Proszę o pomoc z logiem

Amandill · 1 Luty 2006 21:58

Witam.

Tym razem zamieszczam log koleżanki. Komputer Jej strasznie muli, wyskakują co chwila reklamy, przeglądanie stron www jest prawie nie możliwe. Co chwila wyskakują jakies bledy lub ot tak sobie IE sie wyłącza.

Poniżej załączam log:

Logfile of HijackThis v1.99.1 Scan saved at 22:36:11, on 2006-02-01 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\khooker.exe C:\Instalacje\Audio-Video\Winamp\winampa.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Media Access\MediaAccK.exe C:\Program Files\Media Access\MediaAccess.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\n?tepad.exe C:\Program Files\atoe\uppb.exe C:\Program Files\Common Files\Windows\services32.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\WINDOWS\explorer.exe E:\tersa.bochynska\gadugadu\gadu-gadu 7.0\Gadu-Gadu\gg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Lena\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {A85E3110-A0AD-F250-D5EE-A50FA1944D96} - C:\WINDOWS\System32\kpavqzo.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {9D730110-8D9E-C764-F8DE-952291A460A6} - C:\WINDOWS\System32\kpavqzo.dll F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\khfda.dll O2 - BHO: (no name) - {05D51D3A-90E2-DF45-DE2C-DF0663A8F5AA} - C:\WINDOWS\System32\xdkhmdu.dll (file missing) O2 - BHO: (no name) - {1ACC3001-B0D1-A120-E8AA-F7642659E8AB} - (no file) O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll O2 - BHO: (no name) - {429AC7B6-133B-0290-0FA7-57AE79E8B4AF} - C:\WINDOWS\System32\igthcld.dll (file missing) O2 - BHO: (no name) - {5A0E26AF-F276-E283-19DD-E555E503FBF9} - C:\WINDOWS\System32\kjep.dll (file missing) O2 - BHO: (no name) - {5A7016BF-CB68-D9CF-5472-DAC69C76F9FF} - C:\WINDOWS\System32\lyabu.dll (file missing) O2 - BHO: (no name) - {64EF4EBD-C637-8AC9-0869-8EE35EDD95AD} - C:\WINDOWS\System32\sqrgmcq.dll (file missing) O2 - BHO: (no name) - {76A4A587-7A5A-35A1-6FF3-628D18CFD2AB} - C:\WINDOWS\System32\mkspd.dll (file missing) O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll O2 - BHO: (no name) - {992F554D-8193-9462-FDD6-952292A362F5} - (no file) O2 - BHO: (no name) - {9D730110-8D9E-C764-F8DE-952291A460A6} - C:\WINDOWS\System32\kpavqzo.dll O2 - BHO: (no name) - {A85E3110-A0AD-F250-D5EE-A50FA1944D96} - C:\WINDOWS\System32\kpavqzo.dll O2 - BHO: (no name) - {BC933AE8-BF35-ABCF-5236-FBA42A3849F6} - C:\WINDOWS\System32\iwhc.dll (file missing) O2 - BHO: (no name) - {C2AB716D-F7EC-E21F-D6E8-B39019EB63A2} - C:\WINDOWS\System32\lrulzj.dll (file missing) O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\System32\qopmj.dll O2 - BHO: (no name) - {D529DA8A-5203-1CA9-66D7-105A95F626FB} - C:\WINDOWS\System32\xtbhofa.dll (file missing) O2 - BHO: (no name) - {F12EA609-2B82-372A-E6CB-617D97CD01F5} - (no file) O2 - BHO: (no name) - {F9552B11-ABC4-B369-FE3E-BB80E88B0BF3} - C:\WINDOWS\System32\dkjnwl.dll (file missing) O2 - BHO: (no name) - {FED5A195-2418-60B1-79C3-61FD6F620FF7} - (no file) O2 - BHO: (no name) - {FFA3A504-26D7-6326-B8EB-631D11280EA9} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [siS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM…\Run: [intense Registry Service] IntEdReg.exe /CHECK O4 - HKLM…\Run: [WinampAgent] C:\Instalacje\Audio-Video\Winamp\winampa.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [QuickTime Task] “E:\gry\quck teim\qttask.exe” -atboottime O4 - HKLM…\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM…\Run: [steam] steam.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [Compaq Service Drivers] winsvc32.exe O4 - HKLM…\Run: [win msdt service] mswindtc.exe O4 - HKLM…\RunServices: [lssas Monitoring6 Startup] lssas6.exe O4 - HKLM…\RunServices: [Microsoft Update] wuamkop32.exe O4 - HKLM…\RunServices: [steam] steam.exe O4 - HKLM…\RunServices: [Compaq Service Drivers] winsvc32.exe O4 - HKLM…\RunServices: [win msdt service] mswindtc.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Jkts] C:\WINDOWS\System32\n?tepad.exe O4 - HKCU…\Run: [Compaq Service Drivers] winsvc32.exe O4 - HKCU…\Run: [win msdt service] mswindtc.exe O4 - HKCU…\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000168.exe O4 - HKCU…\Run: [Eada] “C:\Program Files\atoe\uppb.exe” -vt mt O4 - HKCU…\RunServices: [Compaq Service Drivers] winsvc32.exe O4 - HKCU…\RunServices: [win msdt service] mswindtc.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = ? O9 - Extra button: Wyslij SMS’a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - E:\Animacje Flash\ifranview\Ebay\Ebay.htm O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht!http://tdt.org.pl/popup/tdt.chm::/bridge-c18.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu … .0.8-2.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - ms-its:mhtml:file://c:\nosuxxx.mht!http://tdt.org.pl/popup/mt.chm::/MediaTicketsInstaller.cab O17 - HKLM\System\CCS\Services\Tcpip…{F4F45489-B2E5-4BE6-9EEB-F11FEF2A470C}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: khfda - C:\WINDOWS\SYSTEM32\khfda.dll O20 - Winlogon Notify: qopmj - C:\WINDOWS\System32\qopmj.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

Z gróry dziękuje za pomoc.

