ibm00001.exe
Ściągnął mi się jakiś trojan i przy włączaniu windowsa wyskakuje komunikat o ibm00001.exe... bardzLogfile of HijackThis v1.99.1
Scan saved at 22:09:28, on 2006–01–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
C:\WINDOWS\System32\leeman.exe
C:\WINDOWS\System32\rtf32.exe
D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\alt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AvltMain.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.828\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O1 – Hosts: 127.0.0.5 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.5 x.full–tgp.net
O1 – Hosts: 127.0.0.5 counter.sexmaniack.com
O1 – Hosts: 127.0.0.5 autoescrowpay.com
O1 – Hosts: 127.0.0.5 www.autoescrowpay.com
O1 – Hosts: 127.0.0.5 www.awmdabest.com
O1 – Hosts: 127.0.0.5 www.sexfiles.nu
O1 – Hosts: 127.0.0.5 awmdabest.com
O1 – Hosts: 127.0.0.5 sexfiles.nu
O1 – Hosts: 127.0.0.5 allforadult.com
O1 – Hosts: 127.0.0.5 www.allforadult.com
O1 – Hosts: 127.0.0.5 www.iframe.biz
O1 – Hosts: 127.0.0.5 iframe.biz
O1 – Hosts: 127.0.0.5 www.newiframe.biz
O1 – Hosts: 127.0.0.5 newiframe.biz
O1 – Hosts: 127.0.0.5 www.vesbiz.biz
O1 – Hosts: 127.0.0.5 vesbiz.biz
O1 – Hosts: 127.0.0.5 www.pizdato.biz
O1 – Hosts: 127.0.0.5 pizdato.biz
O1 – Hosts: 127.0.0.5 www.awmcash.biz
O1 – Hosts: 127.0.0.5 awmcash.biz
O1 – Hosts: 127.0.0.5 buldog–stats.com
O1 – Hosts: 127.0.0.5 www.buldog–stats.com
O1 – Hosts: 127.0.0.5 fregat.drocherway.com
O1 – Hosts: 127.0.0.5 slutmania.biz
O1 – Hosts: 127.0.0.5 www.slutmania.biz
O1 – Hosts: 127.0.0.5 toolbarpartner.com
O1 – Hosts: 127.0.0.5 www.toolbarpartner.com
O1 – Hosts: 127.0.0.5 www.megapornix.com
O1 – Hosts: 127.0.0.5 megapornix.com
O1 – Hosts: 127.0.0.5 www.sp2fucked.biz
O1 – Hosts: 127.0.0.5 sp2fucked.biz
O1 – Hosts: 127.0.0.5 greg–tut.com
O1 – Hosts: 127.0.0.5 www.greg–tut.com
O1 – Hosts: 127.0.0.5 nylonsexy.com
O1 – Hosts: 127.0.0.5 www.nylonsexy.com
O1 – Hosts: 127.0.0.5 vparivalka.com
O1 – Hosts: 127.0.0.5 www.vparivalka.com
O1 – Hosts: 127.0.0.5 iframeprofit.com
O1 – Hosts: 127.0.0.5 www.iframeprofit.com
O1 – Hosts: 127.0.0.5 topsearch10.com
O1 – Hosts: 127.0.0.5 www.topsearch10.com
O1 – Hosts: 127.0.0.5 statscash.biz
O1 – Hosts: 127.0.0.5 www.statscash.biz
O1 – Hosts: 127.0.0.5 vxiframe.biz
O1 – Hosts: 127.0.0.5 www.vxiframe.biz
O1 – Hosts: 127.0.0.5 crazy–toolbar.com
O1 – Hosts: 127.0.0.5 www.crazy–toolbar.com
O1 – Hosts: 127.0.0.5 topcash.biz
O1 – Hosts: 127.0.0.5 www.topcash.biz
O1 – Hosts: 127.0.0.5 loadcash.biz
O1 – Hosts: 127.0.0.5 www.loadcash.biz
O1 – Hosts: 127.0.0.5 txiframe.biz
O1 – Hosts: 127.0.0.5 www.txiframe.biz
O1 – Hosts: 127.0.0.5 procounter.biz
O1 – Hosts: 127.0.0.5 www.procounter.biz
O1 – Hosts: 127.0.0.5 advadmin.biz
O1 – Hosts: 127.0.0.5 www.advadmin.biz
O1 – Hosts: 127.0.0.5 trafficbest.net
O1 – Hosts: 127.0.0.5 www.trafficbest.net
O1 – Hosts: 127.0.0.5 besthvac.com
O1 – Hosts: 127.0.0.5 www.besthvac.com
O1 – Hosts: 127.0.0.5 traff4.com
O1 – Hosts: 127.0.0.5 www.traff4.com
O1 – Hosts: 127.0.0.5 ambush–script.com
O1 – Hosts: 127.0.0.5 www.ambush–script.com
O1 – Hosts: 127.0.0.5 beehappyy.biz
O1 – Hosts: 127.0.0.5 www.beehappyy.biz
O1 – Hosts: 127.0.0.5 tracktraff.cc
