Wirusy

przez **konan12** » 29 Lis 2006, 18:06

Siema mam mega problem ! Mam bardzo dużo wirusów na kompie i nie wiem jak to usunąć .. a antywirusa mam Avasta.. A najgorsz wirus to : C:deskbar.exe nie da sie go usuną. Czy mozecie jakoś pomóc . czy to wina słabego anty wirusa ?

przez **katarina** » 29 Lis 2006, 18:15

wklej loga Hijacksthis - na pewno ktoś Ci pomoże .
Tu jest dużo dobrych ludzi

przez **konan12** » 29 Lis 2006, 18:46

Logfile of HijackThis v1.99.1
Scan saved at 17:45:02, on 2006-11-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSExplorer.EXE
C:kybrdff_e66.exe
C:Program FilesJavajre1.5.0_07injusched.exe
C:Program FilesBearShareBearShare.exe
C:Program FilesWinampwinampa.exe
C:dfndrff_e66.exe
C:
wnmff_e57.exe
C:windows_e58.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesNokiaNokia PC Suite 6PcSync2.exe
C:Program FilesgAres.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
c:kybrdff_e70.exe
c:dfndrff_e70.exe
C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe
C:PROGRA~1COMMON~1NokiaMPAPIMPAPI3s.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1Pierug2USTAWI~1TempRar$EX04.656HijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yourstartingpage.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:Program FilesDeskbardeskbar.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM..Run: [keyboard] c:\kybrdff_e70.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_07injusched.exe
O4 - HKLM..Run: [BearShare] "C:Program FilesBearShareBearShare.exe" /pause
O4 - HKLM..Run: [BearFlix] "C:Program FilesBearFlixBearFlix.exe" /pause
O4 - HKLM..Run: [outlook] C:Program Filesoutlookoutlook.exe /auto
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKLM..Run: [defender] c:\dfndrff_e70.exe
O4 - HKLM..Run: [newname] C:\nwnmff_e57.exe
O4 - HKLM..Run: [windows] C:\windows_e58.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [PCSuiteTrayApplication] C:PROGRA~1NokiaNOKIAP~1LAUNCH~1.EXE -startup
O4 - HKLM..Run: [Ad Muncher] C:Program FilesAd MuncherAdMunch.exe /bt
O4 - HKLM..RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [ADS] C:WindowsADS.exe
O4 - HKCU..Run: [Start First] C:DOCUME~1Pierug2DANEAP~1LITESC~1Soft Heart.exe
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [PcSync] C:Program FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
O4 - HKCU..Run: [ares] "C:Program FilesgAres.exe" -h
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_07inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_07inssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O17 - HKLMSystemCCSServicesTcpip..{08342847-52CD-431E-BDF1-443146FB7C8C}: NameServer = 194.204.152.34,194.204.159.1
O17 - HKLMSystemCS1ServicesTcpip..{08342847-52CD-431E-BDF1-443146FB7C8C}: NameServer = 194.204.152.34,194.204.159.1
O17 - HKLMSystemCS2ServicesTcpip..{08342847-52CD-431E-BDF1-443146FB7C8C}: NameServer = 194.204.152.34,194.204.159.1
O17 - HKLMSystemCS3ServicesTcpip..{08342847-52CD-431E-BDF1-443146FB7C8C}: NameServer = 194.204.152.34,194.204.159.1
O20 - AppInit_DLLs: smss.dll
O20 - Winlogon Notify: Shell Extensions - C:WINDOWSsystem32gp24l3fq1.dll (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:WINDOWSsystem32 xnd.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:WINDOWSsystem32enl4l13q1.dll (file missing)
O20 - Winlogon Notify: Themes - C:WINDOWSsystem32mwwstr10.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe
O23 - Service: ServiceLayer - Nokia. - C:Program FilesCommon FilesPCSuiteServicesServiceLayer.exe

przez **pp3088** » 29 Lis 2006, 19:03

Masakra

O4 - HKLM..Run: [keyboard] c:kybrdff_e70.exe
O4 - HKLM..Run: [defender] c:dfndrff_e70.exe
O4 - HKLM..Run: [newname] C:
wnmff_e57.exe

To usunie SMitFRaudFix. Pobierz go z siri.urz.free.fr/Fix/SmitfraudFix.php
Odpal SmitFraudFix.cmd, wcisnij losowy klawisz nastepnie "2" i enter czekasz, resteujesz komputer jeśli trzeba.

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yourstartingpage.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:Program FilesDeskbardeskbar.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM..Run: [windows] C:windows_e58.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

Zaznaczasz w programie HiJackTHis i naciskasz fix checked.

O4 - HKLM..RunServices: [p2p networking] p2pnetworking.exe

Fix w programie i usuniecie folderu p2pnetworkins

O4 - HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 - HKCU..Run: [Start First] C:DOCUME~1Pierug2DANEAP~1LITESC~1Soft Heart.exe

Fix i usuniecie plików na czerwono

O20 - AppInit_DLLs: smss.dll
O20 - Winlogon Notify: Shell Extensions - C:WINDOWSsystem32gp24l3fq1.dll (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:WINDOWSsystem32 xnd.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:WINDOWSsystem32enl4l13q1.dll (file missing)
O20 - Winlogon Notify: Themes - C:WINDOWSsystem32mwwstr10.dll (file missing)

Kurde VX2, znowu. CZytasz topik i używasz podanych tam narzędzi. W pierwszej kolejnośc L2Mfix i wklejasz loga z tego programu.

http://instalki.pl/forum/viewtopic.php?t=6607

Wirusy

Wirusy

Kto jest na forum