| Author |
Message
|
zwirek2
Poziom 16
Joined: 14 Nov 2003
Posts: 300
Location: wielkopolska
|
 #1
 16 Aug 2005 08:04 about:blank -->>>> pomozcie usunac wirusa wstre |
|
|
|
panowie w jaki sposob mam go usunac czym probowalem na rozne sposoby i nic mi wiecej do glowy nieprzychodzi
tutaj wrzucam log. co tu jest nie tak dopowiedzcie co usunac
Logfile of HijackThis v1.99.1
Scan saved at 08:56:51, on 2005-08-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\appyw.exe
C:\Program Files\Star Downloader\stardown.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe
C:\Program Files\12Ghosts\12wash.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\RaConfig.exe
E:\stickies\stickies.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\KOCOPO~1\USTAWI~1\Temp\Rar$EX00.156\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\stshc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\stshc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://69.50.179.61/search1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\stshc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\stshc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\stshc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\stshc.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\stshc.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0566FA6A-907F-6564-183E-0B1DD4B4061A} - C:\WINDOWS\system32\iphm32.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3A6D4A75-035C-3482-B127-1A32586AA762} - C:\WINDOWS\system32\atlip32.dll
O2 - BHO: Class - {8F6CE7E6-1006-35E7-C881-E904D5149F8D} - C:\WINDOWS\ntam.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {AAF6F52E-597C-27BB-5688-AE0FF485E368} - C:\WINDOWS\system32\ntcv.dll
O2 - BHO: Class - {BFAA3D4F-3121-6765-035E-63AE94A824A9} - C:\WINDOWS\msnr32.dll
O2 - BHO: Class - {E47C3AAC-058B-618C-CF20-7FBEB197E13B} - C:\WINDOWS\system32\sysnb32.dll
O2 - BHO: Class - {E6F23682-174F-AF3C-0738-3DEF6F7B9091} - C:\WINDOWS\atlgo32.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [appyw.exe] C:\WINDOWS\system32\appyw.exe
O4 - HKLM\..\Run: [iesz32.exe] C:\WINDOWS\system32\iesz32.exe
O4 - HKLM\..\Run: [winnt32.exe] C:\WINDOWS\winnt32.exe
O4 - HKLM\..\Run: [d3ck.exe] C:\WINDOWS\system32\d3ck.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [apidk.exe] C:\WINDOWS\apidk.exe
O4 - HKLM\..\RunOnce: [sysgd32.exe] C:\WINDOWS\system32\sysgd32.exe
O4 - HKLM\..\RunOnce: [sdkdf32.exe] C:\WINDOWS\sdkdf32.exe
O4 - HKLM\..\RunOnce: [adduw.exe] C:\WINDOWS\system32\adduw.exe
O4 - HKLM\..\RunOnce: [apiyy.exe] C:\WINDOWS\system32\apiyy.exe
O4 - HKLM\..\RunOnce: [javadq.exe] C:\WINDOWS\javadq.exe
O4 - HKLM\..\RunOnce: [crgl.exe] C:\WINDOWS\system32\crgl.exe
O4 - HKLM\..\RunOnce: [sysfs32.exe] C:\WINDOWS\system32\sysfs32.exe
O4 - HKLM\..\RunOnce: [javakc32.exe] C:\WINDOWS\system32\javakc32.exe
O4 - HKLM\..\RunOnce: [addnm32.exe] C:\WINDOWS\system32\addnm32.exe
O4 - HKLM\..\RunOnce: [mfcbu.exe] C:\WINDOWS\mfcbu.exe
O4 - HKLM\..\RunOnce: [sdkfe32.exe] C:\WINDOWS\sdkfe32.exe
O4 - HKLM\..\RunOnce: [atlfm32.exe] C:\WINDOWS\atlfm32.exe
O4 - HKLM\..\RunOnce: [iphm32.exe] C:\WINDOWS\system32\iphm32.exe
O4 - HKLM\..\RunOnce: [sysfh32.exe] C:\WINDOWS\system32\sysfh32.exe
O4 - HKLM\..\RunOnce: [addcn.exe] C:\WINDOWS\system32\addcn.exe
O4 - HKLM\..\RunOnce: [iegp.exe] C:\WINDOWS\system32\iegp.exe
O4 - HKLM\..\RunOnce: [syswv32.exe] C:\WINDOWS\syswv32.exe
O4 - HKLM\..\RunOnce: [atlog32.exe] C:\WINDOWS\system32\atlog32.exe
O4 - HKCU\..\Run: [Star Downloader Free] C:\Program Files\Star Downloader\stardown.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: 12Ghosts Wash.lnk = C:\Program Files\12Ghosts\12wash.exe
O4 - Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe
O4 - Startup: Stickies.lnk = E:\stickies\stickies.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MpegTV Station PCITV Remote Control.lnk = C:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - E:\irfan view\Ebay\Ebay.htm
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c415.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbies&Diamonds) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_30.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05F14D4D-96C3-4DA6-AB8E-7D009F52B519}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7C52DF6-5FAF-492A-8886-2B34BAF157C1}: NameServer = 80.51.189.2,80.50.50.50
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
O23 - Service: Network Security Service ( 11Fßä�#·şÄÖ`I) - Unknown owner - C:\WINDOWS\apidk.exe" /s (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
|
|
| Back to top |
|
 |
Google
|
| #
16 Aug 2005 08:04 |
|
|
|
|
|
| Back to top |
|
|
krzysiu77
Poziom 9
Joined: 08 Aug 2005
Posts: 37
Location: Katowice
|
#2
16 Aug 2005 08:13 Re: about:blank -->>>> pomozcie usunac wirusa w |
|
|
|
Pomoze ci ten programik
|
|
| Back to top |
|
|
zwirek2
Poziom 16
Joined: 14 Nov 2003
Posts: 300
Location: wielkopolska
|
#3
16 Aug 2005 08:27 Re: about:blank -->>>> pomozcie usunac wirusa w |
|
|
|
kolego to mi nie pomaga juz probowalem pisze ze niema takowego niby wirusa
to co pisze prosze
Scan is Complete !
CoolWebSearch was not found on this system.
jakos inaczej trzeba do tego podejsc ale dzieki wiem ze wspolnymi silami napewno dojdziemy aby go unieszkodliwic
|
|
| Back to top |
|
|
notset
Poziom 14
Joined: 01 May 2004
Posts: 181
|
#4
16 Aug 2005 08:30 Re: about:blank -->>>> pomozcie usunac wirusa w |
|
|
|
Odnosnie:
"C:\WINDOWS\System32\tlntsvr.exe":
http://vil.nai.com/vil/content/v_99378.htm
"C:\WINDOWS\system32\appyw.exe":
http://forums.spywareinfo.com/lofiversion/index.php/t52885.html
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
###################### co to?:
O4 - HKLM\..\Run: [appyw.exe] C:\WINDOWS\system32\appyw.exe
O4 - HKLM\..\Run: [iesz32.exe] C:\WINDOWS\system32\iesz32.exe
O4 - HKLM\..\Run: [winnt32.exe] C:\WINDOWS\winnt32.exe
O4 - HKLM\..\Run: [d3ck.exe] C:\WINDOWS\system32\d3ck.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKLM\..\RunOnce: [apidk.exe] C:\WINDOWS\apidk.exe
O4 - HKLM\..\RunOnce: [sysgd32.exe] C:\WINDOWS\system32\sysgd32.exe
O4 - HKLM\..\RunOnce: [sdkdf32.exe] C:\WINDOWS\sdkdf32.exe
O4 - HKLM\..\RunOnce: [adduw.exe] C:\WINDOWS\system32\adduw.exe
O4 - HKLM\..\RunOnce: [apiyy.exe] C:\WINDOWS\system32\apiyy.exe
O4 - HKLM\..\RunOnce: [javadq.exe] C:\WINDOWS\javadq.exe
O4 - HKLM\..\RunOnce: [crgl.exe] C:\WINDOWS\system32\crgl.exe
O4 - HKLM\..\RunOnce: [sysfs32.exe] C:\WINDOWS\system32\sysfs32.exe
O4 - HKLM\..\RunOnce: [javakc32.exe] C:\WINDOWS\system32\javakc32.exe
O4 - HKLM\..\RunOnce: [addnm32.exe] C:\WINDOWS\system32\addnm32.exe
O4 - HKLM\..\RunOnce: [mfcbu.exe] C:\WINDOWS\mfcbu.exe
O4 - HKLM\..\RunOnce: [sdkfe32.exe] C:\WINDOWS\sdkfe32.exe
O4 - HKLM\..\RunOnce: [atlfm32.exe] C:\WINDOWS\atlfm32.exe
O4 - HKLM\..\RunOnce: [iphm32.exe] C:\WINDOWS\system32\iphm32.exe
O4 - HKLM\..\RunOnce: [sysfh32.exe] C:\WINDOWS\system32\sysfh32.exe
O4 - HKLM\..\RunOnce: [addcn.exe] C:\WINDOWS\system32\addcn.exe
O4 - HKLM\..\RunOnce: [iegp.exe] C:\WINDOWS\system32\iegp.exe
O4 - HKLM\..\RunOnce: [syswv32.exe] C:\WINDOWS\syswv32.exe
O4 - HKLM\..\RunOnce: [atlog32.exe] C:\WINDOWS\system32\atlog32.exe
########### te wszystkie wyzej sa troche dziwne i podejrzane :) ja bym to wywalil bo na 90% to jakies "niewiadomo co" :)
O4 - HKCU\..\Run: [Star Downloader Free] C:\Program Files\Star Downloader\stardown.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
A reszte to musisz eksperymantalnie.. :)
Ale skoro dales sobie wpuscic na kompa tyle syfu ;) to najlepiej to po prostu uzyj lepszego antyvira/antyadware/antyspy'a itp. ;)
Pozdrawiam!
|
|
| Back to top |
|
|
zwirek2
Poziom 16
Joined: 14 Nov 2003
Posts: 300
Location: wielkopolska
|
#5
16 Aug 2005 09:21 about:blank -->>>> pomozcie usunac wirusa wstre |
|
|
|
pousowalem wszystko to co mi kazales kolego,dalej siedzi gdzies w systemie niewiem co dzialac troche nierozumiem tych na samej gorze linkow bo cienko u mnie z angielskim
|
|
| Back to top |
|
|
Michael0
Poziom 8
Joined: 02 Apr 2003
Posts: 28
|
#6
16 Aug 2005 10:09 Re: about:blank -->>>> pomozcie usunac wirusa w |
|
|
|
Spy Sweeper - powinien ci pomóc
|
|
| Back to top |
|
|
Radzious
Poziom 20
Joined: 27 Feb 2005
Posts: 998
Location: Suchedniów
|
#7
16 Aug 2005 10:37 about:blank -->>>> pomozcie usunac wirusa wstre |
|
|
|
stshc.dll --> ten plik skasuj w awaryjnym a wszystkie wpisy w logu donosząće sie do niego tez
ptaki na:
R3 - Default URLSearchHook is missing
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c415.cab
i skasuj potem pliki
Przejedz system microsoft antispyware
michael0 --> ma juz ten program
about blank usuniesz chyba cws ale w awaryjnym
|
|
| Back to top |
|
|
Jasiek3
Poziom 17
Joined: 26 May 2005
Posts: 392
Location: Iłów
|
#8
16 Aug 2005 10:42 Re: about:blank -->>>> pomozcie usunac wirusa w |
|
|
|
A czy przy starcie kompa zawiesza ci sie połączenie z netem a pochwili wyskakuje komunikat że nie można połączyć się z serverem ? I czy to jest Windows 98?
|
|
| Back to top |
|
|
Yoga
Poziom 17
Joined: 25 Apr 2005
Posts: 372
|
#9
16 Aug 2005 11:51 Re: about:blank -->>>> pomozcie usunac wirusa w |
|
|
|
| notset wrote: |
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [Star Downloader Free] C:\Program Files\Star Downloader\stardown.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
|
To są wszysko poprawne wpisy nie potrzeba ich kasować chociaż nie wszystkie byćmoże powinny być uruchaniane automatycznie.
A do usunięcia to:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\stshc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\stshc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\stshc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\stshc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\stshc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\stshc.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\stshc.dll/sp.html#37049
O23 - Service: Network Security Service ( 11Fßä�#·şÄÖ`I) - Unknown owner - C:\WINDOWS\apidk.exe" /s (file missing)
i usunięcie pliku stshc.dll z dysku
A o usuwaniu about:blank poczytaj w tych linkach:
http://www.searchengines.pl/phpbb203/index.php?showtopic=14185
http://www.searchengines.pl/phpbb203/index.php?showtopic=34586
może akurat trafisz na tę co ty masz.
|
|
| Back to top |
|
|
jankolo
Poziom 26
Joined: 10 Jan 2005
Posts: 28261
Location: Łódź
|
#10
16 Aug 2005 12:06 Re: about:blank -->>>> pomozcie usunac wirusa w |
|
|
|
| Jasiek3 wrote: |
| I czy to jest Windows 98? |
Przeczytaj początek dołączonego logu, to będziesz wiedział.
|
|
| Back to top |
|
|
Google
|
| #
16 Aug 2005 12:06 |
|
|
|
|
|
| Back to top |
|
|
Kolobos
Poziom 26
Joined: 13 Jun 2003
Posts: 26223
Location: Warszawa
|
|
| Back to top |
|
|
Jasiek3
Poziom 17
Joined: 26 May 2005
Posts: 392
Location: Iłów
|
#12
16 Aug 2005 14:08 Re: about:blank -->>>> pomozcie usunac wirusa w |
|
|
|
| jankolo wrote: |
| Jasiek3 wrote: |
| I czy to jest Windows 98? |
Przeczytaj początek dołączonego logu, to będziesz wiedział. |
Sorry zacząłem czytać od od Running processes
Ale mam lepszy pomysł :-) Zwirek2 wejdź na ta stronę http://www.hijackthis.de/ Wklej log w okienko i wciśnij Analyze
Poniżej wyświetlą Ci się wszystkie wpisy z komentarzami do nich
|
|
| Back to top |
|
|
jankolo
Poziom 26
Joined: 10 Jan 2005
Posts: 28261
Location: Łódź
|
#13
16 Aug 2005 14:22 Re: about:blank -->>>> pomozcie usunac wirusa w |
|
|
|
| Jasiek3 wrote: |
Zwirek2 wejdź na ta stronę http://www.hijackthis.de/ Wklej log w okienko i wciśnij Analyze
Poniżej wyświetlą Ci się wszystkie wpisy z komentarzami do nich |
Pomysł jest dobry, tylko to, co sam hijackthis poda niekoniecznie jest prawdą. Te logi trzeba umieć analizować. Nie zauważyłeś, że w tej analizie właśnie pomaga autorowi wątku kolega Kolobos, który posiada w tej materii duże doświadczenie?
|
|
| Back to top |
|
|
zwirek2
Poziom 16
Joined: 14 Nov 2003
Posts: 300
Location: wielkopolska
|
#14
16 Aug 2005 23:37 Re: about:blank -->>>> pomozcie usunac wirusa w |
|
|
|
kolego KOLOBOS wielkie dzieki ten programik Ewido wszystko naprawil tylko nim przeskanowalem i wszystko wrocilo do normy jak powinno byc atu wklejam log moze jeszcze sa jakies nieprawidlowosci ale wirus about:blank z glowy jeszcze raz dzieki
Logfile of HijackThis v1.99.1
Scan saved at 00:29:13, on 2005-08-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\sdkgb.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Star Downloader\stardown.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe
C:\WINDOWS\system32\RaConfig.exe
C:\Program Files\12Ghosts\12wash.exe
E:\stickies\stickies.exe
H:\uruchom.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\KOCOPOLEK\Pulpit\CW SHREDERE\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {DCA3E944-414A-C209-B901-462873898794} - C:\WINDOWS\system32\sysih.dll (file missing)
O2 - BHO: Class - {EFC7644A-EBB5-3164-DE0E-C70C508510A9} - C:\WINDOWS\mstx32.dll (file missing)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [sdkgb.exe] C:\WINDOWS\system32\sdkgb.exe
O4 - HKCU\..\Run: [Star Downloader Free] C:\Program Files\Star Downloader\stardown.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - Startup: 12Ghosts Wash.lnk = C:\Program Files\12Ghosts\12wash.exe
O4 - Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe
O4 - Startup: Stickies.lnk = E:\stickies\stickies.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MpegTV Station PCITV Remote Control.lnk = C:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe
O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - E:\irfan view\Ebay\Ebay.htm
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbies&Diamonds) - http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_30.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05F14D4D-96C3-4DA6-AB8E-7D009F52B519}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7C52DF6-5FAF-492A-8886-2B34BAF157C1}: NameServer = 80.51.189.2,80.50.50.50
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä�#·şÄÖ`I) - Unknown owner - C:\WINDOWS\sysoq.exe" /s (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
|
|
| Back to top |
|
|
Kolobos
Poziom 26
Joined: 13 Jun 2003
Posts: 26223
Location: Warszawa
|
#15
16 Aug 2005 23:57 about:blank -->>>> pomozcie usunac wirusa wstre |
|
|
|
Zostalo jeszcze to:
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {DCA3E944-414A-C209-B901-462873898794} - C:\WINDOWS\system32\sysih.dll (file missing)
O2 - BHO: Class - {EFC7644A-EBB5-3164-DE0E-C70C508510A9} - C:\WINDOWS\mstx32.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\RunOnce: [sdkgb.exe] C:\WINDOWS\system32\sdkgb.exe <- zakoncz ten proces i usun plik z dysku.
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä�#·şÄÖ`I) - Unknown owner - C:\WINDOWS\sysoq.exe" /s (file missing) <- wylacz usluge (w panelu sterowania) i w hijackthis wybierz delete nt service i wklej tam: 11Fßä�#·şÄÖ`I
|
|
| Back to top |
|
|
Google
|
| #
16 Aug 2005 23:57 |
|
|
|
|
|
| Back to top |
|
|
zwirek2
Poziom 16
Joined: 14 Nov 2003
Posts: 300
Location: wielkopolska
|
#16
17 Aug 2005 00:15 about:blank -->>>> pomozcie usunac wirusa wstre |
|
|
|
sory ale gdzie mam to wylaczyc w panelu sterowania gdzie to sie znajduje moglbys mi wytlumaczyc
|
|
| Back to top |
|
|
Kolobos
Poziom 26
Joined: 13 Jun 2003
Posts: 26223
Location: Warszawa
|
#17
17 Aug 2005 00:20 about:blank -->>>> pomozcie usunac wirusa wstre |
|
|
|
Narzedzia Administracyjne->Uslugi odszukaj tam ta usluge i zmien jej tryb uruchomienia na wylaczony.
Przeciez znalezienie tego to chwila, mogles poszukac sam zamiast pytac, przy okazji zobaczylbys co gdzie jest.
|
|
| Back to top |
|
|
zwirek2
Poziom 16
Joined: 14 Nov 2003
Posts: 300
Location: wielkopolska
|
#18
17 Aug 2005 00:35 about:blank -->>>> pomozcie usunac wirusa wstre |
|
|
|
ok juz spoko jest
Dodano po 11 [minuty]:
ok poszlo wszystko juz gra usunelem wszystkie wpisy co podales mi teraz dzieki wielkie pozdrawiam..
|
|
| Back to top |
|
|
