Czy sprawdziłby mi ktoś log?

goi · 7 Kwiecień 2005 09:14

Byłabym bardzo wczęczna, gdyby ktoś uprzejmy sprawdziłby mi log

Logfile of HijackThis v1.99.1

Scan saved at 11:09:11, on 2005-04-06

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe

C:\WINDOWS\System32\acrotray.exe

C:\WINDOWS\System32\initd.exe

C:\WINDOWS\System32\init32b.exe

C:\WINDOWS\System32\init3.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Documents and Settings\Asia\Dane aplikacji\osbi.exe

C:\WINDOWS\System32\n?lookup.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Wirtualna Polska\System syntezy mowy\rozmowy.exe

C:\Program Files\Wirtualna Polska\System syntezy mowy\synteza_DDE_klient.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Avant Browser\avant.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE

C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SPAMBL~1.EXE

C:\Program Files\hijackthis1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Asia\USTAWI~1\Temp\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Asia\USTAWI~1\Temp\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {68B78DD6-A877-4A5B-97B3-D66FC2AD52D9} - C:\WINDOWS\System32\efkh.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM…\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM…\Run: [spamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe

O4 - HKLM…\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe

O4 - HKLM…\Run: [Adobe Acrobat Distiller Application] acrotray.exe

O4 - HKLM…\Run: [Microsoft Unix Support] initd.exe

O4 - HKLM…\Run: [system Init] init32b.exe

O4 - HKLM…\Run: [unix File Support] init3.exe

O4 - HKLM…\Run: [sp] rundll32 C:\DOCUME~1\Asia\USTAWI~1\Temp\se.dll,DllInstall

O4 - HKLM…\RunServices: [ATI Control] atic.exe

O4 - HKLM…\RunServices: [Microsoft Unix Support] initd.exe

O4 - HKLM…\RunServices: [system Init] init32b.exe

O4 - HKLM…\RunServices: [unix File Support] init3.exe

O4 - HKLM…\RunServices: [Windows Update Manager] C:\WINDOWS\system32\wuamgid32.exe

O4 - HKLM…\RunServices: [Adobe Acrobat Distiller Application] acrotray.exe

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [isos] C:\Documents and Settings\Asia\Dane aplikacji\osbi.exe

O4 - HKCU…\Run: [Jodz] C:\WINDOWS\System32\n?lookup.exe

O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU…\Run: [system Init] init32b.exe

O4 - HKCU…\Run: [unix File Support] init3.exe

O4 - HKCU…\Run: [Lgivfw] C:\WINDOWS\System32??sembly\nslookup.exe

O4 - HKCU…\RunServices: [Windows 32 System] winsys32c.exe

O4 - HKCU…\RunServices: [MS service] msservice.exe

O4 - HKCU…\RunServices: [system Init] init32b.exe

O4 - HKCU…\RunServices: [unix File Support] init3.exe

O4 - Startup: Rozmowa.lnk = C:\Program Files\Wirtualna Polska\System syntezy mowy\rozmowy.exe

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony… - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm

O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

O18 - Filter: text/html - {C88F76C9-616A-47F6-B4C7-314C6193B223} - C:\WINDOWS\System32\efkh.dll

O18 - Filter: text/plain - {C88F76C9-616A-47F6-B4C7-314C6193B223} - C:\WINDOWS\System32\efkh.dll

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

kuz5 · 7 Kwiecień 2005 09:50

Wyczyść katalog TEMP

Start=>Uruchom=>%temp%=>I usuń wszystko co sie tam znajduje

Usuń w trybie awaryjnym z wyłączonym przywracaniem systemu:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Asia\USTAWI~1\Temp\se.dll/sp.html 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Asia\USTAWI~1\Temp\se.dll/sp.html 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank 

O2 - BHO: (no name) - {68B78DD6-A877-4A5B-97B3-D66FC2AD52D9} - C:\WINDOWS\System32\efkh.dll 

O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe

O4 - HKLM\..\Run: [System Init] init32b.exe

O4 - HKLM\..\Run: [Microsoft Unix Support] initd.exe

O4 - HKLM\..\Run: [Unix File Support] init3.exe

O4 - HKLM\..\RunServices: [ATI Control] atic.exe 

O4 - HKLM\..\RunServices: [Microsoft Unix Support] initd.exe 

O4 - HKLM\..\RunServices: [System Init] init32b.exe 

O4 - HKLM\..\RunServices: [Unix File Support] init3.exe 

O4 - HKLM\..\RunServices: [Windows Update Manager] C:\WINDOWS\system32\wuamgid32.exe 

O4 - HKCU\..\Run: [Isos] C:\Documents and Settings\Asia\Dane aplikacji\osbi.exe 

O4 - HKCU\..\Run: [Jodz] C:\WINDOWS\System32\n?lookup.exe 

O4 - HKCU\..\Run: [System Init] init32b.exe 

O4 - HKCU\..\Run: [Unix File Support] init3.exe 

O4 - HKCU\..\Run: [Lgivfw] C:\WINDOWS\System32\??sembly\nslookup.exe 

O4 - HKCU\..\RunServices: [Windows 32 System] winsys32c.exe 

O4 - HKCU\..\RunServices: [MS service] msservice.exe 

O4 - HKCU\..\RunServices: [System Init] init32b.exe 

O4 - HKCU\..\RunServices: [Unix File Support] init3.exe 

O18 - Filter: text/html - {C88F76C9-616A-47F6-B4C7-314C6193B223} - C:\WINDOWS\System32\efkh.dll 

O18 - Filter: text/plain - {C88F76C9-616A-47F6-B4C7-314C6193B223} - C:\WINDOWS\System32\efkh.dll

C:\WINDOWS\System32\initd.exe

C:\WINDOWS\System32\init32b.exe

C:\WINDOWS\System32\init3.exe

Pliki na czerwono usuń ręcznie z dysku

Po usunięciu tego co podałem wklej nowego loga

musg · 7 Kwiecień 2005 09:56

na poczatku wywalasz:

sciagasz dodatkowo program:

http://www.dobreprogramy.com/index.php?dz=2&id=657&t=55

i scanujesz nim

nastepnie

recznie wywalasz z dysku:

tj-initd.exe

nastepnie usuwasz:

spam blocker jakis trefny!

za pomoca hijacka fixuj:

przy usuwaniu wylacz przywracanie systemu i wejdz w tryb awaryjny f8

pozniej daj raz jeszcze log

goi · 7 Kwiecień 2005 11:53

Logfile of HijackThis v1.99.1

Scan saved at 13:51:53, on 2005-04-06

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe

C:\WINDOWS\System32\acrotray.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\WINDOWS\System32\n?lookup.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Wirtualna Polska\System syntezy mowy\rozmowy.exe

C:\Program Files\Wirtualna Polska\System syntezy mowy\synteza_DDE_klient.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\taskmgr.exe