szlapek
(Szlapek)
22 Kwiecień 2007 11:51
#1
Problemem jest wyskakujący komunikat o błędzie i zalecane wejście na “www.neospace.pl”
Logfile of HijackThis v1.99.1 Scan saved at 13:38:38, on 2007-04-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\ZoneLabs\vsmon.exe I:\WINDOWS\system32\spoolsv.exe I:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe I:\WINDOWS\system32\nvsvc32.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\system32\wscntfy.exe I:\WINDOWS\system32\WgaTray.exe I:\WINDOWS\Explorer.EXE I:\WINDOWS\SOUNDMAN.EXE I:\WINDOWS\system32\RunDLL32.exe I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe I:\PROGRA~1\NEOSTR~1\CnxMon.exe I:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe I:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe J:\Program Files\ICQLite\ICQLite.exe I:\WINDOWS\system32\winalert.exe I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe I:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe I:\Program Files\QuickTime\qttask.exe I:\WINDOWS\system32\ctfmon.exe I:\Program Files\Skype\Phone\Skype.exe I:\Program Files\MSN Messenger\MsnMsgr.Exe I:\Program Files\Ares\Ares.exe I:\Program Files\Gadu-Gadu\gg.exe I:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe I:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe I:\PROGRA~1\INCRED~1\bin\IMApp.exe I:\PROGRA~1\NEOSTR~1\NeostradaTP.exe I:\PROGRA~1\NEOSTR~1\ComComp.exe I:\PROGRA~1\NEOSTR~1\Watch.exe I:\Documents and Settings\julia\Pulpit\anty wirus\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - J:\Program Files\ICQToolbar\tbu25\toolbaru.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - I:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - I:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - J:\Program Files\ICQToolbar\tbu25\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - I:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - I:\Program Files\GamesBar\oberontb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - I:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - J:\Program Files\ICQToolbar\tbu25\toolbaru.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - I:\Program Files\GamesBar\oberontb.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Zone Labs Client] “I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [RemoteControl] “I:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [WooCnxMon] I:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “I:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] I:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] I:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [My Web Search Bar] rundll32 I:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM…\Run: [iCQ Lite] “J:\Program Files\ICQLite\ICQLite.exe” -minimize O4 - HKLM…\Run: [Windows Update Notifier] “I:\WINDOWS\system32\winalert.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] I:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [WinampAgent] I:\Documents and Settings\julia\Pulpit\Winamp\winampa.exe O4 - HKLM…\Run: [Adobe Photo Downloader] “I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” O4 - HKLM…\Run: [MyWebSearch Email Plugin] I:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM…\Run: [QuickTime Task] “I:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKCU…\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [skype] “I:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [MsnMsgr] “I:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [ares] “I:\Program Files\Ares\Ares.exe” -h O4 - HKCU…\Run: [incrediMail] I:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU…\Run: [MyWebSearch Email Plugin] I:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe O4 - HKCU…\Run: [Gadu-Gadu] “I:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [NBJ] “I:\Program Files\Ahead\Nero BackItUp\NBJ.exe” O4 - HKCU…\RunOnce: [iCQ Lite] J:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = I:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … jhtml?p=ZZ O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth… - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - I:\Program Files\GamesBar\oberontb.dll O9 - Extra ‘Tools’ menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - I:\Program Files\GamesBar\oberontb.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - J:\Program Files\ICQLite\ICQLite.exe O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - J:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll ,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll ,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O17 - HKLM\System\CCS\Services\Tcpip…{2074DFDB-C5C1-4B25-84ED-426C0675B1B0}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{2074DFDB-C5C1-4B25-84ED-426C0675B1B0}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - I:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - I:\Program Files\Ares\chatServer.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - I:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - I:\WINDOWS\system32\ZoneLabs\vsmon.exe
adam9870
(adam9870)
22 Kwiecień 2007 12:13
#2
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - I:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - I:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - I:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - I:\Program Files\GamesBar\oberontb.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - I:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - I:\Program Files\GamesBar\oberontb.dll O4 - HKLM…\Run: [My Web Search Bar] rundll32 I:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S O4 - HKLM…\Run: [Windows Update Notifier] “I:\WINDOWS\system32\winalert.exe” O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … jhtml?p=ZZ O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - I:\Program Files\GamesBar\oberontb.dll O9 - Extra ‘Tools’ menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - I:\Program Files\GamesBar\oberontb.dll
Foldery i plik usuń ręcznie w trybie awaryjnym natomiast wpisy HijackThis.
Po wykonaniu pokaż nowy log z HijackThis plus z SilentRunners .
Monczkin
(Monczkin)
22 Kwiecień 2007 12:14
#3
szlapek nazwij temat konkretnie.