jerry2006
(Jarek 68)
11 Sierpień 2007 17:39
#1
Sam widzę że na tym logu są rzeczy których nie mam na komputerze (O4 - HKCU…\Run: [speedX] F:\SPEEDX~1.EXE
O4 - HKCU…\Run: [AnyDVD] “f:\Program Files\SlySoft\AnyDVD\AnyDVD.exe”) ale nie mogę sięich pozbyć. Ad- Watch po każdym uruchomieniu Windowsa pokazuje jakąś modyfikację rejestru i te dwa programy u niego też się pokazują , o co chodzi? Proszę o zerknięcie
Logfile of HijackThis v1.99.1 Scan saved at 19:29:54, on 2007-08-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe f:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe f:\Program Files\Alwil Software\Avast4\ashWebSv.exe F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe F:\Program Files\CursorXP\CursorXP.exe F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\msiexec.exe F:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\explorer.exe F:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\RunOnce: [WMC_0] C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmp.dll” O4 - HKLM…\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 “C:\DOCUME~1\Jarek\USTAWI~1\Temp\IXP000.TMP” O4 - HKLM…\RunOnce: [selfreg] C:\WINDOWS\Corel\Slfregen.exe O4 - HKLM…\RunOnce: [WMC_1] C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmpdxm.dll” O4 - HKLM…\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps O4 - HKCU…\Run: [CursorXP] f:\Program Files\CursorXP\CursorXP.exe O4 - HKCU…\Run: [AWMON] “F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe” O4 - HKCU…\Run: [Gadu-Gadu] “F:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Odkurzacz-MCD] F:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [t4oetray] F:\Program Files\poleng\Translatica 4\Translatica Integration\bin\win\int\ms-oe\t4oetray.exe O4 - HKCU…\Run: [speedX] F:\SPEEDX~1.EXE O4 - HKCU…\Run: [AnyDVD] “f:\Program Files\SlySoft\AnyDVD\AnyDVD.exe” O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: QODUTLYNYBO - Unknown owner - C:\DOCUME~1\Jarek\USTAWI~1\Temp\QODUTLYNYBO.exe (file missing)
Złączono Posta : 11.08.2007 (Sob) 21:33
Czy nikt nie jest mi wstanie pomóc?
Złączono Posta : 11.08.2007 (Sob) 21:34
Czy nikt nie jest mi wstanie pomóc?
qrczak13
(qrczak13)
12 Sierpień 2007 18:20
#2
Start > uruchom > cmd i wpisz:
sc stop "QODUTLYNYBO"
sc delete "QODUTLYNYBO"
Użyj ATF Cleaner w trybie awaryjnym.
Na czas usuwania wyłącz Ad-Watch, bo on blokuje modyfikacje rejestru.
Daj po tym log z ComboFix + opis zrobienia loga na samym dole.
jerry2006
(Jarek 68)
14 Sierpień 2007 19:48
#3
Czemu mają służyć te dwie pierwsze komendy(chciałbym wiedzieć co robię).
