Skocz do zawartości

r   e   k   l   a   m   a

Zdjęcie

Jak mam usunac "azesearch"?


  • Zaloguj się, aby dodać odpowiedź
19 odpowiedzi w tym temacie

#1 teamki

teamki
  • Użytkownicy
  • 44 postów

Napisano 09.10.2005 - 11:37

Oto moj log:

Logfile of HijackThis v1.99.1
Scan saved at 12:38:22, on 2005-10-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Optimizer\optimize.exe
D:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
D:\WINDOWS\system\driver\csrss.exe
D:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
D:\WINDOWS\system\driver\services.exe
D:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
D:\Program Files\DAP\DAP.EXE
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\User\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - D:\WINDOWS\system32\azesearch4.ocx
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - D:\WINDOWS\system32\iasada.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - D:\WINDOWS\system32\azesearch4.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [CamMonitor] D:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunOnce: [DeleteISTbar] rundll32.exe advpack.dll,DelNodeRunDLL32 "D:\Program Files\ISTbar\istbarcm.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/Bridge-c139.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_cracks.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - D:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - D:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NTSVCMGR - Unknown owner - D:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe

Prosze wytlumaczcie mi krok po kroku co mam zrobic.

#2 Bunio

Bunio
  • Użytkownicy
  • 4174 postów

Napisano 09.10.2005 - 12:18

jak usunąć Azesearch ?
popatrz tu http://labs.paretolo... ... =Azesearch
Instrukcja:

[*:6a19vq9v] ściągnij Xoftspy dostępny tu http://www.paretolog...om/download.asp
[*:6a19vq9v] usuń te pliki
\azesearch.???
\azesearch?.???
\iasad.dll
\iasadm.dll
[*:6a19vq9v] oraz usuń te klucze
CLSID\{F65B197F-8260-4D52-909A-F70118E646EB}
CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
Software\microsoft\windows\currentversion\explorer\browser helper objects\{A6790AA5-C6C7-4BCF-A46D-0
Software\classes\clsid\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}

CLSID\{FFF5092F-7172-4018-827B-FA5868FB0478}
Software\microsoft\windows\currentversion\explorer\browser helper objects\{FFF5092F-7172-4018-827B-F
Software\classes\clsid\{FFF5092F-7172-4018-827B-FA5868FB0478}
CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
Software\microsoft\windows\currentversion\explorer\browser helper objects\{A6790AA5-C6C7-4BCF-A46D-0
Software\classes\clsid\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
CLSID\{A19EF336-01D4-48E6-926A-FE7E1C747AED}
Software\microsoft\windows\currentversion\explorer\browser helper objects\{A19EF336-01D4-48E6-926A-F
Software\classes\clsid\{A19EF336-01D4-48E6-926A-FE7E1C747AED}
CLSID\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4}
Software\microsoft\windows\currentversion\explorer\browser helper objects\{DA7FF3F8-08BE-4CAC-BC00-9
Software\classes\clsid\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4}
CLSID\{1474CE44-8057-4AE3-8F3E-ED37C7C63D8A}
Software\microsoft\windows\currentversion\explorer\browser helper objects\{1474CE44-8057-4AE3-8F3E-E
Software\classes\clsid\{1474CE44-8057-4AE3-8F3E-ED37C7C63D8A}
Software\microsoft\windows\currentversion\explorer\browser helper objects\{F65B197F-8260-4D52-909A-F
Software\classes\clsid\{F65B197F-8260-4D52-909A-F70118E646EB}

hatred towards mankind and life itself


#3 longpaul

longpaul
  • Użytkownicy
  • 23 postów

Napisano 09.10.2005 - 12:21

1. Uruchamiasz ponownie komputer

2. Przy starcie Windows wciskasz F8 i wybierasz opcję Tryb awaryjny (bez obsługi sieci)

3. Odpalasz hijackthis

4. Usuwasz te wpisy (zaznaczasz i fix)
D:\Program Files\Internet Optimizer\optimize.exe
D:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
D:\WINDOWS\system\driver\csrss.exe
D:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
D:\WINDOWS\system\driver\services.exe
D:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
(oczywiście chodzi tu o wpisy, gdzie masz tą ścieżkę - wszystkie!)

O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - D:\WINDOWS\system32\azesearch4.ocx
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - D:\WINDOWS\system32\iasada.dll 
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe" 
O4 - HKLM\..\RunOnce: [DeleteISTbar] rundll32.exe advpack.dll,DelNodeRunDLL32 "D:\Program Files\ISTbar\istbarcm.dll" 
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/Bridge-c139.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll 
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - D:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
O23 - Service: NTLOAD - Unknown owner - D:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
O23 - Service: NTSVCMGR - Unknown owner - D:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe

5. Usuwasz pliki
D:\WINDOWS\SYSTEM\DRIVER\ 
D:\Program Files\ISTbar
D:\Program Files\Internet Optimizer
(cały katalog, np. Driver, wyrzucasz)

D:\WINDOWS\system32\iasada.dll 
D:\WINDOWS\system32\azesearch4.ocx
Tutaj tylko te dwa pojedyncze pliki.

6. Sprawdzasz dysk programem Adaware
http://www.download....page&tag=button

Powinno pomóc.

#4 teamki

teamki
  • Użytkownicy
  • 44 postów

Napisano 09.10.2005 - 13:03

Logfile of HijackThis v1.99.1

Scan saved at 14:04:26, on 2005-10-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\System32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\SOUNDMAN.EXE

D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Gadu-Gadu\gg.exe

D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

D:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe

D:\WINDOWS\SYSTEM\DRIVER\ntuser.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Internet Explorer\iexplore.exe

E:\Program Files\Hjiack This\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - D:\WINDOWS\system32\azesearch4.ocx (file missing)

O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - D:\WINDOWS\system32\iasada.dll

O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - D:\WINDOWS\system32\azesearch4.ocx (file missing)

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [CamMonitor] D:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe

O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/Bridge-c139.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_cracks.cab

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe

O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - D:\WINDOWS\SYSTEM\DRIVER\ntuser.exe

O23 - Service: NTLOAD - Unknown owner - D:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe

O23 - Service: NTSVCMGR - Unknown owner - D:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe


#5 longpaul

longpaul
  • Użytkownicy
  • 23 postów

Napisano 09.10.2005 - 13:05

Wyżej napisałem, co masz zrobić...

#6 Pyra

Pyra
  • Użytkownicy
  • 2043 postów

Napisano 09.10.2005 - 13:06

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga


AMD 2x 3600+ AC64PRO | 2x512 Geil 800 | DFI INFINITY | 7600GS+zalaman | Samsung SP160+Segate40 | BENQ DVD 1670 | Chieftec 450W | win XP

SONY VAIO VPCF11PFX/H | Core i7-720QM | 4GB DDR3 | 500GB Hard Drive | GeForce 310M | WIn 7 x64

#7 teamki

teamki
  • Użytkownicy
  • 44 postów

Napisano 09.10.2005 - 13:17

Juz wszystko gra?

Logfile of HijackThis v1.99.1
Scan saved at 14:18:05, on 2005-10-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
D:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Hjiack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - D:\WINDOWS\system32\azesearch4.ocx (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [CamMonitor] D:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_cracks.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - D:\WINDOWS\SYSTEM\DRIVER\ntuser.exe


#8 longpaul

longpaul
  • Użytkownicy
  • 23 postów

Napisano 09.10.2005 - 13:21

O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - D:\WINDOWS\system32\azesearch4.ocx (file missing)
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_cracks.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab 
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - D:\WINDOWS\SYSTEM\DRIVER\ntuser.exe

Usuń w trybie awaryjnym, inaczej nie zadziała.

#9 teamki

teamki
  • Użytkownicy
  • 44 postów

Napisano 09.10.2005 - 13:29

Mam zrobic tak?

1. Zresetowac kompa
2. Naciskac f8 podczas resetu i wlaczyc "tryb awaryjny"
3 wlaczyc hjiack this i usunac te wpisy poprzez zaznaczenie ich i nacisniecie "fix checked".

#10 detektyw

detektyw
  • Użytkownicy
  • 5273 postów

Napisano 09.10.2005 - 13:30

O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - D:\WINDOWS\SYSTEM\DRIVER\ntuser.exe


tego nie usuniesz przez fixa :?

Start -> Uruchom -> services.msc -> zatrzymaj i wyłącz proces NTBOOTMGR potem odpalasz HijackThis Misc Tools -> Delete NT service => wpisz NTBOOT -> Ok i zresetuj komputer.

#11 longpaul

longpaul
  • Użytkownicy
  • 23 postów

Napisano 09.10.2005 - 13:32

Oczywiście, że usuniesz - w trybie awaryjnym ta usługa nie będzie chodziła.

#12 teamki

teamki
  • Użytkownicy
  • 44 postów

Napisano 09.10.2005 - 13:43

W trybie awaryjnym nie moglem usunac ostatniej linijki. Oto log:

Logfile of HijackThis v1.99.1
Scan saved at 14:44:01, on 2005-10-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
D:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Hjiack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [CamMonitor] D:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - D:\WINDOWS\SYSTEM\DRIVER\ntuser.exe

Jak usunac te ostatnia? Szegolowe odp. plz.

#13 detektyw

detektyw
  • Użytkownicy
  • 5273 postów

Napisano 09.10.2005 - 13:45

Jak usunac te ostatnia? Szegolowe odp. plz.


patrz na ostatni mój post ;]

#14 teamki

teamki
  • Użytkownicy
  • 44 postów

Napisano 09.10.2005 - 13:51

Zatrzymalem NTBOOTMGR, ale jak wylaczyc, bo nie moge go usunac przez Hjiack This bo pisze, ze jest aktywny?
PS: To trzeba zrobic w trybie awaryjnym czy normalnym?

#15 longpaul

longpaul
  • Użytkownicy
  • 23 postów

Napisano 09.10.2005 - 13:57

Można w normalnym.
Z prawego klawisza Właściwości->Tryb uruchomienia->Wyłączony.
Potem usunąć przez to narzędzie hijackthis.

Aha: no i w ten sam sposób wyłącz Usługę przywracania systemu - ona może powodowac problemy

jeśli będziesz robił w awaryjnym, to nie zaszkodzi :)
W hijackthis usuwasz tą usługę przez: Open the Misc Tools section
Delete NT service i wpisujesz NTBOOT