jak to wywalic ?

IP: 62.29.254.* 16.12.04, 10:18
od 2 dni zamiast tapety, pojawia mi sie strona "sieci web" z niebieskim tlem
i tektem po angielsku dotyczacym "....spyware installed.....". po kazdym
restarcie kompa pojawia sie ona we wlasciowosciach pulpitu na nowo mimo
tego , ze ja usuwam. skanowalem juz kilkoma antywirami i nic :( bardzo prosze
o pomoc. moj log z hijack:
ogfile of HijackThis v1.99.0
Scan saved at 10:10:53, on 2004-12-16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\savedump.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\Program Files\Alwil Software\Avast4\ashserv.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Alwil Software\Avast4\ashDisp.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\System32\?hkdsk.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\PABLO\USTAWI~1\Temp\Rar$EX00.899\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
F2 - REG:system.ini: Shell=explorer.exe
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] E:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SysTime] E:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [KAVPersonal50] E:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [SysMon] E:\windows\system32\mswkdfj32.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] E:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Oqe] E:\WINDOWS\System32\?hkdsk.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] E:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft
Office\Office\OSA9.EXE
O12 - Plugin for .pdf: E:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted IP range: 69.50.161.82
O15 - Trusted IP range: 69.50.161.82 (HKLM)
O16 - DPF: komentator - sport.onet.pl/komentator.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
static.topconverting.com/activex/loader2.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 212.2.96.52
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 212.2.96.52
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.2.96.52
O23 - Service: avast! iAVS4 Control Service - Unknown - E:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown - E:\Program Files\Alwil
Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: ISEXEng - Unknown - E:\WINDOWS\System32\angelex.exe (file
missing)
O23 - Service: kavsvc - Kaspersky Lab - E:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: ZESOFT - Unknown - E:\WINDOWS\zeta.exe (file missing)

    • Gość: pawgad Re: jak to wywalic ? IP: 62.29.254.* 16.12.04, 16:50
      jeszcze raz goraco prosze o pomoc!!
Pełna wersja