Skocz do zawartości

Zarchiwizowany

Ten temat jest archiwizowany i nie można dodawać nowych odpowiedzi.

Vergil

Hijcak This i inne logi - wklejamy tutaj

Polecane posty

wywal:

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:Program FilesNewDotNetnewdotnet7_22.dll

O4 - HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM..Run: [winlog] winlog.exe <-może ale nie musi być syfem, proponuję zostawić i jeśli problem nie zniknie po wywaleniu reszty, spróbuj to wywalić (i następny wpis o tej nazwie)

O4 - HKLM..RunServices: [winlog] winlog.exe

O4 - Global Startup: msconfig.exe

O4 - Global Startup: taskmgr.exe

O8 - Extra context menu item: &MyToolBar Search - res://C:Program FilesToolBar888MyToolBar.dll/MENUSEARCH.HTM

O10 - Hijacked Internet access by New.Net (wszystkie)

jak postępować, pamiętasz, lub sobie doczytaj - awaryjny, odłączona sieć itd, pisałem to wiele razy...

Link do komentarza
Udostępnij na innych stronach

Zrobiłem sobie scan hijack-iem i bardzo ładnie proszę, by ktoś doradził, co mam wywalić (coś na pewno będzie):

Logfile of HijackThis v1.99.1

Scan saved at 20:00:48, on 2006-06-13

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesCommon FilesSymantec SharedccSetMgr.exe

C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe

C:WINDOWSExplorer.EXE

C:Program FilesCommon FilesSymantec SharedccProxy.exe

C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe

C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe

C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

C:WINDOWSsystem32LEXBCES.EXE

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSsystem32LEXPPS.EXE

C:Program FilesWinFastWFTVFMWFWIZ.exe

C:WINDOWSSystem32CTHELPER.EXE

C:Program FilesCommon FilesSymantec SharedccApp.exe

C:Program FilesLexmark X74-X75lxbbbmgr.exe

C:Program FilesLexmark X74-X75lxbbbmon.exe

C:Program FilesWinampwinampa.exe

C:WINDOWSSystem32RUNDLL32.EXE

C:Program FilesMessengermsmsgs.exe

C:WINDOWSSystem32CTsvcCDA.exe

C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe

C:Program FilesMediaKeyOSD.EXE

C:Program FilesMediaKeyVersato.exe

C:PROGRA~1NORTON~2NORTON~1NPROTECT.EXE

C:WINDOWSSystem32nvsvc32.exe

C:PROGRA~1NORTON~2NORTON~1SPEEDD~1NOPDB.EXE

C:WINDOWSSystem32svchost.exe

C:Program FilesWebrootSpy SweeperWRSSSDK.exe

C:WINDOWSSystem32UAService7.exe

C:WINDOWSSystem32MsPMSPSv.exe

C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE

C:PROGRA~1MOZILL~1FIREFOX.EXE

C:Documents and SettingsWłaścicielPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.sportowefakty.pl/

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.skokinarciarskie.pl

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigURL = http://www.aster.pl/aster.pac

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:Program FilesNeed2Findbar1.binND2FNBAR.DLL

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:Documents and SettingsWłaścicielMoje dokumentyProgramyFlash Get 1.6Jccatch.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:Documents and SettingsWłaścicielMoje dokumentyProgramyFlash Get 1.6fgiebar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll

O4 - HKLM..Run: [WinFast Schedule] C:Program FilesWinFastWFTVFMWFWIZ.exe

O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [CTHelper] CTHELPER.EXE

O4 - HKLM..Run: [updReg] C:WINDOWSUpdReg.EXE

O4 - HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBLivePROGRAMADGJDet.exe"

O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"

O4 - HKLM..Run: [Lexmark X74-X75] "C:Program FilesLexmark X74-X75lxbbbmgr.exe"

O4 - HKLM..Run: [sSC_UserPrompt] "C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe"

O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM..Run: [instaFinderK] C:Program FilesINSTAFINKInstaFinderK_inst.exe

O4 - HKLM..Run: [semanticInsight] C:Program FilesRXToolBarSemantic InsightSemanticInsight.exe

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit

O4 - HKCU..Run: [Versato] "C:Program FilesMediaKeyMagicRun.exe"

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

O8 - Extra context menu item: Download All by FlashGet - C:DOCUME~1WACICI~1MOJEDO~1MARCIN~1ProgramyFLASHG~1.6jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:DOCUME~1WACICI~1MOJEDO~1MARCIN~1ProgramyFLASHG~1.6jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:Program FilesNorton SystemWorksNorton CleanupWCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:Program FilesNorton SystemWorksNorton CleanupWCQuick.lnk

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:DOCUME~1WACICI~1MOJEDO~1MARCIN~1ProgramyFLASHG~1.6flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:DOCUME~1WACICI~1MOJEDO~1MARCIN~1ProgramyFLASHG~1.6flashget.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE

O16 - DPF: BPHOnl - https://e-bank.bphpbk.pl/bph/portal/starts....File/BPHOnl.cab

O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} - http://advnt01.com/dialer/int_ver32b.CAB

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab

O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://pl.easports.com/downloads/games/common/ieell.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://pl.easports.com/downloads/games/com...py/iesnoopy.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games4.cab

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:WINDOWSSYSTEM32WRLogonNTF.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:Program FilesNorton Internet SecurityccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:Program FilesNorton Internet SecuritycomHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSSystem32CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:PROGRA~1NORTON~2NORTON~1NPROTECT.EXE

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:PROGRA~1NORTON~2NORTON~1SPEEDD~1NOPDB.EXE

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperWRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:WINDOWSSystem32UAService7.exe

Link do komentarza
Udostępnij na innych stronach

wszystko w trybie awaryjnym, przy odłączonym necie. gdyby coś nie chciało się usunąć spróbuj programu killbox lub unlocker.