Pozdrawiam,

Amandill

Gutek · 1 Luty 2006 22:27

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {A85E3110-A0AD-F250-D5EE-A50FA1944D96} - C:\WINDOWS\System32\kpavqzo.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {9D730110-8D9E-C764-F8DE-952291A460A6} - C:\WINDOWS\System32\kpavqzo.dll F2 - REG:system.ini: Shell=explorer.exe O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\khfda.dll O2 - BHO: (no name) - {05D51D3A-90E2-DF45-DE2C-DF0663A8F5AA} - C:\WINDOWS\System32\xdkhmdu.dll (file missing) O2 - BHO: (no name) - {1ACC3001-B0D1-A120-E8AA-F7642659E8AB} - (no file) O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll O2 - BHO: (no name) - {429AC7B6-133B-0290-0FA7-57AE79E8B4AF} - C:\WINDOWS\System32\igthcld.dll (file missing) O2 - BHO: (no name) - {5A0E26AF-F276-E283-19DD-E555E503FBF9} - C:\WINDOWS\System32\kjep.dll (file missing) O2 - BHO: (no name) - {5A7016BF-CB68-D9CF-5472-DAC69C76F9FF} - C:\WINDOWS\System32\lyabu.dll (file missing) O2 - BHO: (no name) - {64EF4EBD-C637-8AC9-0869-8EE35EDD95AD} - C:\WINDOWS\System32\sqrgmcq.dll (file missing) O2 - BHO: (no name) - {76A4A587-7A5A-35A1-6FF3-628D18CFD2AB} - C:\WINDOWS\System32\mkspd.dll (file missing) O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll O2 - BHO: (no name) - {992F554D-8193-9462-FDD6-952292A362F5} - (no file) O2 - BHO: (no name) - {9D730110-8D9E-C764-F8DE-952291A460A6} - C:\WINDOWS\System32\kpavqzo.dll O2 - BHO: (no name) - {A85E3110-A0AD-F250-D5EE-A50FA1944D96} - C:\WINDOWS\System32\kpavqzo.dll O2 - BHO: (no name) - {BC933AE8-BF35-ABCF-5236-FBA42A3849F6} - C:\WINDOWS\System32\iwhc.dll (file missing) O2 - BHO: (no name) - {C2AB716D-F7EC-E21F-D6E8-B39019EB63A2} - C:\WINDOWS\System32\lrulzj.dll (file missing) O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\System32\qopmj.dll O2 - BHO: (no name) - {D529DA8A-5203-1CA9-66D7-105A95F626FB} - C:\WINDOWS\System32\xtbhofa.dll (file missing) O2 - BHO: (no name) - {F12EA609-2B82-372A-E6CB-617D97CD01F5} - (no file) O2 - BHO: (no name) - {F9552B11-ABC4-B369-FE3E-BB80E88B0BF3} - C:\WINDOWS\System32\dkjnwl.dll (file missing) O2 - BHO: (no name) - {FED5A195-2418-60B1-79C3-61FD6F620FF7} - (no file) O2 - BHO: (no name) - {FFA3A504-26D7-6326-B8EB-631D11280EA9} - (no file) O4 - HKLM…\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM…\Run: [Compaq Service Drivers] winsvc32.exe O4 - HKLM…\Run: [win msdt service] mswindtc.exe O4 - HKLM…\RunServices: [lssas Monitoring6 Startup] lssas6.exe O4 - HKLM…\RunServices: [Microsoft Update] wuamkop32.exe O4 - HKLM…\RunServices: [Compaq Service Drivers] winsvc32.exe O4 - HKLM…\RunServices: [win msdt service] mswindtc.exe O4 - HKCU…\Run: [Jkts] C:\WINDOWS\System32\n?tepad.exe O4 - HKCU…\Run: [Compaq Service Drivers] winsvc32.exe O4 - HKCU…\Run: [win msdt service] mswindtc.exe O4 - HKCU…\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000168.exe O4 - HKCU…\Run: [Eada] “C:\Program Files\atoe\uppb.exe” -vt mt O4 - HKCU…\RunServices: [Compaq Service Drivers] winsvc32.exe O4 - HKCU…\RunServices: [win msdt service] mswindtc.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht!http://tdt.org.pl/popup/tdt.chm::/bridge-c18.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu … .0.8-2.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - ms-its:mhtml:file://c:\nosuxxx.mht!http://tdt.org.pl/popup/mt.chm::/MediaTicketsInstaller.cab

użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable. Po użyciu tego narzędzia wymagany jest reset sysa.

Wyłączyć Przywracanie systemu w XP TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log

Wpis R3 nie usuwasz hijackiem tylko usuniesz Registrar Lite, opis masz TUTAJ

Masz plik “z pytajnikiem” - n?tepad.exe , jak usunąć zobacz TU

zobacz Usuwanie VX2.BetterInternet i daj log nr 1 z narzędzia L2Mfix