Witam! Prosiłabym o sprawdzenie loga, poniewaz od pewnego czasu po uruchomieniu komuptera samoistnie instaluje mi się program “freeprodtb” i wciąż wyskakują mi jakies okienka z reklamami. Jestem całkowicie “zielona” w tych sprawch i nie wiem za bardzo co mam zrobic…
Prosze o pomoc i z góry dziekuję
Logfile of HijackThis v1.99.1
Scan saved at 14:19:05, on 2006-05-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\gosia\Nowy folder\Cain\Abel.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\windows\system32\rlvknlg.exe
C:\Program Files\outlook\outlook.exe
C:\windows\defender1.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\PROGRA~1\COMMON~1\kqoo\kqoom.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\Wg\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\WinPcap\wNetMonInstaller.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\`\Pulpit\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F2 - REG:system.ini: Shell=explorer.exe "c:\program files\common files\microsoft shared\web folders\ibm00003.exe"
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\kaqawc.exe reg_run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard18.exe
O4 - HKLM\..\Run: [defender] C:\windows\defender1.exe
O4 - HKLM\..\Run: [newname] C:\\newname18.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Komunikator] C:\Documents and Settings\`\Pulpit\Nowy folder\tlen.exe
O4 - HKCU\..\Run: [AQQ] C:\DOCUME~1\`\Pulpit\NOWYFO~1\AQQ\AQQ.exe
O4 - HKCU\..\Run: [kqoo] C:\PROGRA~1\COMMON~1\kqoo\kqoom.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O17 - HKLM\System\CCS\Services\Tcpip\..\{320BD288-C9DF-40E2-8BF0-ACA77F8F7B23}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\enlol1331.dll
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\jt4o07h3e.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Abel - oxid.it - C:\gosia\Nowy folder\Cain\Abel.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Wg\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
ZRobiłam wszystko jak było w temacie o HijackThis.
Gutek
(Gutek)
11 Maj 2006 16:40
#2
Zmień tytuł tematu na konkretny
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank F2 - REG:system.ini: Shell=explorer.exe “c:\program files\common files\microsoft shared\web folders\ibm00003.exe” O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll O4 - HKLM…\Run: [winsync] C:\WINDOWS\system32\kaqawc.exe reg_run O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM…\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot O4 - HKLM…\Run: [winlog] winlog.exe O4 - HKLM…\Run: [keyboard] C:\windows\keyboard18.exe O4 - HKLM…\Run: [defender] C:\windows\defender1.exe O4 - HKLM…\Run: [newname] C:\newname18.exe O4 - HKLM…\Run: [ipWins] C:\Program Files\ipwins\ipwins.exe O4 - HKLM…\RunServices: [winlog] winlog.exe O4 - HKCU…\Run: [shell] “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe” O4 - HKCU…\Run: [PayTime] C:\WINDOWS\system32\paytime.exe O4 - HKCU…\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU…\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU…\Run: [kqoo] C:\PROGRA~1\COMMON~1\kqoo\kqoom.exe O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\enlol1331.dll O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\jt4o07h3e.dll (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Wg\command.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz Network Monitor i Command Service
Wyłączyć Przywracanie systemu w XP TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log
Użyj Look2Me-Destroyer.exe
Odpal LSP-Fix zaznacz “I know what I’m doing” następnie w okienku Keep zaznacz plik który chcesz usunąć i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish
To moze być plik:
Find-Qoologic rozpakuj i uruchom Find-Qoologic.bat , pokaze sie taki screen:
i wpisz w nim z klawiatury 1 i potwierdź za pomocą ENTER-em. I jak będzie log wklej
Bieniol
(Bbieniol)
11 Maj 2006 16:43
#3
Tego wpisu nie usuwaj - to strona startowa pajacyka
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable. Po użyciu tego narzędzia wymagany jest reset sysa.
Nie mogę wyłączyc Command Service nie wiem dlaczego…
adam9870
(adam9870)
11 Maj 2006 19:29
#5
Jak to nie możesz. Robisz tak:
Start >>> Uruchom >>> services.msc >>> Znajdujesz Command Service i klikasz na niego prawym klawiszem myszki i wybierasz “Właściwości”. Przechodzisz na zakładke “ogólne”. i klikasz na “Zatrzymaj”. I w polu “Typ uruchamiania” ustawisz na “Wyłączony”.
Potem tylko potweirdzasz ustawienia
Tak jak napisałeś robię: Start >>> Uruchom >>> services.msc >>> Command Service, dalej wchodzę we właściwości i zakładke ogólne ale tam nie mam wogole aktywnych tych opcji: uruchom, zatrzymaj, wstrzymaj, wznów… :roll:
A “Typ uruchamiania” caly czas jest na “Wyłączony”. :?
