Noboo
(Noboo)
22 Październik 2005 12:32
#1
Mam problem. Na moim komputerze pojawily sie jakies spyware, ktorych nie moge usunac. kaspersky nic nie wykrywa, spybot tak samo.
dzialanie szkodliwego programu polega na tym, ze wylacza na pasku narzedzi PASEK NARZEDZI SZYBKIEGO URUCHAMIANIA, oraz co jakis czas wyskakuje okienko reklamowe (przegladarka sama sie otwiera i za kazdym razem wyskakuje inna strona reklamowa).
ponizej zamieszczam loga, moze tam cos bedzie, ja sie na tym nie znam ;/
Logfile of HijackThis v1.99.1 Scan saved at 14:28:04, on 2005-10-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE E:\Program Files\D-Tools\daemon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe E:\Program Files\PowerDVD\PDVDServ.exe E:\Program Files\aaa INTERNET\NetLimiter\NetLimiter.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe E:\nowe\TapetA\Tapeta.exe E:\nowe\CursorXP\CursorXP.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\twain_32\A4S2_600\watch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe E:\Program Files\DC++\DCPlusPlus.exe C:\WINDOWS\System32\svchost.exe C:\MSCAN\Msoffice\panel.exe E:\Program Files\AQQ\AQQ.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe E:\Program Files\aaa systemowe\RegSupreme\RegSupreme.exe E:\Program Files\System Mechanic 5 Professional\SysMech5.exe E:\downloads\hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\fgiebar.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [DAEMON Tools-1033] “E:\Program Files\D-Tools\daemon.exe” -lang 1033 -lock O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [RemoteControl] “e:\Program Files\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [bootSkin Startup Jobs] “E:\nowe\BOOTSKIN\BOOTSKIN.EXE” /StartupJobs O4 - HKLM…\Run: [NetLimiter] E:\Program Files\aaa INTERNET\NetLimiter\NetLimiter.exe /s O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [TapetA] E:\nowe\TapetA\Tapeta.exe O4 - HKCU…\Run: [CursorXP] e:\nowe\CursorXP\CursorXP.exe O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4S2_600\watch.exe O4 - Startup: DCPlusPlus.lnk = E:\Program Files\DC++\DCPlusPlus.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - E:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - E:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 4613641109 O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_22.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{0DB497A2-A54E-4FBC-8B48-DA68FE54BCEE}: NameServer = 62.233.190.1,62.233.189.10 O17 - HKLM\System\CS1\Services\Tcpip…{0DB497A2-A54E-4FBC-8B48-DA68FE54BCEE}: NameServer = 62.233.190.1,62.233.189.10 O17 - HKLM\System\CS2\Services\Tcpip…{0DB497A2-A54E-4FBC-8B48-DA68FE54BCEE}: NameServer = 62.233.190.1,62.233.189.10 O18 - Protocol: vskype - (no CLSID) - (no file) O20 - Winlogon Notify: mixvibespro.exe - C:\WINDOWS\system32\l8r0li9m18.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: kavsvc - Kaspersky Lab - e:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - e:\Program Files\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - e:\Program Files\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
dodałem znaczniki
monczkin
Szynek
(Szynek)
22 Październik 2005 12:52
#2
kuz5
(Kuz5)
23 Październik 2005 14:07
#3
Zobacz czy w Dodaj/Usun nie masz zainstalowanego czegos takiego jak Accoona jezeli bedzie to odinstaluj
Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O20 - Winlogon Notify: mixvibespro.exe - C:\WINDOWS\system32\l8r0li9m18.dll
Znasz zostawiasz, nie znasz usuwasz
Pliki na czerwono usun ręcznie z dysku