Dodaj do ulubionych

wirus?, jak sie tego pozbyc? wyskakujace okienka

IP: *.neoplus.adsl.tpnet.pl 30.05.06, 18:36
Edytor zaawansowany
  • Gość: k IP: *.warszawa.sdi.tpnet.pl 30.05.06, 19:30
    Dlaczego wklejasz dwa razy to samo? Lubisz marnowac nasza czas? W takim razie
    po co my mamy marnowac czas na Ciebie?!

    Wywal aplikacje od neostrady, messengera tez mozesz odinstalowac (opis w FAQ!).
    Do tego odinstaluj:
    Logitech Desktop Messenger
    Norton rowniez nie jest Ci potrzebny, do domu wystarczy Ci Avast.

    Uzyj tego:
    siri.urz.free.fr/Fix/SmitfraudFix.php
    log z usuwania wklej na forum.

    W hjt usun:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
    C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
    O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
    O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} -
    C:\WINDOWS\system32\hp100.tmp
    O4 - HKLM\..\Run: [SpywareQuake.com] E:\ewr\SpywareQuake.com\Spyware-
    Quake.exe /h

    Doklej reszte od:
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    <a href="

    Do tego zrob skan przy pomocy ewido.
  • Gość: yeo IP: *.neoplus.adsl.tpnet.pl 30.05.06, 21:37
    Logfile of HijackThis v1.99.1
    Scan saved at 21:36:07, on 2006-05-30
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\ntvdm.exe
    C:\WINDOWS\system32\atmclk.exe
    C:\WINDOWS\system32\dcomcfg.exe
    C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
    C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\Program Files\GIGABYTE\Gigabyte GN-WPKG Wireless PCI Adapter
    SoftAP\Installer\WINXP\RaConfig2500.exe
    C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
    C:\PROGRA~1\NEOSTR~1\ComComp.exe
    C:\PROGRA~1\NEOSTR~1\Watch.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Gregor\Pulpit\hijackthis\hijackthis-1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -
    C:\Program Files\ICQToolbar\toolbaru.dll
    F3 - REG:win.ini: load=C:\YDPDict\watch.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
    Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} -
    C:\WINDOWS\system32\hp100.tmp
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}
    - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program
    Files\ICQToolbar\toolbaru.dll
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    /Consumer
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
    Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
    Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
    Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"
    runtime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
    /minimized
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program
    Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI
    Technologies\ATI.ACE\CLI.exe
    O4 - Global Startup: GN-WPKG Utility.lnk = C:\Program Files\GIGABYTE\Gigabyte
    GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
    O4 - Global Startup: Sta-Ap.lnk = C:\Program Files\GIGABYTE\Gigabyte GN-WPKG
    Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program
    Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
    C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
    C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O15 - Trusted Zone: www.mks.com.pl
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125168400515
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125168343093
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
    www.mks.com.pl/skaner/SkanerOnline.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{869CE40C-DF6F-4633-B78A-568DC3A2651D}:
    NameServer = 194.204.152.34 217.98.63.164
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS
  • 30.05.06, 21:55
    O2 - BHO: (no name) - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} -
    C:\WINDOWS\system32\hp100.tmp

    Dalej siedzi. Gdzie z log z usuwania SmitfraudFix. puśc go w trybie awaryjnym i pokaż log
  • Gość: k IP: *.warszawa.sdi.tpnet.pl 30.05.06, 21:58
    Po co ten log? Miales uzyc program ktory podalem i wkleic log z jego uzycia,
    czego oczywiscie nie zrobiles wiec wysil sie bardziej!
  • Gość: yeo IP: *.neoplus.adsl.tpnet.pl 30.05.06, 22:47
    ale to po francusku! :( ja nic nie czaje ;(
    oki postaram sie wysilic ;)
  • Gość: yeo IP: *.neoplus.adsl.tpnet.pl 30.05.06, 23:29
    hej!
    ten program nmi nie dziala...
  • Gość: k IP: *.warszawa.sdi.tpnet.pl 30.05.06, 23:56
    Co w zwiazku z tym? Napiszesz nam czemu nie dziala? Tylko nie pisz, ze chodzi o
    autoexec.nt...
  • Gość: yeo IP: *.neoplus.adsl.tpnet.pl 31.05.06, 13:20
    nie uruchamia sie. poza tym to chyba cos powazniejszego, bo komp zaczal pracowac
    wolniej..
  • 31.05.06, 13:23
    A próbowałes w trybie awaryjnym ??

    Wklej dodatkowo loga z programu silent runners info masz w przyklejnych
  • Gość: y IP: *.neoplus.adsl.tpnet.pl 31.05.06, 15:26
    "Silent Runners.vbs", revision 45, www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
    "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized"
    ["Skype Technologies S.A."]
    "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
    "LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe"
    boot" ["Logitech Inc."]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
    "wininet.dll" = "regperf.exe" [file not found]
    "kernel32.dll" = "C:\WINDOWS\system32\atmclk.exe" [file not found]
    "dcomcfg.exe" = "dcomcfg.exe" [null data]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
    "WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]
    "WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
    "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer"
    ["Symantec Corporation"]
    "SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch
    USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
    "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
    "RemoteControl" = ""C:\Program Files\CyberLink DVD
    Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
    "LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
    "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech
    Inc."]
    "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe "
    ["Logitech Inc."]
    "ICQ Lite" = "C:\Program Files\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
    "EasyTuneV" = "C:\Program Files\Gigabyte\ET5\GUI.exe" [empty string]
    "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec
    Corporation"]
    "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    ["ATI Technologies, Inc."]
    "(Default)" = (empty string)
    "ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay"
    [null data]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun
    Microsystems, Inc."]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "AcroIEHlprObj Class"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat
    7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) =
    "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program
    Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"
    -> {HKLM...CLSID} = "CNisExtBho Class"
    \InProcServer32\(Default) = "C:\Program Files\Common
    Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
    {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
    -> {HKLM...CLSID} = "CNavExtBho Class"
    \InProcServer32\(Default) = "C:\Program Files\Norton Internet
    Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    {f79fd28e-36ee-4989-aa61-9dd8e30a82fa}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Nothing"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hp100.tmp"
    [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
    wyświetlania"
    -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll"
    ["Hilgraeve, Inc."]
    "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
    -> {HKLM...CLSID} = "MCLiteShellExt Class"
    \InProcServer32\(Default) = "C:\Program
    Files\ICQLite\ICQLiteShell.dll" [empty string]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program
    Files\WinRAR\rarext.dll" [null data]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft
    Office\Office10\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft
    Office\Office10\msohev.dll" [MS]
    "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
    -> {HKLM...CLSID} = "Shell Extension for CDRW"
    \InProcServer32\(Default) = "C:\Program
    Files\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {HKLM...CLSID} = "Portable Media Devices"
    \InProcServer32\(Default) =
    "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM...CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) =
    "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
    -> {HKLM...CLSID} = "Shell Search Band"
    \InProcServer32\(Default) =
    "C:\WINDOWS\system32\browseui.dll" [MS]
    "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
    -> {HKLM...CLSID} = "My Logitech Pictures"
    \InProcServer32\(Default) = "C:\Program
    Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
    "{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3}" = "ABBYYPDFContextMenuExtension"
    -> {HKLM...CLSID} = "AbbyyPDF.PDFShellExtension.1"
    \InProcServer32\(Default) = "D:\PDFShellExtension.dll" [file
    not found]
    "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
    -> {HKLM...CLSID} = "SimpleShlExt Class"
    \InProcServer32\(Default) = "C:\Program Files\ATI
    Technologies\ATI.ACE\atiacmxx.dll" [empty string]
    "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
    -> {HKLM...CLSID} = "ShellLink for Application References"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
    "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application
    References"
    -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
    INFECTION WARNING! "{0c7416f0-dd23-420f-97f5-aae352ea2bf1}" = "glochid"
    -> {HKCU...CLSID} = (no title provided)
    \In
  • 31.05.06, 21:24
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
    "wininet.dll" = "regperf.exe" [file not found]
    "kernel32.dll" = "C:\WINDOWS\system32\atmclk.exe" [file not found]
    "dcomcfg.exe" = "dcomcfg.exe" [null data]
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hp100.tmp"
    [null data]

    Narazie w logu widac to wklej reszte loga bo jest obcięty. Dopiero przeprowdzimy usuwanie ręczne jak będzie wszystko
    Nieodpowiedziałes na to narzedzie czy uruchomiło ci się w trybie awaryjnym.Po rozpakowaniu plików wybierasz SmitfraudFix i opcje 2 clean. Napisz co się dzieje po odpaleniu tego narzędzia. Bo jak go uruchomisz zaoszczędzisz usuwania ręcznego. a pewno na ty jednym logu się nie skonczy.
  • Gość: y IP: *.neoplus.adsl.tpnet.pl 01.06.06, 00:38
    eh oki w koncu to zrobilem o co prosiliscie... sorki, ze trwalo to tak dlugo.. i
    sorki za najdluzszego posta :|
    to co powyzej napisales, to mam usunac???

    SmitFraudFix v2.53

    Scan done at 0:19:10,46, 2006-06-01
    Run from C:\Documents and Settings\Gregor\Pulpit\smithfraud\SmitfraudFix
    OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

    [HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
    @="C:\WINDOWS\system32\wfkduei.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
    @="C:\WINDOWS\system32\wfkduei.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

    [HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
    @="C:\WINDOWS\system32\imfdfcj.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
    @="C:\WINDOWS\system32\imfdfcj.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\dcomcfg.exe Deleted
    C:\WINDOWS\system32\ld????.tmp Deleted
    C:\WINDOWS\system32\ot.ico Deleted
    C:\WINDOWS\system32\simpole.tlb Deleted
    C:\WINDOWS\system32\stdole3.tlb Deleted
    C:\WINDOWS\system32\ts.ico Deleted
    C:\WINDOWS\system32\1024\ Deleted
    C:\DOCUME~1\Gregor\Ulubione\Antivirus Test Online.url Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\wfkduei.dll -> Missing File

    C:\WINDOWS\system32\imfdfcj.dll -> Missing File


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
  • 01.06.06, 05:07
    Nie muisz juz usuwac automat zrobił to za ciebie. Możesz kontrolnie wstawić loga z silent runners. No chyba że problem całkowicie zniknął
  • Gość: y IP: *.neoplus.adsl.tpnet.pl 01.06.06, 10:44
    "Silent Runners.vbs", revision 45, www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
    "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized"
    ["Skype Technologies S.A."]
    "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
    "LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe"
    boot" ["Logitech Inc."]

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
    "ICQ Lite" = "C:\Program Files\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
    "WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]
    "WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
    "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer"
    ["Symantec Corporation"]
    "SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch
    USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
    "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
    "RemoteControl" = ""C:\Program Files\CyberLink DVD
    Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
    "LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
    "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech
    Inc."]
    "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe "
    ["Logitech Inc."]
    "ICQ Lite" = "C:\Program Files\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
    "EasyTuneV" = "C:\Program Files\Gigabyte\ET5\GUI.exe" [empty string]
    "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec
    Corporation"]
    "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    ["ATI Technologies, Inc."]
    "(Default)" = (empty string)
    "ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay"
    [null data]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun
    Microsystems, Inc."]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "AcroIEHlprObj Class"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat
    7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) =
    "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program
    Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"
    -> {HKLM...CLSID} = "CNisExtBho Class"
    \InProcServer32\(Default) = "C:\Program Files\Common
    Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
    {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
    -> {HKLM...CLSID} = "CNavExtBho Class"
    \InProcServer32\(Default) = "C:\Program Files\Norton Internet
    Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
    wyświetlania"
    -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll"
    ["Hilgraeve, Inc."]
    "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
    -> {HKLM...CLSID} = "MCLiteShellExt Class"
    \InProcServer32\(Default) = "C:\Program
    Files\ICQLite\ICQLiteShell.dll" [empty string]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program
    Files\WinRAR\rarext.dll" [null data]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft
    Office\Office10\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft
    Office\Office10\msohev.dll" [MS]
    "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
    -> {HKLM...CLSID} = "Shell Extension for CDRW"
    \InProcServer32\(Default) = "C:\Program
    Files\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {HKLM...CLSID} = "Portable Media Devices"
    \InProcServer32\(Default) =
    "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM...CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) =
    "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
    -> {HKLM...CLSID} = "Shell Search Band"
    \InProcServer32\(Default) =
    "C:\WINDOWS\system32\browseui.dll" [MS]
    "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
    -> {HKLM...CLSID} = "My Logitech Pictures"
    \InProcServer32\(Default) = "C:\Program
    Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
    "{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3}" = "ABBYYPDFContextMenuExtension"
    -> {HKLM...CLSID} = "AbbyyPDF.PDFShellExtension.1"
    \InProcServer32\(Default) = "D:\PDFShellExtension.dll" [file
    not found]
    "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
    -> {HKLM...CLSID} = "SimpleShlExt Class"
    \InProcServer32\(Default) = "C:\Program Files\ATI
    Technologies\ATI.ACE\atiacmxx.dll" [empty string]
    "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
    -> {HKLM...CLSID} = "ShellLink for Application References"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
    "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application
    References"
    -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
    -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
    \InProcServer32\(Default) = "G:\ewido
    anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

    HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
    INFECTION WARNING! "load" = "C:\YDPDict\watch.exe" [null data]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlog
  • 01.06.06, 12:05
    No log jest nie pełny ale nie widać nic tego syfu. Automat łądnie się spisał. Więc ponawiam pytanie czy problem zniknął czy istnieje nadal? Jak tak to doklej reszte loga
  • Gość: y IP: *.neoplus.adsl.tpnet.pl 01.06.06, 15:55
    hej!
    dziekuje za pomoc :)
    problemu juz nie ma.
    jesli chodzi o doklejenie loga to ja go wkleilem calego... (mam na mysli z
    silentruners)
  • 02.06.06, 01:15
    No log nie jest pełny musisz poczekać na komunikat DONE I wtedy wklejasz całego loga ale to tak na przyszłość. Bo jak problem znikł a to jest najważniejsze

    Pozdrawiam
  • 30.05.06, 22:19

    he he he samoklonujące się okienka z Nortona -jak miło powspominać;)...cały
    ekran potrafiły zalać ....
    :)
    rada: Usunąć..........!

Popularne wątki

Nie pamiętasz hasła lub ?

Zapamiętaj mnie

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka
Agora S.A. - wydawca portalu Gazeta.pl nie ponosi odpowiedzialności za treść wypowiedzi zamieszczanych przez użytkowników Forum. Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin.