Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    pomocy!

    IP: 62.93.41.* 07.09.06, 23:03
    Pomóżcie proszę. Sciagnałem jakiegos syfa trojana i teraz probuje to cos
    wyrzucic z kompa. Wysyla maile na lewo i prawo podszywajac sie pode mnie. Nie
    pozwala mi wlaczyc firewalla w windowsie. Traktuje go jakims spywarem ale
    program sie wiesza za kazdym razem gdy dochodzi do tego samego fragmentu. Co
    zrobic? Jestem leszczykiem komputerowym i nie mam pojecia co zrobic. Bede
    wdzieczny za jakies konstruktywne rady.
    Obserwuj wątek
      • Gość: p zrobiłem wg wskazówek IP: 62.93.41.* 07.09.06, 23:16
        Logfile of HijackThis v1.99.1
        Scan saved at 23:12:14, on 2006-09-07
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Symantec AntiVirus\DefWatch.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
        C:\Program Files\Spyware Doctor\sdhelp.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Symantec AntiVirus\Rtvscan.exe
        C:\WINDOWS\system32\wdfmgr.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\PROGRA~1\SYMANT~1\VPTray.exe
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
        C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Documents and Settings\Mynia\Moje dokumenty\programy\Phone\Skype.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\WINDOWS\explorer.exe
        C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
        C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
        C:\WINDOWS\system32\WgaTray.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\Program Files\Spyware Doctor\swdoctor.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Documents and Settings\a\Pulpit\hijackthis\hijackthis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        F2 - REG:system.ini: Shell=Explorer.exe
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} -
        C:\WINDOWS\Bolger.dll
        O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
        C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
        O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} -
        C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
        O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
        C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
        O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
        Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
        O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
        Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
        Files\Java\jre1.5.0_02\bin\jusched.exe
        O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton
        Ghost\Agent\GhostTray.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
        -atboottime
        O4 - HKLM\..\Run: [cwvnxim] c:\windows\system32\cwvnxim.exe
        O4 - HKLM\..\Run: [fbWxYp] C:\WINDOWS\mamomfmx.exe
        O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
        bthprops.cpl,,BluetoothAuthenticationAgent
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [gwpguqs] C:\WINDOWS\system32\fkvquus.exe r
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\Mynia\Moje
        dokumenty\programy\Phone\Skype.exe" /nosplash /minimized
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
        O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
        O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
        6.0\Distillr\acrotray.exe
        O4 - Global Startup: BlueSoleil.lnk = ?
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console -
        {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
        Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
        O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
        C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger -
        {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
        v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102968600145
        O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) -
        http://static.zangocash.com/cab/Seekmo/ie/bridge-c567.cab?d77783d03d0dd29877970503649e59cfd4c8af7f0a674fecd848165b9620974096fbec58470afeeb130ce9ef163c5925e34ffc609b2bd138bb45195350320dee21478510f7:51bd07fb1b7f6cfe8c482626e79f8d4e
        O17 - HKLM\System\CCS\Services\Tcpip\..\{55836D3F-7D79-4E22-B597-0D36CC73D406}:
        NameServer = 62.93.41.195,62.93.38.4
        O17 - HKLM\System\CCS\Services\Tcpip\..\{83024F66-3A0A-4BE4-875E-06B9DADC76D7}:
        NameServer = 62.93.41.195 62.93.32.67
        O18 - Filter: text/html - {3AB5541E-0AB1-48F2-B1FB-53EDBCD8131E} -
        C:\DOCUME~1\a\USTAWI~1\Temp\e.eee
        O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
        O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
        C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT
        Corporation\BlueSoleil\BTNtService.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
        Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
        O23 - Service: Norton Ghost - Symantec Corporation - C:\Program
        Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
        O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
        AntiVirus\SavRoam.exe
        O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd -
        C:\Program Files\Spyware Doctor\sdhelp.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
        - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: System Startup Service (SvcProc) - Unknown owner -
        C:\WINDOWS\svcproc.exe
        O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program
        Files\Symantec AntiVirus\Rtvscan.exe

        • Gość: Kolobos Re: zrobiłem wg wskazówek IP: *.warszawa.sdi.tpnet.pl 08.09.06, 02:00
          W hjt usun:
          F2 - REG:system.ini: Shell=Explorer.exe
          O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} -
          C:\WINDOWS\Bolger.dll <- plik usun z dysku.
          O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
          O4 - HKLM\..\Run: [cwvnxim] c:\windows\system32\cwvnxim.exe <- plik usun z dysku.
          O4 - HKLM\..\Run: [fbWxYp] C:\WINDOWS\mamomfmx.exe <- i ten
          O4 - HKLM\..\Run: [gwpguqs] C:\WINDOWS\system32\fkvquus.exe r <- i ten
          O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe <- plik usun z dysku.
          O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) -
          http://static.zangocash.com/cab/Seekmo/ie/bridge-c567.cab?d77783d03d0dd29877970503649e59cfd4c8af7f0a674fecd848165b9620974096fbec58470afeeb130ce9ef163c5925e34ffc609b2bd138bb45195350320dee21478510f7:51bd07fb1b7f6cfe8c482626e79f8d4e
          O18 - Filter: text/html - {3AB5541E-0AB1-48F2-B1FB-53EDBCD8131E} -
          C:\DOCUME~1\a\USTAWI~1\Temp\e.eee <- usun wszystkie pliki z temp.

          Przeskanuj system przy pomocy ewido.
          • Gość: p Re: zrobiłem wg wskazówek IP: 62.93.41.* 08.09.06, 11:12
            Wielkie Dzięki za pomoc, ale wciąż jest coś nie tak. Jak mogę usunąć tego
            bolger.dll jeśli Windows nie pozwala mi na to, bo pisze,że program jest obecnie
            używany.
          • Gość: p Re: zrobiłem wg wskazówek IP: 62.93.41.* 08.09.06, 11:14
            Logfile of HijackThis v1.99.1
            Scan saved at 23:12:14, on 2006-09-07
            Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\csrss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Symantec AntiVirus\DefWatch.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
            C:\Program Files\Spyware Doctor\sdhelp.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Symantec AntiVirus\Rtvscan.exe
            C:\WINDOWS\system32\wdfmgr.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\Explorer.exe
            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
            C:\PROGRA~1\SYMANT~1\VPTray.exe
            C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
            C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
            C:\Program Files\QuickTime\qttask.exe
            C:\WINDOWS\system32\rundll32.exe
            C:\Program Files\Winamp\winampa.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\Documents and Settings\Mynia\Moje dokumenty\programy\Phone\Skype.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            C:\WINDOWS\explorer.exe
            C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
            C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
            C:\WINDOWS\system32\WgaTray.exe
            C:\WINDOWS\system32\wscntfy.exe
            C:\Program Files\Spyware Doctor\swdoctor.exe
            C:\Program Files\Mozilla Firefox\firefox.exe
            C:\Documents and Settings\a\Pulpit\hijackthis\hijackthis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            F2 - REG:system.ini: Shell=Explorer.exe
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} -
            C:\WINDOWS\Bolger.dll
            O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
            C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
            O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} -
            C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
            O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
            C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
            O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
            Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
            O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
            O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
            Panel\atiptaxx.exe
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
            Files\Java\jre1.5.0_02\bin\jusched.exe
            O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton
            Ghost\Agent\GhostTray.exe
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
            -atboottime
            O4 - HKLM\..\Run: [cwvnxim] c:\windows\system32\cwvnxim.exe
            O4 - HKLM\..\Run: [fbWxYp] C:\WINDOWS\mamomfmx.exe
            O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
            bthprops.cpl,,BluetoothAuthenticationAgent
            O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
            O4 - HKLM\..\Run: [gwpguqs] C:\WINDOWS\system32\fkvquus.exe r
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\Mynia\Moje
            dokumenty\programy\Phone\Skype.exe" /nosplash /minimized
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
            O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
            O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
            6.0\Distillr\acrotray.exe
            O4 - Global Startup: BlueSoleil.lnk = ?
            O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
            res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console -
            {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
            Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
            O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
            C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
            C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger -
            {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
            v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102968600145
            O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) -
            http://static.zangocash.com/cab/Seekmo/ie/bridge-c567.cab?d77783d03d0dd29877970503649e59cfd4c8af7f0a674fecd848165b9620974096fbec58470afeeb130ce9ef163c5925e34ffc609b2bd138bb45195350320dee21478510f7:51bd07fb1b7f6cfe8c482626e79f8d4e
            O17 - HKLM\System\CCS\Services\Tcpip\..\{55836D3F-7D79-4E22-B597-0D36CC73D406}:
            NameServer = 62.93.41.195,62.93.38.4
            O17 - HKLM\System\CCS\Services\Tcpip\..\{83024F66-3A0A-4BE4-875E-06B9DADC76D7}:
            NameServer = 62.93.41.195 62.93.32.67
            O18 - Filter: text/html - {3AB5541E-0AB1-48F2-B1FB-53EDBCD8131E} -
            C:\DOCUME~1\a\USTAWI~1\Temp\e.eee
            O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
            O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
            C:\WINDOWS\system32\Ati2evxx.exe
            O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
            O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT
            Corporation\BlueSoleil\BTNtService.exe
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
            C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
            C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
            C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
            Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
            O23 - Service: Norton Ghost - Symantec Corporation - C:\Program
            Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
            O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
            AntiVirus\SavRoam.exe
            O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd -
            C:\Program Files\Spyware Doctor\sdhelp.exe
            O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
            - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
            O23 - Service: System Startup Service (SvcProc) - Unknown owner -
            C:\WINDOWS\svcproc.exe
            O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program
            Files\Symantec AntiVirus\Rtvscan.exe

            • Gość: p cd... IP: 62.93.41.* 08.09.06, 12:04
              Przepusciłem przez Ewido. Na dole wklejam log jak wygląda sytuacja teraz. Mimo
              to system nadal nie pozwala mi włączyć firewalla i nadal mam niebieski kolor
              pulpitu zamiast swojej wychudzonej modelki :) Jestem mega - leszczem komputerwym
              i błagam o pomoc!
              Logfile of HijackThis v1.99.1
              Scan saved at 12:02:10, on 2006-09-08
              Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\csrss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\PROGRA~1\SYMANT~1\VPTray.exe
              C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
              C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
              C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
              C:\Program Files\QuickTime\qttask.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\Program Files\Winamp\winampa.exe
              C:\Program Files\ewido anti-spyware 4.0\ewido.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\Documents and Settings\Mynia\Moje dokumenty\programy\Phone\Skype.exe
              C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
              C:\Program Files\Gadu-Gadu\gg.exe
              C:\Program Files\Spyware Doctor\swdoctor.exe
              C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
              C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Symantec AntiVirus\DefWatch.exe
              C:\Program Files\ewido anti-spyware 4.0\guard.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
              C:\Program Files\Spyware Doctor\sdhelp.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Symantec AntiVirus\Rtvscan.exe
              C:\WINDOWS\system32\wdfmgr.exe
              C:\WINDOWS\system32\WgaTray.exe
              C:\WINDOWS\system32\wscntfy.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\Documents and Settings\a\Pulpit\hijackthis\hijackthis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
              C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
              O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
              C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
              O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} -
              C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
              O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
              C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
              O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
              Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
              O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
              Panel\atiptaxx.exe
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
              Files\Java\jre1.5.0_02\bin\jusched.exe
              O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton
              Ghost\Agent\GhostTray.exe
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
              -atboottime
              O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
              bthprops.cpl,,BluetoothAuthenticationAgent
              O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
              O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe"
              /minimized
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\Mynia\Moje
              dokumenty\programy\Phone\Skype.exe" /nosplash /minimized
              O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
              O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
              O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
              6.0\Distillr\acrotray.exe
              O4 - Global Startup: BlueSoleil.lnk = ?
              O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
              res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
              C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console -
              {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
              Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
              O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
              C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
              C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger -
              {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
              v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102968600145
              O17 - HKLM\System\CCS\Services\Tcpip\..\{55836D3F-7D79-4E22-B597-0D36CC73D406}:
              NameServer = 62.93.41.195,62.93.38.4
              O17 - HKLM\System\CCS\Services\Tcpip\..\{83024F66-3A0A-4BE4-875E-06B9DADC76D7}:
              NameServer = 62.93.41.195 62.93.32.67
              O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
              O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
              O21 - SSODL: msvcrt64.dll - {C98C9C0E-3129-47EC-A536-7ADF9E6E3103} -
              msvcrt64.dll (file missing)
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
              C:\WINDOWS\system32\Ati2evxx.exe
              O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
              O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT
              Corporation\BlueSoleil\BTNtService.exe
              O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
              C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
              O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
              C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
              Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
              O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -
              C:\Program Files\ewido anti-spyware 4.0\guard.exe
              O23 - Service: Norton Ghost - Symantec Corporation - C:\Program
              Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
              O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
              AntiVirus\SavRoam.exe
              O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd -
              C:\Program Files\Spyware Doctor\sdhelp.exe
              O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
              - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
              O23 - Service: System Startup Service (SvcProc) - Unknown owner -
              C:\WINDOWS\svcproc.exe (file missing)
              O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program
              Files\Symantec AntiVirus\Rtvscan.exe

