• drzewko
  • od najstarszego
  • od najnowszego
Dodaj do ulubionych

wirus?, jak sie tego pozbyc? wyskakujace okienka

  • IP: *.neoplus.adsl.tpnet.pl 30.05.06, 18:36
    Edytor zaawansowany
    • Gość: k IP: *.warszawa.sdi.tpnet.pl 30.05.06, 19:30
      Dlaczego wklejasz dwa razy to samo? Lubisz marnowac nasza czas? W takim razie
      po co my mamy marnowac czas na Ciebie?!

      Wywal aplikacje od neostrady, messengera tez mozesz odinstalowac (opis w FAQ!).
      Do tego odinstaluj:
      Logitech Desktop Messenger
      Norton rowniez nie jest Ci potrzebny, do domu wystarczy Ci Avast.

      Uzyj tego:
      siri.urz.free.fr/Fix/SmitfraudFix.php
      log z usuwania wklej na forum.

      W hjt usun:
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
      C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
      O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
      O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} -
      C:\WINDOWS\system32\hp100.tmp
      O4 - HKLM\..\Run: [SpywareQuake.com] E:\ewr\SpywareQuake.com\Spyware-
      Quake.exe /h

      Doklej reszte od:
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
      <a href="

      Do tego zrob skan przy pomocy ewido.
    • Gość: yeo IP: *.neoplus.adsl.tpnet.pl 30.05.06, 21:37
      Logfile of HijackThis v1.99.1
      Scan saved at 21:36:07, on 2006-05-30
      Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Norton Internet Security\ISSVC.exe
      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\system32\ntvdm.exe
      C:\WINDOWS\system32\atmclk.exe
      C:\WINDOWS\system32\dcomcfg.exe
      C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
      C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
      C:\Program Files\GIGABYTE\Gigabyte GN-WPKG Wireless PCI Adapter
      SoftAP\Installer\WINXP\RaConfig2500.exe
      C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
      C:\PROGRA~1\NEOSTR~1\ComComp.exe
      C:\PROGRA~1\NEOSTR~1\Watch.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Gregor\Pulpit\hijackthis\hijackthis-1.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -
      C:\Program Files\ICQToolbar\toolbaru.dll
      F3 - REG:win.ini: load=C:\YDPDict\watch.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
      C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
      Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
      C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
      Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O2 - BHO: (no name) - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} -
      C:\WINDOWS\system32\hp100.tmp
      O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}
      - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
      C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program
      Files\ICQToolbar\toolbaru.dll
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
      O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
      /Consumer
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
      Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
      Solution\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
      O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
      Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe"
      runtime
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
      /minimized
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program
      Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
      Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI
      Technologies\ATI.ACE\CLI.exe
      O4 - Global Startup: GN-WPKG Utility.lnk = C:\Program Files\GIGABYTE\Gigabyte
      GN-WPKG Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
      O4 - Global Startup: Sta-Ap.lnk = C:\Program Files\GIGABYTE\Gigabyte GN-WPKG
      Wireless PCI Adapter SoftAP\Installer\WINXP\RaConfig2500.exe
      O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program
      Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger -
      -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console -
      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
      Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
      C:\Program Files\ICQLite\ICQLite.exe
      O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
      C:\Program Files\ICQLite\ICQLite.exe
      O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
      O15 - Trusted Zone: www.mks.com.pl
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
      update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125168400515
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
      update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125168343093
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      www.mks.com.pl/skaner/SkanerOnline.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{869CE40C-DF6F-4633-B78A-568DC3A2651D}:
      NameServer = 194.204.152.34 217.98.63.164
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
      "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS
      • 30.05.06, 21:55
        O2 - BHO: (no name) - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} -
        C:\WINDOWS\system32\hp100.tmp

        Dalej siedzi. Gdzie z log z usuwania SmitfraudFix. puśc go w trybie awaryjnym i pokaż log
      • Gość: k IP: *.warszawa.sdi.tpnet.pl 30.05.06, 21:58
        Po co ten log? Miales uzyc program ktory podalem i wkleic log z jego uzycia,
        czego oczywiscie nie zrobiles wiec wysil sie bardziej!
        • Gość: yeo IP: *.neoplus.adsl.tpnet.pl 30.05.06, 22:47
          ale to po francusku! :( ja nic nie czaje ;(
          oki postaram sie wysilic ;)
        • Gość: yeo IP: *.neoplus.adsl.tpnet.pl 30.05.06, 23:29
          hej!
          ten program nmi nie dziala...
          • Gość: k IP: *.warszawa.sdi.tpnet.pl 30.05.06, 23:56
            Co w zwiazku z tym? Napiszesz nam czemu nie dziala? Tylko nie pisz, ze chodzi o
            autoexec.nt...
            • Gość: yeo IP: *.neoplus.adsl.tpnet.pl 31.05.06, 13:20
              nie uruchamia sie. poza tym to chyba cos powazniejszego, bo komp zaczal pracowac
              wolniej..
              • 31.05.06, 13:23
                A próbowałes w trybie awaryjnym ??

                Wklej dodatkowo loga z programu silent runners info masz w przyklejnych
                • Gość: y IP: *.neoplus.adsl.tpnet.pl 31.05.06, 15:26
                  "Silent Runners.vbs", revision 45, www.silentrunners.org/
                  Operating System: Windows XP SP2
                  Output limited to non-default values, except where indicated by "{++}"


                  Startup items buried in registry:
                  ---------------------------------

                  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                  "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
                  "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
                  "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized"
                  ["Skype Technologies S.A."]
                  "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
                  "LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe"
                  boot" ["Logitech Inc."]

                  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
                  "wininet.dll" = "regperf.exe" [file not found]
                  "kernel32.dll" = "C:\WINDOWS\system32\atmclk.exe" [file not found]
                  "dcomcfg.exe" = "dcomcfg.exe" [null data]

                  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                  "WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
                  "WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]
                  "WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
                  "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer"
                  ["Symantec Corporation"]
                  "SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch
                  USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
                  "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
                  "RemoteControl" = ""C:\Program Files\CyberLink DVD
                  Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
                  "LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
                  "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech
                  Inc."]
                  "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe "
                  ["Logitech Inc."]
                  "ICQ Lite" = "C:\Program Files\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
                  "EasyTuneV" = "C:\Program Files\Gigabyte\ET5\GUI.exe" [empty string]
                  "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec
                  Corporation"]
                  "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                  ["ATI Technologies, Inc."]
                  "(Default)" = (empty string)
                  "ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay"
                  [null data]
                  "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun
                  Microsystems, Inc."]
                  "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
                  "InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]

                  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
                  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
                  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                  \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat
                  7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
                  {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
                  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) =
                  "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
                  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
                  -> {HKLM...CLSID} = "SSVHelper Class"
                  \InProcServer32\(Default) = "C:\Program
                  Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
                  {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"
                  -> {HKLM...CLSID} = "CNisExtBho Class"
                  \InProcServer32\(Default) = "C:\Program Files\Common
                  Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
                  {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
                  -> {HKLM...CLSID} = "CNavExtBho Class"
                  \InProcServer32\(Default) = "C:\Program Files\Norton Internet
                  Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
                  {f79fd28e-36ee-4989-aa61-9dd8e30a82fa}\(Default) = (no title provided)
                  -> {HKLM...CLSID} = "Nothing"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\hp100.tmp"
                  [null data]

                  HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
                  "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
                  wyświetlania"
                  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                  \InProcServer32\(Default) = "deskpan.dll" [file not found]
                  "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
                  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll"
                  ["Hilgraeve, Inc."]
                  "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
                  -> {HKLM...CLSID} = "MCLiteShellExt Class"
                  \InProcServer32\(Default) = "C:\Program
                  Files\ICQLite\ICQLiteShell.dll" [empty string]
                  "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
                  -> {HKLM...CLSID} = "WinRAR"
                  \InProcServer32\(Default) = "C:\Program
                  Files\WinRAR\rarext.dll" [null data]
                  "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
                  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
                  \InProcServer32\(Default) = "C:\Program Files\Microsoft
                  Office\Office10\OLKFSTUB.DLL" [MS]
                  "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
                  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\Program Files\Microsoft
                  Office\Office10\msohev.dll" [MS]
                  "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
                  -> {HKLM...CLSID} = "Shell Extension for CDRW"
                  \InProcServer32\(Default) = "C:\Program
                  Files\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]
                  "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
                  -> {HKLM...CLSID} = "Portable Media Devices"
                  \InProcServer32\(Default) =
                  "C:\WINDOWS\system32\Audiodev.dll" [MS]
                  "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
                  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                  \InProcServer32\(Default) =
                  "C:\WINDOWS\system32\Audiodev.dll" [MS]
                  "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
                  -> {HKLM...CLSID} = "Shell Search Band"
                  \InProcServer32\(Default) =
                  "C:\WINDOWS\system32\browseui.dll" [MS]
                  "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
                  -> {HKLM...CLSID} = "My Logitech Pictures"
                  \InProcServer32\(Default) = "C:\Program
                  Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
                  "{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3}" = "ABBYYPDFContextMenuExtension"
                  -> {HKLM...CLSID} = "AbbyyPDF.PDFShellExtension.1"
                  \InProcServer32\(Default) = "D:\PDFShellExtension.dll" [file
                  not found]
                  "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
                  -> {HKLM...CLSID} = "SimpleShlExt Class"
                  \InProcServer32\(Default) = "C:\Program Files\ATI
                  Technologies\ATI.ACE\atiacmxx.dll" [empty string]
                  "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
                  -> {HKLM...CLSID} = "ShellLink for Application References"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
                  "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application
                  References"
                  -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

                  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
                  INFECTION WARNING! "{0c7416f0-dd23-420f-97f5-aae352ea2bf1}" = "glochid"
                  -> {HKCU...CLSID} = (no title provided)
                  \In
                  • 31.05.06, 21:24
                    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
                    "wininet.dll" = "regperf.exe" [file not found]
                    "kernel32.dll" = "C:\WINDOWS\system32\atmclk.exe" [file not found]
                    "dcomcfg.exe" = "dcomcfg.exe" [null data]
                    \InProcServer32\(Default) = "C:\WINDOWS\system32\hp100.tmp"
                    [null data]

                    Narazie w logu widac to wklej reszte loga bo jest obcięty. Dopiero przeprowdzimy usuwanie ręczne jak będzie wszystko
                    Nieodpowiedziałes na to narzedzie czy uruchomiło ci się w trybie awaryjnym.Po rozpakowaniu plików wybierasz SmitfraudFix i opcje 2 clean. Napisz co się dzieje po odpaleniu tego narzędzia. Bo jak go uruchomisz zaoszczędzisz usuwania ręcznego. a pewno na ty jednym logu się nie skonczy.
                    • Gość: k IP: *.warszawa.sdi.tpnet.pl 31.05.06, 23:22
                      Skoro wpisy sa to jasne, ze nie uzyl programu do usuwania.

                      Reczny opis usuwania jest tutaj:
                      www.searchengines.pl/phpbb203/index.php?showtopic=31936&st=15&p=294994&#entry294994
                    • Gość: y IP: *.neoplus.adsl.tpnet.pl 01.06.06, 00:38
                      eh oki w koncu to zrobilem o co prosiliscie... sorki, ze trwalo to tak dlugo.. i
                      sorki za najdluzszego posta :|
                      to co powyzej napisales, to mam usunac???

                      SmitFraudFix v2.53

                      Scan done at 0:19:10,46, 2006-06-01
                      Run from C:\Documents and Settings\Gregor\Pulpit\smithfraud\SmitfraudFix
                      OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
                      Fix ran in safe mode

                      »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
                      !!!Attention, following keys are not inevitably infected!!!

