Proszę o sprawdzenie loga

Buddenbrook · 22 Październik 2005 18:03

Witam

tradycyjnie - coś się władowało i wyskakują mi stronki reklamowe… nie bardzo wiem, co może być przyczyną. Proszę o pomoc, co usunąć. I jak to zrobić:

Logfile of HijackThis v1.99.1

Scan saved at 20:04:02, on 2005-10-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\WinCmd\TOTALCMD.EXE

C:\Program Files\Winamp\Winamp.exe

C:\DOCUME~1\Kamil\USTAWI~1\Temp\$wc\HIJACK~1.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: 66.199.231.174 google.co.uk

O1 - Hosts: 66.199.231.174 www.google.es

O1 - Hosts: 66.199.231.174 google.es

O1 - Hosts: 66.199.231.174 google.com.au

O1 - Hosts: 66.199.231.173 yahoo.com

O1 - Hosts: 66.199.231.172 www.go.com

O1 - Hosts: 66.199.231.172 go.com

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Greentel · 22 Październik 2005 20:09

Wklej całego loga!

Buddenbrook · 22 Październik 2005 20:18

Sorki, poniżej cały (mam nadzieję)

Logfile of HijackThis v1.99.1

Scan saved at 22:17:18, on 2005-10-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\WinCmd\TOTALCMD.EXE

E:\KAmil\!Dobre\Progs\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O1 - Hosts: 66.199.231.174 google.co.uk

O1 - Hosts: 66.199.231.174 www.google.es

O1 - Hosts: 66.199.231.174 google.es

O1 - Hosts: 66.199.231.174 google.com.au

O1 - Hosts: 66.199.231.173 yahoo.com

O1 - Hosts: 66.199.231.172 www.go.com

O1 - Hosts: 66.199.231.172 go.com

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - 

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - 

O17 - HKLM\System\CCS\Services\Tcpip\..\{DCB03701-FF8C-498A-BC56-C9896D2D2F54}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\fpn2035oe.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5

Gutek · 22 Październik 2005 20:38

Tryb awaryjny i usuwasz wpisy hijackiem. Co do wpisu 020 zobacz

Usuwanie VX2.BetterInternet

Buddenbrook · 22 Październik 2005 20:58

Dzięki. Zrobiłem co trzeba i niby wszystko się usunęło, ale okienka dalej wyskakują… Teraz log wygląda tak:

Logfile of HijackThis v1.99.1

Scan saved at 23:00:00, on 2005-10-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\WinCmd\TOTALCMD.EXE

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

E:\KAmil\!Dobre\Progs\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\Searchx.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{DCB03701-FF8C-498A-BC56-C9896D2D2F54}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Gutek · 22 Październik 2005 21:19

A możesz powiedzieć jakie reklamy albo dac screena tych reklam?

Buddenbrook · 22 Październik 2005 21:40

Odpalają się m.in. takie stronki:

http://www.great-coupon.com/normal/yyy34.html

http://great-coupon.com/normal/yyy34.html

ale także reklamy “animowane” (jak na portalach)

Co robić??

Gutek · 22 Październik 2005 21:48

No to zobacz jak je zablokować: http://blokowanie-reklam.moje-info.com/ oraz http://blokowanie-reklam.moje-info.com/

Ja niestety nie widzę tych reklam - używam opery

Buddenbrook · 22 Październik 2005 21:55

Ale te stronki i reklamy odpalają się niezależnie od tego po jakich stronach chodzę - a nawet jeśli w ogóle nie chodzę po sieci… Czy to blokowanie-reklam na to pomoże??

(gdybym wiedział, jak, to wrzuciłbym tu screeny…)

Gutek · 22 Październik 2005 22:12

Nie spoko jakoś dałem radę zobaczyć. Jeszcze usunać:

coś chyba mam z oczmi

Buddenbrook · 22 Październik 2005 22:15

Się mi właśnie podejrzany ten wpis wydawał… Zaraz usuwam! Dzięki:)

ps. Twój podpis mnie mobilizuje:P

Złączono Posta : 23.10.2005 (Nie) 0:28

I nic… okienka dalej wyskakują:( Log teraz wygląda tak:

Logfile of HijackThis v1.99.1

Scan saved at 00:27:46, on 2005-10-23

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\WinCmd\TOTALCMD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Messenger\msmsgs.exe

E:\KAmil\!Dobre\Progs\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - 

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - 

O17 - HKLM\System\CCS\Services\Tcpip\..\{DCB03701-FF8C-498A-BC56-C9896D2D2F54}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Znowu się pojawiły wpisy O16… A co z O9 - ma być powtórzone to samo 3 razy?? (czy w ogóle jest to potrzebne??)

Gutek · 22 Październik 2005 22:28

Jak wywalisz powiedź czy Ok i czy już reklam nie ma to jest to ze potem odpowaidam i ston startowych nie dopatrzę R1 - R0

Obiecuję poprawę, ale wracając do kompa poczytaj o blokowaniu reklam - linki wyżej

Buddenbrook · 22 Październik 2005 22:32

Odpowiedz jak wyzej - stronki ciagle sa… Log zalaczylem

Gutek · 22 Październik 2005 23:06

Ja jestem dzisiaj inny: http://labs.paretologic.com/spyware.asp … =Azesearch - poczytaj jak usunąć Azesearch wpsi 016 ma postać niekompletną:

Buddenbrook · 22 Październik 2005 23:25

Ciagle nic… szukalem w rejestrze wpisow podanych na tej stronce i nic nie ma…

Poradzono mi sprobowac windowd worms doors cleanera i tez nic…

Gutek · 22 Październik 2005 23:35

Dobra od razu mogłemm o to porosić, daj LOG z Silent Runners

Buddenbrook · 22 Październik 2005 23:41

Mam cos takiego - o to chodzi??

Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Popup Ad Filter" = "C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe" [null data]

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]

"ccRegVfy" = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" ["Symantec Corporation"]

"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ["Symantec Corporation"]

"Advanced Tools Check" = "C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{ACBA0BA3-ACED-4E02-9221-794F7588DD9C}" = "All To MP3 Converter"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\LitexMedia\All To MP3 Converter\MP3ShellExt.dll" [empty string]

"{B8BE7FCB-9E4B-43B0-8EC7-EB9CFFB04729}" = "Extractor Shell Extension"

  -> {CLSID}\InProcServer32\(Default) = "E:\KAmil\MUSICE~1\EXTRAC~1.DLL" ["Nova Software"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{856C05F2-6132-46AA-9CDC-5D9D06CF82DF}" = (no title provided)

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\AOut.dll" [null data]

"{AECA359F-2487-44B4-BC0B-DF51329A23F4}" = (no title provided)

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\fjclient.dll" [null data]

"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}" = "SpySubtract Shell Extension"

  -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\interMute\SpySubtract\sshook.dll" ["InterMute, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{FA010552-4A27-4cb1-A1BB-3E2D697F1639}" = "SpySubtract Shell Extension"

  -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\interMute\SpySubtract\sshook.dll" ["InterMute, Inc."]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

ZMP3ShellExt\(Default) = "{ACBA0BA3-ACED-4E02-9221-794F7588DD9C}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\LitexMedia\All To MP3 Converter\MP3ShellExt.dll" [empty string]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

MP3ShellExt\(Default) = "{ACBA0BA3-ACED-4E02-9221-794F7588DD9C}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\LitexMedia\All To MP3 Converter\MP3ShellExt.dll" [empty string]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Złączono Posta _: 23.10.2005 (Nie) 1:47_hm, sorki, skonczylo skanowac dopiero teraz - poprzedni log jest niepelny… teraz wyglada tak:

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Popup Ad Filter" = "C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe" [null data]

"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]

"ccRegVfy" = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" ["Symantec Corporation"]

"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ["Symantec Corporation"]

"Advanced Tools Check" = "C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{ACBA0BA3-ACED-4E02-9221-794F7588DD9C}" = "All To MP3 Converter"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\LitexMedia\All To MP3 Converter\MP3ShellExt.dll" [empty string]

"{B8BE7FCB-9E4B-43B0-8EC7-EB9CFFB04729}" = "Extractor Shell Extension"

  -> {CLSID}\InProcServer32\(Default) = "E:\KAmil\MUSICE~1\EXTRAC~1.DLL" ["Nova Software"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{856C05F2-6132-46AA-9CDC-5D9D06CF82DF}" = (no title provided)

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\AOut.dll" [null data]

"{AECA359F-2487-44B4-BC0B-DF51329A23F4}" = (no title provided)

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\fjclient.dll" [null data]

"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}" = "SpySubtract Shell Extension"

  -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\interMute\SpySubtract\sshook.dll" ["InterMute, Inc."]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{FA010552-4A27-4cb1-A1BB-3E2D697F1639}" = "SpySubtract Shell Extension"

  -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\interMute\SpySubtract\sshook.dll" ["InterMute, Inc."]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

ZMP3ShellExt\(Default) = "{ACBA0BA3-ACED-4E02-9221-794F7588DD9C}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\LitexMedia\All To MP3 Converter\MP3ShellExt.dll" [empty string]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

MP3ShellExt\(Default) = "{ACBA0BA3-ACED-4E02-9221-794F7588DD9C}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\LitexMedia\All To MP3 Converter\MP3ShellExt.dll" [empty string]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Kamil\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Startup items in "Kamil" & "All Users" startup folders:

-------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

"SpySubtract" -> shortcut to: "C:\Program Files\interMute\SpySubtract\SpySub.exe -autostart" ["InterMute, Inc."]



Enabled Scheduled Tasks:

------------------------


"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\DANEAP~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]

"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Explorer Bars


Dormant Explorer Bars in "View, Explorer Bar" menu


HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\ = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\ = "ToolBand Class"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\ = "Volet Wanadoo"

Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]

InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]

Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]

Norton Unerase Protection, NProtectService, ""C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE"" ["Symantec Corporation"]

Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]

SymWMI Service, SymWSC, ""C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]



Keyboard Driver Filters:

------------------------


HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\

"UpperFilters" = INFECTION WARNING! "Lkbdflt2" ["Logitech"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 285 seconds.

+ The search for all Registry CLSIDs containing dormant Explorer Bars

  took 40 seconds.

---------- (total run time: 383 seconds)

Gutek · 22 Październik 2005 23:58

No Ok jest LOG - użyj KillTrusted 0.7

Buddenbrook · 23 Październik 2005 00:03

Co mam otrzymac po jego uzyciu?? bo odpalilem i jakby nic sie nie dzieje…

Gutek · 23 Październik 2005 00:09

Miałeś wyłaczona przeglądarkę?

Jakie ma zastosowanie: