Avast nie daje rady z 4 problemami

IP: *.finemedia.pl 16.03.06, 20:01
Logfile of HijackThis v1.99.1
Scan saved at 19:56:56, on 2006-03-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\mousepad3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ewa\Pulpit\hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini:
Shell=explorer.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} -
C:\WINDOWS\DH.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program
Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06
\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard3.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exe
O4 - HKLM\..\Run: [newname] C:\\newname3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software -
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel
Corporation - C:\WINDOWS\system32\S24EvMon.exe

    • Gość: Ewa Re: Avast nie daje rady z 4 problemami IP: *.finemedia.pl 16.03.06, 20:13
      Win32:Small-CR [Trj]
      Win32:Tsupdate-J [Trj]
      Win32:Trojano-2873 [Trj]
      Win32:Adware-gen. [Adw]
    • Gość: neder Re: Avast nie daje rady z 4 problemami IP: *.neoplus.adsl.tpnet.pl 16.03.06, 21:53
      zamykasz w menedżerze zadań i usuwasz:
      > C:\mousepad3.exe
      usuwasz ręcznie albo KillBoxem (link i opis w przyklejonym)

      wywalasz też:
      > C:\keyboard3.exe
      > C:\newname3.exe


      w HJ fix:
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > about:blank
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      > searchbar.findthewebsiteyouneed.com
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      > searchbar.findthewebsiteyouneed.com
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      > searchbar.findthewebsiteyouneed.com
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      > www.findthewebsiteyouneed.com
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > about:blank
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      > searchbar.findthewebsiteyouneed.com
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      > searchbar.findthewebsiteyouneed.com
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
      > O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} -
      > C:\WINDOWS\DH.dll (file missing)
      > O4 - HKLM\..\Run: [keyboard] C:\\keyboard3.exe
      > O4 - HKLM\..\Run: [mousepad] C:\\mousepad3.exe
      > O4 - HKLM\..\Run: [newname] C:\\newname3.exe

      kombinowałaś coś0 z Messengerem? Nie masz go to wywalasz też:
      > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
      > C:\Program Files\Messenger\msmsgs.exe (file missing)
      > O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
      > 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)


      Skan tym:
      forum.gazeta.pl/forum/72,2.html?f=430&w=38051058&a=38492825
      nie zapomnij o update!

      Oprócz nazw tego co wykrywa avast napisz tez w jakich plikach to wykrywa. I co
      znaczy, że 'nie daje z nimi rady'? Zazwyczaj problemy te znikają kiedy
      przeskanujesz w trybie awaryjnym.


      Restart i nowy log.

      pzdr
    • Gość: Ewa Re: Avast nie daje rady z 4 problemami IP: *.finemedia.pl 16.03.06, 23:45
      Przy uruchamianiu komputera Avast, informował o 4 w/w Trojanach, których nie
      usuwał. Teraz po uruchomieniu narazie Avast nie musiał reagować. Zasyłam nowego
      loga.



      Logfile of HijackThis v1.99.1
      Scan saved at 23:37:37, on 2006-03-16
      Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\S24EvMon.exe
      C:\WINDOWS\system32\ZCfgSvc.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\ATK0100\HControl.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
      C:\WINDOWS\system32\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
      C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\1XConfig.exe
      C:\WINDOWS\ATK0100\ATKOSD.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Ewa\Pulpit\hijackthis\hijackthis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.onet.pl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      F2 - REG:system.ini:
      Shell=explorer.exe

      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
      \SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
      Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
      c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
      files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
      O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program
      Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06
      \bin\jusched.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program
      Files\ASUSTek\ASUSDVD\PDVDServ.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O4 - HKCU\..\Run: [Skype] "C:\Program
      Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
      Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office\OSA9.EXE
      O8 - Extra context menu item: &Google Search - res://c:\program
      files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://c:\program
      files\google\GoogleToolbar2.dll/cmwordtrans.html
      O8 - Extra context menu item: Backward Links - res://c:\program
      files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
      files\google\GoogleToolbar2.dll/cmcache.html
      O8 - Extra context menu item: Similar Pages - res://c:\program
      files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Translate Page into English - res://c:\program
      files\google\GoogleToolbar2.dll/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
      00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
      O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software -
      C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
      O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
      O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -
      C:\WINDOWS\system32\S24EvMon.exe

      • kolobos Re: Avast nie daje rady z 4 problemami 17.03.06, 01:33
        Wyglada ok, a do kasacji tylko to:
        O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)


    • Gość: Ewa Re: Avast nie daje rady z 4 problemami IP: *.finemedia.pl 17.03.06, 15:35
      Wielkie dzięki. Wydaje się, że na razie wszystko jest w porządku.Jeszcze raz
      DZIĘKS. ewa
    • weeman6 Re: Avast nie daje rady z 4 problemami 20.03.06, 15:31
      www.pandasoftware.com/activescan/pol/activescan_principal.htm
Pełna wersja