kczr
(Kczr)
9 Sierpień 2006 08:43
#1
Co powinienem zrobic jeżeli w prawym dolnym rogu wyskakuje mi okienko w którym napisane jest Your computer is infected9to jako nagłówek) a w srodku jakies tam Critical system error…
Logfile of HijackThis v1.99.1 Scan saved at 10:36:21, on 09.08.2006 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dcomcfg.exe C:\Program Files\IntCodec\isamonitor.exe C:\Program Files\IntCodec\pmsngr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\COMMON~1\SKS~1\nslookup.exe C:\Documents and Settings\KCZR\Moje dokumenty\T?sks?ti2evxx.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IntCodec\pmmon.exe C:\Program Files\IntCodec\isamini.exe C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\cool.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\mmc.exe C:\Documents and Settings\KCZR\Pulpit\hijackthis\HijackThis.exe R3 - Default URLSearchHook is missing O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Program Files\IntCodec\isaddon.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp100.tmp O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\IntCodec\iesplugin.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKLM…\RunOnce: [spybotSnD] “C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe” /autocheck O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [91602ded.exe] C:\Documents and Settings\KCZR\Ustawienia lokalne\Dane aplikacji\91602ded.exe O4 - HKCU…\Run: [shtt] “C:\PROGRA~1\COMMON~1\SKS~1\nslookup.exe” -vt yazb O4 - HKCU…\Run: [Fvqjb] C:\Documents and Settings\KCZR\Moje dokumenty\T?sks?ti2evxx.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O20 - AppInit_DLLs: ???Both C:\WINDOWS\system32\alg.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: winaoc32 - C:\WINDOWS\SYSTEM32\winaoc32.dll O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Proszę o pomoc!
kuz5
(Kuz5)
9 Sierpień 2006 19:39
#2
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga
Użyj SmitFraudFix
I dopiero wtedy wklej dwa logi HijackThis i Silent runners