PROSZĘ O POMOC: WIN32 i( inne?)
Proszę o pomoc w usunięciu WIRUSÓW :)
Oto moje logo:
(DZIękuję)
Scan saved at 19:09:35, on 2005–10–21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\bWFyaXVzegAA\command.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\D–Tools\daemon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\windows\sp2update00.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\mariusz\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: UCmore XP – The Search Accelerator – {44BE0690–5429–47f0–85BB–3FFD8020233E} – C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 – Toolbar: YourSiteBar – {86227D9C–0EFE–4f8a–AA55–30386A3F5686} – C:\Program Files\YourSiteBar\ysb.dll
O4 – HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1045
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 – HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 – HKLM\..\Run: [msresearch] C:\windows\msresearch.exe
O4 – HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 – HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" –tray
O8 – Extra context menu item: Pobierz z &BitSpirit – C:\Program Files\BitSpirit\bsurl.htm
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:\Program Files\SideFind\sidefind.dll
O9 – Extra button: (no name) – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – (no file)
O20 – Winlogon Notify: SharedDLLs – C:\WINDOWS\system32\jtj0071me.dll
O23 – Service: Command Service (cmdService) – Unknown owner – C:\WINDOWS\bWFyaXVzegAA\command.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Unknown owner – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: Webroot Spy Sweeper Engine (svcWRSSSDK) – Webroot Software, Inc. – C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Oto moje logo:
(DZIękuję)
Scan saved at 19:09:35, on 2005–10–21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\bWFyaXVzegAA\command.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\D–Tools\daemon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\windows\sp2update00.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\mariusz\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: UCmore XP – The Search Accelerator – {44BE0690–5429–47f0–85BB–3FFD8020233E} – C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 – Toolbar: YourSiteBar – {86227D9C–0EFE–4f8a–AA55–30386A3F5686} – C:\Program Files\YourSiteBar\ysb.dll
O4 – HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1045
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 – HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 – HKLM\..\Run: [msresearch] C:\windows\msresearch.exe
O4 – HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 – HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" –tray
O8 – Extra context menu item: Pobierz z &BitSpirit – C:\Program Files\BitSpirit\bsurl.htm
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:\Program Files\SideFind\sidefind.dll
O9 – Extra button: (no name) – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – (no file)
O20 – Winlogon Notify: SharedDLLs – C:\WINDOWS\system32\jtj0071me.dll
O23 – Service: Command Service (cmdService) – Unknown owner – C:\WINDOWS\bWFyaXVzegAA\command.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Unknown owner – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: Webroot Spy Sweeper Engine (svcWRSSSDK) – Webroot Software, Inc. – C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Odpowiedzi: 1
Najpierw skorzystaj z tego tematu –> http://forum.centrumxp.pl/viewtopic.php?t=37513
Usun rowniez wszystkie wpisy R1 i R0 z SearchAssistant. Jesli pozniej bedzie jeszcze cos nie tak, wkleisz nowy log.
Usun rowniez wszystkie wpisy R1 i R0 z SearchAssistant. Jesli pozniej bedzie jeszcze cos nie tak, wkleisz nowy log.
Strona 1 / 1