Spywarequake


(Jerzy Klima) #1

mam z tym problem pojawia się ten zielony inwalida na pasku a jak klikne to sie instaluje spywareqake

(mam programy Hijackthis,RegCleaner,Ad-Aware SE Personal)

a oto mój log z HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 20:18:46, on 2006-04-09

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\Klima\USTAWI~1\Temp\Katalog tymczasowy 3 dla hijackthis.zip\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144253057781

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0) - 

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) - 

O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c567.cab?d77783d03d0dd29877970503649e59cfd4c8af7f0a674fecd848165b9620974096fbec58470afeeb130ce9ef163c5925e34ffc609b2bd138bb45195350320dee21478510f7:51bd07fb1b7f6cfe8c482626e79f8d4e

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CC15D267-DC24-4C13-B7BE-6D2EB5FD9B35}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

Co mam dalej robić . Prosze o jaknajszybszą pomoc!


(Gutek) #2

Zastosuj SpywareQuake

usuń hijackiem


(Jerzy Klima) #3

ok . Zrobiłem , usunołem :smiley: , ale gdy uruchamiam komputer to pisze mi żebym wcisną Ctrl Alt Delate . Wciskam i jest pc działa, ale jak zrobić żeby nieczeba było tego wszystkiego wciskać? :? POMOCY


(Gutek) #4

Daj screena - http://forum.dobreprogramy.pl/viewtopic.php?t=46412


(Jerzy Klima) #5

no właśnie :? tylko to jest zaraz jak uruchamiam komputer :frowning: .

Zwykłe okno i tam pisze coś że wciśnij Crtl,Alt,Delate . A póżniej wszystko na pulpicie normalnie tak jak było.

Ico tu robić?