              • Gość: Kolobos Re: cd... IP: *.warszawa.sdi.tpnet.pl 08.09.06, 12:28
                Dlaczego dopiero teraz o tym piszesz, ze pulpit jest podmieniony?

                Uzyj:
                siri.urz.free.fr/Fix/SmitfraudFix_En.php
                Log z usuwania wklej na forum, robisz to co masz opisane pod clean.

                Opis jak wlaczyc zapore masz na samym dole tutaj:
                portal.centrumxp.pl/forums/thread/169899.aspx
                W hjt usun:
                O21 - SSODL: msvcrt64.dll - {C98C9C0E-3129-47EC-A536-7ADF9E6E3103} -
                msvcrt64.dll (file missing)

                Usluga do ksacji, opis usuwania uslug masz w przyklejnoym poscie:
                O23 - Service: System Startup Service (SvcProc) - Unknown owner -
                C:\WINDOWS\svcproc.exe (file missing)
                • Gość: p Re: cd... IP: 62.93.41.* 08.09.06, 12:53
                  SmitFraudFix v2.84

                  Scan done at 12:52:25,32, 2006-09-08
                  Run from C:\Documents and Settings\a\Pulpit\SmitfraudFix
                  OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
                  Fix ran in normal mode

                  »»»»»»»»»»»»»»»»»»»»»»»» C:\

                  C:\uniq FOUND !
                  C:\winstall.exe FOUND !

                  »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


                  »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


                  »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


                  »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


                  »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


                  »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\a\Application Data


                  »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


                  »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\a\Ulubione


                  »»»»»»»»»»»»»»»»»»»»»»»» Desktop


                  »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

                  C:\Program Files\SpySheriff\ FOUND !

                  »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


                  »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

                  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
                  "Source"="About:Home"
                  "SubscribedURL"="About:Home"
                  "FriendlyName"="Moja bieľĄca strona gˆ˘wna"


                  »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
                  !!!Attention, following keys are not inevitably infected!!!

                  SrchSTS.exe by S!Ri
                  Search SharedTaskScheduler's .dll


                  »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
                  !!!Attention, following keys are not inevitably infected!!!

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
                  "AppInit_DLLs"=""

                  »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


                  »»»»»»»»»»»»»»»»»»»»»»»» End

                  • Gość: p Re: cd... IP: 62.93.41.* 08.09.06, 13:14
                    SmitFraudFix v2.84

                    Scan done at 12:57:40,76, 2006-09-08
                    Run from C:\Documents and Settings\a\Pulpit\SmitfraudFix
                    OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
                    Fix ran in safe mode

                    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
                    !!!Attention, following keys are not inevitably infected!!!

                    SrchSTS.exe by S!Ri
                    Search SharedTaskScheduler's .dll

                    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


                    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

                    GenericRenosFix by S!Ri


                    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

                    C:\uniq Deleted
                    C:\winstall.exe Deleted
                    C:\Program Files\SpySheriff\ Deleted

                    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


                    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

                    Registry Cleaning done.

                    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
                    !!!Attention, following keys are not inevitably infected!!!

                    SrchSTS.exe by S!Ri
                    Search SharedTaskScheduler's .dll


                    »»»»»»»»»»»»»»»»»»»»»»»» End

                    Teraz wygląda to tak. Zapora się włączyła spowrotem. Przejechałem ad-awarem i
                    jest już chyba wszystko git.
                    Dziękuję Ci Bardzo za pomoc. Jestem Twoim dłużnikiem. Dzięki Tobie zachowały się
                    na dysku moje wszystkie dokumenty.
                    Chyba wiszę Ci dużą flaszkę!! Heh Pozdrawiam
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.