Wirus z Gadu Gadu + Log

Kendo17 · 27 Luty 2007 13:50

Witam

Mam problem… Niedawno od kumpla dostalem linka, ktory jak juz pozniej sie zorientowalem zawieral wirusa.Kliknalem i zaczelo sie… Nie wiem co sie stalo bo po jakiejs chwili sam wysylal sie do innych moich znajomych z listy gg, bez mojej wiedzy. Teraz mecze sie z jego pozbyciem. Skanowalem juz Panda, Avastem i dalej nic nie pomaga. Objawem wirusa jest ciagle wlaczona klepsydra w myszce i zrzeranie pamieci… Zwracam sie o wasza pomoc, podajcie jakies dobre\sprawdzone programy aby pozbyc sie tego “natreta” w moim komputerze…

kwasior · 27 Luty 2007 14:03

Daj logi z Hijacka

Kendo17 · 27 Luty 2007 14:47

Oto Log z Hijacka :

Logfile of HijackThis v1.99.1 Scan saved at 15:42:33, on 2007-02-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe c:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe c:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe c:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\system32\wdfmgr.exe D:\WINDOWS\System32\alg.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\Mixer.exe D:\Program Files\D-Tools\daemon.exe D:\PROGRA~1\NEOSTR~1\CnxMon.exe D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\Kalendarz XP\Kalendarz.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\Neostrada TP\NeostradaTP.exe D:\Program Files\Neostrada TP\ComComp.exe D:\Program Files\Neostrada TP\Watch.exe D:\Program Files\Opera\Opera.exe D:\WINDOWS\system32\wuauclt.exe D:\Documents and Settings\Konrad\Pulpit\hijackthis1.99.1\HijackThis.exe D:\WINDOWS\system32\svchost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {B1F539BD-DB20-9D83-7004-FB1A01CF5E91} - (no file) R3 - URLSearchHook: (no name) - {84D809BD-F613-A8B7-5D34-CB3731FF73A1} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - D:\Program Files\Video ActiveX Object\isaddon.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {537CBC89-4427-1CD0-6FD7-75BCC9E3A6F8} - (no file) O2 - BHO: (no name) - {84D809BD-F613-A8B7-5D34-CB3731FF73A1} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll O2 - BHO: (no name) - {B1F539BD-DB20-9D83-7004-FB1A01CF5E91} - (no file) O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - D:\PROGRA~1\COMMON~1{3BD83~2\Bar888.dll (file missing) O2 - BHO: (no name) - {C4013DB0-C815-CDE8-5774-AFC1EED163FB} - (no file) O2 - BHO: (no name) - {EAC131B4-9548-94BF-5534-FBA4286D18AD} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - D:\PROGRA~1\COMMON~1{3BD83~2\Bar888.dll (file missing) O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - D:\Program Files\Video ActiveX Object\iesplugin.dll (file missing) O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM…\Run: [DAEMON Tools-1033] “D:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [{0BD83764-05CC-1045-0412-020510240030}] “D:\Program Files\Common Files{0BD83764-05CC-1045-0412-020510240030}\Update.exe” te-110-12-0000245 O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [AQQ] D:\PROGRA~1\AQQ\AQQ.exe O4 - HKCU…\Run: [Csea] “D:\DOCUME~1\Konrad\MOJEDO~1\PPATCH~1\spool32.exe” -vt yazb O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kalendarz XP.lnk = D:\Program Files\Kalendarz XP\Kalendarz.exe O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Anti-Virus 6.0\scieplugin.dll O17 - HKLM\System\CCS\Services\Tcpip…{7DBCCDE8-F8E8-4AA2-8F8B-4588334BE7F6}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195 O20 - AppInit_DLLs: 26.dll O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: rpcc - D:\WINDOWS\system32\rpcc.dll O20 - Winlogon Notify: winqxd32 - winqxd32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: COM+ Messages - Unknown owner - D:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000245 (file missing) O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - c:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - c:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Chyba mylicie sie… istnieje takie cos jak przesylanie wirusow za posrednictwem gg. Probowalem odinstalowywac z 3 razy i nic nie pomoglo

Tak ma to wyglądać

Asterisk

adam9870 · 27 Luty 2007 16:40

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

Start => uruchom => wpisz cmd i kliknij OK => w konsoli, która się otworzy wpisz:

Użyj narzędzia SmitFraudFix (wybierz opcję 2). Potem sprawdź co będzie z tego co wskazałem poniżej i usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

R3 - URLSearchHook: (no name) - {B1F539BD-DB20-9D83-7004-FB1A01CF5E91} - (no file) R3 - URLSearchHook: (no name) - {84D809BD-F613-A8B7-5D34-CB3731FF73A1} - (no file) O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - D:\Program Files\Video ActiveX Object\isaddon.dll (file missing) O2 - BHO: (no name) - {537CBC89-4427-1CD0-6FD7-75BCC9E3A6F8} - (no file) O2 - BHO: (no name) - {84D809BD-F613-A8B7-5D34-CB3731FF73A1} - (no file) O2 - BHO: (no name) - {B1F539BD-DB20-9D83-7004-FB1A01CF5E91} - (no file) O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - D:\PROGRA~1\COMMON~1{3BD83~2\Bar888.dll (file missing) O2 - BHO: (no name) - {C4013DB0-C815-CDE8-5774-AFC1EED163FB} - (no file) O2 - BHO: (no name) - {EAC131B4-9548-94BF-5534-FBA4286D18AD} - (no file) O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - D:\PROGRA~1\COMMON~1{3BD83~2\Bar888.dll (file missing) O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - D:\Program Files\Video ActiveX Object\iesplugin.dll (file missing) O4 - HKLM…\Run: [{0BD83764-05CC-1045-0412-020510240030}] “D:\Program Files\Common Files{0BD83764-05CC-1045-0412-020510240030}\Update.exe” te-110-12-0000245 O4 - HKCU…\Run: [Csea] “D:\DOCUME~1\Konrad\MOJEDO~1\PPATCH~1\spool32.exe” -vt yazb O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195 O20 - AppInit_DLLs: 26.dll O20 - Winlogon Notify: rpcc - D:\WINDOWS\system32\rpcc.dll O20 - Winlogon Notify: winqxd32 - winqxd32.dll (file missing) O23 - Service: COM+ Messages - Unknown owner - D:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000245 (file missing)

Pliki i foldery zaznaczone kasujesz ręcznie z dysku natomiast wpisy w HijackThis.

Użyj narzędzia FixWareOut.

Po wykonaniu pokaż nowy log z HijackThis, SilentRunners, zawartość pliku c:\rapport.txt oraz c:\fixwareout\report.txt

Kendo17 · 28 Luty 2007 17:41

Dalej nic nie dalo… nie moge usunac tych plikow nawet w trybie awaryjnym

Log z Hijacka :

Logfile of HijackThis v1.99.1 Scan saved at 18:39:32, on 2007-02-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe c:\Program Files\Avast4\aswUpdSv.exe c:\Program Files\Avast4\ashServ.exe c:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\system32\wdfmgr.exe c:\Program Files\Avast4\ashMaiSv.exe c:\Program Files\Avast4\ashWebSv.exe D:\WINDOWS\System32\alg.exe D:\WINDOWS\system32\wuauclt.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\wbem\wmiprvse.exe D:\WINDOWS\Mixer.exe D:\Program Files\D-Tools\daemon.exe D:\PROGRA~1\NEOSTR~1\CnxMon.exe D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\BearShare\BearShare.exe C:\PROGRA~1\Avast4\ashDisp.exe D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\Kalendarz XP\Kalendarz.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\Neostrada TP\NeostradaTP.exe D:\Program Files\Neostrada TP\ComComp.exe D:\Program Files\Neostrada TP\Watch.exe D:\Program Files\Opera\Opera.exe D:\Documents and Settings\Konrad\Pulpit\hijackthis1.99.1\HijackThis.exe D:\WINDOWS\system32\svchost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {B1F539BD-DB20-9D83-7004-FB1A01CF5E91} - (no file) R3 - URLSearchHook: (no name) - {84D809BD-F613-A8B7-5D34-CB3731FF73A1} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {537CBC89-4427-1CD0-6FD7-75BCC9E3A6F8} - (no file) O2 - BHO: (no name) - {84D809BD-F613-A8B7-5D34-CB3731FF73A1} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll O2 - BHO: (no name) - {B1F539BD-DB20-9D83-7004-FB1A01CF5E91} - (no file) O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O2 - BHO: (no name) - {C4013DB0-C815-CDE8-5774-AFC1EED163FB} - (no file) O2 - BHO: (no name) - {EAC131B4-9548-94BF-5534-FBA4286D18AD} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM…\Run: [DAEMON Tools-1033] “D:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [avast!] c:\PROGRA~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kalendarz XP.lnk = D:\Program Files\Kalendarz XP\Kalendarz.exe O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{7DBCCDE8-F8E8-4AA2-8F8B-4588334BE7F6}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195 O20 - AppInit_DLLs: 26.dll O20 - Winlogon Notify: rpcc - D:\WINDOWS\system32\rpcc.dll O20 - Winlogon Notify: winqxd32 - winqxd32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - c:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - c:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - c:\Program Files\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - c:\Program Files\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - c:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - c:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Czy moglby ktos zajac sie moim problemem ??? Sprawdzcie Loga.

Gutek · 28 Luty 2007 19:26

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki

D:\WINDOWS\System32\26.dll

D:\WINDOWS\System32\rpcc.dll

D:\WINDOWS\System32\winqxd32.dll

D:\WINDOWS\system32\svchosts.exe

i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.

R3 - URLSearchHook: (no name) - {B1F539BD-DB20-9D83-7004-FB1A01CF5E91} - (no file) R3 - URLSearchHook: (no name) - {84D809BD-F613-A8B7-5D34-CB3731FF73A1} - (no file) O2 - BHO: (no name) - {537CBC89-4427-1CD0-6FD7-75BCC9E3A6F8} - (no file) O2 - BHO: (no name) - {84D809BD-F613-A8B7-5D34-CB3731FF73A1} - (no file) O2 - BHO: (no name) - {B1F539BD-DB20-9D83-7004-FB1A01CF5E91} - (no file) O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O2 - BHO: (no name) - {C4013DB0-C815-CDE8-5774-AFC1EED163FB} - (no file) O2 - BHO: (no name) - {EAC131B4-9548-94BF-5534-FBA4286D18AD} - (no file) O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file) O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.92 85.255.112.195 O20 - AppInit_DLLs: 26.dll O20 - Winlogon Notify: rpcc - D:\WINDOWS\system32\rpcc.dll O20 - Winlogon Notify: winqxd32 - winqxd32.dll (file missing)

wpisy usuń HJT. Po co tobie panda i avast?

Search & Destroy w nim wyłącz Rezydenta

zrobiłeś to?

Kendo17 · 28 Luty 2007 20:21

Dzieki juz wszystko dobrze dziala… gdyby nie ty to nie wiem co by bylo :mrgreen:

Mam Avasta, Pande nie moge usunac nie wiem co jest. Wsadzam plytke do napedu aby odinst. a tu mi wywalo instalka… cos jest nie tak…

adam9870 · 28 Luty 2007 20:25

Wklej nowe logi plus raport z fixwareout.

Kendo17 · 28 Luty 2007 20:47

Raport:

SmitFraudFix v2.144 Scan done at 18:05:28,03, 2007-02-28 Run from D:\Documents and Settings\Konrad\Pulpit\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] “{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}”=“haematobia” [HKEY_CLASSES_ROOT\CLSID{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\CLSID{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}\InProcServer32] »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 preymaster.humanhead.com »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “system”=“kduhl.exe” kduhl.exe detected ! use a Rootkit scanner »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» End LAG: Logfile of HijackThis v1.99.1 Scan saved at 21:45:38, on 2007-02-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe c:\Program Files\Avast4\aswUpdSv.exe c:\Program Files\Avast4\ashServ.exe e:\Programy\AVG Anti-Spyware 7.5\guard.exe c:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\Explorer.EXE c:\Program Files\Avast4\ashWebSv.exe D:\WINDOWS\Mixer.exe D:\Program Files\D-Tools\daemon.exe D:\PROGRA~1\NEOSTR~1\CnxMon.exe D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\BearShare\BearShare.exe C:\PROGRA~1\Avast4\ashDisp.exe E:\Programy\AVG Anti-Spyware 7.5\avgas.exe D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe D:\Program Files\Spybot - Search Destroy\TeaTimer.exe D:\Program Files\Kalendarz XP\Kalendarz.exe D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\Neostrada TP\NeostradaTP.exe D:\Program Files\Neostrada TP\ComComp.exe D:\Program Files\Neostrada TP\Watch.exe C:\Program Files\AQQ\AQQ.exe D:\Program Files\Deutsch Translator 2\HDD.exe D:\Program Files\Opera\Opera.exe D:\WINDOWS\system32\NOTEPAD.EXE D:\Documents and Settings\Konrad\Pulpit\hijackthis1.99.1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {537CBC89-4427-1CD0-6FD7-75BCC9E3A6F8} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar4.dll O3 - Toolbar: Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM…\Run: [DAEMON Tools-1033] “D:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [avast!] c:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [!AVG Anti-Spyware] “e:\Programy\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search Destroy\TeaTimer.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kalendarz XP.lnk = D:\Program Files\Kalendarz XP\Kalendarz.exe O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{7DBCCDE8-F8E8-4AA2-8F8B-4588334BE7F6}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: rpcc - D:\WINDOWS\system32\rpcc.dll O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - c:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - c:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - c:\Program Files\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - e:\Programy\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - c:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - c:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe