trojany :(
wiatam dzis zlapalem tego trojana
O20 – Winlogon Notify: winzdn32 – C:\WINDOWS\SYSTEM32\winzdn32.dll
i niemoge go usunać nawet z awaryjnego jak inaczej go moge wywalic prosze o pomoc :roll:
O20 – Winlogon Notify: winzdn32 – C:\WINDOWS\SYSTEM32\winzdn32.dll
i niemoge go usunać nawet z awaryjnego jak inaczej go moge wywalic prosze o pomoc :roll:
Odpowiedzi: 5
http://securityresponse.symantec.com/avcenter/venc/data/adware.mwsearch.html – do usuniecia plik i wpisy z rejestru. Byc moze rowniez folder w Program files.
No i kurna w O20 –> winzdn32.dll – w przyklejonym FAQ pkt 8. Destroyera uzyj.
No i kurna w O20 –> winzdn32.dll – w przyklejonym FAQ pkt 8. Destroyera uzyj.
Logfile of HijackThis v1.99.1
Scan saved at 22:07:21, on 2006–03–04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\hijackthis_199\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O2 – BHO: ZToolbar Activator Class – {da7ff3f8–08be–4cac–bc00–94d91c6ae7f4} – C:\WINDOWS\system32\azesearch4.ocx (file missing)
O2 – BHO: FlashFXP Helper for Internet Explorer – {E5A1691B–D188–4419–AD02–90002030B8EE} – C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 – BHO: AddressBar Class – {f65b197f–8260–4d52–909a–f70118e646eb} – C:\WINDOWS\system32\iasada.dll (file missing)
O3 – Toolbar: Search – {a19ef336–01d4–48e6–926a–fe7e1c747aed} – C:\WINDOWS\system32\azesearch4.ocx (file missing)
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: Download All by FlashGet – C:\PROGRA~1\FLASHGET\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\PROGRA~1\FLASHGET\jc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O15 – Trusted Zone: http://www.mks.com.pl
O16 – DPF: {D7BF3304–138B–4DD5–86EE–491BB6A2286C} – http://www.azebar.com/install/azesearch.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O20 – Winlogon Notify: winzdn32 – C:\WINDOWS\SYSTEM32\winzdn32.dll
O23 – Service: ArcaBit NetMonitor (ABNetMon) – Unknown owner – C:\Program Files\MKS\Bin\NetMonSV.exe (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
to jest wszystko ale te syfy juz usunołem tylko ten 1 trojan zostal i siem niechce usunąć
Po pierwsze wrzuć całą zawartość loga z HijackThis a nie tylo część.
Po drugie masz trochę syfu typu
O16 – DPF: {D7BF3304–138B–4DD5–86EE–491BB6A2286C} – azebar.com/install/azesearch.cab
i inne
Po trzecie sprawdz przyklejony temat o sprawdzaniu loga HijackThis w tym dziale
Po drugie masz trochę syfu typu
O16 – DPF: {D7BF3304–138B–4DD5–86EE–491BB6A2286C} – azebar.com/install/azesearch.cab
i inne
Po trzecie sprawdz przyklejony temat o sprawdzaniu loga HijackThis w tym dziale
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FLASHGET\jccatch.dll
O2 – BHO: ZToolbar Activator Class – {da7ff3f8–08be–4cac–bc00–94d91c6ae7f4} – C:\WINDOWS\system32\azesearch4.ocx (file missing)
O2 – BHO: FlashFXP Helper for Internet Explorer – {E5A1691B–D188–4419–AD02–90002030B8EE} – C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 – BHO: AddressBar Class – {f65b197f–8260–4d52–909a–f70118e646eb} – C:\WINDOWS\system32\iasada.dll (file missing)
O3 – Toolbar: Search – {a19ef336–01d4–48e6–926a–fe7e1c747aed} – C:\WINDOWS\system32\azesearch4.ocx (file missing)
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: Download All by FlashGet – C:\PROGRA~1\FLASHGET\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\PROGRA~1\FLASHGET\jc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O15 – Trusted Zone: http://www.mks.com.pl
O16 – DPF: {D7BF3304–138B–4DD5–86EE–491BB6A2286C} – http://www.azebar.com/install/azesearch.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O20 – Winlogon Notify: winzdn32 – C:\WINDOWS\SYSTEM32\winzdn32.dll
O23 – Service: ArcaBit NetMonitor (ABNetMon) – Unknown owner – C:\Program Files\MKS\Bin\NetMonSV.exe (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Pokaź cały log
Strona 1 / 1