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:Program FilesNeed2Findbar1.binND2FNBAR.DLL

O4 - HKLM..Run: [instaFinderK] C:Program FilesINSTAFINKInstaFinderK_inst.exe

O4 - HKLM..Run: [semanticInsight] C:Program FilesRXToolBarSemantic InsightSemanticInsight.exe

O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN

O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} - http://advnt01.com/dialer/int_ver32b.CAB

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games4.cab <- zostaw jeśli znasz stronę, z której to pochodzi

O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB

po wywaleniu w HJT wywal z dysku katalogi:

C:Program FilesNeed2Find

C:Program FilesINSTAFINK

C:Program FilesRXToolBar

dodatkowo przeskanuj sobie system programem ewido.

po skończeniu wrzuć nowy log do weryfikacji.

Link do komentarza
Udostępnij na innych stronach

Znowu cos mi sie wwaliło :( Oto log:

Logfile of HijackThis v1.99.1

Scan saved at 20:15:32, on 2006-05-11

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe

C:Program FilesAnalog DevicesSoundMAXSmax4.exe

C:Program FilesJavajre1.5.0_06binjusched.exe

C:WINDOWSSystem32RUNDLL32.EXE

C:Program FilesCyberLinkPowerDVDPDVDServ.exe

C:WINDOWSsvchost.exe

C:WINDOWSSystem32nvsvc32.exe

C:WINDOWSsvchost.exe

C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe

C:WINDOWSSystem32wuauclt.exe

D:RóżneHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [soundMAXPnP] C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe

O4 - HKLM..Run: [soundMAX] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /tray

O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE

O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143371666578

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe

wogule nie moge zalogowac sie ne swoje konto musiałem wysłac post z konta starszej:/

Link do komentarza
Udostępnij na innych stronach

Ja rowniez bym prosil o sprawdzenie mojego loga. :wink:

Logfile of HijackThis v1.99.1

Scan saved at 14:50:52, on 2006-06-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

F:ProgramyTuneUp Utilities 2006WinStylerThemeSvc.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAheadInCDInCDsrv.exe

C:Program FilesTGTSoftStyleXPStyleXPService.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:Program FilesJavajre1.5.0_06binjusched.exe

F:ProgramySpy SweeperSpySweeper.exe

F:ProgramyDU MeterDUMeter.exe

F:ProgramyKonnektkonnekt.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

F:ProgramyDiskeeper ProfessionalDkService.exe

C:Program FilesGetRightgetright.exe

F:ProgramyFoobar 2000foobar2000.exe

F:ProgramyMemInfomeminfo.exe

F:ProgramyYz Dock ToolbarYzDock.exe

C:Program FilesGetRightgetright.exe

F:ProgramySunbelt SoftwarePersonal Firewall 4kpf4ss.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSsystem32svchost.exe

F:ProgramySunbelt SoftwarePersonal Firewall 4kpf4gui.exe

F:ProgramySpy SweeperWRSSSDK.exe

C:WINDOWSsystem32wdfmgr.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:WINDOWSSystem32alg.exe

F:ProgramySunbelt SoftwarePersonal Firewall 4kpf4gui.exe

F:ProgramyBearShareBearShare.exe

C:Documents and SettingsNietoperzPulpitDownloadshijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:Program FilesGetRightxx2gr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:Program FilesTGTSoftStyleXPTGT_BHO.dll

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [OCAudioIni] F:ProgramyOne-click Audio ConverterOCAudioIni.exe

O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [spySweeper] "F:ProgramySpy SweeperSpySweeper.exe" /startintray

O4 - HKLM..Run: [DiskeeperSystray] "F:ProgramyDiskeeper ProfessionalDkIcon.exe"

O4 - HKLM..Run: [DU Meter] F:ProgramyDU MeterDUMeter.exe

O4 - HKCU..Run: [Konnekt] "F:ProgramyKonnektkonnekt.exe" /autostart

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - Startup: foobar2000.lnk = F:ProgramyFoobar 2000foobar2000.exe

O4 - Startup: MemInfo.lnk = F:ProgramyMemInfomeminfo.exe

O4 - Startup: Spy Sweeper Fix.lnk = F:ProgramySpy SweeperSpySweeperFix.bat

O4 - Startup: YzDock.lnk = F:ProgramyYz Dock ToolbarYzDock.exe

O4 - Global Startup: Start GetRight.lnk = C:Program FilesGetRightgetright.exe

O8 - Extra context menu item: Download with GetRight - C:Program FilesGetRightGRdownload.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - C:Program FilesGetRightGRbrowse.htm

O8 - Extra context menu item: Pobierz z &BitSpirit - F:ProgramyBitSpiritbsurl.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file://C:Program FilesAutoCAD LT 2002 PlkAcDcToday.ocx

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:Program FilesAutoCAD LT 2002 PlkInstBanr.ocx

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:Program FilesAutoCAD LT 2002 PlkAcPreview.ocx

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:WINDOWSSYSTEM32WRLogonNTF.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

O23 - Service: Diskeeper - Diskeeper Corporation - F:ProgramyDiskeeper ProfessionalDkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:Program FilesAheadInCDInCDsrv.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - F:ProgramySunbelt SoftwarePersonal Firewall 4kpf4ss.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:Program FilesCommon FilesSony SharedFskSonySCSIHelperService.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe

O23 - Service: StyleXPService - Unknown owner - C:Program FilesTGTSoftStyleXPStyleXPService.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - F:ProgramySpy SweeperWRSSSDK.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:ProgramyTuneUp Utilities 2006WinStylerThemeSvc.exe

Z gory wielkie dzieki :!:

Link do komentarza
Udostępnij na innych stronach

po wywaleniu w HJT wywal z dysku katalogi:

C:Program FilesNeed2Find

C:Program FilesINSTAFINK

C:Program FilesRXToolBar

Wyświetlał mi się tylko ten pierwszy katalog, nie wiem czemu.

Nowy skan:

Logfile of HijackThis v1.99.1

Scan saved at 19:02:29, on 2006-06-15

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesCommon FilesSymantec SharedccSetMgr.exe

C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe

C:WINDOWSExplorer.EXE

C:Program FilesCommon FilesSymantec SharedccProxy.exe

C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe

C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe

C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

C:WINDOWSsystem32LEXBCES.EXE

C:WINDOWSsystem32LEXPPS.EXE

C:WINDOWSsystem32spoolsv.exe

C:Program FilesWinFastWFTVFMWFWIZ.exe

C:WINDOWSSystem32CTHELPER.EXE

C:Program FilesCommon FilesSymantec SharedccApp.exe

C:Program FilesLexmark X74-X75lxbbbmgr.exe

C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe

C:Program FilesLexmark X74-X75lxbbbmon.exe

C:Program FilesWinampwinampa.exe

C:Program FilesUnlockerUnlockerAssistant.exe

C:WINDOWSSystem32RUNDLL32.EXE

C:Program FilesMessengermsmsgs.exe

C:WINDOWSSystem32CTsvcCDA.exe

C:Program Filesewido anti-malwareewidoctrl.exe

C:Program Filesewido anti-malwareewidoguard.exe

C:Program FilesMediaKeyOSD.EXE

C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe

C:Program FilesMediaKeyVersato.exe

C:Documents and SettingsWłaścicielPulpitHijackThis.exe

C:PROGRA~1NORTON~2NORTON~1NPROTECT.EXE

C:WINDOWSSystem32nvsvc32.exe

C:PROGRA~1NORTON~2NORTON~1SPEEDD~1NOPDB.EXE

C:WINDOWSSystem32svchost.exe

C:Program FilesWebrootSpy SweeperWRSSSDK.exe

C:WINDOWSSystem32UAService7.exe

C:WINDOWSSystem32MsPMSPSv.exe

C:WINDOWSSystem32imapi.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.sportowefakty.pl/

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.skokinarciarskie.pl

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigURL = http://www.aster.pl/aster.pac

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:Documents and SettingsWłaścicielMoje dokumentyProgramyFlash Get 1.6Jccatch.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:Documents and SettingsWłaścicielMoje dokumentyProgramyFlash Get 1.6fgiebar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll

O4 - HKLM..Run: [WinFast Schedule] C:Program FilesWinFastWFTVFMWFWIZ.exe

O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [CTHelper] CTHELPER.EXE

O4 - HKLM..Run: [updReg] C:WINDOWSUpdReg.EXE

O4 - HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBLivePROGRAMADGJDet.exe"

O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"

O4 - HKLM..Run: [Lexmark X74-X75] "C:Program FilesLexmark X74-X75lxbbbmgr.exe"

O4 - HKLM..Run: [sSC_UserPrompt] "C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe"

O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [unlockerAssistant] "C:Program FilesUnlockerUnlockerAssistant.exe"

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit

O4 - HKCU..Run: [Versato] "C:Program FilesMediaKeyMagicRun.exe"

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O8 - Extra context menu item: Download All by FlashGet - C:DOCUME~1WACICI~1MOJEDO~1MARCIN~1ProgramyFLASHG~1.6jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:DOCUME~1WACICI~1MOJEDO~1MARCIN~1ProgramyFLASHG~1.6jc_link.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:Program FilesNorton SystemWorksNorton CleanupWCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:Program FilesNorton SystemWorksNorton CleanupWCQuick.lnk

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:DOCUME~1WACICI~1MOJEDO~1MARCIN~1ProgramyFLASHG~1.6flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:DOCUME~1WACICI~1MOJEDO~1MARCIN~1ProgramyFLASHG~1.6flashget.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE

O16 - DPF: BPHOnl - https://e-bank.bphpbk.pl/bph/portal/starts....File/BPHOnl.cab

O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://pl.easports.com/downloads/games/common/ieell.cab

O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://pl.easports.com/downloads/games/com...py/iesnoopy.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:WINDOWSSYSTEM32WRLogonNTF.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:Program FilesNorton Internet SecurityccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:Program FilesNorton Internet SecuritycomHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSSystem32CTsvcCDA.exe

O23 - Service: ewido security suite control - ewido networks - C:Program Filesewido anti-malwareewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:Program Filesewido anti-malwareewidoguard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:PROGRA~1NORTON~2NORTON~1NPROTECT.EXE

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity ConsoleNSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:PROGRA~1NORTON~2NORTON~1SPEEDD~1NOPDB.EXE

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperWRSSSDK.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:WINDOWSSystem32UAService7.exe

Link do komentarza
Udostępnij na innych stronach

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:DOCUME~1WACICI~1MOJEDO~1MARCIN~1ProgramyFLASHG~1.6flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:DOCUME~1WACICI~1MOJEDO~1MARCIN~1ProgramyFLASHG~1.6flashget.exe (file missing)

Za Fixuj.

Sporo zbędnych aplikacji ładuje się z Autostartem, spowalniając uruchomianie windy.

Ściągnij sobie Starter v5.6.2.0

W zakładce Autostarty odchacz lub usuń

O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [CTHelper] CTHELPER.EXE

O4 - HKLM..Run: [updReg] C:WINDOWSUpdReg.EXE

O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [unlockerAssistant] "C:Program FilesUnlockerUnlockerAssistant.exe"

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE

Jak nie używasz MSN, to skasuj tym --> xp-AntiSpy 3.96 PL

Link do komentarza
Udostępnij na innych stronach

Logfile of HijackThis v1.99.1

Scan saved at 23:36:26, on 2006-12-03

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSSYSTEM32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32ZoneLabsvsmon.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSOUNDMAN.EXE

C:PROGRA~1NEOSTR~1CnxMon.exe

C:Program FilesThomsonSpeedTouch USBDragdiag.exe

C:PROGRA~1NEOSTR~1TaskbarIcon.exe

C:Program FilesQuickTimeqttask.exe

C:Program FilesJavaj2re1.4.2_08binjusched.exe

C:WINDOWSSystem32RUNDLL32.EXE

C:Program FilesWinampwinampa.exe

C:PROGRA~1GrisoftAVGFRE~1avgcc.exe

C:Program FilesZone LabsZoneAlarmzlclient.exe

C:Program FilesAGEIA TechnologiesTrayIcon.exe

C:WINDOWSSystem32ctfmon.exe

E:Gadu-Gadugg.exe

C:WINDOWSsystem32spoolsv.exe

C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe

C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe

C:PROGRA~1GrisoftAVGFRE~1avgemc.exe

C:Documents and Settingsklijent 120Pulpitewidoewido anti-malwareewidoctrl.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

C:WINDOWSSystem32nvsvc32.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSSystem32UAService7.exe

C:WINDOWSSystem32wuauclt.exe

C:PROGRA~1NEOSTR~1NeostradaTP.exe

C:PROGRA~1NEOSTR~1ComComp.exe

C:PROGRA~1NEOSTR~1Watch.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesMozilla Firefoxfirefox.exe

F:HijackThis1991.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll (file missing)

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe

O4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon

O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe

O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb04.exe

O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_08binjusched.exe

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP

O4 - HKLM..Run: [Zone Labs Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"

O4 - HKLM..Run: [AGEIA PhysX SysTray] C:Program FilesAGEIA TechnologiesTrayIcon.exe

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe

O4 - HKCU..Run: [Gadu-Gadu] "E:Gadu-Gadugg.exe" /tray

O4 - HKCU..Run: [start WingMan Profiler] "C:Program FilesLogitechProfilerlwemon.exe" /noui

O4 - Startup: Xfire.lnk = C:Program FilesXfireXfire.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_08binnpjpi142_08.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2_08binnpjpi142_08.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O10 - Broken Internet access because of LSP provider 'c:program filesnewdotnetnewdotnet7_22.dll' missing

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O17 - HKLMSystemCCSServicesTcpip..{E5A7FAC2-F2B4-4281-B7DF-FFB73D5890CC}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: WBSrv - C:PROGRA~1StardockOBJECT~1WINDOW~1wbsrv.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgemc.exe

O23 - Service: ewido security suite control - ewido networks - C:Documents and Settingsklijent 120Pulpitewidoewido anti-malwareewidoctrl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:WINDOWSSystem32UAService7.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe

O23 - Service: Workstation NetLogon Service (Ź%AF?¤¶?¨) - Unknown owner - C:WINDOWSsystem32iehw32.exe (file missing)

co mam wywalic bo mi system ostatnio cos grymasi? z gory. thx

Link do komentarza
Udostępnij na innych stronach

1. wywal aplikację neostrady i stwórz połączenie ręcznie, tak jest lepiej.

2. jeśli nie korzystasz to wywal google toolbar.

3. uaktualnij system

C:Program FilesQuickTimeqttask.exe <- niegroźne, ale zbędne

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime <- tak jak wyżej, IMO zbędne

O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb04.exe < zbędne

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit <- również zbędne (chyba że Ci zależy na ikonce w tray'u)

do wywalenia:

O10 - Broken Internet access because of LSP provider 'c:program filesnewdotnetnewdotnet7_22.dll' missing <- upewnij się że cały katalog wywalisz

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O23 - Service: Workstation NetLogon Service (Ź%AF夶Ŕ¨) - Unknown owner - C:WINDOWSsystem32iehw32.exe (file missing)

Link do komentarza
Udostępnij na innych stronach

Wies.niak tak nigdy nie pójdzie :wink:

Start -> Uruchom -> services.msc -> zatrzymaj i wyłącz usługę Workstation NetLogon Service (Ź%AF?¤¶?¨)

Sciągnij KillBox'a.

W polu Full Path of File wklej:

C:WINDOWSsystem32iehw32.exe

Zaznacz Delete on reboot, naciśnij X i zresetuj komputer.

O10 - Broken Internet access because of LSP provider 'c:program filesnewdotnetnewdotnet7_22.dll' missing

Użyj LSP-Fix. Zaznacz I know what I'm doing następnie w okienku Keep zaznacz plik newdotnet7_22.dll i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish.

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

To ubij KillTrusted.

O23 - Service: Workstation NetLogon Service (Ź%AF?¤¶?¨) - Unknown owner - C:WINDOWSsystem32iehw32.exe (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll (file missing)

F2 - REG:system.ini: UserInit=userinit.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =

Fix w Hjt.

Po pracy nowy log.

Teraz ok :wink:

Link do komentarza
Udostępnij na innych stronach

czy z tym logiem wszystko ok?Prosze o odp.

Logfile of HijackThis v1.99.1

Scan saved at 19:31:20, on 2006-12-04

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSSystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32Ati2evxx.exe

C:Program FilesCommon FilesSymantec SharedccSetMgr.exe

C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe

C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe

C:WINDOWSExplorer.EXE

C:Program FilesCommon FilesSymantec SharedccProxy.exe

C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe

C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe

C:WINDOWSSystem32spooldriversw32x863hpztsb10.exe

C:Program FilesHPhpcoretechhpcmpmgr.exe

C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe

C:Program FilesATI TechnologiesATI.ACEcli.exe

C:WINDOWSSOUNDMAN.EXE

C:Program FilesCommon FilesSymantec SharedccApp.exe

C:Program FilesJavajre1.5.0_09binjusched.exe

C:Program FilesATI TechnologiesATI.ACECLI.exe

C:WINDOWSsystem32RaConfig.exe

C:Program FilesHPhpcoretechcomphptskmgr.exe

C:Program FilesATI TechnologiesATI.ACEcli.exe

F:AzureusAzureus.exe

C:Program FilesDAEMON Toolsdaemon.exe

C:WINDOWSSystem32wuauclt.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesCommon FilesSymantec SharedNMain.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Documents and SettingsSzymonPulpitSzymonProgramyhijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.cyberlink.com.tw/registration/r...1.asp?SoftWare=

POWERDVD&Version_Num=2.55&Cd_Key=MV99348291888329&Company=Szymon&FName=Szymon&Lang=Plk

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_09binssv.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll

O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb10.exe

O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"

O4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe"

O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"

O4 - HKLM..Run: [urlLSTCK.exe] C:Program FilesNorton Internet SecurityUrlLstCk.exe

O4 - HKLM..Run: [symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe /Consumer

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSSystem32NeroCheck.exe

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.5.0_09binjusched.exe"

O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033

O4 - HKLM..Run: [sSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - Global Startup: Catalyst System Tray.lnk = C:Program FilesATI TechnologiesATI.ACECLI.exe

O4 - Global Startup: RaConfig.lnk = C:WINDOWSsystem32RaConfig.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_09binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_09binssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe

O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe

Link do komentarza
Udostępnij na innych stronach

Siemka mam takie pytanie ciągle mam problemy z kompem i dlatego chce by ktoś kto się na tym zna sprawdził mi loga:)Prosze o odpowiedz co do wywalenia:)

Logfile of HijackThis v1.99.1

Scan saved at 21:34:58, on 2006-12-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSOUNDMAN.EXE

C:WINDOWSehomeehtray.exe

C:Program FilesAntiVir PersonalEdition Classicavgnt.exe

C:WINDOWSsystem32ctfmon.exe

C:WINDOWSsystem32devldr32.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesAntiVir PersonalEdition Classicsched.exe

C:Program FilesAntiVir PersonalEdition Classicavguard.exe

C:WINDOWSeHomeehRecvr.exe

C:WINDOWSeHomeehSched.exe

C:WINDOWSsystem32dllhost.exe

C:WINDOWSeHomeehmsas.exe

C:WINDOWSsystem32wisptis.exe

C:WINDOWSsystem32ntvdm.exe

C:WINDOWSsystem32LEXBCES.EXE

C:WINDOWSsystem32LEXPPS.EXE

C:WINDOWSsystem32LXSUPMON.EXE

C:TEMPTemporary Directory 1 for hijackthis.zipHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.google.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.vobis.pl/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.vobis.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_09binssv.dll

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe

O4 - HKLM..Run: [avgnt] "C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min

O4 - HKLM..Run: [AtiPTA] atiptaxx.exe

O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k

O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON.EXE RUN

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_09binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_09binssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.vobis.pl/

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicsched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:Program FilesAntiVir PersonalEdition Classicavguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE

Link do komentarza
Udostępnij na innych stronach

Logfile of HijackThis v1.99.1

Scan saved at 21:40:55, on 2006-12-12

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

c:program filespanda softwarepanda antivirus + firewall 2007firewallPNMSRV.EXE

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSSystem32nvsvc32.exe

C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007PavFnSvr.exe

C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe

C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007pavsrv51.exe

C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007AVENGINE.EXE

C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007PsImSvc.exe

C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007TPSrv.exe

C:Program FilesAnalog DevicesSoundMAXSMTray.exe

C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007APVXDWIN.EXE

C:Program FilesWinampwinampa.exe

C:Program FilesAGEIA TechnologiesTrayIcon.exe

C:Program FilesQuickTimeqttask.exe

C:Program FilesD-Toolsdaemon.exe

C:Program FilesCyberLinkPowerDVDPDVDServ.exe

C:WINDOWSsystem32wscntfy.exe

C:Program FilesJavajre1.5.0_09binjusched.exe

C:WINDOWSsystem32ctfmon.exe

C:WINDOWSsystem32RUNDLL32.EXE

C:Program FilesGadu-Gadugg.exe

C:Program FilesTlen.pltlen.exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

C:Program FilesStardockObjectDockObjectDock.exe

c:program filespanda softwarepanda antivirus + firewall 2007WebProxy.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSexplorer.exe

C:PROGRA~1MOZILL~1FIREFOX.EXE

C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007psimreal.exe

C:Documents and SettingsADMINPulpitHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_09binssv.dll

O4 - HKLM..Run: [Smapp] C:Program FilesAnalog DevicesSoundMAXSMTray.exe

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007APVXDWIN.EXE" /s

O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM..Run: [AGEIA PhysX SysTray] C:Program FilesAGEIA TechnologiesTrayIcon.exe

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe"  -lang 1033

O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [LClock] C:Program FilesLClockLClock.exe

O4 - HKLM..Run: [USZT 1.4] C:Program FilesUSZTUSZT.EXE

O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.5.0_09binjusched.exe"

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [Komunikator] C:Program FilesTlen.pltlen.exe

O4 - HKCU..Run: [BitTorrent] "C:Program FilesBitTorrentbittorrent.exe" --force_start_minimized

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - Startup: Stardock ObjectDock.lnk = C:Program FilesStardockObjectDockObjectDock.exe

O4 - Startup: Xfire.lnk = C:Program FilesXfirexfire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: Kalendarz XP.lnk = C:Program FilesKalendarz XPKalendarz.exe

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_09binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_09binssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O20 - Winlogon Notify: avldr - C:WINDOWSSYSTEM32avldr.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007pavsrv51.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:program filespanda softwarepanda antivirus + firewall 2007firewallPNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007PsImSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:Program FilesPanda SoftwarePanda Antivirus + Firewall 2007TPSrv.exe

Link do komentarza
Udostępnij na innych stronach

Brat bawił się kompem i pojawiły się podejrzane programy:/ Keygenerator i Virusburster. wywala mi taki error i jak klikne to mnie przełącza na virusburstera. Wywaliłem go. Ale nie moge wywalić keygeneratora. Log z Hijack This wydaje mi się podejrzany.

ehhhjo7.th.png

Logfile of HijackThis v1.99.1

Scan saved at 16:28:35, on 2006-12-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesCommon FilesAutodata Limited SharedServiceADCDLicSvc.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcIp.exe

C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcLog.exe

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcAppFlt.exe

C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:WINDOWSExplorer.EXE

C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnTrayFw.exe

C:WINDOWSSOUNDMAN.EXE

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:Program FilesCyberLinkPowerDVDPDVDServ.exe

C:PROGRA~1NEOSTR~1CnxMon.exe

C:PROGRA~1NEOSTR~1TaskbarIcon.exe

C:Program FilesWinampwinampa.exe

C:Program FilesHPHP Software UpdateHPWuSchd2.exe

C:Program FilesHPhpcoretechhpcmpmgr.exe

C:WINDOWSsystem32RUNDLL32.EXE

C:WINDOWSsystem32ctfmon.exe

C:Program FilesCommon FilesAheadlibNMBgMonitor.exe

C:Program FilesGadu-Gadugg.exe

C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe

C:Program FilesHPDigital Imagingbinhpqtra08.exe

C:Program FilesHPDigital Imagingbinhpqgalry.exe

C:PROGRA~1NEOSTR~1NeostradaTP.exe

C:PROGRA~1NEOSTR~1ComComp.exe

C:PROGRA~1NEOSTR~1Watch.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:DOCUME~1MaciekUSTAWI~1TempRar$EX00.656HijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.games-fusion.net

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O4 - HKLM..Run: [nTrayFw] C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnTrayFw.exe

O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe

O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe

O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe

O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe

O4 - HKLM..Run: [HP Software Update] "C:Program FilesHPHP Software UpdateHPWuSchd2.exe"

O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadlibNMBgMonitor.exe"

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized

O4 - HKCU..Run: [svchost] C:Windowssvchost.exe

O4 - Startup: Xfire.lnk = C:Program FilesXfireXfire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe

O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe

O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:windowssystem32nvappfilter.dll

O17 - HKLMSystemCCSServicesTcpip..{DD49065D-27D3-4A9E-AEA7-4FBC4EB6BA6C}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: Autodata Limited License Service - Autodata Limited - C:Program FilesCommon FilesAutodata Limited SharedServiceADCDLicSvc.exe

O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerApache GroupApache2binapache.exe" -k runservice (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:Program FilesNVIDIA CorporationNetworkAccessManagerbinnSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)

Link do komentarza
Udostępnij na innych stronach

oto i on :

Logfile of HijackThis v1.99.1

Scan saved at 3:19:35 PM, on 1/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesCommon FilesSymantec SharedccSvcHst.exe

C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesAlienGUIsewbload.exe

C:Program FilesNetropaMultimedia Keyboardnhksrv.exe

C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe

C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSExplorer.EXE

C:Program FilesTrustMI-2500X OPTICAL MOUSEMouse32a.exe

C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe

C:WINDOWSvsnpstd.exe

C:Program FilesHPHP Software UpdateHPWuSchd2.exe

C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe

C:Program FilesAnalog DevicesSoundMAXSmax4.exe

C:Program FilesCyberLinkPowerDVDPDVDServ.exe

C:Program FilesPowerISOPWRISOVM.EXE

C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe

C:WINDOWSsystem32qttask.exe

C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe

C:Program FilesNetropaMultimedia KeyboardTrayMon.exe

C:Program FilesCommon FilesSymantec SharedccApp.exe

C:Program FilesNetropaOnscreen DisplayOSD.exe

C:Program FilesInternet Exploreriexplore.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesMSN MessengerMsnMsgr.Exe

C:Program FilesMessengermsmsgs.exe

c:progra~1intern~1iexplore.exe

C:Program FilesPC Connectivity SolutionServiceLayer.exe

C:Program FilesHPDigital Imagingbinhpqtra08.exe

C:Program FilesHPDigital Imagingbinhpqimzone.exe

C:Program FilesHPDigital ImagingbinhpqSTE08.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesHPDigital ImagingProduct Assistantbinhprblog.exe

C:WINDOWSsystem32wuauclt.exe

C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

C:WINDOWSsystem32svchost.exe

C:Program Filesfoobar2000foobar2000.exe

C:Program FilesWapsterAQQAQQ.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:WINDOWSsystem32taskmgr.exe

C:Documents and SettingsOwnerDesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL

O4 - HKLM..Run: [FLMOFFICE4DMOUSE] C:Program FilesTrustMI-2500X OPTICAL MOUSEMouse32a.exe

O4 - HKLM..Run: [MULTIMEDIA KEYBOARD] C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe

O4 - HKLM..Run: [snpstd] C:WINDOWSvsnpstd.exe

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe

O4 - HKLM..Run: [soundMAXPnP] C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe

O4 - HKLM..Run: [soundMAX] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /tray

O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [PWRISOVM.EXE] C:Program FilesPowerISOPWRISOVM.EXE

O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"

O4 - HKLM..Run: [QuickTime Task] "C:WINDOWSsystem32qttask.exe" -atboottime

O4 - HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup

O4 - HKLM..Run: [ref grey amok pure] C:Documents and SettingsAll UsersApplication DataList camp ref greysixth dumb.exe

O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"

O4 - HKLM..Run: [osCheck] "C:Program FilesNorton AntiVirusosCheck.exe"

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Atom stop] C:DOCUME~1OwnerAPPLIC~1GREATF~1debug bat new.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL

O20 - Winlogon Notify: WB - C:Program FilesAlienGUIsefastload.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:Program FilesNorton AntiVirusisPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:Program FilesNetropaMultimedia Keyboardnhksrv.exe

O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe

z gory dzieki i prosze o pomoc :) PEACE

Link do komentarza
Udostępnij na innych stronach

nie podoba mi się (do wywalenia):

O4 - HKLM..Run: [ref grey amok pure] C:Documents and SettingsAll UsersApplication DataList camp ref greysixth dumb.exe

O4 - HKCU..Run: [Atom stop] C:DOCUME~1OwnerAPPLIC~1GREATF~1debug bat new.exe

po usunięciu upewnij się, że te dwa katalogi zniknęły i w nowym logu nie ma już wpisów. gdyby z plikami był problem użyj programu killbox z zaznaczoną opcją delete on reboot.

reszta wydaje się być ok.

poza tym wejdź sobie na www.ewido.net, pobierz avg anti-spyware i przeskanuj komputer.

ps. w końcu trafiłeś do właściwego tematu :D.

Link do komentarza
Udostępnij na innych stronach

no znalazlem wkoncu lol

ale ja nie o tym, zacznijmy od poczatku , sciagnolem juz wczoraj tego avg przeskanowalem kompca wywalil mi jakies 147 badziewi wszystko sie nazywalo trackingcookie cos tam nie pamietam juz , potem probowalem usunac te dwa foldery co powiedziales nie dalo rady uzylem killboxa tez nie dalo rady bo zrobilem loga i ciagle sa , a reklamy jak mialem tak mam :(

zapodaje tego najswierzszego log-a

Logfile of HijackThis v1.99.1

Scan saved at 2:55:04 AM, on 1/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesCommon FilesSymantec SharedccSvcHst.exe

C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesAlienGUIsewbload.exe

C:Program FilesNetropaMultimedia Keyboardnhksrv.exe

C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe

C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe

C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSExplorer.EXE

C:Program FilesTrustMI-2500X OPTICAL MOUSEMouse32a.exe

C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe

C:WINDOWSvsnpstd.exe

C:Program FilesHPHP Software UpdateHPWuSchd2.exe

C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe

C:Program FilesAnalog DevicesSoundMAXSmax4.exe

C:Program FilesCyberLinkPowerDVDPDVDServ.exe

C:Program FilesPowerISOPWRISOVM.EXE

C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe

C:WINDOWSsystem32qttask.exe

C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe

C:Program FilesCommon FilesSymantec SharedccApp.exe

C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesMSN MessengerMsnMsgr.Exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesHPDigital Imagingbinhpqtra08.exe

C:Program FilesInternet Exploreriexplore.exe

c:progra~1intern~1iexplore.exe

C:Program FilesNetropaMultimedia KeyboardTrayMon.exe

C:Program FilesNetropaOnscreen DisplayOSD.exe

C:Program FilesHPDigital Imagingbinhpqimzone.exe

C:Program FilesPC Connectivity SolutionServiceLayer.exe

C:Program FilesHPDigital ImagingbinhpqSTE08.exe

C:Program FilesHPDigital ImagingProduct Assistantbinhprblog.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSsystem32svchost.exe

C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE

C:Program FilesSymantecLiveUpdateAUPDATE.EXE

C:Program FilesSymantecLiveUpdateLuCallbackProxy.exe

C:Program FilesSymantecLiveUpdateLuCallbackProxy.exe

C:Program FilesSymantecLiveUpdateLuCallbackProxy.exe

C:Documents and SettingsOwnerDesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~2Office12GRA8E1~1.DLL

O4 - HKLM..Run: [FLMOFFICE4DMOUSE] C:Program FilesTrustMI-2500X OPTICAL MOUSEMouse32a.exe

O4 - HKLM..Run: [MULTIMEDIA KEYBOARD] C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe

O4 - HKLM..Run: [snpstd] C:WINDOWSvsnpstd.exe

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe

O4 - HKLM..Run: [soundMAXPnP] C:Program FilesAnalog DevicesSoundMAXSMax4PNP.exe

O4 - HKLM..Run: [soundMAX] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /tray

O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [PWRISOVM.EXE] C:Program FilesPowerISOPWRISOVM.EXE

O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"

O4 - HKLM..Run: [QuickTime Task] "C:WINDOWSsystem32qttask.exe" -atboottime

O4 - HKLM..Run: [PCSuiteTrayApplication] C:Program FilesNokiaNokia PC Suite 6LaunchApplication.exe -startup

O4 - HKLM..Run: [ref grey amok pure] C:Documents and SettingsAll UsersApplication DataList camp ref greysixth dumb.exe

O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"

O4 - HKLM..Run: [osCheck] "C:Program FilesNorton AntiVirusosCheck.exe"

O4 - HKLM..Run: [!AVG Anti-Spyware] "C:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Atom stop] C:DOCUME~1OwnerAPPLIC~1GREATF~1debug bat new.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1COMMON~1MICROS~1OFFICE12MSOXMLMF.DLL

O20 - Winlogon Notify: WB - C:Program FilesAlienGUIsefastload.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:Program FilesNorton AntiVirusisPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:Program FilesNetropaMultimedia Keyboardnhksrv.exe

O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe

pozdrower PEACE :):)

Link do komentarza
Udostępnij na innych stronach

1. nie używaj IE, sam się prosisz o kłopoty (-> opera, firefox).

2. spróbuj wywalić te foldery w trybie awaryjnym. pamiętaj by odłączyć sieć na czas operacji.

3. wywal jeszcze to (chyba że sam ustawiałeś):

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR

Link do komentarza
Udostępnij na innych stronach

siema to znowu ja juz mnie powoli krew zalewa najpier probowalem to dziadostwo wywalic tylk z odlaczonym netem ale killbox mi mowi ze plik nie moze byc usuniety jeden i drugi to chcialem sprobowac w trybie awaryjnym to wylaczylem i wlaczylem kompa wciskam f8 a tylko pisze z czego chce odpalic nie ma nic o trybie awaryjnym :( co robic ? czekam na szybka odp peace :):P

Link do komentarza
Udostępnij na innych stronach

Gość
Temat jest zablokowany i nie można w nim pisać.


  • Kto przegląda   0 użytkowników

    • Brak zalogowanych użytkowników przeglądających tę stronę.

×
×
  • Utwórz nowe...