Proszę o rzucenie okiem na loga ;)


(Bart Cobraman) #1

Witam. Mam ostatnio straszne problemy z kompem i połączeniami z internetem. Antyvirus i Ad-Aware zrobiły co mogły, a teraz zwracam się z prośbą o zweryfikowanie loga. Z góry dzięki :wink:

Logfile of HijackThis v1.99.1

Scan saved at 12:18:29, on 2005-03-03

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\System32\msnmsgr.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

D:\gadu\gg.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Bartek\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - C:\WINDOWS\system32\srchbar.dll

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [RtcNL] c:\documents and settings\bartek\ustawienia lokalne\temp\RtcNL.exe

O4 - HKLM\..\Run: [MSN Messenger] msnmsgr.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice

O4 - HKLM\..\RunServices: [MSN Messenger] msnmsgr.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\gadu\gg.exe" /tray

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

(adpawl) #2


(Chees) #3

z tego co widze to do usuniecia w trybie awaryjnym:

O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - C:\WINDOWS\system32\srchbar.dll

Sp zainstaluj :wink:

Poczekaj na rady innech userów


(Musg) #4

dodatkowo jesli nie uzywasz messengera wywal go za pomoca

http://xp-antispy.org/index.php?option= ... mirrorid=6

http://forum.dobreprogramy.pl/viewtopic.php?t=14250


(Xiao19) #5

a gdzie napisaliscie koledze jak usunac te swinstwa cioo

log hijack to tylko analiza

i wpis ,a problem pozostaje !!

1.) My Way Speedbar, Search Bar, MySearch

otworz zakladke /Dodaj lub usun programy/

w Panelu sterowania

usun/odinstaluj te progsy

‘My Search Bar’ (MySearch variant), ‘MyWay Speed Bar’ (MyWay) or ‘My Web Search Bar’ (MyWeb), ‘Fun Web Products Easy Installer’.

dalej

resetujesz strone domowa IE

Narzedzia/Opcje internetowe/Ogolne

i dajesz (uzyj pustej) - about:blank

w Narzedzia/Opcje internetowe/Programy/

dajesz Resetuj ustawienia sieci Web..

(Tak)

ps.

O4 - HKLM..\Run: [RtcNL] c:\documents and settings\bartek\ustawienia lokalne\temp\RtcNL.exe

[kasacja]

caly katalog TEMP wywal

skanery AV, narzedzia ,ktore masz uzyc zawsze

[patrz moj post)

masz podane

http://forum.dobreprogramy.pl/viewtopic ... highlight=


(Bart Cobraman) #6

To znowu ja :wink:

Jestem Wam winny kilka wyjaśnień:

-messenger'a odinstalowałem wieki temu, zaraz po formacie. Przy włączeniu AntiSpy'ja z linka musg'a nie mam wogóle opcji do wybrania dla messengera. Mimo to Outpost Firewall 2.5 wyrzuca mi komunikaty, że to messenger wysyłania zapytania pod adresy sieci lokalnej ;(

-co do srchbar.dll wyrzuciałem go z system32 (co widać na screenie), ale w czasie testu pojawia się znów jak kamfora ;(

http://img.photobucket.com/albums/v511/ ... screen.jpg

-z kolei folderu MyWay wogóle nie ma w Program Files, natomiast skasowałem klucz w rejestrze. Niestety dalej mi to pokazuje w logu ;(

Wariactwo.

Nowszy log:

Logfile of HijackThis v1.99.1

Scan saved at 15:41:33, on 2005-03-03

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\System32\msnmsgr.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

D:\gadu\gg.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Bartek\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - C:\WINDOWS\system32\srchbar.dll (file missing)

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [RtcNL] c:\documents and settings\bartek\ustawienia lokalne\temp\RtcNL.exe

O4 - HKLM\..\Run: [MSN Messenger] msnmsgr.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice

O4 - HKLM\..\RunServices: [MSN Messenger] msnmsgr.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\gadu\gg.exe" /tray

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

Sorka za drugiego posta , ale znacie jakiś program do instalowania IE 6.0 z Win XP ?


(Musg) #7

no to sa wpisy messengera wiec jak go odinstalowales?hm


(Bart Cobraman) #8

Messengera odinstalowałem za pomocą AntiSpy, pozostały jedynie 2 wartości w rejestrze (juz ich nie ma).

Gorzej jest z tymi search barami: pokasowałem klucze i wartości ale HijackThis coś mi tam jeszcze widzi ;( Może to zostać w ten sposób ?

I czy da się odinstalować tego nieszczęsnego IE ?

log:

Logfile of HijackThis v1.99.1

Scan saved at 16:52:52, on 2005-03-03

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Agnitum\Outpost Firewall\outpost.exe

D:\gadu\gg.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

C:\WINDOWS\System32\ScsiAccess.EXE

C:\Documents and Settings\Bartek\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - (no file)

O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [RtcNL] c:\documents and settings\bartek\ustawienia lokalne\temp\RtcNL.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\gadu\gg.exe" /tray

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)

O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe

O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

(boczi) #9
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)

   	O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - (no file)

   	O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

   	O4 - HKLM\..\Run: [RtcNL] c:\documents and settings\bartek\ustawienia lokalne\temp\RtcNL.exe

Nie da się wywalić IE, nie polecam.

updt. http://forum.dobreprogramy.pl/viewtopic ... inst%2A+ie


(Krasnalek52pl) #10

Moga byc potem problemy :frowning: