SPYWARE _POMOCY!!!!!!!!!!!!!!!!!

[Gość: azazel]

Cześć! Poczytałem sobie trochę o spyware.Mam kłopoty z usunięciem szpiegów i
wirusów. Sciągnęłam Ad-Aware,SpyBot S&D i
hijackthis.Mam nadzieję,że wszystko dobrze zrobiłem i zeskanowałam to co
trzeba
i jak trzeba.Oto log ze skanowania hijackthis:Pomóżcie
jeśli możecie- mój adres:
p.lechowicz@interia.pl
Z góry dziękuję!!!


Logfile of HijackThis v1.99.1
Scan saved at 10:25:43, on 2005-04-16
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Agusia\Pulpit\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\svcnut.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\Norton AntiVirus\navapw32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\RegFreeze\regfreeze.exe
C:\Documents and Settings\Agusia\Pulpit\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
res://C:\WINDOWS\system32\shdocpl.dll/security.htm#subID=MPV;401
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.vobis.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.makemesearch.com/?said=382
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://shdocpl.dll/asst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program
Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D8274} - C:\WINDOWS\System32
\spm8274.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SuperBar - {2DBDB463-84E1-458A-8ED4-E98F4CEE09C2} - C:\Program
Files\SUPERBAR\SUPERBAR.dll (file missing)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03
\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [levur] C:\WINDOWS\levur.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium
Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Startup: RegFreeze.lnk = C:\Program Files\RegFreeze\regfreeze.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Search and Remove Spyware - {CDB280E8-BE43-4128-8A5A-
3FCD094E2D88} - C:\Program Files\RegFreeze\rfsearchhandler.dll
O9 - Extra 'Tools' menuitem: Search and Remove Spyware - {CDB280E8-BE43-4128-
8A5A-3FCD094E2D88} - C:\Program Files\RegFreeze\rfsearchhandler.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {8171C6FC-F6F9-4499-9DF4-
A005F3385E22} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8171C6FC-F6F9-
4499-9DF4-A005F3385E22} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=www.vobis.pl/
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\Documents and Settings\Agusia\Pulpit\Norton
AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software -
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software -
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software
Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004
\PsImSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

NIE JESTEM W STANIE PRACOWAĆ NA KOMPIE

[Gość: Kolobos]

Najpierw przeskanuj tym:
cwshredder.net/bin/CWShredder.exe <- CWS Shredder

Odinstaluj: MySearch,PCTools, Spyware Doctor, RegFreeze

Do tego o ile dobrze widze masz dwa antyvirusy, a wiec odinstaluj jeden chociaz
oba to zamulacze systemu wiec wywal najlepiej oba i zainstaluj avast + kerio :-)

> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> res://C:\WINDOWS\system32\shdocpl.dll/security.htm#subID=MPV;401
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> www.vobis.pl/
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> www.makemesearch.com/?said=382
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> res://shdocpl.dll/asst.htm
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program
> Files\MySearch\bar\1.bin\S4BAR.DLL
> O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
> C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
> O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
> C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
> O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D8274} - C:\WINDOWS\System32
> \spm8274.dll
> O3 - Toolbar: SuperBar - {2DBDB463-84E1-458A-8ED4-E98F4CEE09C2} - C:\Program
> Files\SUPERBAR\SUPERBAR.dll (file missing)
> O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
> O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
> O4 - HKLM\..\Run: [levur] C:\WINDOWS\levur.exe
> O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut.exe home
> O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
> O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
> O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
> Doctor\swdoctor.exe" /Q
> O4 - HKCU\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
> O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
> O4 - Startup: RegFreeze.lnk = C:\Program Files\RegFreeze\regfreeze.exe
> O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
> C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
> O9 - Extra button: Search and Remove Spyware - {CDB280E8-BE43-4128-8A5A-
> 3FCD094E2D88} - C:\Program Files\RegFreeze\rfsearchhandler.dll
> O9 - Extra 'Tools' menuitem: Search and Remove Spyware - {CDB280E8-BE43-4128-
> 8A5A-3FCD094E2D88} - C:\Program Files\RegFreeze\rfsearchhandler.dll
> O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8171C6FC-F6F9-
> 4499-9DF4-A005F3385E22} - (no file) (HKCU)
> O14 - IERESET.INF: START_PAGE_URL=www.vobis.pl/

Fix Checked i wklej nowy log z hijackthis.