WinFixer i inne badziewia – proszę o przeanalizowanie logów
Witam
Nie mogę się pozbyć WinFixer–a oraz cwshredder.exe wciąź pokazuje:
Found: CWS.Smartsearch
Found: CWS.Look2Me
Czy mogę poprosić o pomoc ???
Logfile of HijackThis v1.99.1
Scan saved at 11:00:50, on 22/10/2005
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Program Files\AnalogX\Capture\capture.exe
C:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Wc\WINCMD32.EXE
C:\Program Files\Wc\WINCMD32.EXE
I:\WWW Narzedzia\Hijack This\HijackThis.exe
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache1.icm.edu.pl:8080
O2 – BHO: (no name) – {00000000–0000–0000–0000–000000000000} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {11111111–2222–408A–9842–CDBE1C6D37EB} – (no file)
O2 – BHO: (no name) – {16875E09–927B–4494–82BD–158A1CD46BA0} – C:\WINDOWS\system32\prflbmsgp32.dll
O2 – BHO: C:\WINDOWS\system32\st3.dll – {1B68470C–2DEF–493B–8A4A–8E2D81BE4EA5} – C:\WINDOWS\system32\st3.dll
O2 – BHO: (no name) – {8D82BB89–B58C–4F21–9C5D–377F65947806} – C:\WINDOWS\slassac.dll
O2 – BHO: C:\WINDOWS\adsldpbc.dll – {EC3D02C7–65E3–4405–BC6E–19A9E11C90FB} – C:\WINDOWS\adsldpbc.dll
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Startup: Skrót do Capture.lnk = C:\Program Files\AnalogX\Capture\capture.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O16 – DPF: ING Bank Online – https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{111411B0–6DD5–4F35–987B–938FEFE914DF}: NameServer = 194.204.159.1,0.0.0.0
O17 – HKLM\System\CCS\Services\Tcpip\..\{C1B36F7E–DF98–44A5–ADED–73BB1C34EA79}: NameServer = 194.204.159.1
O17 – HKLM\System\CS1\Services\Tcpip\..\{111411B0–6DD5–4F35–987B–938FEFE914DF}: NameServer = 194.204.159.1,0.0.0.0
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 – Service: Forceware Web Interface (ForcewareWebInterface) – Unknown owner – C:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe" –k runservice (file missing)
O23 – Service: ForceWare IP service (nSvcIp) – Unknown owner – C:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcIp.exe
O23 – Service: ForceWare user log service (nSvcLog) – Unknown owner – C:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcLog.exe
Za kaźdą pomoc z góry dziękuję
Grzegorz
Nie mogę się pozbyć WinFixer–a oraz cwshredder.exe wciąź pokazuje:
Found: CWS.Smartsearch
Found: CWS.Look2Me
Czy mogę poprosić o pomoc ???
Logfile of HijackThis v1.99.1
Scan saved at 11:00:50, on 22/10/2005
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Program Files\AnalogX\Capture\capture.exe
C:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcIp.exe
C:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Wc\WINCMD32.EXE
C:\Program Files\Wc\WINCMD32.EXE
I:\WWW Narzedzia\Hijack This\HijackThis.exe
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache1.icm.edu.pl:8080
O2 – BHO: (no name) – {00000000–0000–0000–0000–000000000000} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {11111111–2222–408A–9842–CDBE1C6D37EB} – (no file)
O2 – BHO: (no name) – {16875E09–927B–4494–82BD–158A1CD46BA0} – C:\WINDOWS\system32\prflbmsgp32.dll
O2 – BHO: C:\WINDOWS\system32\st3.dll – {1B68470C–2DEF–493B–8A4A–8E2D81BE4EA5} – C:\WINDOWS\system32\st3.dll
O2 – BHO: (no name) – {8D82BB89–B58C–4F21–9C5D–377F65947806} – C:\WINDOWS\slassac.dll
O2 – BHO: C:\WINDOWS\adsldpbc.dll – {EC3D02C7–65E3–4405–BC6E–19A9E11C90FB} – C:\WINDOWS\adsldpbc.dll
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Startup: Skrót do Capture.lnk = C:\Program Files\AnalogX\Capture\capture.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O16 – DPF: ING Bank Online – https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{111411B0–6DD5–4F35–987B–938FEFE914DF}: NameServer = 194.204.159.1,0.0.0.0
O17 – HKLM\System\CCS\Services\Tcpip\..\{C1B36F7E–DF98–44A5–ADED–73BB1C34EA79}: NameServer = 194.204.159.1
O17 – HKLM\System\CS1\Services\Tcpip\..\{111411B0–6DD5–4F35–987B–938FEFE914DF}: NameServer = 194.204.159.1,0.0.0.0
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 – Service: Forceware Web Interface (ForcewareWebInterface) – Unknown owner – C:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe" –k runservice (file missing)
O23 – Service: ForceWare IP service (nSvcIp) – Unknown owner – C:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcIp.exe
O23 – Service: ForceWare user log service (nSvcLog) – Unknown owner – C:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcLog.exe
Za kaźdą pomoc z góry dziękuję
Grzegorz
Odpowiedzi: 2
Witam :D
szczególnie Ciebie Bobi...
jak juź zdąźyłem zorientować się, jesteś zawsze tam gdzie ludzie potrzebują pomocy, zwłaszcza tacy jak ja... :)
oczywiście usunąłem i jest OK
Serdeczne dzięki dla Ciebie Bobi
Pozdrawiam
Grzegorz
szczególnie Ciebie Bobi...
jak juź zdąźyłem zorientować się, jesteś zawsze tam gdzie ludzie potrzebują pomocy, zwłaszcza tacy jak ja... :)
trochę źle to zrozumiałeś, bo i ja napisałem nie po naszemu :wink:CWShredder włąśnie słuźy do usuwania tego typu śmieci jak Smartsearch, więc po co chcesz usuwać?
oczywiście usunąłem i jest OK
dał mu radę :)Z Look2Me dobrze radzi sobie Spy Sweeper.
usunąłem...Poza tym do usuniecia:
Cytat:
O2 – BHO: (no name) – {00000000–0000–0000–0000–000000000000} – (no file)
O2 – BHO: (no name) – {11111111–2222–408A–9842–CDBE1C6D37EB} – (no file)
O2 – BHO: (no name) – {16875E09–927B–4494–82BD–158A1CD46BA0} – C:\WINDOWS\system32\prflbmsgp32.dll
O2 – BHO: C:\WINDOWS\system32\st3.dll – {1B68470C–2DEF–493B–8A4A–8E2D81BE4EA5} – C:\WINDOWS\system32\st3.dll
O2 – BHO: (no name) – {8D82BB89–B58C–4F21–9C5D–377F65947806} – C:\WINDOWS\slassac.dll
O2 – BHO: C:\WINDOWS\adsldpbc.dll – {EC3D02C7–65E3–4405–BC6E–19A9E11C90FB} – C:\WINDOWS\adsldpbc.dll
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
nie musiałem...Gdyby Spy Sweeper nie dał rady skorzystaj z tego: http://forum.centrumxp.pl/viewtopic.php?t=41900
Serdeczne dzięki dla Ciebie Bobi
Pozdrawiam
Grzegorz
CWShredder włąśnie słuźy do usuwania tego typu śmieci jak Smartsearch, więc po co chcesz usuwać?
Z Look2Me dobrze radzi sobie Spy Sweeper.
Poza tym do usuniecia:
Gdyby Spy Sweeper nie dał rady skorzystaj z tego: http://forum.centrumxp.pl/viewtopic.php?t=41900
Z Look2Me dobrze radzi sobie Spy Sweeper.
Poza tym do usuniecia:
O2 – BHO: (no name) – {00000000–0000–0000–0000–000000000000} – (no file)
O2 – BHO: (no name) – {11111111–2222–408A–9842–CDBE1C6D37EB} – (no file)
O2 – BHO: (no name) – {16875E09–927B–4494–82BD–158A1CD46BA0} – C:\WINDOWS\system32\prflbmsgp32.dll
O2 – BHO: C:\WINDOWS\system32\st3.dll – {1B68470C–2DEF–493B–8A4A–8E2D81BE4EA5} – C:\WINDOWS\system32\st3.dll
O2 – BHO: (no name) – {8D82BB89–B58C–4F21–9C5D–377F65947806} – C:\WINDOWS\slassac.dll
O2 – BHO: C:\WINDOWS\adsldpbc.dll – {EC3D02C7–65E3–4405–BC6E–19A9E11C90FB} – C:\WINDOWS\adsldpbc.dll
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
Gdyby Spy Sweeper nie dał rady skorzystaj z tego: http://forum.centrumxp.pl/viewtopic.php?t=41900
Strona 1 / 1