Prosze o sprawdzenie loga mam jakiś syf na kompie

Bubi120 · 6 Czerwiec 2005 12:55

Logfile of HijackThis v1.99.1

Scan saved at 14:53:37, on 2005-06-06

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TuneUp WinStyler\WinStylerThemeSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\UAService7.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Real Alternative\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\System32\CTHELPER.EXE

C:\WINDOWS\System32\gglib.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\KONIAR~1\USTAWI~1\Temp\Rar$EX00.297\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KONIAR~1\USTAWI~1\Temp\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KONIAR~1\USTAWI~1\Temp\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

F3 - REG:win.ini: run=

O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)

O2 - BHO: (no name) - {035E0AF7-43D1-4B83-AFD1-3D7FDC7DA461} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {6CF0CE19-BB66-480E-A661-C004C7D68455} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [systemTray] SysTray.Exe

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 “EPSON Stylus C43 Series” /O5 “LPT1:” /M “Stylus C43”

O4 - HKLM…\Run: [system32] “user32.exe” -user

O4 - HKLM…\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Real Alternative\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM…\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”

O4 - HKLM…\Run: [vmtuner] gglib.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Microsoft AntiSpyware helper - {F0EEB304-32A3-41CC-9891-90DB9F19E7EC} - C:\WINDOWS\System32\wldr.dll

O9 - Extra ‘Tools’ menuitem: Microsoft AntiSpyware helper - {F0EEB304-32A3-41CC-9891-90DB9F19E7EC} - C:\WINDOWS\System32\wldr.dll

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)

O9 - Extra button: Microsoft AntiSpyware helper - {F0EEB304-32A3-41CC-9891-90DB9F19E7EC} - C:\WINDOWS\System32\wldr.dll (HKCU)

O9 - Extra ‘Tools’ menuitem: Microsoft AntiSpyware helper - {F0EEB304-32A3-41CC-9891-90DB9F19E7EC} - C:\WINDOWS\System32\wldr.dll (HKCU)

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.media-motor.net

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.popuppers.com

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.blazefind.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchbarcash.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotch.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: 213.159.117.202 (HKLM)

O16 - DPF: {11111111-1111-1111-1111-111111111234} - ms-its:mhtml:file://c:\nosuxxx.mht! http://kazaalite.pl/stats/kgr.chm::/gcon.exe

O16 - DPF: {2D0CBE69-DAFC-11D3-96D2-0020182E2E27} - http://itanium2.dialcom.com/videoskype/ … ype083.cab

O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nosuxxx.mht! http://kazaalite.pl/stats/pt.chm::/toolbar.exe

O17 - HKLM\System\CCS\Services\Tcpip…{135CC3BC-EFC9-4B82-999C-DEB5135C995B}: NameServer = 209.47.15.118,64.157.143.38,194.204.152.34,194.204.159.1

O17 - HKLM\System\CS1\Services\Tcpip…{135CC3BC-EFC9-4B82-999C-DEB5135C995B}: NameServer = 209.47.15.118,64.157.143.38,194.204.152.34,194.204.159.1

O17 - HKLM\System\CS2\Services\Tcpip…{135CC3BC-EFC9-4B82-999C-DEB5135C995B}: NameServer = 209.47.15.118,64.157.143.38,194.204.152.34,194.204.159.1

O18 - Filter: text/html - {E485223E-50D4-49E9-B5FD-CD5C8806011C} - (no file)

O18 - Filter: text/plain - {E485223E-50D4-49E9-B5FD-CD5C8806011C} - (no file)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp WinStyler\WinStylerThemeSvc.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

Powiedzcie jak mam ten syf usunąc krok po kroku

kuz5 · 6 Czerwiec 2005 13:38

Wyczyść katalog TEMP

Start=>Uruchom=>%temp%=>I usuń wszystko co sie tam znajduje

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KONIAR~1\USTAWI~1\Temp\se.dll/spage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KONIAR~1\USTAWI~1\Temp\se.dll/spage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file) F3 - REG:win.ini: run= O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file) O2 - BHO: (no name) - {035E0AF7-43D1-4B83-AFD1-3D7FDC7DA461} - (no file) O2 - BHO: (no name) - {6CF0CE19-BB66-480E-A661-C004C7D68455} - (no file) O4 - HKLM…\Run: [system32] “user32.exe” -user - plik znajduje się w C:\WINDOWS\System32\ O4 - HKLM…\Run: [vmtuner] gglib.exe - plik znajduje się w C:\WINDOWS\System32\ O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.iframedollars.biz O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.popuppers.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.iframedollars.biz (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 213.159.117.202 O15 - Trusted IP range: 213.159.117.202 (HKLM) O18 - Filter: text/html - {E485223E-50D4-49E9-B5FD-CD5C8806011C} - (no file) O18 - Filter: text/plain - {E485223E-50D4-49E9-B5FD-CD5C8806011C} - (no file)

Start => Uruchom => wpisz services.msc => zatrzymaj proces SvcProc

następnie odpalasz HijackThis Misc Tools => Delete NT service => wpisz SvcProc => Ok i zresetuj komputer.

Pliki na czerwono usun ręcznie z dysku

Jeżeli wpisy 015 będą stawiać opór to usuń je narzędziem KillTrusted 0.7

Zainstaluj sp2

Wpisy usuwasz HijackThisem zaznaczasz wpisy które chcesz usunąć i klikasz fix checked

Comend · 6 Czerwiec 2005 14:52

kuz5 - zapomniałeś o fałszywce MS Antispyware

O9 - Extra button: Microsoft AntiSpyware helper - {F0EEB304-32A3-41CC-9891-90DB9F19E7EC} - C:\WINDOWS\System32\wldr.dll 

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F0EEB304-32A3-41CC-9891-90DB9F19E7EC} - C:\WINDOWS\System32\wldr.dll 

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU) 

O9 - Extra button: Microsoft AntiSpyware helper - {F0EEB304-32A3-41CC-9891-90DB9F19E7EC} - C:\WINDOWS\System32\wldr.dll (HKCU) 

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F0EEB304-32A3-41CC-9891-90DB9F19E7EC} - C:\WINDOWS\System32\wldr.dll (HKCU)

Rowniez wylatuje jak równiez te kontrolki z 016.

ALexe na siłe równiez mozna do tego dodać.