Prosba o sprawdzenie loga
Problem wyglada tak, ze ciagle wyskakuja okienka IE, trzy Search Results(casino, viagra i takie tam), po nich dwa z informacja braku strony i tak w kolko... AdAware i SpyBot nie pomagaja...
Podaje loga:
i z gory dzieki
Podaje loga:
Logfile of HijackThis v1.99.1
Scan saved at 13:14:46, on 20.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ATI–CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Hewlett–Packard\HP Software Update\HPWuSchd.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\svchst.exe
C:\WINDOWS\msnmsgq.exe
C:\Program Files\Winsys\Info\EasyVirgins\EasyVirgins.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Dokumente und Einstellungen\Lyjo.PRIVAT–5VDRT5CJ\Anwendungsdaten\atba.exe
C:\Programme\Gadu–Gadu\gg.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Lyjo.PRIVAT–5VDRT5CJ\Lokale Einstellungen\Temp\Temporres Verzeichnis 1 fr hijackthis.zip\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: MSNToolBandBHO – {BDBD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O2 – BHO: (no name) – {ED103D9F–3070–4580–AB1E–E5C179C1AE41} – (no file)
O3 – Toolbar: MSN – {BDAD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O4 – HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 – HKLM\..\Run: [ATIPTA] C:\ATI–CPanel\atiptaxx.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett–Packard\HP Software Update\HPWuSchd.exe"
O4 – HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 – HKLM\..\Run: [Onet.pl AutoUpdate] "C:\Programme\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr
O4 – HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 – HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 – HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
O4 – HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MsnExplorer] C:\WINDOWS\svchst.exe /i
O4 – HKLM\..\Run: [sssasasb32] C:\WINDOWS\sssasasb32.exe
O4 – HKLM\..\Run: [msnmsgq32] C:\WINDOWS\msnmsgq.exe
O4 – HKLM\..\Run: [etbrun] C:\windows\system32\eliteckt32.exe
O4 – HKLM\..\Run: [EasyVirgins] C:\Program Files\Winsys\Info\EasyVirgins\EasyVirgins.exe /dontdial
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 – HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Komunikator] C:\Programme\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Rdua] C:\Dokumente und Einstellungen\Lyjo.PRIVAT–5VDRT5CJ\Anwendungsdaten\atba.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Programme\Gadu–Gadu\gg.exe" /tray
O4 – Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: AOL 9.0 Tray–Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O8 – Extra context menu item: &Google Search – res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Nach Microsoft &Excel exportieren – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Si&milar Pages – res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 – Extra button: Recherchieren – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Programme\IrfanView\Ebay\Ebay.htm
O12 – Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O15 – ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 – ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 – DPF: DigiChat Applet – http://213.133.121.179/DigiChat/DigiClasses/Client_IE.cab
O16 – DPF: {95BD7A59–567A–4FE1–A412–FCEC29428E42} (Toontown Installer ActiveX Control German) – http://212.185.47.24/sv1.3.8.26.1/ttinst–german.cab
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {C1BAC744–8F0B–11D0–89E7–00C0A8295197} (Cameractl Class) – http://www.crtvg.es/camweb/camera.cab
O16 – DPF: {FF3F0F03–0F01–131A–A3F9–08F02B23E0CC} – http://66.117.37.13/gbn1342.exe
O20 – Winlogon Notify: WB – C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 – Service: AOL Connectivity Service (AOL ACS) – America Online, Inc. – C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 – Service: hpdj – Unknown owner – C:\DOKUME~1\LYJO~1.PRI\LOKALE~1\Temp\hpdj.exe (file missing)
O23 – Service: Norton AntiVirus Auto–Protect–Dienst (navapsvc) – Symantec Corporation – C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
i z gory dzieki
Odpowiedzi: 9
Cos głeboko zakamuflowanego.
Silent Runners.vbs oraz DLLCompare mozna zaprzęgnąć do poszukiwań.
Silent Runners.vbs oraz DLLCompare mozna zaprzęgnąć do poszukiwań.
Jesli wyskakuja reklamy, cos jeszcze zostalo.
hmmmmmm... zrobilam to wszystko, potem mialam maly problem... AOL przestal dzialac, juz naprawione. reklamy wyskakuja nadal, ale duzo mniejszym natezeniu, nie jest to juz takie upierdliwe jak wczesniej :D zawsze cos. tym bardziej ze to nie na siedze na tym kompie :lol:
grunt ze jest duza roznica, dzieki za pomoc :)
grunt ze jest duza roznica, dzieki za pomoc :)
Kupuj, bo nie wiesz kiedy sie moze przydac :mrgreen: .ja_marusia:
...niestety ktos dalej bardzo chce mi sprzedac viagre :D
Kazalas windowsowi pokazac pliki ukryte i systemowe ?
Wylacz proces shch.exe i usuwaj pliki i wpisy:
C:\WINDOWS\shch.exe
O4 – HKLM\..\Run: [winshost.exe] C:\WINDOWS\System32\winshost.exe
O4 – HKLM\..\Run: [Nero] C:\WINDOWS\shch.exe /i
O4 – HKLM\..\Run: [etbrun] C:\windows\system32\eliteckt32.exe
O4 – HKCU\..\Run: [winshost.exe] C:\WINDOWS\System32\winshost.exe
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Programme\IrfanView\Ebay\Ebay.htm
Mozesz rowniez dodac sciezki do plikow klikajac Opions, Misc Tools, Delete a file on reboot.
