Prośba o sprawdzenie log-a. problem SPYWARE INFECTION


(Neon 88) #1

Mam problem odnośnie tego że zlapalem jakies wiry czy spyware nie jestem w stanie tego ocenic. kasperskym znalazlem ok 140wirusow i usunal mi je (oczywiscie w trybie awaryjnym).

Wyswietla mi sie na pulpicie na niebieskim tle czarny prostokat z czerwonym napisem SPYWARE INFECTION.

OTO MÓJ LOG

Logfile of HijackThis v1.99.1

Scan saved at 23:03:24, on 2006-01-13

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\WINDOWS\system32\services.exe

C:\windows\System32\RUNDLL32.EXE

D:\Gry\Giereczki\bajery\HighGrow\HighGrow.exe

C:\Program Files\X-Lite\X-Lite.exe

C:\windows\System32\nvsvc32.exe

C:\WINDOWS\System32\oodag.exe

D:\Programy\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe

D:\Programy\Gadu-Gadu\gg.exe

D:\Programy\mIRC\mirc.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Xxx\Pulpit\Programy\hijackthis\hijackthis.com


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

F3 - REG:win.ini: run=C:\WINDOWS\inet20009\services.exe

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRAMY\FLASHGET\fgiebar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\windows\winlogon.exe

O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\windows\smss.exe

O4 - HKCU\..\Run: [HighGrow] "D:\Gry\Giereczki\bajery\HighGrow\HighGrow.exe" /A

O4 - HKCU\..\Run: [XSC SIP Client] "C:\Program Files\X-Lite\X-Lite.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symsvcsa.exe

O4 - HKCU\..\Run: [iwrf] C:\PROGRA~1\COMMON~1\iwrf\iwrfm.exe

O8 - Extra context menu item: Download with Star Downloader - D:\Programy\Star Downloader Pro\sdie.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Enqueue in Star Downloader - D:\Programy\Star Downloader Pro\sdieenq.htm

O8 - Extra context menu item: Leech with Star Downloader - D:\Programy\Star Downloader Pro\leechie.htm

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\PROGRAMY\FLASHGET\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\PROGRAMY\FLASHGET\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRAMY\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRAMY\FLASHGET\flashget.exe

O16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) - http://67.15.101.3/g_bin/pl/solitaire_2_0_0_20.cab

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_66.cab

O16 - DPF: {2A781DED-C22D-4153-9812-CEA98A32981C} (GameDesire Makao) - http://67.15.101.3/g_bin/pl/cardsmakao_2_0_0_20.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_23.cab

O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_23.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E8043A43-70ED-4ED4-AC16-89A23D4BC8C3}: NameServer = 213.199.225.10,213.199.225.14

O20 - Winlogon Notify: avpe32 - C:\windows\SYSTEM32\avpe32.dll

O20 - Winlogon Notify: Mixer - sndmixex.dl (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner - C:\WINDOWS\winlogon.exe" -service (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\Alcohol 120%\Alcohol 120\StarWind\StarWindService.exe

(Kuz5) #2

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Ten wpis mi nie pasi ale usun go:

Start => Uruchom => wpisz services.msc => zatrzymaj i wyłącz proces Windows Logon Process Service następnie odpalasz HijackThis Misc Tools => Delete NT service => wpisz MSWinLogonProcService => Ok i zresetuj komputer.

Pliki na czerwono usun ręcznie z dysku

Dodatkowo POCZYTAJ o usuwaniu fałszywej tapety


(Gutek) #3

Po wszystkim daj log z Silenta - Silent opis: http://www.searchengines.pl/phpbb203/in ... opic=15989