Witam,
mam taki oto kłopot, nie dawno przetrwałem atak ze strony, większość szkodników udało się wykasować, jednak z tym winf44.dll nie mogę sobie w żaden sposób poradzić.
próbowałem już przez HijackThis i killboxa, system ma wyłączone przywracanie systemu, a po restarcie wciąż powraca,
efektem tego są mi.in: brak możliwości drukowania, wysyłania maili, skanowania,
jeśli ktoś wie jak pozbyć się tego to będę wielce zobowiązany za pomoc.
pozdro G.
kuz5
(Kuz5)
3 Sierpień 2006 18:52
#2
Użyj HaxFix i po problemie
Po użyciu haxfixa zapodaj komplet logów czyli silenta, hijacka i haxfixa
Na pierwszy rzut oka wygląda, że jest o.k.
ale…
poniżej wynik pracy haxfixa
HAXFIX logfile - by Marckie -------------- version 4.04 2006-08-04 8:31:07,92 — Manual Haxdoorfix — Adding haxdoorkeys to delete… winf searching for services… service winf44 found [sWSC] DeleteService SUCCESS service winf49 found [sWSC] DeleteService SUCCESS — Goldunfix — searching for notifykeys: no notifykeys found searching for services: No services found …rebooting the computer… searching for notifykeys notifykey winf44 not found searching for services service winf44 not found service winf49 not found searching for safeboot services safeboot service winf44.sys not found safeboot service winf49.sys not found searching for files winf44.dll exists deleting winf44.dll winf44.dll has been deleted winf44.sys exists deleting winf44.sys winf44.sys has been deleted winf49.sys exists deleting winf49.sys winf49.sys has been deleted checking for other files qy.sys exists deleting qy.sys qy.sys has been deleted qz.dll exists deleting qz.dll qz.dll has been deleted qz.sys exists deleting qz.sys qz.sys has been deleted x8.xxd exists deleting x8.xxd x8.xxd has been deleted zxcsedr.dll exists deleting zxcsedr.dll zxcsedr.dll has been deleted checking for a3d files ps.a3d deleting a3d files a3d files are deleted Finished
i log z HijackThis
Logfile of HijackThis v1.99.1 Scan saved at 08:37:08, on 2006-08-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\usbtapnp.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\MKS\Bin\mks_menu.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\MKS\Bin\ABregmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IMAP Notify\IMAPNotify.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\WINDOWS\msagent\AgentSvr.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\MKS\Bin\NetMonSV.exe C:\Program Files\MKS\Bin\mksmonsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MKS\Bin\mks_scan.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Kasiunia\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [uSBTA] C:\WINDOWS\system32\usbtapnp.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” O4 - HKLM…\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: IMAP Notify.lnk = C:\Program Files\IMAP Notify\IMAPNotify.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 0379763671 O17 - HKLM\System\CCS\Services\Tcpip…{85B24431-F4D3-4D4D-9B5D-933FE09CF89E}: NameServer = 192.168.0.1,66.36.252.163 O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\MKS\Bin\NetMonSV.exe O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program Files\MKS\bin\MkSUpdateInt.exe O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\MKS\Bin\mksmonsv.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe
Wielkie dzięki, :lol: :lol: :lol:
mam nadzieje, że to załatwi sprawe.
szkoda tylko, że pomoc techniczna w MKS, nie potrafi tego tak załatwić… ech…
gdyby się coś jeszcze pokazało to napewno dam znać :lol: