Arizona
(Arizona)
11 Lipiec 2006 12:35
#1
Moje problemy są następujące:
okno przegladarki (uzywam FireFoxa) wlącza się samoczynnie i wyskakują strony z jakimiś portalami,
od rana skanuje komputer antyvirem Avast 4.7 i co chwila znajduje mi jakies nowe wiry lub trojany,
-wyrzuciłem juz troche tego świństwa ale i tak widoczne jest spowolnienie pracy komputera…
Zamieszczam loga w celu sprawdzenia czy jeszcze coś nie siedzi:
Logfile of HijackThis v1.99.1 Scan saved at 14:37:53, on 2006-07-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe D:\programy\avast\ashDisp.exe D:\programy\avast\aswUpdSv.exe D:\programy\avast\ashServ.exe D:\programy\avast\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe D:\programy\avast\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe D:\programy\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\instalki\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start24.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: run= O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\programy\Acrobat Reader\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [avast!] D:\programy\avast\ashDisp.exe O4 - HKLM…\Run: [˙_zskdk]bah^ibfmvi[lyniwmdksz_] c:\windows\system32_zskdmwinyl[ivmfbi^hab]kd.exe O4 - HKLM…\RunServices: [˙_zskdk]bah^ibfmvi[lyniwmdksz_] c:\windows\system32_zskdmwinyl[ivmfbi^hab]kd.exe O4 - HKCU…\Run: [˙_zskdk]bah^ibfmvi[lyniwmdksz_] c:\windows\system32_zskdmwinyl[ivmfbi^hab]kd.exe O8 - Extra context menu item: Analizuj za pomocą LeechGet - file://D:\programy\LeechGet 2005\Parser.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz używając kreatora LeechGet - file://D:\programy\LeechGet 2005\Wizard.html O8 - Extra context menu item: Pobierz używając LeechGet - file://D:\programy\LeechGet 2005\AddUrl.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} - http://bismark.extracon.it/mirrorcoolst … Beta02.exe O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\2236_27.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\programy\avast\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\programy\avast\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\programy\avast\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\programy\avast\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
z góry dzięki za sprawdzenie,
pozdrawiam
W logu:
Ściągnij Gmer’a , przejdź do zakładki cmd i wklej:
Przejdź do zakładki procesy i wybierz opcje zabij wszystko, powrót do cmd i wybierz uruchom.
Restart i Daj log z Gmer’a , ściągnij>>>uruchom>>>przejdź do zakładki “rootkit”>>>wybierz “szukaj”>>>czekaż cierpliwie aż program zakończy prace>>>klikasz “kopiuj”>>>ctrl + v i wklej do posta.
Arizona
(Arizona)
11 Lipiec 2006 12:52
#3
chcem sie upewnic, bo w zakladce procesy sa tez takie rzeczy jak explorer, moj antyvir avast…chodzi o ze nic sie nie stanie zlego jak dam zabij wszystko???
Zostaną zabite prawie wszystkie procesy, z wyjątkiem 4 potrzebnych do pracy gmera, po ponownym uruchomieniu komputera załadują się na nowo.
Arizona
(Arizona)
11 Lipiec 2006 14:03
#7
napisales
tzn ze mam wejsc do zakladki procesy, nastepnie kliknac na zabij wszystko i pozniej dalej robic
czyli operuje tylko w zakladce “procesy”?
Arizona
(Arizona)
11 Lipiec 2006 14:51
#9
zrobilem tak jak mowiles…
plik z rozszerzeniem .exe latwo sie usunal ale ten z rozszerz .dll nie chcial i przy probie usuniecia wyskakiwal jakis blad…
uruchomilem kompa ponownie i oto log:
czekam na instrukcje
pozdrawiam
niech zgadne, “plik jest aktualnie w użyciu” ? A to dlatego, że wszczepia się do więkoszości procesów,
Ściągnij Pocket Killbox >>>uruchom>>>zaznacz opcje “Delete on Reboot”>>>w polu “Full path of file” wklej ścieżke:
Klikasz x i zgadzasz się na restart kompa.
Gmer czysty, dllki w nim nie widać bo straciła krycie.
adam9870
(adam9870)
11 Lipiec 2006 15:01
#11
InfinityToJa Killbox raczej sobie nie poradzi.
http://forum.dobreprogramy.pl/viewtopic … 825#603825
:roll:
Arizona
(Arizona)
11 Lipiec 2006 15:22
#13
na moje oko plik chyba zostal usuniety (jak wkleilem jeszcze raz ta sciezke do tego pliku to plik sie nie wyswietlil)
zrobilem loga z hijack’a zebyscie ocenili czy juz wszystko ok:
Logfile of HijackThis v1.99.1 Scan saved at 17:24:38, on 2006-07-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe D:\programy\avast\ashDisp.exe D:\programy\avast\aswUpdSv.exe D:\programy\avast\ashServ.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\instalki\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start24.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: run= O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\programy\Acrobat Reader\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [avast!] D:\programy\avast\ashDisp.exe O4 - HKLM…\Run: [˙_zskdk]bah^ibfmvi[lyniwmdksz_] c:\windows\system32_zskdmwinyl[ivmfbi^hab]kd.exe O4 - HKLM…\RunServices: [˙_zskdk]bah^ibfmvi[lyniwmdksz_] c:\windows\system32_zskdmwinyl[ivmfbi^hab]kd.exe O4 - HKCU…\Run: [˙_zskdk]bah^ibfmvi[lyniwmdksz_] c:\windows\system32_zskdmwinyl[ivmfbi^hab]kd.exe O8 - Extra context menu item: Analizuj za pomocą LeechGet - file://D:\programy\LeechGet 2005\Parser.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz używając kreatora LeechGet - file://D:\programy\LeechGet 2005\Wizard.html O8 - Extra context menu item: Pobierz używając LeechGet - file://D:\programy\LeechGet 2005\AddUrl.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} - http://bismark.extracon.it/mirrorcoolst … Beta02.exe O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\2236_27.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\programy\avast\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\programy\avast\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\programy\avast\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\programy\avast\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
ja tez nie moge wlaczyc zapory (wczoraj jeszcze chodzila)…uzywam xp pro, sp2, jak ja wlaczyc???
pozdrawiam
skasuj hijackiem:
poszukaj na forum, kilka tematów temu chyba było napisane
Arizona
(Arizona)
11 Lipiec 2006 15:50
#15
wpisy “ciachniete”, oto nowy log:
Logfile of HijackThis v1.99.1 Scan saved at 17:50:56, on 2006-07-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe D:\programy\avast\ashDisp.exe D:\programy\avast\aswUpdSv.exe D:\programy\avast\ashServ.exe D:\programy\avast\ashMaiSv.exe D:\programy\avast\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe E:\instalki\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start24.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\programy\Acrobat Reader\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM…\Run: [avast!] D:\programy\avast\ashDisp.exe O4 - HKLM…\Run: [˙_zskdk]bah^ibfmvi[lyniwmdksz_] c:\windows\system32_zskdmwinyl[ivmfbi^hab]kd.exe O4 - HKLM…\RunServices: [˙_zskdk]bah^ibfmvi[lyniwmdksz_] c:\windows\system32_zskdmwinyl[ivmfbi^hab]kd.exe O4 - HKCU…\Run: [˙_zskdk]bah^ibfmvi[lyniwmdksz_] c:\windows\system32_zskdmwinyl[ivmfbi^hab]kd.exe O8 - Extra context menu item: Analizuj za pomocą LeechGet - file://D:\programy\LeechGet 2005\Parser.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz używając kreatora LeechGet - file://D:\programy\LeechGet 2005\Wizard.html O8 - Extra context menu item: Pobierz używając LeechGet - file://D:\programy\LeechGet 2005\AddUrl.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} - http://bismark.extracon.it/mirrorcoolst … Beta02.exe O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\programy\avast\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\programy\avast\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\programy\avast\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\programy\avast\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
widze ze niektore wpisy zostaly :((((
pliki napewno usunięte ?Wrzuć najlepiej log z gmera
daj jeszcze loga z silent runners
no, plików nie ma.
