error safe problem z usunięciem

[leszek_wn]

Witam,

Jak wiele osób mam problem z Error Safe. Przeszukałem sieć i wykorzystałem kilka procedur usuwania - bez skutku. Próbowałem różnych programów antyspamowych ale bez skutku (być może te płatne przyniosłyby rezultat ale 30 USD nie wchodzi w grę). Avastem wyrzuciłem wirusy i trojany, ale error safe pozostaje. Poniżej log z Hijacka:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:23:25, on 18-05-2007
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Office Mouse Driver\MouseDrv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user.ACTIVEPL-BC9EA0\Moje dokumenty\HiJackThis_v2.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2001 bytes

Nie jestem pewnie, ale chyba wygląda na czysty. Czerwona ikonka error safe wyskakuje co pewien czas i otwiera strony IE i chce coś jeszcze zainstalować. Nie mam już koncepcji jak się z tym rozprawić.

Dziękuję i pozdrawiam,

[wojtas]

czy to jest pelny log??

zastosuj:

smitfraudfix z opcji 2:

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


daj loga z hijacka i :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[leszek_wn]

dzięki za rady. 1)Nie mogę w ogóle odpalić w trybie awaryjnym więc nie mogę dać loga z smitfraudfix z opcji 2. 2)To co jest wyżej to pełny log Hijacka. 3)Log z CoboFix:

"user" - 2007-05-23 13:29:58 Dodatek Service Pack 2
ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\user.ACTIVEPL-BC9EA0\Pulpit\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-23 ))))))))))))))))))))))))))))))))))


2007-05-23 13:21 3,334 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-23 13:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-23 13:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-23 13:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-18 18:13 <DIR> d-------- C:\DOCUME~1\USER~1.ACT\DANEAP~1\TrojanHunter
2007-05-18 17:50 <DIR> d-------- C:\Program Files\TrojanHunter 4.6
2007-05-18 16:50 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-18 14:06 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-05-18 14:06 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-05-18 14:06 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-05-18 14:06 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-05-18 14:06 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-05-18 14:06 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-05-18 14:06 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-05-18 14:06 <DIR> d-------- C:\Program Files\Alwil Software
2007-05-18 13:56 <DIR> d--h----- C:\DOCUME~1\USER~1.ACT\DANEAP~1\hidires
2007-05-18 13:56 <DIR> d-------- C:\WINDOWS\system32\LiveMonitorLogFolder
2007-05-18 13:56 <DIR> d-------- C:\WINDOWS\exefld
2007-05-18 11:19 <DIR> d-------- C:\quarantine
2007-05-17 15:16 630,784 --a------ C:\WINDOWS\system32\VchReg.dll
2007-05-17 15:16 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-05-17 11:21 <DIR> d-------- C:\Program Files\eMule
2007-05-17 11:10 <DIR> d-------- C:\Program Files\SkanerOnline
2007-05-16 22:02 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-05-16 20:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DANEAP~1\Spybot - Search & Destroy
2007-05-16 13:59 <DIR> d-------- C:\Program Files\PhotoFiltre
2007-05-12 21:15 <DIR> d-------- C:\Program Files\Evrsoft First Page 2006
2007-05-11 13:48 <DIR> d-------- C:\DOCUME~1\USER~1.ACT\DANEAP~1\Logitech
2007-05-11 13:46 69,504 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-05-11 13:46 53,632 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-05-11 13:46 36,480 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2007-05-11 13:46 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2007-05-11 13:45 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-05-11 13:45 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-05-11 13:45 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2007-05-11 13:45 24,704 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-05-11 13:45 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-05-11 13:45 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-05-11 13:45 <DIR> d-------- C:\Program Files\Logitech
2007-05-11 13:45 <DIR> d-------- C:\Program Files\Common Files\Logitech


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-12 14:09:29 1,289 ----a-w C:\WINDOWS\mozver.dat
2007-05-11 11:45:45 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-17 08:29:30 -------- d-----w C:\DOCUME~1\USER~1.ACT\DANEAP~1\Help
2007-04-16 15:01:08 -------- d-----w C:\Program Files\Winamp
2007-04-10 15:01:22 -------- d-----w C:\Program Files\PITy
2007-04-03 14:34:46 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-03-30 17:18:26 -------- d-----w C:\Program Files\Common Files\Borland Shared
2007-03-30 17:18:22 -------- d-----w C:\Program Files\RESET2
2007-03-30 13:08:11 68,554 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-03-30 13:08:11 439,538 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-03-30 10:41:27 -------- d-----w C:\DOCUME~1\USER~1.ACT\DANEAP~1\PassidTmp
2007-03-30 10:41:14 7,551 ----a-w C:\WINDOWS\system32\drivers\U3sHlpDr.sys
2007-03-29 11:59:18 -------- d-----w C:\Program Files\The Weather Channel FW
2007-03-29 11:57:09 -------- d-----w C:\Program Files\Google
2007-03-28 12:36:12 41 ---h--w C:\WINDOWS\dsez6180.dat
2007-03-26 10:31:44 -------- d-----w C:\Program Files\Office Mouse Driver
2007-03-26 10:24:29 -------- d-----w C:\DOCUME~1\USER~1.ACT\DANEAP~1\CyberLink
2007-03-23 16:08:09 -------- d-----w C:\Program Files\Messenger
2007-03-23 16:06:09 -------- d-----w C:\Program Files\MSXML 4.0
2007-03-23 16:02:48 -------- d-----w C:\Program Files\Gadu-Gadu
2007-03-23 10:49:41 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-23 08:57:23 3,995,195 ----a-w C:\gg76.exe
2007-03-23 08:32:56 -------- d-----w C:\Program Files\Yahoo!
2007-03-22 18:29:02 -------- d-----w C:\Program Files\Network Associates
2007-03-22 18:29:02 -------- d-----w C:\Program Files\Common Files\Cisco Systems
2007-03-22 18:28:47 -------- d-----w C:\Program Files\Common Files\Network Associates
2007-03-22 17:11:58 -------- d-----w C:\Program Files\Ahead
2007-03-20 11:31:21 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-03-20 10:15:17 -------- d-----w C:\DOCUME~1\USER~1.ACT\DANEAP~1\Symantec
2007-03-20 10:12:21 -------- d-----w C:\Program Files\Symantec
2007-03-20 10:12:13 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-19 17:54:13 -------- d-----w C:\DOCUME~1\USER~1.ACT\DANEAP~1\InterTrust
2007-03-19 17:52:02 -------- d-----w C:\Program Files\CyberLink
2007-03-19 17:51:59 -------- d-----w C:\Program Files\CyberLink DVD Solution
2007-03-19 17:48:35 -------- d-----w C:\Program Files\Microsoft Works
2007-03-19 17:43:56 -------- d-----w C:\Program Files\Common Files\ODBC
2007-03-19 17:43:53 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-03-19 17:42:04 -------- d-----w C:\Program Files\Microsoft.NET
2007-03-19 17:34:42 -------- d-----w C:\Program Files\Realtek
2007-03-19 17:33:31 -------- d-----w C:\Program Files\DIFX
2007-03-19 17:19:24 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-19 16:53:50 -------- d-----w C:\Program Files\microsoft frontpage
2007-03-19 16:53:34 0 --sha-r C:\MSDOS.SYS
2007-03-19 16:53:34 0 --sha-r C:\IO.SYS
2007-03-19 16:53:34 0 ----a-w C:\CONFIG.SYS
2007-03-19 16:53:34 0 ----a-w C:\AUTOEXEC.BAT
2007-03-19 16:52:23 -------- d--h--w C:\Program Files\WindowsUpdate
2007-03-19 16:52:19 -------- d-----w C:\Program Files\Usługi online
2007-03-19 16:51:22 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-03-19 16:51:11 -------- d-----w C:\Program Files\Movie Maker
2007-03-19 16:49:50 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-03-19 16:49:39 -------- d-----w C:\Program Files\Windows NT
2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 05:51:28 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-03-16 05:51:28 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-03-15 10:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 10:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-15 10:00:36 466,432 ----a-w C:\WINDOWS\system32\SkanerOnline.dll
2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 17:39]
{2724E072-19D0-486d-A819-9D914191AE92}=C:\WINDOWS\wowsupport.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 09:35]
"nwiz"="nwiz.exe" [2006-08-16 09:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-16 09:35]
"RTHDCPL"="RTHDCPL.EXE" []
"SkyTel"="SkyTel.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 21:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48]
"WireLessMouse"="C:\Program Files\Office Mouse Driver\StartAutorun.exe" [2005-11-30 12:48]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 14:20]
"THGuard"="C:\Program Files\TrojanHunter 4.6\THGuard.exe" [2007-05-11 20:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 06:00]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 16:58]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
file:///C:\WINDOWS\privacy_danger\index.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{3ADC8238-9205-442A-A2E0-8DAEFAA7DEF8}"="C:\WINDOWS\mssmart.dll" []
"{62C61CAF-76B5-44BD-BDE1-B6E24459DDDF}"="C:\WINDOWS\vsmart.dll" []

SafeBoot registry key needs to be repaired. This machine cannot enter Safe Mode.

*Newly Created Service* -PROCEXP90

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-23 13:31:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-23 13:31:31

--- E O F ---

co teraz mogę zrobić?

Pozdrawiam

[wojtas]

tu masz opisane jak naprawic awaryjny:

http://www.searchengines.pl/phpbb203/index.php?showtopic=79791&pid=394788&mode=threaded&start=#entry394788

wlacz smitfraudfix nacisnij 2 i enter poczekaj az odbedzie sie kasowanie i wrzuc nowe logi