hmmm... zrobilam to co mialam zrobic... niestety ktos dalej bardzo chce mi sprzedac viagre :D
po usunieciu plikow (ale zaznaczam, nie wszystkie znlazlam!) log wyglada tak:
:roll:
na
po usunieciu plikow (ale zaznaczam, nie wszystkie znlazlam!) log wyglada tak:
Logfile of HijackThis v1.99.1
Scan saved at 12:58:03, on 21.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI–CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Hewlett–Packard\HP Software Update\HPWuSchd.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programme\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\shch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Gadu–Gadu\gg.exe
C:\Programme\AOL 9.0\aoltray.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Lyjo.PRIVAT–5VDRT5CJ\Lokale Einstellungen\Temp\Temporres Verzeichnis 4 fr hijackthis.zip\HijackThis.exe
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: MSNToolBandBHO – {BDBD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 – Toolbar: MSN – {BDAD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O4 – HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 – HKLM\..\Run: [ATIPTA] C:\ATI–CPanel\atiptaxx.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 – HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett–Packard\HP Software Update\HPWuSchd.exe"
O4 – HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe"
O4 – HKLM\..\Run: [Onet.pl AutoUpdate] "C:\Programme\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr
O4 – HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 – HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 – HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
O4 – HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [winshost.exe] C:\WINDOWS\System32\winshost.exe
O4 – HKLM\..\Run: [Nero] C:\WINDOWS\shch.exe /i
O4 – HKLM\..\Run: [etbrun] C:\windows\system32\eliteckt32.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 – HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Komunikator] C:\Programme\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Programme\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [winshost.exe] C:\WINDOWS\System32\winshost.exe
O4 – Startup: PalNetaware.lnk = C:\Paltalk\pnetaware.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: AOL 9.0 Tray–Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O8 – Extra context menu item: &Google Search – res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Nach Microsoft &Excel exportieren – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Si&milar Pages – res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 – Extra button: Recherchieren – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Programme\IrfanView\Ebay\Ebay.htm
O12 – Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 – Winlogon Notify: WB – C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 – Service: AOL Connectivity Service (AOL ACS) – America Online, Inc. – C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
:roll:
na
zrobilam powtorke z usuwania, nic to nie daje, nie widze tez tego pliku w system32...O4 – HKLM\..\Run: [etbrun] C:\windows\system32\eliteckt32.exe
EL NINO: " Nie ma syfu... "
Napewno ??
EL NINO: "...Mozesz jedynie usunac wpisy do zagubionych plikow. "
Widzisz tu jakieś ??
Ja widze tylko zbednik od HP w 023, a w porywach mozna do tego podciagnać domyślnego URLSearchHook.
Nic poza tym, chodz i tutaj mozna sie sprzeczać co do słusznosci nazywania tak tych wpisów.
EL NINO: "Sprawdzaj sobie samodzielnie, wklejajac log w okienko –> http://www.hijackthis.de/en "
I prawidłowo bo same file missing mozna sobie w ten sposob wylapać.
Tak wiec zanim przyjacielu zaczniesz tak cytowac wypowiedzi innych osób z innych wątków to zastanów sie w jakim celu to robisz, bo teraz to tak jakoś ni w kij ni w oko Ci to wyszło.
EL NINO: " Nie ma syfu. Mozesz jedynie usunac wpisy do zagubionych plikow.
Sprawdzaj sobie samodzielnie, wklejajac log w okienko –> http://www.hijackthis.de/en "
Sprawdzaj sobie samodzielnie, wklejajac log w okienko –> http://www.hijackthis.de/en "
rayan – skoro chcesz to sobie z analizatora korzystaj. Nie dziw sie jednak jezeli przez przypadek sobie kuku zrobisz bo ta strona nie rozpoznaje wszystkiego, powiem wiecej mało rozpoznaje.
Wylacz przywracanie
Zakoncz procesy:
svchst.exe (nie pomyl z svchost)
msnmsgq.exe
EasyVirgins.exe
atba.exe
Usun raze z plikami/katalogami:
Wylacz przywracanie
Zakoncz procesy:
svchst.exe (nie pomyl z svchost)
msnmsgq.exe
EasyVirgins.exe
atba.exe
Usun raze z plikami/katalogami:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {ED103D9F–3070–4580–AB1E–E5C179C1AE41} – (no file)
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [MsnExplorer] C:\WINDOWS\svchst.exe /i
O4 – HKLM\..\Run: [sssasasb32] C:\WINDOWS\sssasasb32.exe
O4 – HKLM\..\Run: [msnmsgq32] C:\WINDOWS\msnmsgq.exe
O4 – HKLM\..\Run: [etbrun] C:\windows\system32\eliteckt32.exe
O4 – HKLM\..\Run: [EasyVirgins] C:\Program Files\Winsys\Info\EasyVirgins\EasyVirgins.exe /dontdial
O4 – HKCU\..\Run: [Rdua] C:\Dokumente und Einstellungen\Lyjo.PRIVAT–5VDRT5CJ\Anwendungsdaten\atba.exe
O15 – ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 – ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 – DPF: DigiChat Applet – http://213.133.121.179/DigiChat/DigiClasses/Client_IE.cab
O16 – DPF: {95BD7A59–567A–4FE1–A412–FCEC29428E42} (Toontown Installer ActiveX Control German) – http://212.185.47.24/sv1.3.8.26.1/ttinst–german.cab
O16 – DPF: {C1BAC744–8F0B–11D0–89E7–00C0A8295197} (Cameractl Class) – http://www.crtvg.es/camweb/camera.cab
O16 – DPF: {FF3F0F03–0F01–131A–A3F9–08F02B23E0CC} – http://66.117.37.13/gbn1342.exe
O23 – Service: hpdj – Unknown owner – C:\DOKUME~1\LYJO~1.PRI\LOKALE~1\Temp\hpdj.exe (file missing)
Nie mogles sie podpiac pod wczesniejszy post??:|, po za tym masz ta stronke: http://www.hijackthis.de/index.php#anl
Strona 1 / 1