Otwórz notatnik i wklej:
Plik>>>zapisz jako>>zmień rozszerzenie z .txt na wszystkie pliki>>>zapisz pod nazwą FIX.REG i uruchom w trybie awaryjnym
A jeśli to nie zadziała, otwierasz edytor rejestru (start>>>uruchom>>>regedit), przechodzisz do kluczy:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
I kasujesz wartości ˙_zskdk]bah^ibfmvi[lyniwmdksz_ .
Arizona
(Arizona)
11 Lipiec 2006 21:43
#19
zrobie to rano …bo dzisiaj juz nie ma sily …pozdrawiam i do jutra
Złączono Posta : 12.07.2006 (Sro) 10:38
Tak zrobilem :
Oto logi:
“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “LeechGet” = (empty string) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “HPDJ Taskbar Utility” = “C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe” [“HP”] “avast!” = “D:\programy\avast\ashDisp.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “D:\programy\Acrobat Reader\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\programy\WinRar\rarext.dll” [null data] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\programy\avast\ashShell.dll” [“ALWIL Software”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\programy\avast\ashShell.dll” [“ALWIL Software”] LeechGet(Default) = “{EBDF1F20-C829-14D1-8234-1420AF3E97A9}” -> {HKLM…CLSID} = “LeechGet “Copy Here” Shell Extension” \InProcServer32(Default) = “D:\programy\LeechGet 2005\ShellExtension.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\programy\WinRar\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ LeechGet(Default) = “{EBDF1F20-C829-14D1-8234-1420AF3E97A9}” -> {HKLM…CLSID} = “LeechGet “Copy Here” Shell Extension” \InProcServer32(Default) = “D:\programy\LeechGet 2005\ShellExtension.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\programy\WinRar\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “D:\programy\avast\ashShell.dll” [“ALWIL Software”] LeechGet(Default) = “{EBDF1F20-C829-14D1-8234-1420AF3E97A9}” -> {HKLM…CLSID} = “LeechGet “Copy Here” Shell Extension” \InProcServer32(Default) = “D:\programy\LeechGet 2005\ShellExtension.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “D:\programy\WinRar\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\web\wallpaper\Idylla.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” -> {HKLM…CLSID} = “&Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “&Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_05” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““D:\programy\avast\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““D:\programy\avast\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““D:\programy\avast\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““D:\programy\avast\ashWebSv.exe” /service” [“ALWIL Software”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt03\Driver = “hpzlnt03.dll” [“HP”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 81 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 35 seconds. ---------- (total run time: 204 seconds)
Logfile of HijackThis v1.99.1 Scan saved at 10:43:26, on 2006-07-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe D:\programy\avast\ashDisp.exe D:\programy\avast\aswUpdSv.exe D:\programy\avast\ashServ.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\programy\avast\ashMaiSv.exe D:\programy\avast\ashWebSv.exe C:\WINDOWS\system32\NOTEPAD.EXE E:\instalki\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start24.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\programy\Acrobat Reader\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM…\Run: [avast!] D:\programy\avast\ashDisp.exe O4 - HKLM…\RunServices: [˙_zskdk]bah^ibfmvi[lyniwmdksz_] c:\windows\system32_zskdmwinyl[ivmfbi^hab]kd.exe O8 - Extra context menu item: Analizuj za pomocą LeechGet - file://D:\programy\LeechGet 2005\Parser.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz używając kreatora LeechGet - file://D:\programy\LeechGet 2005\Wizard.html O8 - Extra context menu item: Pobierz używając LeechGet - file://D:\programy\LeechGet 2005\AddUrl.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} - http://bismark.extracon.it/mirrorcoolst … Beta02.exe O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\programy\avast\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - D:\programy\avast\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\programy\avast\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\programy\avast\ashWebSv.exe" /service (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing) O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
a oto jest log z gmera:
pozdrawiam i czekam na diagnoze
logi czyste
Możesz skasowac resztki po AVG, start>>>uruchom>>>cmd >> wklep>