hijack log.prosze
wiem ze to sie robi nudn ale nie wiem co jest z internetm. jek właczam internet to mi wyskakuje jakas dziwna strona ktorej nie mozna zmienic. sa tez jakies reklamki, wyskakuja jak wchodze na strony , zawsze te same. antywirusy nic nie znajduja. AVG pokazuje wirusa koń trojański czy jakiś taki ale nie moze go usunać.prosze o pomoc!
Logfile of HijackThis v1.99.0
Scan saved at 13:56:50, on 2005–02–13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:WINDOWS.000System32smss.exe
D:WINDOWS.000system32csrss.exe
D:WINDOWS.000system32winlogon.exe
D:WINDOWS.000system32services.exe
D:WINDOWS.000system32lsass.exe
D:WINDOWS.000system32svchost.exe
D:WINDOWS.000System32svchost.exe
D:WINDOWS.000System32svchost.exe
D:WINDOWS.000System32svchost.exe
D:WINDOWS.000system32spoolsv.exe
D:WINDOWS.000System32alg.exe
D:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
D:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
D:WINDOWS.000System32 vsvc32.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PavFnSvr.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PavProt.exe
D:WINDOWS.000Explorer.EXE
D:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004pavsrv51.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004prevsrv.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PsImSvc.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004AVENGINE.EXE
D:PROGRA~1GrisoftAVGFRE~1avgcc.exe
D:PROGRA~1GrisoftAVGFRE~1avgemc.exe
C:program filespowerstrippstrip.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE
D:WINDOWS.000System32RUNDLL32.EXE
D:WINDOWS.000System32ctfmon.exe
C:Program FilesSkypePhoneSkype.exe
D:Program FilesD–Link AirPlusAirPlus.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004WebProxy.exe
D:WINDOWS.000System32wuauclt.exe
C:Program FilesGadu–Gadugg.exe
D:Program FilesInternet ExplorerIEXPLORE.EXE
D:Documents and SettingsKlonowscyMoje dokumentymotorhijackthisHijackThis.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: SEDP Class – {3BA765C2–08DB–4fe2–9279–311CA10D582A} – D:WINDOWS.000sehlp.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – D:Program FilesSpybot – Search & DestroySDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:PROGRA~1FLASHGETjccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:WINDOWS.000System32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:PROGRA~1FLASHGETfgiebar.dll
O3 – Toolbar: (no name) – {0E1230F8–EA50–42A9–983C–D22ABC2EED3B} – (no file)
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWS.000System32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NeroCheck] D:WINDOWS.000System32\NeroCheck.exe
O4 – HKLM..Run: [MKS_MENU] D:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [Security iGuard] D:Program FilesSecurity iGuardSecurity iGuard.exe
O4 – HKLM..Run: [AVG7_CC] D:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 – HKLM..Run: [AVG7_EMC] D:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O4 – HKLM..Run: [PowerStrip] c:program filespowerstrippstrip.exe
O4 – HKLM..Run: [APVXDWIN] "D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE" /s
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE D:WINDOWS.000System32NvMcTray.dll,NvTaskbarInit
O4 – HKCU..Run: [CTFMON.EXE] D:WINDOWS.000System32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 – HKCU..Run: [CSRSSU] D:WINDOWS.000System32CSRSSU.EXE
O4 – Global Startup: D–Link AirPlus.lnk = ?
O8 – Extra context menu item: Download All by FlashGet – D:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – D:Program FilesFlashGetjc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:PROGRA~1FLASHGETflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:PROGRA~1FLASHGETflashget.exe
O13 – DefaultPrefix: http://ehttp.cc/?
O13 – WWW Prefix: http://ehttp.cc/?
O13 – WWW. Prefix: http://ehttp.cc/?
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{7134E7CE–00E2–4488–9531–1AA8F98676EA}: NameServer = 213.199.225.10,213.199.225.14
O20 – AppInit_DLLs: PAVWAIT.DLL
O23 – Service: AVG7 Alert Manager Server – GRISOFT, s.r.o. – D:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 – Service: AVG7 Update Service – GRISOFT, s.r.o. – D:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 – Service: MkS_Vir Monitor – Unknown – D:Program FilesMKSBinmksmonsv.exe (file missing)
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – D:WINDOWS.000System32 vsvc32.exe
O23 – Service: Panda Function Service – Unknown – D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PavFnSvr.exe
O23 – Service: Panda PavProt – Unknown – D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PavProt.exe
O23 – Service: Panda Process Protection Service – Unknown – D:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
O23 – Service: Panda anti–virus service – Unknown – D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004pavsrv51.exe
O23 – Service: Panda Preventium+ Service – Unknown – D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004prevsrv.exe
O23 – Service: Panda IManager Service – Panda Software Internacional – D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PsImSvc.exe
Logfile of HijackThis v1.99.0
Scan saved at 13:56:50, on 2005–02–13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:WINDOWS.000System32smss.exe
D:WINDOWS.000system32csrss.exe
D:WINDOWS.000system32winlogon.exe
D:WINDOWS.000system32services.exe
D:WINDOWS.000system32lsass.exe
D:WINDOWS.000system32svchost.exe
D:WINDOWS.000System32svchost.exe
D:WINDOWS.000System32svchost.exe
D:WINDOWS.000System32svchost.exe
D:WINDOWS.000system32spoolsv.exe
D:WINDOWS.000System32alg.exe
D:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
D:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
D:WINDOWS.000System32 vsvc32.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PavFnSvr.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PavProt.exe
D:WINDOWS.000Explorer.EXE
D:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004pavsrv51.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004prevsrv.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PsImSvc.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004AVENGINE.EXE
D:PROGRA~1GrisoftAVGFRE~1avgcc.exe
D:PROGRA~1GrisoftAVGFRE~1avgemc.exe
C:program filespowerstrippstrip.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE
D:WINDOWS.000System32RUNDLL32.EXE
D:WINDOWS.000System32ctfmon.exe
C:Program FilesSkypePhoneSkype.exe
D:Program FilesD–Link AirPlusAirPlus.exe
D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004WebProxy.exe
D:WINDOWS.000System32wuauclt.exe
C:Program FilesGadu–Gadugg.exe
D:Program FilesInternet ExplorerIEXPLORE.EXE
D:Documents and SettingsKlonowscyMoje dokumentymotorhijackthisHijackThis.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: SEDP Class – {3BA765C2–08DB–4fe2–9279–311CA10D582A} – D:WINDOWS.000sehlp.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – D:Program FilesSpybot – Search & DestroySDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:PROGRA~1FLASHGETjccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:WINDOWS.000System32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:PROGRA~1FLASHGETfgiebar.dll
O3 – Toolbar: (no name) – {0E1230F8–EA50–42A9–983C–D22ABC2EED3B} – (no file)
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE D:WINDOWS.000System32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NeroCheck] D:WINDOWS.000System32\NeroCheck.exe
O4 – HKLM..Run: [MKS_MENU] D:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [Security iGuard] D:Program FilesSecurity iGuardSecurity iGuard.exe
O4 – HKLM..Run: [AVG7_CC] D:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 – HKLM..Run: [AVG7_EMC] D:PROGRA~1GrisoftAVGFRE~1avgemc.exe
O4 – HKLM..Run: [PowerStrip] c:program filespowerstrippstrip.exe
O4 – HKLM..Run: [APVXDWIN] "D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004APVXDWIN.EXE" /s
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE D:WINDOWS.000System32NvMcTray.dll,NvTaskbarInit
O4 – HKCU..Run: [CTFMON.EXE] D:WINDOWS.000System32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 – HKCU..Run: [CSRSSU] D:WINDOWS.000System32CSRSSU.EXE
O4 – Global Startup: D–Link AirPlus.lnk = ?
O8 – Extra context menu item: Download All by FlashGet – D:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – D:Program FilesFlashGetjc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:PROGRA~1FLASHGETflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:PROGRA~1FLASHGETflashget.exe
O13 – DefaultPrefix: http://ehttp.cc/?
O13 – WWW Prefix: http://ehttp.cc/?
O13 – WWW. Prefix: http://ehttp.cc/?
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{7134E7CE–00E2–4488–9531–1AA8F98676EA}: NameServer = 213.199.225.10,213.199.225.14
O20 – AppInit_DLLs: PAVWAIT.DLL
O23 – Service: AVG7 Alert Manager Server – GRISOFT, s.r.o. – D:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 – Service: AVG7 Update Service – GRISOFT, s.r.o. – D:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 – Service: MkS_Vir Monitor – Unknown – D:Program FilesMKSBinmksmonsv.exe (file missing)
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – D:WINDOWS.000System32 vsvc32.exe
O23 – Service: Panda Function Service – Unknown – D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PavFnSvr.exe
O23 – Service: Panda PavProt – Unknown – D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PavProt.exe
O23 – Service: Panda Process Protection Service – Unknown – D:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
O23 – Service: Panda anti–virus service – Unknown – D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004pavsrv51.exe
O23 – Service: Panda Preventium+ Service – Unknown – D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004prevsrv.exe
O23 – Service: Panda IManager Service – Panda Software Internacional – D:Program FilesPanda SoftwarePanda Titanium Antivirus 2004PsImSvc.exe
Odpowiedzi: 4
To: O20 – AppInit_DLLs: PAVWAIT.DLL
wpis od Pandy wiec zostaje
Usun jeszcze te szczatki MKSa:
O23 – Service: MkS_Vir Monitor – Unknown – D:Program FilesMKSBinmksmonsv.exe (file missing)
A jesli juz w ogole go nie ma to:
O4 – HKLM..Run: [MKS_MENU] D:Program FilesMKSBinmks_menu.exe
Tez mozna usunać
wpis od Pandy wiec zostaje
Usun jeszcze te szczatki MKSa:
O23 – Service: MkS_Vir Monitor – Unknown – D:Program FilesMKSBinmksmonsv.exe (file missing)
A jesli juz w ogole go nie ma to:
O4 – HKLM..Run: [MKS_MENU] D:Program FilesMKSBinmks_menu.exe
Tez mozna usunać
klonpiotr:
i jak wyrejestrowac bo nie kumam
Start :arrow: uruchom :arrow: i wpisujesz regsvr32 /u D:WINDOWS.000sehlp.dll
A CSRSSU.EXE usuwasz tak:
Uruchamiasz Hijackthis>>Klikasz przycisk Config>>Klikasz przycisk Misc tools>>Klikasz przycisk Delete File on Reboot
Kopiujesz i wklejasz pelna sciezke dostepu do pliku w pole nazwa pliku:
D:WINDOWS.000System32CSRSSU.EXE
poszlo tylko nie moge zakonczyc tego procesu bo mi wyskakuje ze to jest krytyczny proces systemu. i jak wyrejestrowac bo nie kumam a tego pliku nie znalazlem
DZIEKI
DZIEKI
Dlla wyrejestruj regsvr32 /u D:WINDOWS.000sehlp.dll i wywal. CSRSSU.EXE zakoncz w menedzerze zadan i tez sie pozbadz. A reszte sfixuj.
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
O2 – BHO: SEDP Class – {3BA765C2–08DB–4fe2–9279–311CA10D582A} – D:WINDOWS.000sehlp.dll
O3 – Toolbar: (no name) – {0E1230F8–EA50–42A9–983C–D22ABC2EED3B} – (no file)
O4 – HKCU..Run: [CSRSSU] D:WINDOWS.000System32CSRSSU.EXE
O13 – DefaultPrefix: http://ehttp.cc/?
O13 – WWW Prefix: http://ehttp.cc/?
O13 – WWW. Prefix: http://ehttp.cc/?
O20 – AppInit_DLLs: PAVWAIT.DLL
Strona 1 / 1