O1 – Hosts: 127.0.0.5 www.tracktraff.cc
O1 – Hosts: 127.0.0.5 allcount.net
O1 – Hosts: 127.0.0.5 www.allcount.net
O1 – Hosts: 127.0.0.5 onedayoffer.biz
O1 – Hosts: 127.0.0.5 www.onedayoffer.biz
O2 – BHO: DownloadRedirect Class – {00000000–6CB0–410C–8C3D–8FA8D2011D0A} – D:\Mesh\iMesh5\iMeshBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: C:\WINDOWS\system32\st3.dll – {1B68470C–2DEF–493B–8A4A–8E2D81BE4EA5} – C:\WINDOWS\system32\st3.dll
O2 – BHO: iMeshBar BHO – {5345A7A1–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 – BHO: C:\WINDOWS\adsldpbd.dll – {826B2228–BC09–49F2–B5F8–42CE26B1B711} – C:\WINDOWS\adsldpbd.dll (file missing)
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 – BHO: (no name) – {DA223E41–3F7F–4B2B–8CC8–22C6A1197EEB} – C:\WINDOWS\mpatrol.dll
O2 – BHO: (no name) – {EEE7178C–BBC3–4153–9DDE–CD0E9AB1B5B6} – C:\WINDOWS\adsldpbg.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: (no name) – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – (no file)
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O3 – Toolbar: iMeshBar – {5345A7A9–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 – HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA Lite\Kazaa.exe /SYSTRAY
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKLM\..\Run: [rtf32.exe] rtf32.exe
O4 – HKLM\..\Run: [Anti–Blaxx Manager] D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\RunServices: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe –autorun
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
O4 – HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Pobierz stronę WEB z Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: Pobierz wszystko z Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Pobierz z Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Pobierz zaznaczenie z Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/d007/mailcfg.ocx
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
O20 – Winlogon Notify: st3i – C:\WINDOWS\q52211328.dll (file missing)
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – (no file)
O21 – SSODL: SysTray.Exsn – {2368D1FC–2F5C–4f1b–B124–E67214FC78E2} – C:\WINDOWS\System32\ofaaplho.dll
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 – Service: Panda Pavkre (Pavkre) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 – Service: Panda PavProt (PavProt) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 – Service: Panda Preventium+ Service (PREVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: SecuROM User Access Service (V7) (UserAccess7) – Unknown owner – C:\WINDOWS\System32\UAService7.exe
o proszę o pomoc mój log:
Scan saved at 22:09:28, on 2006–01–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
C:\WINDOWS\System32\leeman.exe
C:\WINDOWS\System32\rtf32.exe
D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\alt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AvltMain.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.828\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O1 – Hosts: 127.0.0.5 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.5 x.full–tgp.net
O1 – Hosts: 127.0.0.5 counter.sexmaniack.com
O1 – Hosts: 127.0.0.5 autoescrowpay.com