Ale przy próbie wykonania ich wyskakuje taki tekst -[sc] OpenService FAILED 1060:
Złączono Posta : 14.08.2007 (Wto) 21:57
A oto log z Combo Fix
ComboFix 07-08-14.4 - “Jarek” 2007-08-14 21:49:26.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.591 [GMT 2:00] ADS removed - svchost.exe: deleted 68 bytes in 1 streams. ADS removed - ntoskrnl.exe: deleted 68 bytes in 1 streams. ((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 ))))))))))))))))))))))))))))))) 2007-08-14 21:48 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-14 19:26 2007-08-13 19:53 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-08-13 19:53 2007-08-13 19:51 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-08-11 22:13 2007-08-11 22:12 2007-08-11 22:07 7,680 --a–c— C:\WINDOWS\system32\dllcache\inetmgr.exe 2007-08-11 22:07 68,608 --a–c— C:\WINDOWS\system32\dllcache\isatq.dll 2007-08-11 22:07 19,968 --a–c— C:\WINDOWS\system32\dllcache\inetsloc.dll 2007-08-11 22:07 13,312 --a–c— C:\WINDOWS\system32\dllcache\infoadmn.dll 2007-08-11 22:06 68,608 --a–c— C:\WINDOWS\system32\dllcache\iisext51.dll 2007-08-11 22:06 64,512 --a–c— C:\WINDOWS\system32\dllcache\iismap.dll 2007-08-11 22:06 6,144 --a–c— C:\WINDOWS\system32\dllcache\ftpsapi2.dll 2007-08-11 22:06 5,632 --a–c— C:\WINDOWS\system32\dllcache\iisrstap.dll 2007-08-11 22:06 15,360 --a–c— C:\WINDOWS\system32\dllcache\iisreset.exe 2007-08-11 22:06 133,632 --a–c— C:\WINDOWS\system32\dllcache\iisrtl.dll 2007-08-11 22:02 102,509 --a–c— C:\WINDOWS\system32\dllcache\fp4atxt.dll 2007-08-11 22:01 82,035 --a–c— C:\WINDOWS\system32\dllcache\fp4anscp.dll 2007-08-11 22:01 49,210 --a–c— C:\WINDOWS\system32\dllcache\fp4areg.dll 2007-08-11 22:01 147,513 --a–c— C:\WINDOWS\system32\dllcache\fp4apws.dll 2007-08-11 22:00 46,592 --a–c— C:\WINDOWS\system32\dllcache\coadmin.dll 2007-08-11 22:00 188,480 --a–c— C:\WINDOWS\system32\dllcache\cfgwiz.exe 2007-08-11 21:57 43,520 --a–c— C:\WINDOWS\system32\dllcache\admwprox.dll 2007-08-11 21:57 290,816 --a–c— C:\WINDOWS\system32\dllcache\adsiis51.dll 2007-08-11 13:50 2007-08-10 21:31 2007-08-09 09:24 2007-08-07 18:53 2007-08-05 20:48 2007-08-05 17:19 2007-08-04 11:37 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2007-08-04 10:57 607,744 --a------ C:\WINDOWS\system32\Decslib.dll 2007-08-04 10:55 245,760 --a------ C:\WINDOWS\system32\Sccomp91.dll 2007-08-04 10:55 225,280 --a------ C:\WINDOWS\system32\Scint91.dll 2007-08-04 10:55 110,592 --a------ C:\WINDOWS\system32\Sccres91.dll 2007-08-04 10:55 2007-08-03 20:17 2007-08-02 19:55 2007-07-19 22:53 2007-07-19 21:40 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2007-07-19 21:40 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-07-19 21:40 27,648 --a------ C:\WINDOWS\system32\irmon.dll 2007-07-19 21:40 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys 2007-07-19 21:40 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2007-07-19 21:40 153,088 --a------ C:\WINDOWS\system32\irftp.exe 2007-07-16 21:49 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-13 19:43 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-08-13 19:43 --------- d-------- C:\Program Files\ATI Technologies 2007-08-12 09:39 --------- d-------- C:\DOCUME~1\Jarek\DANEAP~1\MegauploadToolbar 2007-08-11 21:52 --------- d-------- C:\DOCUME~1\Jarek\DANEAP~1\Uniblue 2007-08-11 21:51 --------- d-------- C:\Program Files\Skype 2007-08-11 21:51 --------- d-------- C:\DOCUME~1\Jarek\DANEAP~1\Skype 2007-08-11 19:16 --------- d-------- C:\Program Files\MegauploadToolbar 2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-05 14:51 --------- d-------- C:\Program Files\Messenger 2007-06-06 23:02 921600 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-06-06 23:02 45056 --a------ C:\WINDOWS\system32\ogg.dll 2007-06-06 23:02 237568 --a------ C:\WINDOWS\system32\OggDS.dll 2007-06-06 23:02 188416 --a------ C:\WINDOWS\system32\vorbis.dll 2007-06-06 23:02 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-06-06 23:01 9216 --a------ C:\WINDOWS\system32\cpuinf32.dll 2007-06-06 23:01 755200 --a------ C:\WINDOWS\system32\ir50_32.dll 2007-06-06 23:01 245760 --a------ C:\WINDOWS\system32\mplvpx.dll 2007-06-06 23:00 765952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-06-06 23:00 639066 --a------ C:\WINDOWS\system32\DivX.dll 2007-05-16 17:18 683520 --a------ C:\WINDOWS\system32\inetcomm.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00] “WMC_AutoUpdate”="" [] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [] “ATIModeChange”=“Ati2mdxx.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CursorXP”=“f:\Program Files\CursorXP\CursorXP.exe” [2005-01-19 17:34] “AWMON”=“F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe” [2005-05-25 13:12] “Gadu-Gadu”=“F:\Program Files\Gadu-Gadu\gg.exe” [2007-05-07 17:08] “Odkurzacz-MCD”=“F:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02] “odk_mcd”="" [] “t4oetray”=“F:\Program Files\poleng\Translatica 4\Translatica Integration\bin\win\int\ms-oe\t4oetray.exe” [] “SpeedX”=“F:\SPEEDX~1.EXE” [] “AnyDVD”=“f:\Program Files\SlySoft\AnyDVD\AnyDVD.exe” [] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [] “Uniblue SpeedUpMyPC”="" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] “HPWebUpdate”= “WMC_0”=C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmp.dll” “wextract_cleanup0”=rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 “C:\DOCUME~1\Jarek\USTAWI~1\Temp\IXP000.TMP” “Selfreg”=C:\WINDOWS\Corel\Slfregen.exe “WMC_1”=C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmpdxm.dll” “WMC_RebootCheck”=C:\WINDOWS\inf\unregmp2.exe /FixUps C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-02-26 21:40:35] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized “t4oetray”=F:\Program Files\poleng\Translatica 4\Translatica Integration\bin\win\int\ms-oe\t4oetray.exe “Uniblue SpeedUpMyPC”= [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “HPHmon05”=C:\WINDOWS\system32\hphmon05.exe “HP Software Update”=“F:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” “HP Component Manager”=“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” “HPDJ Taskbar Utility”=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe “WMC_AutoUpdate”= “ATIModeChange”=Ati2mdxx.exe “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 ZDCndis5;ZDCndis5 Protocol Driver;??\C:\WINDOWS\system32\ZDCndis5.SYS S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver;??\C:\WINDOWS\system32\ZDPNDIS5.SYS Contents of the ‘Scheduled Tasks’ folder 2007-08-11 15:47:37 C:\WINDOWS\Tasks{F897AA24-BDC3-11D1-B85B-00C04FB93981}_ASIEK_Jarek.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-14 21:50:55 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-14 21:51:39 — E O F —
jessica
(jessica)
15 Sierpień 2007 09:10
#4
Nie widzę w logu ComboFixa nic podejrzanego.
Zaś jeśli chodzi o te dwie komendy, to pirwsza zatrzymuje usługę, a druga usuwa tę usługę. U Ciebie mogło być tak, że usługa była już wcześniej wyłączona i dlatego pojawił się komunikat “failed”.
.Sprawdź w logu Hijacka, czy ta nieznana usługa zniknęła.
jessi
jerry2006
(Jarek 68)
15 Sierpień 2007 18:29
#5
Dlaczego to mam w logach skoro te programy usunąłem
jessica
(jessica)
15 Sierpień 2007 19:07
#6
Jeśli chcesz usunąć te bezplikowe klucze rejestru:
Nie jestem pewna, czy to się uda, bo widzę, że zabezpieczyłeś sobie te klucze przed usuwaniem.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run - ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run - ] --> mają minusy z prawej strony, co oznacza, że są zablokowane.
