Dlazego tak sie dzieje


(Darko80) #1

Mam problem ze startowa a minowice przed adresem sie pojawia syf umie to usunac ale jak zrobie w rejestrze zmiane po chwilli znowu to samo powtsarza sie juz tak chyba z 8 i za kkazdym uruchomieniem mam dwa wirusy wykryte przez avast jakis 12345.exe oraztmpf09.exe mozw wiecie jak to usunaclub sobie poradzic z tym

Wkleje loga !!

Logfile of HijackThis v1.98.2

Scan saved at 15:33:42, on 2004-12-26

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Gadu-Gadu\gg.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.onet.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: auto.search.msn.com 127.0.0.1

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B377} - C:\WINDOWS\System32\CustomIE32.dll (file missing)

O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... 78c1291781

O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - http://portalwiedzy.onet.pl/europlus/le ... ording.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O21 - SSODL: zjSikrTC - {40F6D95D-EA5C-73F7-19AF-084A6A116F80} - C:\WINDOWS\System32\tkhxa.dll (file missing)

O21 - SSODL: eplrr - {69AA5E40-1B80-47B8-8372-746CBC38DD32} - C:\WINDOWS\System32\eplrr3.dll


(3dm Racek) #2

(JNJN) #3

Scan kompa i dopiero log:

http://www.centrumxp.pl/forum/viewtopic ... 533#159533


(Bokser9) #4

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: auto.search.msn.com 127.0.0.1

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe

O21 - SSODL: zjSikrTC - {40F6D95D-EA5C-73F7-19AF-084A6A116F80} - C:\WINDOWS\System32\tkhxa.dll (file missing)

O21 - SSODL: eplrr - {69AA5E40-1B80-47B8-8372-746CBC38DD32} - C:\WINDOWS\System32\eplrr3.dll

Usuń w awaryjnym i ściągnij SP2 i aktualizacje! !!


(Dragonlnx) #5

Wyłącz przywracanie systemu, w trybie awaryjnym :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.onet.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: auto.search.msn.com 127.0.0.1

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKLM..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get\_file. ... 78c1291781

O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - http://portalwiedzy.onet.pl/europlus/le ... ording.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

Start >>> Uruchom >>> msconfig >>> uruchamianie >>> odznaczasz:

dumprep (lub kernel) - gdyby coś nie działało - włącz!

:shock:

Znasz takie coś ?:

O21 - SSODL: zjSikrTC - {40F6D95D-EA5C-73F7-19AF-084A6A116F80} - C:\WINDOWS\System32\tkhxa.dll (file missing)

O21 - SSODL: eplrr - {69AA5E40-1B80-47B8-8372-746CBC38DD32} - C:\WINDOWS\System32\eplrr3.dll

Dużo kontrolek ActiveX:Usuń:

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get\_file. ... 78c1291781

O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {82CF9738-0BDA-4AAF-AB08-5AC5875FF3BB} (YMultiRecord Class) - http://portalwiedzy.onet.pl/europlus/le ... ording.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

Wyczyść historię, cookie, pliki tymczasowe, temp itp.

Skany:

Ad-Aware Se Personal

Spybot - Search & Destroy

CWShredder 2.0ETD Security Scanner 3.0 - Antyszpieg

PestPatrol

Opis Konfiguracji

Wyczyść kompa programami:

EasyCleaner

CCleaner

Jv16PowerTools

Odkurzacz 8.5 Pro !

I daj jeszcze raz log hijackthis !


(Chees) #6

Chłopie a gdzie sp? Dzis bez niego nie mozna zyc :wink: