vredgade
(Vredgade)
18 Styczeń 2006 12:13
#1
Od około miesiaca borykam sie z wirusami. Nie pomagaja formaty, nosilem nawet PC do serwisu gdzie wyczyszczono mi caly dysk. Niestety gdy podlaczylem PC w domu znow zaczely sie juz znajome objawy takie jak znikanie Menedżera zadań itp
zamieszczam oczywiscie loga
Logfile of HijackThis v1.99.1
Scan saved at 13:07:47, on 2006-01-18
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.171\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\System32\awtsr.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [win msdt service] mswindtc.exe
O4 - HKLM\..\RunServices: [mlp] C:\apace.exe
O4 - HKLM\..\RunServices: [microsft windows updates] mswupdate32.exe
O4 - HKLM\..\RunServices: [MSN Messenger] MSNplus.pif
O4 - HKLM\..\RunServices: [Run Service Vxdrun] vxddirectx32.exe
O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe
O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F13C3DE-CE10-4B11-BF21-7FC48CBDC1F9}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: awtsr - C:\WINDOWS\System32\awtsr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
X4D3T
(X4d3t)
18 Styczeń 2006 13:11
#2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\System32\awtsr.dll O4 - HKLM…\RunServices: [win msdt service] mswindtc.exe O4 - HKLM…\RunServices: [mlp] C:\apace.exe O4 - HKLM…\RunServices: [microsft windows updates]mswupdate32.exe O4 - HKLM…\RunServices: [MSN Messenger] MSNplus.pif O4 - HKLM…\RunServices: [Run Service Vxdrun] vxddirectx32.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe
Pliki na czerwono wywal w trybie awaryjnym z wyłączonym przywracaniem i wpisy w Hijacku.
Użyj Pocket Killbox . Zaznaczasz opcję Delete on Reboot i w polu Full Path of File to Delete wklejasz ścieżkę C:\WINDOWS\System32\awtsr.dll i naciskasz X czerwony . Program poprosi o reset kompa…
Skan skanerami ANTYSPY & AV
Szczególnie polecam te:
–>Trend Micro Anti-Spyware for the Web
–>BitDefender Online Virus Scan
Zainstaluj SP2
vredgade
(Vredgade)
18 Styczeń 2006 13:39
#4
cos zle? nie tak trzeba?
X4D3T:
Zainstaluj SP2
service packa 2 nie mam
Aha, jeszcze jedno…
Z wylaczonym przywracaniem? Hmm, czyli jak?
musg
(Musg)
18 Styczeń 2006 13:46
#5
017 zostaje :lol: :lol: :lol: :mrgreen: :mrgreen:
detektyw
(Qbek50)
18 Styczeń 2006 13:46
#6
vredgade:
cos zle? nie tak trzeba?
jak bedziesz słuchał takich osłów to mozesz pozegnac sie z netem :mrgreen: :mrgreen:
X4D3T
(X4d3t)
18 Styczeń 2006 13:50
#7
Licz się ze słowami 997 Avataro maniaku :evil:
vredgade
(Vredgade)
18 Styczeń 2006 13:52
#8
hmmm, zapomnialem tylko dodac ze jestem slabo zorientowany w tym temacie ;p
wiec skoro nie tak jak X4D3T napisał to jak?
detektyw
(Qbek50)
18 Styczeń 2006 13:54
#9
to zostawiasz bo stracisz neta
vredgade
(Vredgade)
18 Styczeń 2006 13:56
#10
aha, edytował posta wiec nie wiedzialem zupelnie o co chodzi XD
Hijackthis’a uzywam od kilku minut, moglbys mi powiedziec jak mam usunac te wpisy? z wylaczonym przywracaniem?
X4D3T
(X4d3t)
18 Styczeń 2006 14:01
#11
W Awaryjnym z wyłączonym przywracaniem i w Hiajcku zaptaszkuj wpisy do usunięcia i kliknij Fix checked BTW. :ups: sorry wybaczcie za ten 017 :mrgreen:
vredgade
(Vredgade)
18 Styczeń 2006 14:17
#12
# 1 [Delete on Reboot]
Path = C:\WINDOWS\System32\awtsr.dll
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 3:15:59 PM
# 2 [Delete on Reboot]
Path = C:\WINDOWS\System32\awtsr.dll
log z !KillBoxa tak ma być? nowy log z hijackthis’a
Logfile of HijackThis v1.99.1
Scan saved at 15:20:10, on 2006-01-18
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\System32\awtsr.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F13C3DE-CE10-4B11-BF21-7FC48CBDC1F9}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: awtsr - C:\WINDOWS\System32\awtsr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
juz ok jest?
musg
(Musg)
18 Styczeń 2006 14:29
#13
to jeszcze beeee ,fu , nie dobre:
no lipa ,nie poszło bo masz vundo >>>zaraz znajdą jak i co i ci podpowiedzą
vredgade
(Vredgade)
18 Styczeń 2006 14:34
#14
vundo? czyli… czyli co to jest? I jak sie tego pozbyć?
X4D3T
(X4d3t)
18 Styczeń 2006 14:41
#15
vredgade
(Vredgade)
18 Styczeń 2006 15:14
#16
TrojanVundo RemovalTool sciagnalem, w trybie awaryjnym przeskanowałem wszystko i nic nie znalazło :?
co robić?
nowy log
Logfile of HijackThis v1.99.1
Scan saved at 16:16:56, on 2006-01-18
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Gadu-Gadu\gg.exe
D:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\System32\awtsr.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F13C3DE-CE10-4B11-BF21-7FC48CBDC1F9}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: awtsr - C:\WINDOWS\System32\awtsr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
kuz5
(Kuz5)
18 Styczeń 2006 16:09
#17
X4D3T juz niedawno dostałes ostrzezenie za wpis 017, widze że chyba chcesz jeszcze jedno :evil:
Juz nie raz powtarzałem to nie ma miejsca na pomyłki (i to jeszcze wpisy 017), bo przez takie pomyłki cierpia userzy :evil:
Ostatni raz widze taki błąd :evil:
detektyw pohamuj jezyk :?
Nie poszło:
Daj log z programu SilentRunners
Spróbuj jeszcze tak:
Start do z Konsoli Odzyskiwania CD XP i komendy:
ATTRIB -R-S-H awtsr.dll
DEL awtsr.dll
EXIT
Update:
Co jak zwykle, jak zwykle to ty robisz syf :evil:
I nie rób syfu na forum to nie chat, jak masz jakis problem to pisz na pw