BARDZO PROSZE O SPR LOGA !!

witam , bardzo was prosze sprawdzcie mi loga, jak chodze po necie z kilka minut to mi potem wyskakuje za ktoryms razem jak wchodze w jakas strone to pisze BRAK ODPOWIEDZI a potem WYSLIJ RAPORT ALBO NIE (iexplore.exe) i komp mi wogole zle chodzi , jak np laduje mi sie historyjka w rpm tuning to na ostatniej kresce sie zawiesza , (patcha to jush mam) jak mam SZYBKI WYSCIG to dziala , albo jak gram w nfsu 2 too gram 5 min a potem wychodzi na pulpit i sie minimalizujje i musze kliknac zeby pograc znow 5 min :/ prosze bardzo sprawdzcie :

Logfile of HijackThis v1.99.1
Scan saved at 17:08:29, on 2005–03–21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Windows AdStatus\WinStat.exe
C:\temp\salm.exe
C:\WINDOWS\system32\gah95on6.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Tomek\USTAWI~1\Temp\Rar$EX00.984\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: HyperSearchHook – {0AA15BB1–0481–4054–9248–6067DD12E08F} – C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL (file missing)
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet3_88.dll
O2 – BHO: HyperBHO – {4B2F5308–2CB0–40E2–8030–59936ED5D22C} – C:\Program Files\Common Files\Hyperbar\Hyperbar.dll
O2 – BHO: (no name) – {93435525–23D1–AD4A–A900–3FE597AA0058} – C:\DOCUME~1\Tomek\DANEAP~1\COALBA~1\Fastdeaf.exe (file missing)
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 – HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 – HKLM\..\Run: [salm] c:\temp\salm.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [Aodnu] C:\Program Files\Prcrum\Mumfjx.exe
O4 – HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 – HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe /minimize
O4 – HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 – HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [oryvutyz] C:\WINDOWS\oryvutyz.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [platform mess] C:\DOCUME~1\Tomek\DANEAP~1\FREELI~1\META THAT.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" –h
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Picture Package VCD Maker.lnk = ?
O4 – Global Startup: Picture Package Menu.lnk = ?
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge–c11.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106565169171
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{5FD846F4–860A–43CA–8797–C99416E8948A}: NameServer = 213.77.21.150,0.0.0.0
O17 – HKLM\System\CS1\Services\Tcpip\..\{5FD846F4–860A–43CA–8797–C99416E8948A}: NameServer = 213.77.21.150,0.0.0.0
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe

a moźe by spysweeperem? powinien sobie ładnie poradzić.

Daimos

Dodano: 22.03.2005 09:37:04

Wywalałes cały katalog w awaryjnym czy same ptaszki zrobiles i chciałes sfixować ??
W dodaj/usun tez mozesz odinstalować

Bobi

Dodano: 21.03.2005 19:03:35

racja ! ale jak to usuwam (FIX CHECKED) to nadal jak usunie to jak daje ponownie SCAN to mam znow to ( nie usuwa tego) a log jest taki :

Logfile of HijackThis v1.99.1
Scan saved at 18:00:28, on 2005–03–21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Tomek\USTAWI~1\Temp\Rar$EX00.640\HijackThis.exe
C:\Program Files\Windows AdStatus\WinStat.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 – HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe /minimize
O4 – HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 – HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [platform mess] C:\DOCUME~1\Tomek\DANEAP~1\FREELI~1\META THAT.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" –h
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Picture Package VCD Maker.lnk = ?
O4 – Global Startup: Picture Package Menu.lnk = ?
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106565169171
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{5FD846F4–860A–43CA–8797–C99416E8948A}: NameServer = 213.77.21.150,0.0.0.0
O17 – HKLM\System\CS1\Services\Tcpip\..\{5FD846F4–860A–43CA–8797–C99416E8948A}: NameServer = 213.77.21.150,0.0.0.0
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe

poprostu nie usuwa tych plikow , czemu ?? :shock:

solar

Dodano: 21.03.2005 19:00:51

Tos sie kurna nie postarał bo nadal widze Blazefind

C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\Program Files\Windows AdStatus\WinStat.exe

O4 – HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net

A przywracanie miales wylaczyc przedtem ale jesli nie wylaczyes to wylacz i wlacz teraz

Bobi

Dodano: 21.03.2005 18:56:20

zrobiłem to , i teraz log wygląda tak :

ogfile of HijackThis v1.99.1
Scan saved at 17:51:53, on 2005–03–21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\DOCUME~1\Tomek\USTAWI~1\Temp\Rar$EX30.938\HijackThis.exe
C:\Program Files\Windows AdStatus\WinStat.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 – HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kav.exe /minimize
O4 – HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 – HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [platform mess] C:\DOCUME~1\Tomek\DANEAP~1\FREELI~1\META THAT.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" –h
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: Picture Package VCD Maker.lnk = ?
O4 – Global Startup: Picture Package Menu.lnk = ?
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106565169171
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{5FD846F4–860A–43CA–8797–C99416E8948A}: NameServer = 213.77.21.150,0.0.0.0
O17 – HKLM\System\CS1\Services\Tcpip\..\{5FD846F4–860A–43CA–8797–C99416E8948A}: NameServer = 213.77.21.150,0.0.0.0
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: kavsvc – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal\kavsvc.exe

teraz mam włączyć przywracanie ? według mnie jest dobrze , wszystko spoko chodzi :)) dzieki ale sprawdz jeszcze jak mozesz , jeszcze raz dzieki

solar

Dodano: 21.03.2005 18:52:48

solar:
dobrze zaraz zrobie tylko patrzylem wlasnie na forum i niemoge znalezc jak sie wylacza opcje przywracania ,powiesz jak ?? prosze

Do przyklejonego o Hijack This zajrzałes ??
Ostatni post

Bobi

Dodano: 21.03.2005 18:47:41

dobrze zaraz zrobie tylko patrzylem wlasnie na forum i niemoge znalezc jak sie wylacza opcje przywracania ,powiesz jak ?? prosze

solar

Dodano: 21.03.2005 18:43:35

Wylaczasz przywracanie
Sciagsz LSP–FIX
Startujesz w awaryjnym
Odinstalowywujesz z dodaj/usun New.Net
Odpalasz sciagnietego fixa, zaznaczasz "I'm know..." i z lewego okna przerzucasz do prawego pliki New.Net, klikasz Finish

FIX i usuwasz wyboldowane rzeczy z dysku:

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/

R3 – URLSearchHook: HyperSearchHook – {0AA15BB1–0481–4054–9248–6067DD12E08F} – C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
O2 – BHO: (no name) – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL (file missing)
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet3_88.dll
O2 – BHO: HyperBHO – {4B2F5308–2CB0–40E2–8030–59936ED5D22C} – C:\Program Files\Common Files\Hyperbar\Hyperbar.dll
O2 – BHO: (no name) – {93435525–23D1–AD4A–A900–3FE597AA0058} – C:\DOCUME~1\Tomek\DANEAP~1\COALBA~1\Fastdeaf.exe (file missing)
O4 – HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 – HKLM\..\Run: [salm] c:\temp\salm.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [Aodnu] C:\Program Files\Prcrum\Mumfjx.exe
O4 – HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 – HKLM\..\Run: [oryvutyz] C:\WINDOWS\oryvutyz.exe
O9 – Extra button: eBay – Homepage – {EF79EAC5–3452–4E02–B8BD–BA4C89F1AC7A} – C:\Program Files\IrfanView\Ebay\Ebay.htm
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge–c11.cab

Bobi

Dodano: 21.03.2005 18:30:09

BARDZO PROSZE O SPR LOGA !!

Odpowiedzi: 8