WinFixer 2005 hijack probleem. :: Hinnavaatluse Foorumid

Ty · HV kasutaja liitunud: 03.10.2005

Koguaeg viskab selle WinFixer 2005 ette.
Tahab downloadida ja mingi 5 korda jutti iga tunni aja tagant.
Igast viirustõrjetega olen proovinud, ka safemodes. Pole kasu selle hijack'i puhul...

Äkki keegi aitaks.
öelge kuidas selle hijack logi saan, siis vb kergem aidata..
googlest ka ei leidnud abi.

Tänud ette

Betamax · HV Guru liitunud: 29.05.2003

Ty · HV kasutaja liitunud: 03.10.2005

raido357 · HV veteran liitunud: 26.09.2002

Ise ka aru saad mis räägid ?

Ty · HV kasutaja liitunud: 03.10.2005

Betamax · HV Guru liitunud: 29.05.2003

Ty · HV kasutaja liitunud: 03.10.2005

Betamax · HV Guru liitunud: 29.05.2003

Tahad sa mulle öelda, et sa ei suuda hijackthisi alla tõmmata, Desktopile lahti pakkida, vajutada Do a system scan and save a logfile? Sel juhul oled sa omadega väga pehmes kohas.

Ty · HV kasutaja liitunud: 03.10.2005

sry ma ei teadnud et selle proge nimi hijackthis on..

Logfile of HijackThis v1.99.1
Scan saved at 15:06:54, on 23.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\system32\prflbmsgp32.dll
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll
O2 - BHO: (no name) - {8D82BB89-B58C-4F21-9C5D-377F65947806} - C:\WINDOWS\slassac.dll
O2 - BHO: (no name) - {B212D577-05B7-4963-911E-4A8588160DFA} - (no file)
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\SMax4.exe" /tray
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - Startup: Registration Brothers In Arms EiB.LNK = D:\brotherinarms\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128068966359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128099171781
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\system32\winstyle3.dll (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Betamax · HV Guru liitunud: 29.05.2003

O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll
O2 - BHO: (no name) - {16875E09-927B-4494-82BD-158A1CD46BA0} - C:\WINDOWS\system32\prflbmsgp32.dll
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
O2 - BHO: (no name) - {8D82BB89-B58C-4F21-9C5D-377F65947806} - C:\WINDOWS\slassac.dll
O2 - BHO: (no name) - {B212D577-05B7-4963-911E-4A8588160DFA} - (no file)
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll
O4 - Startup: Registration Brothers In Arms EiB.LNK = D:\brotherinarms\Support\Register\RegistrationReminder.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\system32\winstyle3.dll (file missing)
Need võta maha

O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
Nende jaoks kasuta CWShredderit - saad sealt samast, kus Hijackthisi

Igaks juhuks kordan üle - Exploreri aknad peavad scani ja puhastamise ajal kinni olema.

Lisaks soovitaksin sul arvuti üle käia erinevate viirusetõrjetega (Online variandid), CrapCleaneriga (seadista nii, et kustutaks ka uuemad kui 48h ajutised failid), SpyBot S&D, Ad-aware jms. Scanida võiksid aja kokkuhoiu mõttes Safe Mode'is ja netikaabel võiks ka tagant ära olla (va Online scani ajal).
Sul on ketas suht "ussitanud". Isiklikult ei viitsiks selle kõigega jamama hakatagi ja teeksin formati, aga ürita esialgu nendest elukatest lahti saada sellisel moel (kui õnnestub).

Ty · HV kasutaja liitunud: 03.10.2005

hijackthis'i sain ma download.com

ja seda cwsrhadderit pole seal
aga ma googlest sain juba..

nii, et suured tänud sulle!

Laurikre · HV Guru liitunud: 20.09.2003

Siin siis ka kodumaine link http://www.plk.ee/data/HijackThis.exe
Laurikre:.

Betamax · HV Guru liitunud: 29.05.2003

HacaX · HV Guru liitunud: 22.01.2004

OT: lihtsalt mainin - HJT ametlikult kodukalt ei saa juba tükk aega CWShredderit, kuna too müüdi kogu kupatusega maha (ja kuna ostnud firma võeti teise firma poolt üle siis on nüüd CWShredder ametlikult saadaval hoopis trend Micro kodukalt)

Betamax · HV Guru liitunud: 29.05.2003

Link peaks seal veel alles olema vist?