Bieniol
(Bbieniol)
11 Maj 2006 20:53
#7
W takim razie rób dalej to co napisał Gutek2222
Typ uruchomienia- “Wyłączony”
Ale stan- “Uruchomiono”
Więc nie rozumiem mam robic dalej wszytsko jak pisał Gutek2222 :?:
Bieniol
(Bbieniol)
11 Maj 2006 21:08
#9
W takim razie usługi Command Service i Network Monitor wyłączysz w ten sposób:
Start --> uruchom --> cmd i wpisujesz:
To powinno zadziałać
kuz5
(Kuz5)
11 Maj 2006 21:29
#10
To, nie zadzaiła, zreszta nie Network Monitor dotyczy pytanie
go$iaczek nie przejmuj się, tym wpisem zajmiemy sie najwyżej na końcu
Ty masz na kompie o wiele poważniejszy syf niż Command Service
Zrób to co kazał gutek i wklej logi o które zostałaś poproszona
A co do punktu 3. ->Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked.
To rozumiem ze mam zaznaczyc te strony co są na niebiesko zaznaczone? Pytam, bo wogóle się w tym nie orientuję :roll:
Bieniol
(Bbieniol)
12 Maj 2006 20:56
#12
Zaznaczasz wszystkie zacytowane wpisy (stawiasz przy nich ptaszki)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank F2 - REG:system.ini: Shell=explorer.exe “c:\program files\common files\microsoft shared\web folders\ibm00003.exe” O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll O4 - HKLM…\Run: [winsync] C:\WINDOWS\system32\kaqawc.exe reg_run O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM…\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot O4 - HKLM…\Run: [winlog] winlog.exe O4 - HKLM…\Run: [keyboard] C:\windows\keyboard18.exe O4 - HKLM…\Run: [defender] C:\windows\defender1.exe O4 - HKLM…\Run: [newname] C:\newname18.exe O4 - HKLM…\Run: [ipWins] C:\Program Files\ipwins\ipwins.exe O4 - HKLM…\RunServices: [winlog] winlog.exe O4 - HKCU…\Run: [shell] “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe” O4 - HKCU…\Run: [PayTime] C:\WINDOWS\system32\paytime.exe O4 - HKCU…\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU…\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU…\Run: [kqoo] C:\PROGRA~1\COMMON~1\kqoo\kqoom.exe O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\enlol1331.dll O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\jt4o07h3e.dll (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Wg\command.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
I klikasz na dole “fix checked”
Gutek
(Gutek)
12 Maj 2006 21:06
#13
pomyliłem się, ty zauważyłeś a teraz powtarzasz?
bez tego wpisu ptaszkujesz wszystko w hijacku co jest wskazane
Zrobiłam wszytsko, ale okienka z reklamami wciąż wyskakują
Logfile of HijackThis v1.99.1
Scan saved at 23:33:26, on 2006-05-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\gosia\Nowy folder\Cain\Abel.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\defender1.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Weather\Weather.exe
C:\Program Files\Snowball Wars\License.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Documents and Settings\`\Pulpit\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [defender] C:\WINDOWS\defender1.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [Komunikator] C:\Documents and Settings\`\Pulpit\Nowy folder\tlen.exe
O4 - HKCU\..\Run: [AQQ] C:\DOCUME~1\`\Pulpit\NOWYFO~1\AQQ\AQQ.exe
O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\m0640ajqedoe0.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Abel - oxid.it - C:\gosia\Nowy folder\Cain\Abel.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
To też przpadkowo zaznaczyłam
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/
Czy zrobiłam wszystko dobrze?
Bieniol
(Bbieniol)
12 Maj 2006 21:37
#15
Ściągnij i odpal LSP-Fix zaznacz “I know what I’m doing” następnie w okienku Keep zaznacz plik newdotnet*_** i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish i restart kompa
W trybie awaryjnym z wyłącząnym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku (w razie problemów z usuwaniem plików użyj narzędzia KillBox ):
Co do tego wpisu:
Użyj narzędzia Look2Me-Destroyer , następnie wrzuć log z programu l2mfix (wybierasz opcje 1)
Usunełam te wpisy
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [defender] C:\WINDOWS\defender1.exe
Ale nie mogę uruchomic programu Look2Me-Destroyer.