                      SrchSTS.exe by S!Ri
                      Search SharedTaskScheduler's .dll

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
                      "{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

                      [HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
                      @="C:\WINDOWS\system32\wfkduei.dll"

                      [HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
                      @="C:\WINDOWS\system32\wfkduei.dll"


                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
                      "{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

                      [HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
                      @="C:\WINDOWS\system32\imfdfcj.dll"

                      [HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
                      @="C:\WINDOWS\system32\imfdfcj.dll"


                      »»»»»»»»»»»»»»»»»»»»»»»» Killing process


                      »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

                      C:\WINDOWS\system32\dcomcfg.exe Deleted
                      C:\WINDOWS\system32\ld????.tmp Deleted
                      C:\WINDOWS\system32\ot.ico Deleted
                      C:\WINDOWS\system32\simpole.tlb Deleted
                      C:\WINDOWS\system32\stdole3.tlb Deleted
                      C:\WINDOWS\system32\ts.ico Deleted
                      C:\WINDOWS\system32\1024\ Deleted
                      C:\DOCUME~1\Gregor\Ulubione\Antivirus Test Online.url Deleted

                      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

                      GenericRenosFix by S!Ri

                      C:\WINDOWS\system32\wfkduei.dll -> Missing File

                      C:\WINDOWS\system32\imfdfcj.dll -> Missing File


                      »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


                      »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

                      Registry Cleaning done.

                      »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
                      !!!Attention, following keys are not inevitably infected!!!

                      SrchSTS.exe by S!Ri
                      Search SharedTaskScheduler's .dll


                      »»»»»»»»»»»»»»»»»»»»»»»» End
                      • 01.06.06, 05:07
                        Nie muisz juz usuwac automat zrobił to za ciebie. Możesz kontrolnie wstawić loga z silent runners. No chyba że problem całkowicie zniknął
                        • Gość: y IP: *.neoplus.adsl.tpnet.pl 01.06.06, 10:44
                          "Silent Runners.vbs", revision 45, www.silentrunners.org/
                          Operating System: Windows XP SP2
                          Output limited to non-default values, except where indicated by "{++}"


                          Startup items buried in registry:
                          ---------------------------------

                          HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                          "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
                          "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
                          "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized"
                          ["Skype Technologies S.A."]
                          "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
                          "LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe"
                          boot" ["Logitech Inc."]

                          HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
                          "ICQ Lite" = "C:\Program Files\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

                          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                          "WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
                          "WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]
                          "WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
                          "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer"
                          ["Symantec Corporation"]
                          "SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch
                          USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
                          "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
                          "RemoteControl" = ""C:\Program Files\CyberLink DVD
                          Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
                          "LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
                          "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech
                          Inc."]
                          "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe "
                          ["Logitech Inc."]
                          "ICQ Lite" = "C:\Program Files\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
                          "EasyTuneV" = "C:\Program Files\Gigabyte\ET5\GUI.exe" [empty string]
                          "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec
                          Corporation"]
                          "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
                          ["ATI Technologies, Inc."]
                          "(Default)" = (empty string)
                          "ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay"
                          [null data]
                          "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun
                          Microsystems, Inc."]
                          "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
                          "InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]

                          HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
                          {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
                          -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                          \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat
                          7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
                          {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
                          -> {HKLM...CLSID} = (no title provided)
                          \InProcServer32\(Default) =
                          "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
                          {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
                          -> {HKLM...CLSID} = "SSVHelper Class"
                          \InProcServer32\(Default) = "C:\Program
                          Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
                          {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"
                          -> {HKLM...CLSID} = "CNisExtBho Class"
                          \InProcServer32\(Default) = "C:\Program Files\Common
                          Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
                          {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
                          -> {HKLM...CLSID} = "CNavExtBho Class"
                          \InProcServer32\(Default) = "C:\Program Files\Norton Internet
                          Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

                          HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
                          "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
                          wyświetlania"
                          -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                          \InProcServer32\(Default) = "deskpan.dll" [file not found]
                          "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
                          -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                          \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll"
                          ["Hilgraeve, Inc."]
                          "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
                          -> {HKLM...CLSID} = "MCLiteShellExt Class"
                          \InProcServer32\(Default) = "C:\Program
                          Files\ICQLite\ICQLiteShell.dll" [empty string]
                          "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
                          -> {HKLM...CLSID} = "WinRAR"
                          \InProcServer32\(Default) = "C:\Program
                          Files\WinRAR\rarext.dll" [null data]
                          "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
                          -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
                          \InProcServer32\(Default) = "C:\Program Files\Microsoft
                          Office\Office10\OLKFSTUB.DLL" [MS]
                          "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
                          -> {HKLM...CLSID} = (no title provided)
                          \InProcServer32\(Default) = "C:\Program Files\Microsoft
                          Office\Office10\msohev.dll" [MS]
                          "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
                          -> {HKLM...CLSID} = "Shell Extension for CDRW"
                          \InProcServer32\(Default) = "C:\Program
                          Files\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]
                          "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
                          -> {HKLM...CLSID} = "Portable Media Devices"
                          \InProcServer32\(Default) =
                          "C:\WINDOWS\system32\Audiodev.dll" [MS]
                          "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
                          -> {HKLM...CLSID} = "Portable Media Devices Menu"
                          \InProcServer32\(Default) =
                          "C:\WINDOWS\system32\Audiodev.dll" [MS]
                          "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
                          -> {HKLM...CLSID} = "Shell Search Band"
                          \InProcServer32\(Default) =
                          "C:\WINDOWS\system32\browseui.dll" [MS]
                          "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
                          -> {HKLM...CLSID} = "My Logitech Pictures"
                          \InProcServer32\(Default) = "C:\Program
                          Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
                          "{83903CAB-2FC1-40f6-8B82-DF123A5FB9E3}" = "ABBYYPDFContextMenuExtension"
                          -> {HKLM...CLSID} = "AbbyyPDF.PDFShellExtension.1"
                          \InProcServer32\(Default) = "D:\PDFShellExtension.dll" [file
                          not found]
                          "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
                          -> {HKLM...CLSID} = "SimpleShlExt Class"
                          \InProcServer32\(Default) = "C:\Program Files\ATI
                          Technologies\ATI.ACE\atiacmxx.dll" [empty string]
                          "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
                          -> {HKLM...CLSID} = "ShellLink for Application References"
                          \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
                          "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application
                          References"
                          -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
                          \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]

                          HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
                          INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
                          -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                          \InProcServer32\(Default) = "G:\ewido
                          anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

                          HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
                          INFECTION WARNING! "load" = "C:\YDPDict\watch.exe" [null data]

                          HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlog
                          • 01.06.06, 12:05
                            No log jest nie pełny ale nie widać nic tego syfu. Automat łądnie się spisał. Więc ponawiam pytanie czy problem zniknął czy istnieje nadal? Jak tak to doklej reszte loga
                            • Gość: y IP: *.neoplus.adsl.tpnet.pl 01.06.06, 15:55
                              hej!
                              dziekuje za pomoc :)
                              problemu juz nie ma.
                              jesli chodzi o doklejenie loga to ja go wkleilem calego... (mam na mysli z
                              silentruners)
                              • 02.06.06, 01:15
                                No log nie jest pełny musisz poczekać na komunikat DONE I wtedy wklejasz całego loga ale to tak na przyszłość. Bo jak problem znikł a to jest najważniejsze

                                Pozdrawiam
      • 30.05.06, 22:19

        he he he samoklonujące się okienka z Nortona -jak miło powspominać;)...cały
        ekran potrafiły zalać ....
        :)
        rada: Usunąć..........!
  • Powiadamiaj o nowych wpisach

Wysyłaj powiadomienia o nowych wpisach na forum na e-mail:

Aby uprościć zarządzanie powiadomieniami zaloguj się lub zarejestruj się.

lub anuluj

Zaloguj się

Nie pamiętasz hasła lub loginu ?

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka
Agora S.A. - wydawca portalu Gazeta.pl nie ponosi odpowiedzialności za treść wypowiedzi zamieszczanych przez użytkowników Forum. Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin.