Problem z pozbyciem się z kompa Deskbara


(J Rusinski) #1

Mama problem z wyrzuceniem programu desk bar z kompa. Po każdej próbie usunięcia przy pomocy Avasta lub Spyemergency Deskbar się reinstaluje po restarcie systemu. za każdym razem Avast znajduje te same pliki ze śmieciami, które wyrzuca ale pojawiają się na nowo.

Poniżej zamieszczam loga z Hijack. Co powinienem wyrzucić?

"Logfile of HijackThis v1.99.1

Scan saved at 08:47:13, on 2006-10-05

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Documents and Settings\Jacek\server.exe

C:\WINDOWS\System32\ntsystem.exe

C:\WINDOWS\System32\mysvcc.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\system32\lsyss.exe

C:\Program Files\Spy Emergency 2005\SpyEmergency.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

c:\nwnmff_e23.exe

c:\dfndrff_e23.exe

c:\kybrdff_e23.exe

c:\windows\pwr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

c:\windows\pwr.exe

c:\windows\pwr.exe

C:\Documents and Settings\Jacek\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iee.uz.zgora.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1C46D9F2-F166-25BA-07A9-083CA9C1F3E8} - C:\WINDOWS\System32\ogykgmk.dll

O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [msconfig38] mssvcc.exe

O4 - HKLM\..\Run: [secures23] mssecure.exe

O4 - HKLM\..\Run: [jssvc23] jsssvc.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\Documents and Settings\Jacek\server.exe

O4 - HKLM\..\Run: [winsystems25] winsystems.exe

O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe

O4 - HKLM\..\Run: [winystems25] winystems.exe

O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe

O4 - HKLM\..\Run: [gheypzj.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\gheypzj.dll,yixmspd

O4 - HKLM\..\Run: [newname] c:\\nwnmff_e23.exe

O4 - HKLM\..\Run: [defender] c:\\dfndrff_e23.exe

O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e23.exe

O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe

O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe

O4 - HKLM\..\RunServices: [secures23] mssecure.exe

O4 - HKLM\..\RunServices: [jssvc23] jsssvc.exe

O4 - HKLM\..\RunServices: [winystems25] winystems.exe

O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\Spy Emergency 2005\SpyEmergency.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Remote Plugin Service - Unknown owner - C:\WINDOWS\system32\lsyss.exe

O23 - Service: Remote Reader Machine - Unknown owner - C:\WINDOWS\system32\ssmc.exe (file missing)

O23 - Service: Windows Remote Manager - Unknown owner - C:\WINDOWS\system32\lsiss.exe (file missing)";

(Myszonus) #2

Użyj SmitFraudFix – tu masz opis.

Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługę

Remote Plugin Service, Remote Reader Machine, Windows Remote Manager.

  1. Startujesz do trybu awaryjnego i wyłączasz przywracanie systemu.

  2. Pliki/foldery na czerwono skasuj z dysku.

  3. Wpisy skasuj Hijackiem.

  4. Daj log z Silent Runners – tu masz opis.