dziwny plik w procesach :/ help plizz :/
Witam mam problem tego typu ... zainstalowalem przegladarke oto ona http://users.pandora.be/brainpower/crazybrowser/cbsetup.exe ... i teraz mam dziwny plik w procesach zajmuje nie wiele ale jest nie do wylaczenia :/ jak daje zakoncz proces to on tylko zmienia nazwe i jest dalej i tak wkolko :/ co robic co to moze byc :/ ... z gory dziekuje za odpowiedz ...
Odpowiedzi: 4
Uźywaj przycisku zmień jeśli chcesz cos dopisac.
Nie wysyłaj trzech postów pod rząd.
Dwa ostatnie polączyłem
Pierwszy log.
Zakończ procesy:
ehxafs.exe
THNALL~1.EXE
aurareco.exe
Usuń w Hijacku zaznaczając wpisy i wciskając fix checked oraz usuń wytłuszczone pliki/katalogi z dysku:
Oproźnij równieź Temp
Twoje numery dostarczone od providera ?
Drugi log.
Zakoncz proces:
plxink.exe
Usun:
Opisy masz wyzej.
Nie zapomnij przywracania na obu kompach wyłączyc.
Nie wysyłaj trzech postów pod rząd.
Dwa ostatnie polączyłem
Pierwszy log.
Zakończ procesy:
ehxafs.exe
THNALL~1.EXE
aurareco.exe
Usuń w Hijacku zaznaczając wpisy i wciskając fix checked oraz usuń wytłuszczone pliki/katalogi z dysku:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/www.searchv.com/w/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchv.com/1/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/1/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchv.com/w/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R1 – HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/1/search.php?qq=%s
F2 – REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O1 – Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 – Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 – Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 – Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O1 – Hosts: 62.189.6.93 _sip._tls.sip7.phoneserve.com
O1 – Hosts: 62.189.6.93 _sip._ssl.sip7.phoneserve.com
O2 – BHO: DownloadRedirect Class – {00000000–6CB0–410C–8C3D–8FA8D2011D0A} – D:\Program Files\iMesh\iMesh5\iMeshBHO.dll
Odinstaluj najpierw z dodaj/usun
O2 – BHO: myBar BHO – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – D:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O2 – BHO: FavoriteMan Class – {139D88E5–C372–469D–B4C5–1FE00852AB9B} – D:\WINDOWS\System32\Favorite.dll (file missing)
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – d:\program files\180searchassistant\sachook.dll
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – D:\Program Files\NewDotNet\newdotnet6_38.dll
Najpierw ściągnij program LSP–FIX i przy jego pomocy usuń plik tego syfu z łańcucha winsock.
Zaznaczasz "I know what..." i z okna keep przenosisz pliki z new... w nazwie strzałkami do okna remove.
O2 – BHO: iMeshBar BHO – {5345A7A1–805A–4923–B505–86B2FEBA3FE0} – D:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 – BHO: WinShow module – {6CC1C918–AE8B–4373–A5B4–28BA1851E39A} – D:\Documents and Settings\DeMoNeK\Dane aplikacji\winshow\winshow.dll (file missing)
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – D:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O3 – Toolbar: iMeshBar – {5345A7A9–805A–4923–B505–86B2FEBA3FE0} – D:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O4 – HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup –s
O4 – HKLM\..\Run: [czuxjc] d:\windows\system32\ehxafs.exe r
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O15 – Trusted Zone: *.media–motor.net
O15 – Trusted Zone: *.popuppers.com
O16 – DPF: {4C39376E–FA9D–4349–BACC–D305C1750EF3} (EPUImageControl Class) – http://tools.ebayimg.com/eps/activex/EPUWALControl_v1–0–3–18.cab
O16 – DPF: {7149E79C–DC19–4C5E–A53C–A54DDF75EEE9} (IObjSafety.DemoCtl) – http://cabs.media–motor.net/cabs/joysaver.cab
Jeśli znasz strony z tymi kontrolkami to je zostaw, w przeciwnym wypadku wywal
O23 – Service: System Startup Service (SvcProc) – Unknown owner – D:\WINDOWS\svcproc.exe
Idziesz do start >> uruchom >> services.msc i z listy wybierasz usługe System Startup Service, we własciwosciach zatrzymujesz ją.
Teraz w Hijacku, Config >> MIsc Tools >> Delete an NT service wpisujesz w okno: SvcProc i resetujesz system
Oproźnij równieź Temp
Twoje numery dostarczone od providera ?
O17 – HKLM\System\CCS\Services\Tcpip\..\{84D025E4–2368–40AA–8067–CE63993C0C28}: NameServer = 194.204.159.1 194.204.152.34
Drugi log.
Zakoncz proces:
plxink.exe
Usun:
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 – HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 – HKLM\..\Run: [bcdyioi] c:\windows\system32\plxink.exe r
O4 – HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\stubinstaller4292.exe"
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: *.media–motor.net
O15 – Trusted Zone: *.popuppers.com
O16 – DPF: {7149E79C–DC19–4C5E–A53C–A54DDF75EEE9} (IObjSafety.DemoCtl) – http://cabs.media–motor.net/cabs/joysaver.cab
O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe
Opisy masz wyzej.
Nie zapomnij przywracania na obu kompach wyłączyc.
Logfile of HijackThis v1.99.1
Scan saved at 22:33:41, on 2005–06–13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
D:\udostepnione\Pliki do mm\mm2_063.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Crazy Browser\Crazy Browser.exe
c:\windows\system32\plxink.exe
D:\udostepnione\hisj\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 – HKLM\..\Run: [bcdyioi] c:\windows\system32\plxink.exe r
O4 – HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\stubinstaller4292.exe"
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: *.media–motor.net
O15 – Trusted Zone: *.popuppers.com
O16 – DPF: {7149E79C–DC19–4C5E–A53C–A54DDF75EEE9} (IObjSafety.DemoCtl) – http://cabs.media–motor.net/cabs/joysaver.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/eng/poker_2_0_0_36.cab
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/eng/slots80_2_0_0_24.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{5C9A2FD5–86C1–4F89–A47F–75E66660C906}: NameServer = 192.168.0.1
O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe
Panowie/Panie... przy okazji drugie logo ... bede BARDZO wdzieczny
po zabawie tym oto programem http://www.hijackthis.de/ moje logo wyglada tak ...
Logfile of HijackThis v1.99.1
Scan saved at 23:13:48, on 2005–06–13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\CTSvcCDA.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ISS\BlackICE\blackice.exe
D:\Pliki do mm\mm2_063.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\ISS\BlackICE\blackd.exe
D:\Program Files\Tlen.pl\tlen.exe
D:\Program Files\Gadu–Gadu\gg.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\taskmgr.exe
d:\windows\system32\lknsun.exe
D:\hija\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 – HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\\winampa.exe"
O4 – HKLM\..\Run: [plujdz] d:\windows\system32\lknsun.exe r
O4 – HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 – Global Startup: BlackICE PC Protection.lnk = D:\Program Files\ISS\BlackICE\blackice.exe
O4 – Global Startup: MpegTV Station PCITV Remote Control.lnk = D:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe
O4 – Global Startup: HP Image Zone – szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 – Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\WINDOWS\System32\msjava.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {2B6A3140–7073–11D5–8F79–0080C8D7EC11} (GameDesire Proxy) – http://gierki.wp.pl/g_bin/ginuser_pl_2_0_0_3.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/eng/boards_2_0_0_20.cab
O16 – DPF: {4539348E–01D7–11D5–9A39–0080C8D85044} (GameDesire Slots 90th) – http://67.15.101.3/g_bin/eng/slots90_2_0_0_24.cab
O16 – DPF: {4C39376E–FA9D–4349–BACC–D305C1750EF3} (EPUImageControl Class) – http://tools.ebayimg.com/eps/activex/EPUWALControl_v1–0–3–18.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/eng/poker_2_0_0_36.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/eng/slots70_2_0_0_24.cab
O16 – DPF: {E95CF138–A587–4C54–8175–3AD80997CB14} (GINSOCCER Class) – http://67.15.101.3/g_bin/eng/soccer_2_0_0_8.cab
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/eng/slots80_2_0_0_24.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/eng/billard8_2_0_0_22.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{84D025E4–2368–40AA–8067–CE63993C0C28}: NameServer = 194.204.159.1 194.204.152.34
O23 – Service: BlackICE – Internet Security Systems, Inc. – D:\Program Files\ISS\BlackICE\blackd.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – D:\WINDOWS\System32\CTSvcCDA.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
O23 – Service: RapApp – Internet Security Systems, Inc. – D:\Program Files\ISS\BlackICE\rapapp.exe
O23 – Service: System Startup Service (SvcProc) – Unknown owner – D:\WINDOWS\svcproc.exe
tylko nie moge za piernika usunac
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
d:\windows\system32\lknsun.exe
O4 – HKLM\..\Run: [plujdz] d:\windows\system32\lknsun.exe r
F2 – REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
trzy ostatnie jak probuje usunac nawet tym porgramem znikaja i za chwile sie pojawiaja spowrotem tylko inna nazwa procz nail ona sie nie zmienia :/ i to na obu PC–tach :/
Scan saved at 22:33:41, on 2005–06–13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
D:\udostepnione\Pliki do mm\mm2_063.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Crazy Browser\Crazy Browser.exe
c:\windows\system32\plxink.exe
D:\udostepnione\hisj\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 – HKLM\..\Run: [bcdyioi] c:\windows\system32\plxink.exe r
O4 – HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\stubinstaller4292.exe"
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: *.media–motor.net
O15 – Trusted Zone: *.popuppers.com
O16 – DPF: {7149E79C–DC19–4C5E–A53C–A54DDF75EEE9} (IObjSafety.DemoCtl) – http://cabs.media–motor.net/cabs/joysaver.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/eng/poker_2_0_0_36.cab
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/eng/slots80_2_0_0_24.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{5C9A2FD5–86C1–4F89–A47F–75E66660C906}: NameServer = 192.168.0.1
O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe
Panowie/Panie... przy okazji drugie logo ... bede BARDZO wdzieczny
po zabawie tym oto programem http://www.hijackthis.de/ moje logo wyglada tak ...
