14 napisał(a):ale to mojej qumpeli

a nie moze przeskanowac tym czym podałem :?:

**Posty:** 39 · przez **marek14** 19 Lut 2006, 00:59

własnie dla niej pisze
to trzeba w IE
w w Mozalii firefox nie działa

**Posty:** 9 · przez **Marcinn** 19 Lut 2006, 01:00

C:\WINDOWS\RmFsa293c2th\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\inet20010\winlogon.exe
C:\WINDOWS\System32\paytime.exe
C:\Program Files\Save\Save.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.cenzura-spam.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.cenzura-spam.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 cenzura-spam.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.cenzura!.biz
O1 - Hosts: 127.0.0.3 cenzura!.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20010\winlogon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20010\winlogon.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c282.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://advnt01.com/dialer/russia.CAB
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_16.cab
O16 - DPF: {41AFD086-1BC5-400B-67FF-46A10B9C6778} - http://213.159.117.150/1/rdgPL10.exe
O16 - DPF: {5551D331-0EC3-6FB9-CEF2-2CA1246AC0E9} - http://213.159.117.150/1/rdgPL10.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RmFsa293c2th\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

Pliki i Foldery zaznaczone an czerwono usuwasz recznie w trybie awaryjnym!

**Posty:** 8694 · przez **Red** 19 Lut 2006, 01:03

system zupelnie bez zabezpieczen

usuwasz z wylaczonym przywracaniem systemu w xp i w trybie awaryjnym f8

C:\WINDOWS\RmFsa293c2th\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe
C:\WINDOWS\inet20010\winlogon.exe
C:\WINDOWS\System32\paytime.exe
C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
C:\WINDOWS\inet20010\mm4.exe
C:\WINDOWS\System32\mpcsvc.exe
C:\Program Files\Acxc\Ededqe.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet
"C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.cenzura-spam.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.cenzura-spam.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 cenzura-spam.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.cenzura!.biz
O1 - Hosts: 127.0.0.3 cenzura!.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20010\3.01.00.dll
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [KnapSrv32] C:\WINDOWS\knapsrv.exe
O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd9.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20010\winlogon.exe
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Program Files\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames9.exe
O4 - HKLM\..\Run: [SiS Mpc Service] C:\WINDOWS\System32\mpcsvc.exe
O4 - HKLM\..\Run: [Mnpuo] C:\Program Files\Acxc\Ededqe.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20010\winlogon.exe
O4 - HKCU\..\Run: [DCOM Server] rundll32.exe "C:\WINDOWS\System32\dcom_14.dll",run
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c282.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://advnt01.com/dialer/russia.CAB
O20 - Winlogon Notify: dvd4free - C:\WINDOWS\SYSTEM32\dvd4free.dll
O20 - Winlogon Notify: hpprintx - C:\WINDOWS\SYSTEM32\hpprintx.dll
O20 - Winlogon Notify: sndr32 - C:\WINDOWS\SYSTEM32\sndr32.dll
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\irn6l55s1.dll
O21 - SSODL: Web Event Logger - {7FFBADFF-E102-1332-ACDE-44659325C679} - C:\WINDOWS\System32\Nbibjn32.dll (file missing)
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\System32\gokimoii.dll
O21 - SSODL: siren.dll - {72817324-5351-131a-57ed-92d682644311} - (no file)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_14.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\System32\edddjojc.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RmFsa293c2th\command.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

to co ci pogrubiłem usuwasz recznie z dysku ,a zaznaczone wpisy w hijacku
usuwasz zaznaczajac fix

i dajesz log do kontroli

ps

ufffffffff ale bajecznie masz w systemie

**Posty:** 39 · przez **marek14** 19 Lut 2006, 02:25

aqanaczone czyli te pozostałe nie pogrubione tak ??

przez **jeff** 19 Lut 2006, 02:30

marek14 napisał(a):aqanaczone czyli te pozostałe nie pogrubione tak ??

w Hijacku kasujesz wszystkie wpisy a pogrubione pliki/foldery dodatkowo wywalasz recznie z dysku

**Posty:** 39 · przez **marek14** 19 Lut 2006, 14:54

duzo jest tego do usuniecia ale to sa wszystko wirusy ??

przez **jeff** 19 Lut 2006, 14:55

duzo jest tego do usuniecia ale to sa wszystko wirusy ??

wszystko - sp1 za mało i brak AV

**Posty:** 39 · przez **marek14** 19 Lut 2006, 14:59

to ostro spowalnia kompa

przez **jeff** 19 Lut 2006, 15:01

marek14 napisał(a):to ostro spowalnia kompa

niech skasuje co ma skasowac - daje potem log kontrolny -co do AV są różne - tematy przyklejone w tym dziale

bardzo pilna o sprawdzenie loga

Bardzo pilna o sprawdzenie loga

Kto jest na forum