kuz5
(Kuz5)
12 Maj 2006 22:09
#17
A co wyskakuje za komunikat
Ok, uruchomiło się, ale nie było tam wpisu
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\m0640ajqedoe0.dll
kuz5
(Kuz5)
12 Maj 2006 22:19
#19
Jak uruchmiłeś to przeskanuj system Tutaj na samym dole masz opis
Do tego wklej log, nr 1 z narzedzia L2Mfix
Przeskanowałam, wklejam to co wyszło:
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 2006-05-13 00:29:03
Infected! C:\WINDOWS\system32\lv2u09f9e.dll
Infected! C:\WINDOWS\system32\dmound3d.dll
Infected! C:\WINDOWS\system32\wxninet.dll
Infected! C:\WINDOWS\system32\mrc40.dll
Infected! C:\WINDOWS\system32\atcups.dll
Infected! C:\WINDOWS\system32\hr0o05d3e.dll
Infected! C:\WINDOWS\system32\dnju0119e.dll
Infected! C:\WINDOWS\system32\mvlsl9371.dll
Infected! C:\WINDOWS\system32\ktr6l79s1.dll
Infected! C:\WINDOWS\system32\hrr0059me.dll
Infected! C:\WINDOWS\system32\hr8s05l7e.dll
Infected! C:\WINDOWS\system32\j2n2lc5o1f.dll
Infected! C:\WINDOWS\system32\mvpml9711.dll
Infected! C:\WINDOWS\system32\k4260efseh260.dll
Infected! C:\WINDOWS\system32\n4p4le7q1h.dll
Infected! C:\WINDOWS\system32\gp06l3ds1.dll
Infected! C:\WINDOWS\system32\l6j80g1ue6.dll
Infected! C:\WINDOWS\system32\kfdro.dll
Infected! C:\WINDOWS\system32\whhpl.dll
Infected! C:\WINDOWS\system32\ragwizc.dll
Infected! C:\WINDOWS\system32\lfghours.dll
Infected! C:\WINDOWS\system32\en8ql1l51.dll
Infected! C:\WINDOWS\system32\it41_qcx.dll
Infected! C:\WINDOWS\system32\prtorsvc.dll
Infected! C:\WINDOWS\system32\lv2u09f9e.dll
Infected! C:\WINDOWS\system32\hr0205doe.dll
Infected! C:\WINDOWS\system32\jt6207joe.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\lv2u09f9e.dll
C:\WINDOWS\system32\lv2u09f9e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dmound3d.dll
C:\WINDOWS\system32\dmound3d.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\wxninet.dll
C:\WINDOWS\system32\wxninet.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mrc40.dll
C:\WINDOWS\system32\mrc40.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\atcups.dll
C:\WINDOWS\system32\atcups.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\hr0o05d3e.dll
C:\WINDOWS\system32\hr0o05d3e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dnju0119e.dll
C:\WINDOWS\system32\dnju0119e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mvlsl9371.dll
C:\WINDOWS\system32\mvlsl9371.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\ktr6l79s1.dll
C:\WINDOWS\system32\ktr6l79s1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\hrr0059me.dll
C:\WINDOWS\system32\hrr0059me.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\hr8s05l7e.dll
C:\WINDOWS\system32\hr8s05l7e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\j2n2lc5o1f.dll
C:\WINDOWS\system32\j2n2lc5o1f.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mvpml9711.dll
C:\WINDOWS\system32\mvpml9711.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\k4260efseh260.dll
C:\WINDOWS\system32\k4260efseh260.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\n4p4le7q1h.dll
C:\WINDOWS\system32\n4p4le7q1h.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\gp06l3ds1.dll
C:\WINDOWS\system32\gp06l3ds1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\l6j80g1ue6.dll
C:\WINDOWS\system32\l6j80g1ue6.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\kfdro.dll
C:\WINDOWS\system32\kfdro.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\whhpl.dll
C:\WINDOWS\system32\whhpl.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\ragwizc.dll
C:\WINDOWS\system32\ragwizc.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\lfghours.dll
C:\WINDOWS\system32\lfghours.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\en8ql1l51.dll
C:\WINDOWS\system32\en8ql1l51.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\it41_qcx.dll
C:\WINDOWS\system32\it41_qcx.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\prtorsvc.dll
C:\WINDOWS\system32\prtorsvc.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\lv2u09f9e.dll
C:\WINDOWS\system32\lv2u09f9e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\hr0205doe.dll
C:\WINDOWS\system32\hr0205doe.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\jt6207joe.dll
C:\WINDOWS\system32\jt6207joe.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{815BD60E-879F-4C8E-8715-09863BA12B97}"
HKCR\Clsid\{815BD60E-879F-4C8E-8715-09863BA12B97}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0F06EAA7-E090-4443-9DEE-85943291CF12}"
HKCR\Clsid\{0F06EAA7-E090-4443-9DEE-85943291CF12}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{874BD8DE-30AE-47CE-8961-3B5398690433}"
HKCR\Clsid\{874BD8DE-30AE-47CE-8961-3B5398690433}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administratorzy - Succeeded
Jednak nie wiem jak użyc narzędzie L2Mfix :roll: