Marquez
(Andrzej Janus2)
14 Luty 2006 11:29
#1
Logfile of HijackThis v1.99.1 Scan saved at 12:25:52, on 2006-02-14 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\win32ssr.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\WINDOWS\Mixer.exe C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe C:\WINDOWS\System32\msdconfig.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\windows\winsysban8.exe C:\WINDOWS\System32\msnmrigr.exe C:\WINDOWS\System32\gqxl.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Arturek\Pulpit\maps\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [AVGCtrl] “C:\Program Files\AVPersonal\AVGNT.EXE” /min O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM…\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM…\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM…\Run: [MS Config] msdconfig.exe O4 - HKLM…\Run: [winsysupd] C:\windows\winsysupd8.exe O4 - HKLM…\Run: [gimmygames] c:\gimmygames.exe O4 - HKLM…\Run: [winsysban] C:\windows\winsysban8.exe O4 - HKLM…\Run: [MSN Messenger] msnmrigr.exe O4 - HKLM…\Run: [Windows ASN3 Services] gqxl.exe O4 - HKLM…\Run: [yahoo inc.] ypages.exe O4 - HKLM…\RunServices: [MS Config] msdconfig.exe O4 - HKLM…\RunServices: [MSN Messenger] msnmrigr.exe O4 - HKLM…\RunServices: [Windows ASN3 Services] gqxl.exe O4 - HKLM…\RunServices: [yahoo inc.] ypages.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU…\Run: [MS Config] msdconfig.exe O4 - HKCU…\Run: [MSN Messenger] msnmrigr.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip…{56347044-B00B-41FE-BDF2-03A02B5362C0}: NameServer = 194.204.152.34 217.98.63.164 O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - Unknown owner - C:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing) O23 - Service: ewido security suite guard - Unknown owner - C:\Program Files\ewido anti-malware\ewidoguard.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe
Dzis rano sciagalem z strony http://www.pgtour.net nowy lancher do StarCrafta, zainstalowalem go ale gdy wlaczylem starcrafta i polaczylem sie zaczely sie dziac dziwne rzeczy, strasznie wymulilo. Resetnalem kompa do trybu normalnego, scan Anty-Vir Personal Edition(parasolka) i Ad-Aware usunelo mi 30 wirusów dokładnie, potem nie moglem wlaczyc neta, nie bylo w start Połącz z> ale potem przymulilo znow, poczekalem i wsyztko wrocilo do porzadku, nie dziala mi Silent Runner.
W trybie awaryjnym z wyłączonym przywracaniem systemu usuń te wpisy, pogrubione pliki/foldery ręcznie:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com O4 - HKLM…\Run: [MS Config] msdconfig.exe O4 - HKLM…\Run: [winsysupd] C:\windows\winsysupd8.exe O4 - HKLM…\Run: [gimmygames] c:\gimmygames.exe O4 - HKLM…\Run: [winsysban] C:\windows\winsysban8.exe O4 - HKLM…\Run: [MSN Messenger] msnmrigr.exe O4 - HKLM…\Run: [Windows ASN3 Services] gqxl.exe O4 - HKLM…\Run: [yahoo inc.] ypages.exe O4 - HKLM…\RunServices: [MS Config] msdconfig.exe O4 - HKLM…\RunServices: [MSN Messenger] msnmrigr.exe O4 - HKLM…\RunServices: [Windows ASN3 Services] gqxl.exe O4 - HKLM…\RunServices: [yahoo inc.] ypages.exe O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll (file missing)
Start>Uruchom>services.msc - Wyłącz usługi: Network Monitor, Performance True Type Font (PerfFont), Win32Sr Nastepnie usuń te wpisy, pogrybione pliki/foldery ręcznie: O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe
Daj log kontrolny
Marquez
(Andrzej Janus2)
14 Luty 2006 20:05
#3
Logfile of HijackThis v1.99.1 Scan saved at 21:05:06, on 2006-02-14 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\WINDOWS\Mixer.exe C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Arturek\Pulpit\maps\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [AVGCtrl] “C:\Program Files\AVPersonal\AVGNT.EXE” /min O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM…\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM…\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip…{56347044-B00B-41FE-BDF2-03A02B5362C0}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: ewido security suite control - Unknown owner - C:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing) O23 - Service: ewido security suite guard - Unknown owner - C:\Program Files\ewido anti-malware\ewidoguard.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
Wszystko według instrukcji Sir. InfinityToJa
kuz5
(Kuz5)
14 Luty 2006 20:23
#4
Start => Uruchom => wpisz services.msc => zatrzymaj i wyłącz proces Performance True Type Font następnie odpalasz HijackThis Open the Misc Tools => Delete NT service => wpisz PerfFont => Ok i zresetuj komputer.
Plik usuwasz recznie
Masz na kompie jeszcze ewido ?? Czy już skasowałes ??
Marquez
(Andrzej Janus2)
15 Luty 2006 10:05
#5
Skasowałem, te wpisy też zauważyłem i usunąłem Kuz5. Teraz mam Ad-Aware.
Złączono Posta : 15.02.2006 (Sro) 17:15
Logfile of HijackThis v1.99.1 Scan saved at 17:12:44, on 2006-02-15 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\WINDOWS\Mixer.exe C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe D:\Starcraft\BWLauncher.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Arturek\Pulpit\maps\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [AVGCtrl] “C:\Program Files\AVPersonal\AVGNT.EXE” /min O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM…\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM…\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip…{56347044-B00B-41FE-BDF2-03A02B5362C0}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
Ten wpis mnie niepokoi
Przed tą całą akcja chyba go nie miałem, a Menedzerze Zadan mam proces mdm.exe, jego napewno wczesniej nie bylo … Plz hlp me!!