SPYSHERIFF , prosze o pomoc!

Dla specjalistów Bezpieczeństwo
#1 
Logfile of HijackThis v1.99.1

Scan saved at 12:50:35, on 28.10.2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe

C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe

C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Roland\VSC32\vsc32cnf.exe

C:\Programme\Roland\VSC32\vscvol.exe

C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe

C:\Programme\QuickTime\qttask.exe

C:\WINDOWS\System32\kernels32.exe

C:\Programme\Skype\Phone\Skype.exe

C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\System32\vxh8jkdq2.exe

C:\Programme\M-Audio Audiophile USB\Dmn\ma003dmn.exe

C:\Programme\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe

C:\Programme\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe

C:\Programme\PocketCam 3Mega\ICON.EXE

C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe

C:\Programme\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe

C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE

C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe

C:\Programme\Opera7\Opera.exe

C:\WINDOWS\system32\vxh8jkdq2.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Dokumente und Einstellungen\KOWALSKI\Eigene Dateien\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - 


C:\WINDOWS\System32\nzdd.dll

O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - 


C:\WINDOWS\System32\ztoolb011.dll

O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\System32\ztoolb011.dll

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Programme\Roland\VSC32\vsc32cnf.exe

O4 - HKLM\..\Run: [vscvol.exe] C:\Programme\Roland\VSC32\vscvol.exe

O4 - HKLM\..\Run: [Kaspersky] C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky 


Lab\KAV Personal Pro\5.0\Save Kaspersky.bat

O4 - HKLM\..\Run: [AVPCC] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AnimatedWallpaper] C:\Programme\3d Animated Wallpaper\AnimWallpaper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe

O4 - HKCU\..\Run: [Router-Monitor]C:\Programme\BarrMon\BarrMon.exe "NoSound"

O4 - HKCU\..\Run: [Update Service] "C:\Programme\Gemeinsame Dateien\Teknum Systems\update.exe" /startup

O4 - HKCU\..\Run: [SIDEBAR] "C:\Programme\Desktop Sidebar\dsidebar.exe"

O4 - HKCU\..\Run: [WeatherWatcher] C:\Programme\Weather Watcher\ww.exe

O4 - HKCU\..\Run:[Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: MA003DMN.LNK = C:\Programme\M-Audio Audiophile USB\Dmn\ma003dmn.exe

O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = C:\Programme\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe

O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = C:\Programme\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe

O4 - Global Startup: PocketCam 3Mega Monitor.lnk = ?

O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe

O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.78.49.11/activex/AxisCamControl.ocx

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_23.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /service (file missing)

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Hide Files and Folders (HideFilesAndFolders) - Unknown owner - C:\DOKUMENTE UND EINSTELLUNGEN\KOWALSKI\EIGENE DATEIEN\HIDE FILES AND FOLDERS\HideFilesAndFoldersA.exe (file missing)

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe

O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /service (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
#2

Jeżeli w Dodaj/Usun masz SpySheriff to go odinstaluj

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Pliki na czerwono usun ręcznie z dysku

Dodatkowo POCZYTAJ o usuwaniu fałszywej tapety

Masz na kompie jeszcze Kaspersky Anti-Virus?

#3

Dzieki wielkie za odpowiedz, tak mam jeszcze Kaspersky to zle czy dobrze ??

#4

Dobrze :!: TO jest antywirus :slight_smile: i to bardzo dobry nie usuwaj go :slight_smile:

#5

skasowalem wszystkie “czerwone” pliki i narazie jest OK.

Tylko nie moge znalezc C:winstall.exe, jest ale w innym folerze !!

Mam skasowac ??? :smiley:

#6

Skasuj ten plik programem Pocket Killbox czyli odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżke:

C:** winstall.exe**

następnie program będzie pytał o restart (oczywiście zgadzasz sie)

Podaj jego dokładna lokalizacje, pewnie bedzie do skasowania

Po tych wszystkich czynnościach dajesz jeszcze raz loga