Logfile of HijackThis v1.99.1
Scan saved at 23:13:48, on 2005–06–13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\CTSvcCDA.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ISS\BlackICE\blackice.exe
D:\Pliki do mm\mm2_063.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\ISS\BlackICE\blackd.exe
D:\Program Files\Tlen.pl\tlen.exe
D:\Program Files\Gadu–Gadu\gg.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\taskmgr.exe
d:\windows\system32\lknsun.exe
D:\hija\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 – HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\\winampa.exe"
O4 – HKLM\..\Run: [plujdz] d:\windows\system32\lknsun.exe r
O4 – HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 – Global Startup: BlackICE PC Protection.lnk = D:\Program Files\ISS\BlackICE\blackice.exe
O4 – Global Startup: MpegTV Station PCITV Remote Control.lnk = D:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe
O4 – Global Startup: HP Image Zone – szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 – Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\WINDOWS\System32\msjava.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {2B6A3140–7073–11D5–8F79–0080C8D7EC11} (GameDesire Proxy) – http://gierki.wp.pl/g_bin/ginuser_pl_2_0_0_3.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/eng/boards_2_0_0_20.cab
O16 – DPF: {4539348E–01D7–11D5–9A39–0080C8D85044} (GameDesire Slots 90th) – http://67.15.101.3/g_bin/eng/slots90_2_0_0_24.cab
O16 – DPF: {4C39376E–FA9D–4349–BACC–D305C1750EF3} (EPUImageControl Class) – http://tools.ebayimg.com/eps/activex/EPUWALControl_v1–0–3–18.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/eng/poker_2_0_0_36.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/eng/slots70_2_0_0_24.cab
O16 – DPF: {E95CF138–A587–4C54–8175–3AD80997CB14} (GINSOCCER Class) – http://67.15.101.3/g_bin/eng/soccer_2_0_0_8.cab
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/eng/slots80_2_0_0_24.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/eng/billard8_2_0_0_22.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{84D025E4–2368–40AA–8067–CE63993C0C28}: NameServer = 194.204.159.1 194.204.152.34
O23 – Service: BlackICE – Internet Security Systems, Inc. – D:\Program Files\ISS\BlackICE\blackd.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – D:\WINDOWS\System32\CTSvcCDA.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
O23 – Service: RapApp – Internet Security Systems, Inc. – D:\Program Files\ISS\BlackICE\rapapp.exe
O23 – Service: System Startup Service (SvcProc) – Unknown owner – D:\WINDOWS\svcproc.exe
tylko nie moge za piernika usunac
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
d:\windows\system32\lknsun.exe
O4 – HKLM\..\Run: [plujdz] d:\windows\system32\lknsun.exe r
F2 – REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
trzy ostatnie jak probuje usunac nawet tym porgramem znikaja i za chwile sie pojawiaja spowrotem tylko inna nazwa procz nail ona sie nie zmienia :/ i to na obu PC–tach :/
Logfile of HijackThis v1.99.1
Scan saved at 21:09:34, on 2005–06–13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\CTSvcCDA.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ISS\BlackICE\blackice.exe
D:\Pliki do mm\mm2_063.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\ISS\BlackICE\blackd.exe
D:\Program Files\Tlen.pl\tlen.exe
D:\Program Files\Gadu–Gadu\gg.exe
D:\Program Files\Internet Explorer\iexplore.exe
d:\windows\system32\ehxafs.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\DOCUME~1\DeMoNeK\USTAWI~1\Temp\601.tmp\THNALL~1.EXE
D:\DOCUME~1\DeMoNeK\USTAWI~1\Temp\SFR\aurareco.exe
D:\hija\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/www.searchv.com/w/search.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchv.com/1/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/1/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchv.com/w/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R1 – HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/1/search.php?qq=%s
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O1 – Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 – Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 – Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 – Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O1 – Hosts: 62.189.6.93 _sip._tls.sip7.phoneserve.com
O1 – Hosts: 62.189.6.93 _sip._ssl.sip7.phoneserve.com
O2 – BHO: DownloadRedirect Class – {00000000–6CB0–410C–8C3D–8FA8D2011D0A} – D:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 – BHO: myBar BHO – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – D:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: FavoriteMan Class – {139D88E5–C372–469D–B4C5–1FE00852AB9B} – D:\WINDOWS\System32\Favorite.dll (file missing)
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – d:\program files\180searchassistant\sachook.dll
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – D:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: iMeshBar BHO – {5345A7A1–805A–4923–B505–86B2FEBA3FE0} – D:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 – BHO: WinShow module – {6CC1C918–AE8B–4373–A5B4–28BA1851E39A} – D:\Documents and Settings\DeMoNeK\Dane aplikacji\winshow\winshow.dll (file missing)
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – D:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O3 – Toolbar: iMeshBar – {5345A7A9–805A–4923–B505–86B2FEBA3FE0} – D:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup –s
O4 – HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 – HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\\winampa.exe"
O4 – HKLM\..\Run: [czuxjc] d:\windows\system32\ehxafs.exe r
O4 – HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 – Global Startup: BlackICE PC Protection.lnk = D:\Program Files\ISS\BlackICE\blackice.exe
O4 – Global Startup: MpegTV Station PCITV Remote Control.lnk = D:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe
O4 – Global Startup: HP Image Zone – szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 – Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\WINDOWS\System32\msjava.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O15 – Trusted Zone: *.media–motor.net
O15 – Trusted Zone: *.popuppers.com
O16 – DPF: {2B6A3140–7073–11D5–8F79–0080C8D7EC11} (GameDesire Proxy) – http://gierki.wp.pl/g_bin/ginuser_pl_2_0_0_3.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/eng/boards_2_0_0_20.cab
O16 – DPF: {4539348E–01D7–11D5–9A39–0080C8D85044} (GameDesire Slots 90th) – http://67.15.101.3/g_bin/eng/slots90_2_0_0_24.cab
O16 – DPF: {4C39376E–FA9D–4349–BACC–D305C1750EF3} (EPUImageControl Class) – http://tools.ebayimg.com/eps/activex/EPUWALControl_v1–0–3–18.cab
O16 – DPF: {7149E79C–DC19–4C5E–A53C–A54DDF75EEE9} (IObjSafety.DemoCtl) – http://cabs.media–motor.net/cabs/joysaver.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/eng/poker_2_0_0_36.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/eng/slots70_2_0_0_24.cab
O16 – DPF: {E95CF138–A587–4C54–8175–3AD80997CB14} (GINSOCCER Class) – http://67.15.101.3/g_bin/eng/soccer_2_0_0_8.cab
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/eng/slots80_2_0_0_24.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/eng/billard8_2_0_0_22.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{84D025E4–2368–40AA–8067–CE63993C0C28}: NameServer = 194.204.159.1 194.204.152.34
O23 – Service: BlackICE – Internet Security Systems, Inc. – D:\Program Files\ISS\BlackICE\blackd.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – D:\WINDOWS\System32\CTSvcCDA.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
O23 – Service: RapApp – Internet Security Systems, Inc. – D:\Program Files\ISS\BlackICE\rapapp.exe
O23 – Service: System Startup Service (SvcProc) – Unknown owner – D:\WINDOWS\svcproc.exe
chyba dobrze zrobilem ... to moj pierwszy raz :D
Scan saved at 21:09:34, on 2005–06–13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\CTSvcCDA.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ISS\BlackICE\blackice.exe
D:\Pliki do mm\mm2_063.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\ISS\BlackICE\blackd.exe
D:\Program Files\Tlen.pl\tlen.exe
D:\Program Files\Gadu–Gadu\gg.exe
D:\Program Files\Internet Explorer\iexplore.exe
d:\windows\system32\ehxafs.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\DOCUME~1\DeMoNeK\USTAWI~1\Temp\601.tmp\THNALL~1.EXE
D:\DOCUME~1\DeMoNeK\USTAWI~1\Temp\SFR\aurareco.exe
D:\hija\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/www.searchv.com/w/search.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchv.com/1/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/1/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchv.com/w/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.searchv.com/1/
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R1 – HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/1/search.php?qq=%s
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O1 – Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 – Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 – Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 – Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O1 – Hosts: 62.189.6.93 _sip._tls.sip7.phoneserve.com
O1 – Hosts: 62.189.6.93 _sip._ssl.sip7.phoneserve.com
O2 – BHO: DownloadRedirect Class – {00000000–6CB0–410C–8C3D–8FA8D2011D0A} – D:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 – BHO: myBar BHO – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – D:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: FavoriteMan Class – {139D88E5–C372–469D–B4C5–1FE00852AB9B} – D:\WINDOWS\System32\Favorite.dll (file missing)
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – d:\program files\180searchassistant\sachook.dll
O2 – BHO: URLLink Class – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – D:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: iMeshBar BHO – {5345A7A1–805A–4923–B505–86B2FEBA3FE0} – D:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 – BHO: WinShow module – {6CC1C918–AE8B–4373–A5B4–28BA1851E39A} – D:\Documents and Settings\DeMoNeK\Dane aplikacji\winshow\winshow.dll (file missing)
O3 – Toolbar: My &Search Bar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – D:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O3 – Toolbar: iMeshBar – {5345A7A9–805A–4923–B505–86B2FEBA3FE0} – D:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup –s
O4 – HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 – HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\\winampa.exe"
O4 – HKLM\..\Run: [czuxjc] d:\windows\system32\ehxafs.exe r
O4 – HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 – Global Startup: BlackICE PC Protection.lnk = D:\Program Files\ISS\BlackICE\blackice.exe
O4 – Global Startup: MpegTV Station PCITV Remote Control.lnk = D:\Program Files\KWORLD\MpegTV Station PCITV\RemoteCtl.exe
O4 – Global Startup: HP Image Zone – szybkie uruchamianie.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 – Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – D:\WINDOWS\System32\msjava.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – D:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O15 – Trusted Zone: *.media–motor.net
O15 – Trusted Zone: *.popuppers.com
O16 – DPF: {2B6A3140–7073–11D5–8F79–0080C8D7EC11} (GameDesire Proxy) – http://gierki.wp.pl/g_bin/ginuser_pl_2_0_0_3.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/eng/boards_2_0_0_20.cab
O16 – DPF: {4539348E–01D7–11D5–9A39–0080C8D85044} (GameDesire Slots 90th) – http://67.15.101.3/g_bin/eng/slots90_2_0_0_24.cab
O16 – DPF: {4C39376E–FA9D–4349–BACC–D305C1750EF3} (EPUImageControl Class) – http://tools.ebayimg.com/eps/activex/EPUWALControl_v1–0–3–18.cab
O16 – DPF: {7149E79C–DC19–4C5E–A53C–A54DDF75EEE9} (IObjSafety.DemoCtl) – http://cabs.media–motor.net/cabs/joysaver.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/eng/poker_2_0_0_36.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/eng/slots70_2_0_0_24.cab
O16 – DPF: {E95CF138–A587–4C54–8175–3AD80997CB14} (GINSOCCER Class) – http://67.15.101.3/g_bin/eng/soccer_2_0_0_8.cab
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/eng/slots80_2_0_0_24.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/eng/billard8_2_0_0_22.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{84D025E4–2368–40AA–8067–CE63993C0C28}: NameServer = 194.204.159.1 194.204.152.34
O23 – Service: BlackICE – Internet Security Systems, Inc. – D:\Program Files\ISS\BlackICE\blackd.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – D:\WINDOWS\System32\CTSvcCDA.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
O23 – Service: RapApp – Internet Security Systems, Inc. – D:\Program Files\ISS\BlackICE\rapapp.exe
O23 – Service: System Startup Service (SvcProc) – Unknown owner – D:\WINDOWS\svcproc.exe
chyba dobrze zrobilem ... to moj pierwszy raz :D
Poczytaj:
http://forum.centrumxp.pl/viewtopic.php?t=19974
Log umieść w dziale bezpieczeństwo jako nowy temat.
Nie ma potrzeby zakładania nowego tematu, log prosze wrzucic to tego.
Bobi
OK Bobi nie denerwuj sie
Damianos :wink:
http://forum.centrumxp.pl/viewtopic.php?t=19974
Log umieść w dziale bezpieczeństwo jako nowy temat.
Nie ma potrzeby zakładania nowego tematu, log prosze wrzucic to tego.
Bobi
OK Bobi nie denerwuj sie
Damianos :wink:
Strona 1 / 1