log do sprawdzenia
Logfile of HijackThis v1.99.1
Scan saved at 21:08:15, on 2005–12–31
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\autoclk.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\SYSTEM32\ftp.exe
C:\Program Files\ArcaVir\Bin\NetMonSv.exe
C:\Program Files\ArcaVir\Bin\abmenu.exe
C:\Program Files\ArcaVir\Bin\avmonsv.exe
C:\Program Files\ArcaVir\Bin\arcascan.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Documents and Settings\asia\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [autoclk] autoclk.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\RunServices: [Compaq Service Drivers] winsvc32.exe
O4 – HKCU\..\RunServices: [win msdt service] mswindtc.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {3D8700FB–86A4–4CB4–B738–6F0FC016AC7D} (MainControl Class) – http://arcaonline.arcabit.com/ArcaOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{7C4AACCB–0BEC–4B3D–B026–38332AFA6A8D}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\ArcaVir\Bin\NetMonSv.exe
O23 – Service: ArcaVir Monitor (ArcaMonSvc) – ArcaBit – C:\Program Files\ArcaVir\Bin\avmonsv.exe
O23 – Service: ArcaScan – ArcaBit – C:\Program Files\ArcaVir\Bin\arcascan.exe
O23 – Service: arcaserv – ArcaBit Sp. z o. o. – C:\Program Files\ArcaVir\bin\arcaserv.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Unknown owner – C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: ScriptBlocking Service (SBService) – Unknown owner – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
Scan saved at 21:08:15, on 2005–12–31
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\autoclk.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\SYSTEM32\ftp.exe
C:\Program Files\ArcaVir\Bin\NetMonSv.exe
C:\Program Files\ArcaVir\Bin\abmenu.exe
C:\Program Files\ArcaVir\Bin\avmonsv.exe
C:\Program Files\ArcaVir\Bin\arcascan.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Documents and Settings\asia\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [autoclk] autoclk.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\RunServices: [Compaq Service Drivers] winsvc32.exe
O4 – HKCU\..\RunServices: [win msdt service] mswindtc.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {3D8700FB–86A4–4CB4–B738–6F0FC016AC7D} (MainControl Class) – http://arcaonline.arcabit.com/ArcaOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{7C4AACCB–0BEC–4B3D–B026–38332AFA6A8D}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\ArcaVir\Bin\NetMonSv.exe
O23 – Service: ArcaVir Monitor (ArcaMonSvc) – ArcaBit – C:\Program Files\ArcaVir\Bin\avmonsv.exe
O23 – Service: ArcaScan – ArcaBit – C:\Program Files\ArcaVir\Bin\arcascan.exe
O23 – Service: arcaserv – ArcaBit Sp. z o. o. – C:\Program Files\ArcaVir\bin\arcaserv.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Unknown owner – C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: ScriptBlocking Service (SBService) – Unknown owner – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
Odpowiedzi: 9
Masz wywalić:
Plik z dysku teź
I to zostawić :
O4 – HKCU\..\RunServices: [Compaq Service Drivers] winsvc32.exe
Plik z dysku teź
I to zostawić :
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
Przecieź autoclk.exe jest od modemu Sagema, a plik ftp jest w porządku.
Wszystko co napisał antyqjon się zgadza.
Peter_l, chcesz komuś specjalnie kuku zrobic?
Wszystko co napisał antyqjon się zgadza.
Peter_l, chcesz komuś specjalnie kuku zrobic?
no to co wkoncu wywalic??
**Mis**:
Odpowiedź brzmi TAK :wink:
Chyba jednak nie... To do zafixowania, plik do wywalenia z dysku.
O4 – HKCU\..\RunServices: [Compaq Service Drivers] winsvc32.exe
Alexy się nawet nie czepiam, choć kosmetycznie moźna z nią coś zrobić:
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
teraz dobrze ??
Odpowiedź brzmi TAK :wink:
Logfile of HijackThis v1.99.1
Scan saved at 08:23:54, on 2006–01–01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ArcaVir\Bin\NetMonSv.exe
C:\Program Files\ArcaVir\Bin\avmonsv.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\ArcaVir\Bin\arcascan.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\asia\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\RunServices: [Compaq Service Drivers] winsvc32.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {3D8700FB–86A4–4CB4–B738–6F0FC016AC7D} (MainControl Class) – http://arcaonline.arcabit.com/ArcaOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{7C4AACCB–0BEC–4B3D–B026–38332AFA6A8D}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\ArcaVir\Bin\NetMonSv.exe
O23 – Service: ArcaVir Monitor (ArcaMonSvc) – ArcaBit – C:\Program Files\ArcaVir\Bin\avmonsv.exe
O23 – Service: ArcaScan – ArcaBit – C:\Program Files\ArcaVir\Bin\arcascan.exe
O23 – Service: arcaserv – ArcaBit Sp. z o. o. – C:\Program Files\ArcaVir\bin\arcaserv.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Unknown owner – C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: ScriptBlocking Service (SBService) – Unknown owner – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
teraz dobrze ??
Scan saved at 08:23:54, on 2006–01–01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ArcaVir\Bin\NetMonSv.exe
C:\Program Files\ArcaVir\Bin\avmonsv.exe
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\ArcaVir\Bin\arcascan.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\asia\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\RunServices: [Compaq Service Drivers] winsvc32.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {3D8700FB–86A4–4CB4–B738–6F0FC016AC7D} (MainControl Class) – http://arcaonline.arcabit.com/ArcaOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{7C4AACCB–0BEC–4B3D–B026–38332AFA6A8D}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\ArcaVir\Bin\NetMonSv.exe
O23 – Service: ArcaVir Monitor (ArcaMonSvc) – ArcaBit – C:\Program Files\ArcaVir\Bin\avmonsv.exe
O23 – Service: ArcaScan – ArcaBit – C:\Program Files\ArcaVir\Bin\arcascan.exe
O23 – Service: arcaserv – ArcaBit Sp. z o. o. – C:\Program Files\ArcaVir\bin\arcaserv.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus (navapsvc) – Unknown owner – C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: ScriptBlocking Service (SBService) – Unknown owner – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
teraz dobrze ??
a jak to wywali bo jestem zielony
Zaznaczająć to co zacytował Peter_I i klikająć na Fix Checked :wink:
Tu masz opisane jak korzystać z HijackThisa:
http://forum.centrumxp.pl/viewtopic.php?t=19974
a jak to wywali bo jestem zielony
C:\WINDOWS\autoclk.exe
C:\WINDOWS\SYSTEM32\ftp.exe
O4 – HKLM\..\Run: [autoclk] autoclk.exe
O4 – HKCU\..\RunServices: [win msdt service] mswindtc.exe
Wywal jeszcze ten mswindtc.exe
Strona 1 / 1