Wyskakuje mi okienko z Alertem oto log proszę o pomoc:)
Logfile of HijackThis v1.99.1 Scan saved at 16:40:00, on 2007-03-08 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\sstray.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\TrustPort\Bin\tptray.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe D:\Program Files\mIRC\mirc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\TomekTristan\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM…\Run: [kis] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\Run: [Microsoft Directx push] directxpushup.exe O4 - HKLM…\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM…\Run: [Flashget] C:\PROGRA~1\FlashGet\Flashget.exe /min O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [TrustPortTray] “C:\Program Files\Common Files\TrustPort\Bin\tptray.exe” O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [Microsoft Directx push] directxpushup.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SATARaid.lnk = ? O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\PROGRA~1\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra ‘Tools’ menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O17 - HKLM\System\CCS\Services\Tcpip…{734C1F40-B9D2-40E5-960D-B4215376C46D}: NameServer = 85.255.115.61,85.255.112.146 O17 - HKLM\System\CCS\Services\Tcpip…{F52F3E6F-F1FF-49A9-9997-656769A21BAF}: NameServer = 85.255.115.61,85.255.112.146 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.146 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.146 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.146 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\SIRTOM~1\USTAWI~1\Temp\hpdj.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
adam9870
(adam9870)
8 Marzec 2007 15:54
#2
Użyj narzędzia SmitFraudFix (wybierz opcję 2). Potem sprawdź co będzie z tego co wskazałem poniżej i usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing) O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\Run: [Microsoft Directx push] directxpushup.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [Microsoft Directx push] directxpushup.exe O17 - HKLM\System\CCS\Services\Tcpip…{734C1F40-B9D2-40E5-960D-B4215376C46D}: NameServer = 85.255.115.61,85.255.112.146 O17 - HKLM\System\CCS\Services\Tcpip…{F52F3E6F-F1FF-49A9-9997-656769A21BAF}: NameServer = 85.255.115.61,85.255.112.146 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.146 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.146 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.146
Folder i pliki usuń ręcznie z dysku natomiast wpisy HijackThis.
Użyj narzędzia FixWareOut .
Po wykonaniu pokaż komplet logów:
Gutek
(Gutek)
8 Marzec 2007 19:10
#4
to skasuj swojego posta, a nie zostawiaj :x
Log z gmera Ok nic nie widzę, daj nowe z HJT + Silent po:
Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz hpdj
Użyj ATF-Cleaner - http://www.atribune.org/ccount/click.php?id=1
Nadal:
O17 - HKLM\System\CCS\Services\Tcpip…{734C1F40-B9D2-40E5-960D-B4215376C46D}: NameServer = 85.255.115.61,85.255.112.146 O17 - HKLM\System\CCS\Services\Tcpip…{F52F3E6F-F1FF-49A9-9997-656769A21BAF}: NameServer = 85.255.115.61,85.255.112.146 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.146 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.146 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.61 85.255.112.146
usuń wpisy HJT i użyj FixWareOut