hijackthis
Prosze o pomoc co z tego moge usunac?
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Tiny Personal Firewall\persfw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\autoclk.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\adtech2005.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Aniia\USTAWI~1\Temp\Rar$EX00.890\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [autoclk] autoclk.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [timessquare] c:\windows\timessquare.exe
O4 – HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O14 – IERESET.INF: START_PAGE_URL=http://www.optimus.pl
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/d015/mailcfg.ocx
O17 – HKLM\System\CCS\Services\Tcpip\..\{907C2416–A7B6–48FF–81B3–67363989D825}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: avpe32 – C:\WINDOWS\SYSTEM32\avpe32.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Tiny Personal Firewall (PersFw) – Tiny Software – C:\Program Files\Tiny Personal Firewall\persfw.exe
O23 – Service: StyleXPService – Unknown owner – C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Tiny Personal Firewall\persfw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\autoclk.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\adtech2005.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Aniia\USTAWI~1\Temp\Rar$EX00.890\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [autoclk] autoclk.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [timessquare] c:\windows\timessquare.exe
O4 – HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O14 – IERESET.INF: START_PAGE_URL=http://www.optimus.pl
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/d015/mailcfg.ocx
O17 – HKLM\System\CCS\Services\Tcpip\..\{907C2416–A7B6–48FF–81B3–67363989D825}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: avpe32 – C:\WINDOWS\SYSTEM32\avpe32.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Tiny Personal Firewall (PersFw) – Tiny Software – C:\Program Files\Tiny Personal Firewall\persfw.exe
O23 – Service: StyleXPService – Unknown owner – C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Odpowiedzi: 15
anw:
pojawil sie napis "You don't have to run this tool. No infection found." i moze bedzie juz wszystko dobrze
Teź mam taką nadzieję :)
dziekuje za pomoc :–)
Nie ma za co :)
pojawil sie napis "You don't have to run this tool. No infection found." i moze bedzie juz wszystko dobrze
dziekuje za pomoc :–)
dziekuje za pomoc :–)
a wiec fix.bat nie znalazlam jest tylko fix, uruchomilam to co spowodowalo ponownym uruchomieniem komputera
To uruchom jeszcze raz – jeźeli zobaczysz w okienku napis
– to znaczy się, źe smieć został usunięty i "Default_Page_URL = /4.3.10" nie pownien powracać.You don't have to run this tool. No infection found.
a wiec fix.bat nie znalazlam jest tylko fix, uruchomilam to co spowodowalo ponownym uruchomieniem komputera
rozpakowalam.. i co dalej?
fix.bat z katalogu gdzie rozpakowałaś uruchomiłaś ??
PS Przepraszam za zmianę płci w poprzednim poście, ale była niezamierzona :oops:
rozpakowalam.. i co dalej?
dlaczego to co usuwam mi powraca?
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
Under, palce do pupy.
anw, usun autoclk.exe bo nie jest Ci potrzebny.
Ponadto wpis O20 z Winlogon Notify – w przyklejonym tu FAQ link do l2mfix.
anw, usun autoclk.exe bo nie jest Ci potrzebny.
Ponadto wpis O20 z Winlogon Notify – w przyklejonym tu FAQ link do l2mfix.
To od Neostrady, więc lepiej nie ruszać.
To od Neostrady, więc lepiej nie ruszać.
Ale poco???
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
Prosze raz jeszcze o sprawdzenie loga
Logfile of HijackThis v1.99.1
Scan saved at 18:17:38, on 2005–11–29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Tiny Personal Firewall\persfw.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\autoclk.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Aniia\USTAWI~1\Temp\Rar$EX00.516\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [autoclk] autoclk.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O14 – IERESET.INF: START_PAGE_URL=http://www.optimus.pl
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/d015/mailcfg.ocx
O17 – HKLM\System\CCS\Services\Tcpip\..\{907C2416–A7B6–48FF–81B3–67363989D825}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: avpe32 – C:\WINDOWS\SYSTEM32\avpe32.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Tiny Personal Firewall (PersFw) – Tiny Software – C:\Program Files\Tiny Personal Firewall\persfw.exe
O23 – Service: StyleXPService – Unknown owner – C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Logfile of HijackThis v1.99.1
Scan saved at 18:17:38, on 2005–11–29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Tiny Personal Firewall\persfw.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\autoclk.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Aniia\USTAWI~1\Temp\Rar$EX00.516\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 – HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [autoclk] autoclk.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O14 – IERESET.INF: START_PAGE_URL=http://www.optimus.pl
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/d015/mailcfg.ocx
O17 – HKLM\System\CCS\Services\Tcpip\..\{907C2416–A7B6–48FF–81B3–67363989D825}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: avpe32 – C:\WINDOWS\SYSTEM32\avpe32.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Tiny Personal Firewall (PersFw) – Tiny Software – C:\Program Files\Tiny Personal Firewall\persfw.exe
O23 – Service: StyleXPService – Unknown owner – C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Wyłącz przywracanie
Zakoncz procesy:
adtech2005.exe
ibm00001.exe
Pozbądz się:
Na przyszłosc masz przyklejony.
Zakoncz procesy:
adtech2005.exe
ibm00001.exe
Pozbądz się:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = /4.3.10
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = /4.3.10
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = /4.3.10
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = /4.3.10
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE #spyware od Realteka, usunąć równieź.
O4 – HKLM\..\Run: [timessquare] c:\windows\timessquare.exe
O4 – HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O20 – Winlogon Notify: avpe32 – C:\WINDOWS\SYSTEM32\avpe32.dll
Na przyszłosc masz przyklejony.
nikt nie pomoze? :(
Strona 1 / 1