kobiy7
(Kobiy7)
24 Kwiecień 2006 11:31
#1
przy zegarze syustemowym mruga mi ikonka zielony wuzek inwalicji z zakazem postoju, co jakiś pojawia się dymek ale nie systemowy z tej ikony i zaslania mi część ekranu, w komunikacie w jezyku angielskim jest napisane:
“Your computer is infected! Critical System Error! System detectede virus activities. …”
Logfile of HijackThis v1.99.1 Scan saved at 13:08:06, on 2006-04-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\HPDESK\HPPDDIR.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\mulse\tlen.exe C:\ESRI\AV_GIS30\arcview\bin32\arcview.exe C:\Program Files\mulse\Winamp\winamp.exe C:\Program Files\Crazy Browser\Crazy Browser.exe C:\WINDOWS\system32\svchost.exe c:\program files\winrar\WinRAR.exe C:\DOCUME~1\tomek\USTAWI~1\Temp\Rar$EX00.430\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hpC867.tmp (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [AWMON] “C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe” O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - Global Startup: Pomocnik autora.lnk = C:\HPDESK\HPPDDIR.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\mulse\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra ‘Tools’ menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\mulse\WinHTTrack\WinHTTrackIEBar.dll O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
MarS
(MarS)
24 Kwiecień 2006 12:02
#2
http://evil.pl/pip/faq.html
Proponuję czytać archiwum tego forum bo CODZIENNIE ktoś pyta o to samo
Bieniol
(Bbieniol)
24 Kwiecień 2006 13:52
#3
W trybie awaryjnym kasujesz te wpisy:
Poza tym czysto
Wrzuć jeszcze log z Silent Runners
Użyj Smitrem i wstaw loga z silent runners