Dodaj do ulubionych

PROSZE O POMOC!!!

IP: 84.10.112.* 11.12.04, 21:24
mam to co widac + norton 2005 ale dzisiaj w 1/2 godziny wpadło do kompa 65
wirusów !? , coś tam skanowałem , usuwałem ale nadal siedzi
trojan 'AGENT .AP" i "hide" no i strona startowa zmienia sie na "about:blank"
CO ROBIĆ POMOCY !!!!

Logfile of HijackThis v1.98.2
Scan saved at 21:27:10, on 2004-12-11
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\system32\winkf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\tibs3.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\NuNinst.exe:qamry
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.515\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\system32\awljy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\system32\awljy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\system32\awljy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\system32\awljy.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\system32\awljy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\awljy.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\awljy.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02A69FBB-7B0E-C07B-30E9-E43203460F06} -
C:\WINDOWS\system32\addja32.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06
\bin\jusched.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Desktop
Wireless\mouse_2k.exe
O4 - HKLM\..\Run: [CreativeKeyboard ] C:\Program Files\Creative\Desktop
Wireless\kb_2k.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ipme32.exe] C:\WINDOWS\system32\ipme32.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows
ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [winkf.exe] C:\WINDOWS\system32\winkf.exe
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\System32\msjava.dll
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
Obserwuj wątek
    • Gość: piotr Re: PROSZE O POMOC!!! IP: 84.10.112.* 12.12.04, 16:56
      moze ktos poradzic co mam wywalic ?
      mks on line - wykrywa 8 wirusiw ale 4 nie moze usunac
      (winkf.exe,hide,bargainbuddy)
      norton wykrywa 11 ale innych
      i dziwne rzeczy sie dzieją ...
    • Gość: piecyk gazowy Re: PROSZE O POMOC!!! IP: *.tpnet.pl / *.tpnet.pl 12.12.04, 17:27
      Do wywalenia:

      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      > res://C:\WINDOWS\system32\awljy.dll/sp.html#28129
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      > res://C:\WINDOWS\system32\awljy.dll/sp.html#28129
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > about:blank
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      > res://C:\WINDOWS\system32\awljy.dll/sp.html#28129
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      > res://C:\WINDOWS\system32\awljy.dll/sp.html#28129
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      > res://C:\WINDOWS\system32\awljy.dll/sp.html#28129
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      > res://C:\WINDOWS\system32\awljy.dll/sp.html#28129
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      > res://C:\WINDOWS\system32\awljy.dll/sp.html#28129
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
      > about:blank
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      > R3 - Default URLSearchHook is missing
      > O2 - BHO: (no name) - {02A69FBB-7B0E-C07B-30E9-E43203460F06} -
      > C:\WINDOWS\system32\addja32.dll

      > O4 - HKLM\..\Run: [ipme32.exe] C:\WINDOWS\system32\ipme32.exe
      > O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows
      > ControlAd\WinCtlAd.exe
      > O4 - HKLM\..\Run: [winkf.exe] C:\WINDOWS\system32\winkf.exe

      > O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe

      > O15 - Trusted Zone: *.awmdabest.com
      > O15 - Trusted Zone: *.frame.crazywinnings.com

