Blagam o spr. loga, bo ja nic z tego nie rozumiem - blondi

Logfile of HijackThis v1.99.1

Scan saved at 00:07:41, on 2005-05-16

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\Explorer.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Spyware Doctor\swdoctor.exe

C:\Documents and Settings\norcik\Skrivbord\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {E4179C70-5BCC-0363-B7D1-56C0CC955AC6} - C:\WINNT\system32\sxaz.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [vuhmr] C:\WINNT\vuhmr.exe

O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [Windows System Configuration] C:\WINNT\SYSCFG16.EXE

O4 - HKLM\..\Run: [Widnows Xp Web scan] xpscan.exe

O4 - HKLM\..\Run: [Dll loader Windows] C:\WINNT\SYSCFG16.EXE

O4 - HKLM\..\Run: [Compaq Service Drivers] compq.exe

O4 - HKLM\..\Run: [Antivirus Update Check] windos.exe

O4 - HKLM\..\Run: [Windows Service Footer] winsvc.exe

O4 - HKLM\..\Run: [MSLog] MicrosoftLog.exe

O4 - HKLM\..\Run: [Servicing] hostd.exe

O4 - HKLM\..\Run: [MSFireLog.exe] MSLog

O4 - HKLM\..\Run: [Microsoft Bool Value] MV2.exe

O4 - HKLM\..\Run: [Microsoft Web Device] wdevice.exe

O4 - HKLM\..\Run: [ejskp] C:\WINNT\system32\kmojvnu\ejskp.exe

O4 - HKLM\..\Run: [Microsoft Puf Kont] oli.exe

O4 - HKLM\..\Run: [CSCRS Value Check] MsPMSPSd.exe

O4 - HKLM\..\Run: [Registry Value Name Start] MsPMSPSa.exe

O4 - HKLM\..\Run: [Microsoft checker] MsPMSPTv.exe

O4 - HKLM\..\Run: [Opel Corsa] sysfix.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\RunServices: [Widnows Xp Web scan] xpscan.exe

O4 - HKLM\..\RunServices: [Compaq Service Drivers] compq.exe

O4 - HKLM\..\RunServices: [Antivirus Update Check] windos.exe

O4 - HKLM\..\RunServices: [Windows Service Footer] winsvc.exe

O4 - HKLM\..\RunServices: [Servicing] hostd.exe

O4 - HKLM\..\RunServices: [Opel Corsa] sysfix.exe

O4 - HKLM\..\RunServices: [Microsoft Bool Value] MV2.exe

O4 - HKLM\..\RunServices: [Microsoft Web Device] wdevice.exe

O4 - HKLM\..\RunServices: [Microsoft Puf Kont] oli.exe

O4 - HKLM\..\RunServices: [CSCRS Value Check] MsPMSPSd.exe

O4 - HKLM\..\RunServices: [Registry Value Name Start] MsPMSPSa.exe

O4 - HKLM\..\RunServices: [Microsoft checker] MsPMSPTv.exe

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Widnows Xp Web scan] xpscan.exe

O4 - HKCU\..\Run: [Compaq Service Drivers] compq.exe

O4 - HKCU\..\Run: [Antivirus Update Check] windos.exe

O4 - HKCU\..\Run: [MSLog] MicrosoftLog.exe

O4 - HKCU\..\Run: [Servicing] hostd.exe

O4 - HKCU\..\Run: [Opel Corsa] sysfix.exe

O4 - HKCU\..\Run: [MSFireLog.exe] MSLog

O4 - HKCU\..\Run: [Uzrtjiy] C:\WINNT\system32\??plorer.exe

O4 - HKCU\..\Run: [Microsoft Web Device] wdevice.exe

O4 - HKCU\..\Run: [Microsoft Puf Kont] oli.exe

O4 - HKCU\..\Run: [CSCRS Value Check] MsPMSPSd.exe

O4 - HKCU\..\RunServices: [Compaq Service Drivers] compq.exe

O4 - HKCU\..\RunServices: [Antivirus Update Check] windos.exe

O4 - HKCU\..\RunServices: [Microsoft Web Device] wdevice.exe

O4 - HKCU\..\RunServices: [CSCRS Value Check] MsPMSPSd.exe

O4 - Global Startup: Image Transfer.lnk = C:\Program\Sony Corporation\Image Transfer\SonyTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab

O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O23 - Service: FireDaemon Service: binconf (binconf) - Unknown owner - C:\WINNT\system32\directx\asp\mech\FireDaemon.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

Wiem, ze mam wirusy w komputerze i walcze na wszystkie sposoby, a one znow wracaja. Jak widac, nie znam sie na tym za bardzo, wiec mam nadzieje, ze kots mi pomoze. Z gory dzieki

Usń wpsiy hijackiem w trybie awaryjnym, reczne skasuj pliki, co do pliku ??plorer.exe zobacz jak Usuwanie plików “z pytajnikiem” TUTAJ :stuck_out_tongue:

To wszystko, co przekopiowales mam usunac?? (bardzo dziekuje za pomoc)

tak usunąc trzeba to w HijackThis

A pliki np.SYSCFG16.EXE, vuhmr.exe, sxaz.dll i pozostałe ręcznie w trybie awaryjnym usuwaj! !!

A co mam zrobic, jesli pokazuje mi w logu, ze plik jest i Ty mi mowisz, ze mam go usunac recznie, a wchodze w ten folder a tego pliku nie ma? np. C:/WINT/??plorel.exe

Teraz wyglada tak:

Logfile of HijackThis v1.99.1

Scan saved at 00:58:16, on 2005-05-16

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\Explorer.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Spyware Doctor\swdoctor.exe

C:\Documents and Settings\norcik\Skrivbord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O4 - HKLM…\Run: [ccApp] “C:\Program\Delade filer\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [ccRegVfy] “C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe”

O4 - HKLM…\Run: [Advanced Tools Check] C:\Program\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM…\Run: [GSICONEXE] GSICON.EXE

O4 - HKLM…\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM…\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun

O4 - HKLM…\Run: [QuickTime Task] “C:\Program\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM…\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKCU…\Run: [internat.exe] internat.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - Global Startup: Image Transfer.lnk = C:\Program\Sony Corporation\Image Transfer\SonyTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra ‘Tools’ menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme … loader.cab

O23 - Service: FireDaemon Service: binconf (binconf) - Unknown owner - C:\WINNT\system32\directx\asp\mech\FireDaemon.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

teraz w logu ok :slight_smile:

Spyware Doctor - usuń, to fałszywy program.

Zrób skan skanerami online.