O1 – Hosts: 127.0.0.5 www.autoescrowpay.com
O1 – Hosts: 127.0.0.5 www.awmdabest.com
O1 – Hosts: 127.0.0.5 www.sexfiles.nu
O1 – Hosts: 127.0.0.5 awmdabest.com
O1 – Hosts: 127.0.0.5 sexfiles.nu
O1 – Hosts: 127.0.0.5 allforadult.com
O1 – Hosts: 127.0.0.5 www.allforadult.com
O1 – Hosts: 127.0.0.5 www.iframe.biz
O1 – Hosts: 127.0.0.5 iframe.biz
O1 – Hosts: 127.0.0.5 www.newiframe.biz
O1 – Hosts: 127.0.0.5 newiframe.biz
O1 – Hosts: 127.0.0.5 www.vesbiz.biz
O1 – Hosts: 127.0.0.5 vesbiz.biz
O1 – Hosts: 127.0.0.5 www.pizdato.biz
O1 – Hosts: 127.0.0.5 pizdato.biz
O1 – Hosts: 127.0.0.5 www.awmcash.biz
O1 – Hosts: 127.0.0.5 awmcash.biz
O1 – Hosts: 127.0.0.5 buldog–stats.com
O1 – Hosts: 127.0.0.5 www.buldog–stats.com
O1 – Hosts: 127.0.0.5 fregat.drocherway.com
O1 – Hosts: 127.0.0.5 slutmania.biz
O1 – Hosts: 127.0.0.5 www.slutmania.biz
O1 – Hosts: 127.0.0.5 toolbarpartner.com
O1 – Hosts: 127.0.0.5 www.toolbarpartner.com
O1 – Hosts: 127.0.0.5 www.megapornix.com
O1 – Hosts: 127.0.0.5 megapornix.com
O1 – Hosts: 127.0.0.5 www.sp2fucked.biz
O1 – Hosts: 127.0.0.5 sp2fucked.biz
O1 – Hosts: 127.0.0.5 greg–tut.com
O1 – Hosts: 127.0.0.5 www.greg–tut.com
O1 – Hosts: 127.0.0.5 nylonsexy.com
O1 – Hosts: 127.0.0.5 www.nylonsexy.com
O1 – Hosts: 127.0.0.5 vparivalka.com
O1 – Hosts: 127.0.0.5 www.vparivalka.com
O1 – Hosts: 127.0.0.5 iframeprofit.com
O1 – Hosts: 127.0.0.5 www.iframeprofit.com
O1 – Hosts: 127.0.0.5 topsearch10.com
O1 – Hosts: 127.0.0.5 www.topsearch10.com
O1 – Hosts: 127.0.0.5 statscash.biz
O1 – Hosts: 127.0.0.5 www.statscash.biz
O1 – Hosts: 127.0.0.5 vxiframe.biz
O1 – Hosts: 127.0.0.5 www.vxiframe.biz
O1 – Hosts: 127.0.0.5 crazy–toolbar.com
O1 – Hosts: 127.0.0.5 www.crazy–toolbar.com
O1 – Hosts: 127.0.0.5 topcash.biz
O1 – Hosts: 127.0.0.5 www.topcash.biz
O1 – Hosts: 127.0.0.5 loadcash.biz
O1 – Hosts: 127.0.0.5 www.loadcash.biz
O1 – Hosts: 127.0.0.5 txiframe.biz
O1 – Hosts: 127.0.0.5 www.txiframe.biz
O1 – Hosts: 127.0.0.5 procounter.biz
O1 – Hosts: 127.0.0.5 www.procounter.biz
O1 – Hosts: 127.0.0.5 advadmin.biz
O1 – Hosts: 127.0.0.5 www.advadmin.biz
O1 – Hosts: 127.0.0.5 trafficbest.net
O1 – Hosts: 127.0.0.5 www.trafficbest.net
O1 – Hosts: 127.0.0.5 besthvac.com
O1 – Hosts: 127.0.0.5 www.besthvac.com
O1 – Hosts: 127.0.0.5 traff4.com
O1 – Hosts: 127.0.0.5 www.traff4.com
O1 – Hosts: 127.0.0.5 ambush–script.com
O1 – Hosts: 127.0.0.5 www.ambush–script.com
O1 – Hosts: 127.0.0.5 beehappyy.biz
O1 – Hosts: 127.0.0.5 www.beehappyy.biz
O1 – Hosts: 127.0.0.5 tracktraff.cc
O1 – Hosts: 127.0.0.5 www.tracktraff.cc
O1 – Hosts: 127.0.0.5 allcount.net
O1 – Hosts: 127.0.0.5 www.allcount.net
O1 – Hosts: 127.0.0.5 onedayoffer.biz
O1 – Hosts: 127.0.0.5 www.onedayoffer.biz
O2 – BHO: DownloadRedirect Class – {00000000–6CB0–410C–8C3D–8FA8D2011D0A} – D:\Mesh\iMesh5\iMeshBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: C:\WINDOWS\system32\st3.dll – {1B68470C–2DEF–493B–8A4A–8E2D81BE4EA5} – C:\WINDOWS\system32\st3.dll
O2 – BHO: iMeshBar BHO – {5345A7A1–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 – BHO: C:\WINDOWS\adsldpbd.dll – {826B2228–BC09–49F2–B5F8–42CE26B1B711} – C:\WINDOWS\adsldpbd.dll (file missing)
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 – BHO: (no name) – {DA223E41–3F7F–4B2B–8CC8–22C6A1197EEB} – C:\WINDOWS\mpatrol.dll
O2 – BHO: (no name) – {EEE7178C–BBC3–4153–9DDE–CD0E9AB1B5B6} – C:\WINDOWS\adsldpbg.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: (no name) – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – (no file)
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O3 – Toolbar: iMeshBar – {5345A7A9–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 – HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA Lite\Kazaa.exe /SYSTRAY
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKLM\..\Run: [rtf32.exe] rtf32.exe
O4 – HKLM\..\Run: [Anti–Blaxx Manager] D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\RunServices: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe –autorun
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
O4 – HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Pobierz stronę WEB z Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: Pobierz wszystko z Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Pobierz z Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Pobierz zaznaczenie z Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/d007/mailcfg.ocx
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
O20 – Winlogon Notify: st3i – C:\WINDOWS\q52211328.dll (file missing)
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – (no file)
O21 – SSODL: SysTray.Exsn – {2368D1FC–2F5C–4f1b–B124–E67214FC78E2} – C:\WINDOWS\System32\ofaaplho.dll
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 – Service: Panda Pavkre (Pavkre) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 – Service: Panda PavProt (PavProt) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 – Service: Panda Preventium+ Service (PREVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: SecuROM User Access Service (V7) (UserAccess7) – Unknown owner – C:\WINDOWS\System32\UAService7.exe
o proszę o pomoc mój log:
Odpowiedzi: 20
Ronaldinho 10:
ale to nadal znika... pomocy...
W dziale Windows XP jest przyklejony FAQ autorstwa Bobiego – zajrzyj do niego i poczytaj fragment pod tytułem "Nieuruchamiający się explorer po starcie systemu "
ale to nadal znika... pomocy...
Przecinek ma być, sprawdźcie sobie u siebie w rejestrze, stoi jak byk.
Faktycznie , moźe to błąd HJ poniewaź domyślnie userinit nie powinno mieć operacji z dodawaniem regów.
Natomiast "PAV"– sugeruje Pandę. Więc moźe jest to pomyłka
Przecinek ma być, sprawdźcie sobie u siebie w rejestrze, stoi jak byk.
Moźe tam coś było i zostało usunięte, a przecinek stoi
Moźe masz racje.
Ale moźe dla wszelkiego złego nie zrobi podmianke z konsoli odzyskiwania.
Wygładało by to tak
EXPAND X:\i386\USERINIT.EX_ C:\WINDOWS\system32\userinit.exe
X – tu wpisujesz swoją literkę CD–ROMu.
Co o tym myślicie ??
ten plik się nie chce wykasować, bo jest napisane, źe nie istnieje. Explorer się wróćił, ale czy nie zniknie znowu? sorry, ale to dopiero moje pierwsze forum:P
Moźe tam coś było i zostało usunięte, a przecinek stoi
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
Nie podoba mi się to jeszcze zauwaźcie źe po userinit.exe jest przecinek ale poczekaj na wypowiedz innych
Wśród procesów nie widzę explorera.
Kliknij w Menedźerze plik :arrow: nowe zadanie :arrow: i wpisz explorer.exe
Kliknij w Menedźerze plik :arrow: nowe zadanie :arrow: i wpisz explorer.exe
zrobiłem wszystko i system znów działa normalnie, z normalną szybkością. Bardzo dziękuje i jestem bardzo wdzięczny za pomoc. I przepraszam, źe taki laik komputerowy, jak ja, zajął panu tyle czasu:)
Zrób, proszę, jeszcze jednego loga i pokaź go. Tak dla pewności.
PS. Na pana trzeba mieć wygląd i pieniądze – u mnie ani tego ani tego :P Jestem Żółty ;)
Update:
O widzę, źe juź zrobiłeś. Czyli prawie dobrze – prawie, bo pisanie dwóch postów pod sobą jest niedobre ;) Masz w rogu posta przycisk "Zmień" i jego powinieneś uźyć.
Update2:
wpis O20 masz jeszcze do wycięcia – ten z file missing i st3.dll
taa.... i po godzinie uźytkowania zniknęły mi wszystkie ikony i pasek zadań.. tylko menadźer zadań cały czas pracuje i dzięki temu moźna cokolwiek zrobić... co się stało? log jest wyczyszczony, tak jak miał być, Logfile of HijackThis v1.99.1
Scan saved at 13:34:17, on 2006–01–21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.437\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Norton Internet Security 2006 – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 – BHO: NAV Helper – {A8F38D8D–E480–4D52–B7A2–731BB6995FDD} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 – BHO: (no name) – {EEE7178C–BBC3–4153–9DDE–CD0E9AB1B5B6} – C:\WINDOWS\adsldpbg.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: Norton Internet Security 2006 – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 – Toolbar: Norton AntiVirus – {C4069E3A–68F1–403E–B40E–20066696354B} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 – HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [Anti–Blaxx Manager] D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe –autorun
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Pobierz stronę WEB z Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: Pobierz wszystko z Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Pobierz z Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Pobierz zaznaczenie z Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/d007/mailcfg.ocx
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll (file missing)
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Internet Security Password Validation (ccISPwdSvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: COM Host (comHost) – Symantec Corporation – C:\Program Files\Norton Internet Security\comHost.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.EXE
O23 – Service: Usługa Auto–Protect programu Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: Usługa Norton Protection Center (NSCService) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Symantec AVScan (SAVScan) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: SecuROM User Access Service (V7) (UserAccess7) – Unknown owner – C:\WINDOWS\System32\UAService7.exe
ale na wszelki wypadek znów go napiszę:
Scan saved at 13:34:17, on 2006–01–21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.437\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Norton Internet Security 2006 – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 – BHO: NAV Helper – {A8F38D8D–E480–4D52–B7A2–731BB6995FDD} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 – BHO: (no name) – {EEE7178C–BBC3–4153–9DDE–CD0E9AB1B5B6} – C:\WINDOWS\adsldpbg.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: Norton Internet Security 2006 – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 – Toolbar: Norton AntiVirus – {C4069E3A–68F1–403E–B40E–20066696354B} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 – HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [Anti–Blaxx Manager] D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe –autorun
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Pobierz stronę WEB z Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: Pobierz wszystko z Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Pobierz z Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Pobierz zaznaczenie z Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/d007/mailcfg.ocx
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll (file missing)
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Internet Security Password Validation (ccISPwdSvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: COM Host (comHost) – Symantec Corporation – C:\Program Files\Norton Internet Security\comHost.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.EXE
O23 – Service: Usługa Auto–Protect programu Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: Usługa Norton Protection Center (NSCService) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Symantec AVScan (SAVScan) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: SecuROM User Access Service (V7) (UserAccess7) – Unknown owner – C:\WINDOWS\System32\UAService7.exe
ale na wszelki wypadek znów go napiszę:
zrobiłem wszystko i system znów działa normalnie, z normalną szybkością. Bardzo dziękuje i jestem bardzo wdzięczny za pomoc. I przepraszam, źe taki laik komputerowy, jak ja, zajął panu tyle czasu:)
Z plików zaznaczonych na czerwono, tylko jeden dał się usunąć ręcznie, mam zrobić to jakoś inaczej?
Tak. Np KillBoxem – Bobi go opisał z obrazkami w tym poście – http://forum.centrumxp.pl/viewtopic.php?t=33126
Z plików zaznaczonych na czerwono, tylko jeden dał się usunąć ręcznie, mam zrobić to jakoś inaczej?
mm... moźe to zabrzmi laicko, ale jak wyłączyć przywracanie systemu?
Siódmy temat pod Twoim w tym dziale – ten duźymi literami ;) FAQ w tym dziale – punkt 10.
mm... moźe to zabrzmi laicko, ale jak wyłączyć przywracanie systemu?
Wyłącz przywracanie systemu, po wszystkim włączysz ponownie
Zabij procesy za pomocą Menadzera zadań
To do fixa:
Pliki na czerwono usuwasz z dysku.
Zabij procesy za pomocą Menadzera zadań
C:\WINDOWS\System32\leeman.exe
C:\WINDOWS\System32\rtf32.exe
C:\WINDOWS\alt.exe
To do fixa:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
O4 – HKLM\..\Run: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKLM\..\Run: [rtf32.exe] rtf32.exe
O4 – HKLM\..\RunServices: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
O4 – HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – (no file)
O21 – SSODL: SysTray.Exsn – {2368D1FC–2F5C–4f1b–B124–E67214FC78E2} – C:\WINDOWS\System32\ofaaplho.dll
Pliki na czerwono usuwasz z dysku.
Oto i on:
Logfile of HijackThis v1.99.1
Scan saved at 00:09:49, on 2006–01–21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
C:\WINDOWS\System32\leeman.exe
C:\WINDOWS\System32\rtf32.exe
D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\alt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.938\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 – HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKLM\..\Run: [rtf32.exe] rtf32.exe
O4 – HKLM\..\Run: [Anti–Blaxx Manager] D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\RunServices: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe –autorun
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
O4 – HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Pobierz stronę WEB z Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: Pobierz wszystko z Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Pobierz z Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Pobierz zaznaczenie z Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/d007/mailcfg.ocx
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – (no file)
O21 – SSODL: SysTray.Exsn – {2368D1FC–2F5C–4f1b–B124–E67214FC78E2} – C:\WINDOWS\System32\ofaaplho.dll
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 – Service: Panda Pavkre (Pavkre) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 – Service: Panda PavProt (PavProt) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 – Service: Panda Preventium+ Service (PREVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: SecuROM User Access Service (V7) (UserAccess7) – Unknown owner – C:\WINDOWS\System32\UAService7.exe
Z góry dzięki za pomoc
Logfile of HijackThis v1.99.1
Scan saved at 00:09:49, on 2006–01–21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
C:\WINDOWS\System32\leeman.exe
C:\WINDOWS\System32\rtf32.exe
D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\alt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.938\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 – HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKLM\..\Run: [rtf32.exe] rtf32.exe
O4 – HKLM\..\Run: [Anti–Blaxx Manager] D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\RunServices: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe –autorun
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
O4 – HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Pobierz stronę WEB z Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: Pobierz wszystko z Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Pobierz z Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Pobierz zaznaczenie z Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/d007/mailcfg.ocx
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – (no file)
O21 – SSODL: SysTray.Exsn – {2368D1FC–2F5C–4f1b–B124–E67214FC78E2} – C:\WINDOWS\System32\ofaaplho.dll
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 – Service: Panda Pavkre (Pavkre) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 – Service: Panda PavProt (PavProt) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 – Service: Panda Preventium+ Service (PREVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: SecuROM User Access Service (V7) (UserAccess7) – Unknown owner – C:\WINDOWS\System32\UAService7.exe
Z góry dzięki za pomoc
dzięki bardzo... sporo, bo dawno nie sprawdzałem zawartości kompa, jeszcze raz dzięki
Jak przeczyścisz loga to wrzuć go ponownie do sprawdzenia.
dzięki bardzo... sporo, bo dawno nie sprawdzałem zawartości kompa, jeszcze raz dzięki