mam wirusa– trojan.aimbot.af
nie wiem jak sie go pozbyc, wszystkie programy antywirusowe nie dzialają , oto mój logfilez hijacka:
Logfile of HijackThis v1.99.1
Scan saved at 20:11:05, on 2006–01–19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\common files\system\dnet\dnetc.exe
C:\Program Files\Winamp\winampa.exe
C:\sfx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\twain_32\A4CIS\WATCH.exe
C:\Program Files\ArcaVir\Bin\NetMonSv.exe
C:\Program Files\ArcaVir\Bin\abmenu.exe
C:\Program Files\ArcaVir\Bin\avmonsv.exe
C:\Program Files\ArcaVir\Bin\arcascan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Robert\Ustawienia lokalne\Temp\Katalog tymczasowy 6 dla hijackthis.zip\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 – REG:win.ini: load=C:\YDPDict\watch.exe
O2 – BHO: (no name) – {00DBDAC8–4691–4797–8E6A–7C6AB89BC441} – C:\WINDOWS\System32\gebxx.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [sys_monitor] C:\Program Files\\common files\\system\\dnet\\dnetc.exe –hide
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [Anti–Virus Update Scheduler V1.39.12R] C:\sfx.exe
O4 – HKLM\..\Run: [Windows Media Player Service] wmedia.exe
O4 – HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 – HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe
O4 – HKLM\..\RunServices: [DGam prosessor] aztjfnr.exe
O4 – HKLM\..\RunServices: [Mi7sft sdce] taskngr.exe
O4 – HKLM\..\RunServices: [Windows Media Player Service] wmedia.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Windows Media Player Service] wmedia.exe
O4 – HKCU\..\RunServices: [Windows Media Player Service] wmedia.exe
O4 – Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe
O4 – Startup: Rejestrowanie produktów Corela.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O20 – Winlogon Notify: gebxx – C:\WINDOWS\SYSTEM32\gebxx.dll
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\ArcaVir\Bin\NetMonSv.exe
O23 – Service: ArcaVir Monitor (ArcaMonSvc) – ArcaBit – C:\Program Files\ArcaVir\Bin\avmonsv.exe
O23 – Service: ArcaScan – ArcaBit – C:\Program Files\ArcaVir\Bin\arcascan.exe
O23 – Service: arcaserv – ArcaBit Sp. z o. o. – C:\Program Files\ArcaVir\bin\arcaserv.exe
O23 – Service: AntiVir Update (AVWUpSrv) – Unknown owner – C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 – Service: cvcworking setting (cvcWork) – Unknown owner – C:\WINDOWS\syscvhost.exe (file missing)
O23 – Service: cyberz mansor (mansor) – Unknown owner – C:\WINDOWS\mansor.exe (file missing)
O23 – Service: Power Manager (PowerManager) – Unknown owner – C:\WINDOWS\svchost.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 20:11:05, on 2006–01–19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\common files\system\dnet\dnetc.exe
C:\Program Files\Winamp\winampa.exe
C:\sfx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\twain_32\A4CIS\WATCH.exe
C:\Program Files\ArcaVir\Bin\NetMonSv.exe
C:\Program Files\ArcaVir\Bin\abmenu.exe
C:\Program Files\ArcaVir\Bin\avmonsv.exe
C:\Program Files\ArcaVir\Bin\arcascan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Robert\Ustawienia lokalne\Temp\Katalog tymczasowy 6 dla hijackthis.zip\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 – REG:win.ini: load=C:\YDPDict\watch.exe
O2 – BHO: (no name) – {00DBDAC8–4691–4797–8E6A–7C6AB89BC441} – C:\WINDOWS\System32\gebxx.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [sys_monitor] C:\Program Files\\common files\\system\\dnet\\dnetc.exe –hide
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [Anti–Virus Update Scheduler V1.39.12R] C:\sfx.exe
O4 – HKLM\..\Run: [Windows Media Player Service] wmedia.exe
O4 – HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 – HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe
O4 – HKLM\..\RunServices: [DGam prosessor] aztjfnr.exe
O4 – HKLM\..\RunServices: [Mi7sft sdce] taskngr.exe
O4 – HKLM\..\RunServices: [Windows Media Player Service] wmedia.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Windows Media Player Service] wmedia.exe
O4 – HKCU\..\RunServices: [Windows Media Player Service] wmedia.exe
O4 – Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe
O4 – Startup: Rejestrowanie produktów Corela.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O20 – Winlogon Notify: gebxx – C:\WINDOWS\SYSTEM32\gebxx.dll
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\ArcaVir\Bin\NetMonSv.exe
O23 – Service: ArcaVir Monitor (ArcaMonSvc) – ArcaBit – C:\Program Files\ArcaVir\Bin\avmonsv.exe
O23 – Service: ArcaScan – ArcaBit – C:\Program Files\ArcaVir\Bin\arcascan.exe
O23 – Service: arcaserv – ArcaBit Sp. z o. o. – C:\Program Files\ArcaVir\bin\arcaserv.exe
O23 – Service: AntiVir Update (AVWUpSrv) – Unknown owner – C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 – Service: cvcworking setting (cvcWork) – Unknown owner – C:\WINDOWS\syscvhost.exe (file missing)
O23 – Service: cyberz mansor (mansor) – Unknown owner – C:\WINDOWS\mansor.exe (file missing)
O23 – Service: Power Manager (PowerManager) – Unknown owner – C:\WINDOWS\svchost.exe (file missing)
Odpowiedzi: 2
gieras, a ta reszta ?
wiader, najpierw tu –> http://forum.centrumxp.pl/viewtopic.php?t=37513
wiader, najpierw tu –> http://forum.centrumxp.pl/viewtopic.php?t=37513
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O2 – BHO: (no name) – {00DBDAC8–4691–4797–8E6A–7C6AB89BC441} – C:\WINDOWS\System32\gebxx.dll
Strona 1 / 1