jessi
jerry2006
(Jarek 68)
15 Sierpień 2007 20:42
#7
Nie wiem jak je sobie zabezpieczyłem ale nie mogę ich usunąć w żaden sposób,zrobiłem jak było napisane. Nawet w HijackThis po zaznaczeniu tych wpisów i zfixowaniu ich one zginęły ale po restarcie kompa znowu wszystko jest po staremu i Ad-Watch pokazuje mi przy starcie że są jakieś zmiany( nie wiem jak Ci je pokazać) a oto świeży log
Logfile of HijackThis v1.99.1 Scan saved at 22:29:00, on 2007-08-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe f:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe f:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe F:\Program Files\CursorXP\CursorXP.exe F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe F:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\WINDOWS\system32\wuauclt.exe F:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM…\RunOnce: [WMC_0] C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmp.dll” O4 - HKLM…\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 “C:\DOCUME~1\Jarek\USTAWI~1\Temp\IXP000.TMP” O4 - HKLM…\RunOnce: [selfreg] C:\WINDOWS\Corel\Slfregen.exe O4 - HKLM…\RunOnce: [WMC_1] C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmpdxm.dll” O4 - HKLM…\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps O4 - HKCU…\Run: [CursorXP] f:\Program Files\CursorXP\CursorXP.exe O4 - HKCU…\Run: [AWMON] “F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe” O4 - HKCU…\Run: [Gadu-Gadu] “F:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Odkurzacz-MCD] F:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [speedX] F:\SPEEDX~1.EXE O4 - HKCU…\Run: [AnyDVD] “f:\Program Files\SlySoft\AnyDVD\AnyDVD.exe” O4 - HKCU…\Run: [t4oetray] F:\Program Files\poleng\Translatica 4\Translatica Integration\bin\win\int\ms-oe\t4oetray.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
qrczak13
(qrczak13)
15 Sierpień 2007 22:20
#8
Wyłączasz na czas usuwania tych kluczy Ad-Watch ?
Jak nie to wyłącz i wtedy spróbuj.
jerry2006
(Jarek 68)
16 Sierpień 2007 20:18
#9
Przy wyłączonym Ad-Watch usuwam wpisy i jest wszystko w porządku ale jak uruchomię Ad-Watch to wszystko wraca. Czy mam go nie używać?
To jest log zrobiony po usunięciu wpisów bez uruchamiania Ad- Watch
Logfile of HijackThis v1.99.1 Scan saved at 22:05:21, on 2007-08-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe f:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe f:\Program Files\Alwil Software\Avast4\ashWebSv.exe F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe F:\Program Files\CursorXP\CursorXP.exe F:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\WINDOWS\system32\wuauclt.exe F:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\RunOnce: [WMC_0] C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmp.dll” O4 - HKLM…\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 “C:\DOCUME~1\Jarek\USTAWI~1\Temp\IXP000.TMP” O4 - HKLM…\RunOnce: [selfreg] C:\WINDOWS\Corel\Slfregen.exe O4 - HKLM…\RunOnce: [WMC_1] C:\WINDOWS\system32\regsvr32.exe /s “C:\WINDOWS\system32\wmpdxm.dll” O4 - HKLM…\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps O4 - HKCU…\Run: [CursorXP] f:\Program Files\CursorXP\CursorXP.exe O4 - HKCU…\Run: [Gadu-Gadu] “F:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Odkurzacz-MCD] F:\Program Files\Odkurzacz\odk_mcd.exe O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
qrczak13
(qrczak13)
17 Sierpień 2007 19:09
#12
Wg silenta wszystkie puste wpisy usunięte.
jerry2006
(Jarek 68)
17 Sierpień 2007 19:26
#13
Ale to jest przy wyłączonym programie Ad - Watch. Gdy go uruchamiam wszystko wraca.
jessica
(jessica)
17 Sierpień 2007 19:48
#14
To spróbuj go uruchomić dopiero po restarcie komputera.
jessi
jerry2006
(Jarek 68)
17 Sierpień 2007 19:56
#15
Ad-Watch jest wyłączony i jest wszystko w porządku. Komputer dzisiaj był uruchamiany kilkukrotnie( odznaczyłem opcję uruchamiania Ad-Watch razem z systemem, ale gdy go uruchomiłem przypadkiem będąc w programie Ad-Aware wszystkie wpisy wróciły, dlatego teraz jadę bez niego) zastanawiam się czy go nie przeinstaluje jeszcze raz, to znaczy program Ad-Aware. Na razie dzięki za pomoc i uspokojenie mnie że jest wszystko OK.