      Przy okazji - odinstaluj jeden program antywirusowy.
      • Gość: piotr Re: PROSZE O POMOC!!! IP: 84.10.112.* 12.12.04, 18:39
        nadal zmienia sie strona startowa na about blank, pijawiaja sie jakies
        zagraniczne reklamy , norton wykryl 28 wirusow ale tylko 3 usuwa (moze bym
        sformatowal dysk "c" kolega robil mi to tydzien temu ale sam troszke sie boje
        (jak ?)
        teraz tak to wyglada
        Logfile of HijackThis v1.98.2
        Scan saved at 18:39:14, on 2004-12-12
        Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Ahead\InCD\InCDsrv.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Norton AntiVirus\navapsvc.exe
        C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        C:\WINDOWS\NuNinst.exe:qamry
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
        C:\Program Files\Ahead\InCD\InCD.exe
        C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
        C:\Program Files\Creative\Desktop Wireless\mouse_2k.exe
        C:\Program Files\Creative\Desktop Wireless\kb_2k.exe
        C:\WINDOWS\System32\RUNDLL32.EXE
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\WINDOWS\system32\syskx.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\WinRAR\WinRAR.exe
        C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.594\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        res://C:\WINDOWS\system32\rwooc.dll/sp.html#28129
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
        res://C:\WINDOWS\system32\rwooc.dll/sp.html#28129
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        res://C:\WINDOWS\system32\rwooc.dll/sp.html#28129
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
        res://C:\WINDOWS\system32\rwooc.dll/sp.html#28129
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
        res://C:\WINDOWS\system32\rwooc.dll/sp.html#28129
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        res://C:\WINDOWS\system32\rwooc.dll/sp.html#28129
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        res://C:\WINDOWS\system32\rwooc.dll/sp.html#28129
        R3 - Default URLSearchHook is missing
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
        Files\Norton AntiVirus\NavShExt.dll
        O2 - BHO: (no name) - {CF3EF571-43E7-5C38-FDC9-6E168AF22B5A} -
        C:\WINDOWS\system32\netzi32.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
        C:\Program Files\Norton AntiVirus\NavShExt.dll
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
        \NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
        Solution\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06
        \bin\jusched.exe
        O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Desktop
        Wireless\mouse_2k.exe
        O4 - HKLM\..\Run: [CreativeKeyboard ] C:\Program Files\Creative\Desktop
        Wireless\kb_2k.exe
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
        \NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
        Shared\ccApp.exe"
        O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
        Shared\Security Center\UsrPrmpt.exe
        O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
        O4 - HKLM\..\Run: [winkf.exe] C:\WINDOWS\system32\winkf.exe
        O4 - HKLM\..\Run: [syskx.exe] C:\WINDOWS\system32\syskx.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\WINDOWS\System32\msjava.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\WINDOWS\System32\msjava.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O15 - Trusted Zone: *.frame.crazywinnings.com
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
        www.pandasoftware.com/activescan/as5/asinst.cab
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        • Gość: piecyk gazowy Re: PROSZE O POMOC!!! IP: *.tpnet.pl / *.tpnet.pl 12.12.04, 20:45
          Spróbuj usunąć wpisy jeszcze raz w trybie awaryjnym, choć obawiam się, że efekt
          będzie podobny.

          Do wywalenia:

          > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
          > res://C:\WINDOWS\system32\rwooc.dll/sp.html#28129
          > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
          > res://C:\WINDOWS\system32\rwooc.dll/sp.html#28129
          > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          > about:blank
          > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
          > res://C:\WINDOWS\system32\rwooc.dll/sp.html#28129
          > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
          > res://C:\WINDOWS\system32\rwooc.dll/sp.html#28129
          > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
          > res://C:\WINDOWS\system32\rwooc.dll/sp.html#28129
          > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          > res://C:\WINDOWS\system32\rwooc.dll/sp.html#28129
          > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          > res://C:\WINDOWS\system32\rwooc.dll/sp.html#28129
          > R3 - Default URLSearchHook is missing

          > O2 - BHO: (no name) - {CF3EF571-43E7-5C38-FDC9-6E168AF22B5A} -
          > C:\WINDOWS\system32\netzi32.dll

          > O4 - HKLM\..\Run: [winkf.exe] C:\WINDOWS\system32\winkf.exe
          > O4 - HKLM\..\Run: [syskx.exe] C:\WINDOWS\system32\syskx.exe

          > O15 - Trusted Zone: *.frame.crazywinnings.com

          I może jeszcze tym coś wywalczysz:
          www.searchengines.pl/phpbb203/index.php?showtopic=14185&st=0&#entry87935

Nie masz jeszcze konta? Zarejestruj się


Nakarm Pajacyka