help me please <log> :((
coś mi się ostatnio z kompem stało... :(( na pulpicie mam napis "your compuer is spyware", na pasku teź mam jakąs taką czerwoną ikonkę i zainstalował się jakiś dziadoski program Spycheriff. Czytałam poprzednie tematy, sprawdziłam tym programem Cwshredder i wygenerowałam log w HijackThis. Bardzo was proszę pomóźcie mi co ja mam zrobić tylko nieskomplikowanie bo ja raczej sie zbyt dobrze nie znam... :( :( :( wklejam loga:
Logfile of HijackThis v1.99.1
Scan saved at 18:55:02, on 2005–11–16
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\Sy5QLg\command.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\windows\system32\mdms.exe
C:\WINDOWS\System32\paytime.exe
C:\windows\adtech2005.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\winstall.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\KASIAP~1\USTAWI~1\Temp\Rar$EX00.006\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F2 – REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [winsnt] C:\WINDOWS\winsnt.exe
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 – HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: ShopperReports – Compare travel rates – {946B3E9E–E21A–49c8–9F63–900533FAFE14} – C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll (file missing)
O9 – Extra button: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – C:\Program Files\ICQLite\ICQLite.exe
O9 – Extra 'Tools' menuitem: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – C:\Program Files\ICQLite\ICQLite.exe
O9 – Extra button: ShopperReports – Compare product prices – {E77EDA01–3C56–4a96–8D08–02B42891C169} – C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll (file missing)
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.178.84 (HKLM)
O16 – DPF: {2DF91772–19DC–47AE–B52F–B8E2FE545625} (Spd2 Class) – http://www.lemontv.pl/lmctrls.cab
O20 – Winlogon Notify: f3dsl – lsd_f3.dll (file missing)
O20 – Winlogon Notify: iexplore – 1slld.dll (file missing)
O20 – Winlogon Notify: ShellCompatibility – C:\WINDOWS\system32\Mmvcr70.dll
O21 – SSODL: SysTray.Exys – {7368D5FC–6F5C–4f5b–B964–E67214F67852} – C:\WINDOWS\System32\fbfilgjf.dll
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – C:\WINDOWS\System32\fmbkeolk.dll
O23 – Service: Command Service (cmdService) – Unknown owner – C:\WINDOWS\Sy5QLg\command.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.EXE
O23 – Service: Macromedia Licensing Service – Macromedia – C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 18:55:02, on 2005–11–16
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\Sy5QLg\command.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\windows\system32\mdms.exe
C:\WINDOWS\System32\paytime.exe
C:\windows\adtech2005.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\winstall.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\KASIAP~1\USTAWI~1\Temp\Rar$EX00.006\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F2 – REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [winsnt] C:\WINDOWS\winsnt.exe
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 – HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: ShopperReports – Compare travel rates – {946B3E9E–E21A–49c8–9F63–900533FAFE14} – C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll (file missing)
O9 – Extra button: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – C:\Program Files\ICQLite\ICQLite.exe
O9 – Extra 'Tools' menuitem: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – C:\Program Files\ICQLite\ICQLite.exe
O9 – Extra button: ShopperReports – Compare product prices – {E77EDA01–3C56–4a96–8D08–02B42891C169} – C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll (file missing)
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.178.84 (HKLM)
O16 – DPF: {2DF91772–19DC–47AE–B52F–B8E2FE545625} (Spd2 Class) – http://www.lemontv.pl/lmctrls.cab
O20 – Winlogon Notify: f3dsl – lsd_f3.dll (file missing)
O20 – Winlogon Notify: iexplore – 1slld.dll (file missing)
O20 – Winlogon Notify: ShellCompatibility – C:\WINDOWS\system32\Mmvcr70.dll
O21 – SSODL: SysTray.Exys – {7368D5FC–6F5C–4f5b–B964–E67214F67852} – C:\WINDOWS\System32\fbfilgjf.dll
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – C:\WINDOWS\System32\fmbkeolk.dll
O23 – Service: Command Service (cmdService) – Unknown owner – C:\WINDOWS\Sy5QLg\command.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.EXE
O23 – Service: Macromedia Licensing Service – Macromedia – C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Odpowiedzi: 2
Poczytaj o tym tu >> http://forum.centrumxp.pl/viewtopic.php?t=38238&highlight=spysheriff
Pozatym masz jeszcze L2m a o tym tutaj http://forum.centrumxp.pl/viewtopic.php?t=43523
Ja pierwszy problem usunąłem skanując system Spy Sweeperem
Pozatym masz jeszcze L2m a o tym tutaj http://forum.centrumxp.pl/viewtopic.php?t=43523
Ja pierwszy problem usunąłem skanując system Spy Sweeperem
wywalasz:
dodatkowo jeszcze te wszystkie trusted zone
poczytaj jeszcze jak usunąć SpySheriffa
C:\WINDOWS\Sy5QLg\command.exe
C:\windows\system32\mdms.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\tool2.exe
C:\winstall.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 – HKLM\..\Run: [winsnt] C:\WINDOWS\winsnt.exe
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 – HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O9 – Extra button: ShopperReports – Compare travel rates – {946B3E9E–E21A–49c8–9F63–900533FAFE14} – C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll (file missing)
O9 – Extra button: ShopperReports – Compare product prices – {E77EDA01–3C56–4a96–8D08–02B42891C169} – C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll (file missing)
O16 – DPF: {2DF91772–19DC–47AE–B52F–B8E2FE545625} (Spd2 Class) – http://www.lemontv.pl/lmctrls.cab
O20 – Winlogon Notify: f3dsl – lsd_f3.dll (file missing)
O20 – Winlogon Notify: iexplore – 1slld.dll (file missing)
O20 – Winlogon Notify: ShellCompatibility – C:\WINDOWS\system32\Mmvcr70.dll
O21 – SSODL: SysTray.Exys – {7368D5FC–6F5C–4f5b–B964–E67214F67852} – C:\WINDOWS\System32\fbfilgjf.dll
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – C:\WINDOWS\System32\fmbkeolk.dll
O23 – Service: Command Service (cmdService) – Unknown owner – C:\WINDOWS\Sy5QLg\command.exe
dodatkowo jeszcze te wszystkie trusted zone
poczytaj jeszcze jak usunąć SpySheriffa
Strona 1 / 1