log gol
Komp restartuje mi się samoczynnie przy korzystaniu z neta, czasami okienko IE samo się zamyka i (teź czasami) wyskakuje mi nowe okno, w którym ładuje się jakaś wyszukiwarka / nie wiem czy dział poprawny...?
Logfile of HijackThis v1.99.1
Scan saved at 20:38:01, on 2005–07–24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Programy\ZoneAlarm\zlclient.exe
D:\Programy\Norton AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\usr\mysql\bin\mysqld–nt.exe
D:\Programy\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\Integrator.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Programy\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\Programy\hijack\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = NOT USED (OK)
R1 – HKLM\Software\Microsoft\Internet Explorer,Search = http://szukaj.wp.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://szukaj.wp.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – {426F81A5–0B8C–4948–8115–11606FD3F389} – (no file)
O2 – BHO: BHOMoneyGainer Class – {2559D0B1–AF60–4BD5–965D–0E51383A6367} – C:\WINDOWS\shginas.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:\PROGRAMY\FLASHGET\jccatch.dll
O3 – Toolbar: Search Toolbar – {A6790AA5–C6C7–4BCF–A46D–0FDAC4EA90EB} – C:\WINDOWS\system32\azesearch2.ocx
O4 – HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 – HKLM\..\Run: [QuickTime Task] "D:\programy\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [Zone Labs Client] D:\Programy\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKCU\..\Run: [SpyKiller] D:\Programy\SpyKiller\spykiller.exe /startup
O4 – Startup: Zoom.lnk = D:\Programy\Dachshund Software\Zoom\Zoom.exe
O4 – Startup: AntiCrash.lnk = D:\Programy\Dachshund Software\AntiCrash\AntiCrash.exe
O4 – Startup: Hare.lnk = D:\Programy\Dachshund Software\Hare\Hare.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 – Extra context menu item: Pobierz z &BitSpirit – D:\Programy\BitSpirit\bsurl.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – D:\Programy\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – D:\Programy\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\PROGRAMY\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\PROGRAMY\FLASHGET\flashget.exe
O16 – DPF: {15589FA1–C456–11CE–BF01–000000000000} – http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/DownloadAccess/ie/bridge–c18.cab
O16 – DPF: {4208FB4D–4E53–4F5A–BF7A–3E047DDB5281} (ActiveX Control) – http://www.icannnews.com/app/ST/ActiveX.ocx
O16 – DPF: {4418DD4D–7265–4C32–BC0A–3FDB3C2DA938} (Protecter Class) – http://www.slotchbar.com/ist/softwares/v4.0/protect_regular.cab
O16 – DPF: {706F3805–27D7–478D–80E5–E25D2BB030B3} – http://www.advnt01.com/dialer/internazionale_ver3.CAB
O17 – HKLM\System\CCS\Services\Tcpip\..\{8BD39D44–F1B0–4BC5–9440–B9BD5C49ED0A}: NameServer = 194.116.248.40,194.116.248.70,194.116.248.100
O20 – Winlogon Notify: Extensions – C:\WINDOWS\system32\svextspk.dll
O20 – Winlogon Notify: NavLogon – C:\WINDOWS\System32\NavLogon.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Symantec AntiVirus Definition Watcher (DefWatch) – Symantec Corporation – D:\Programy\Norton AntiVirus\DefWatch.exe
O23 – Service: IMAPI CD–Burning COM Service (ImapiService) – Roxio Inc. – C:\WINDOWS\System32\ImapiRox.exe
O23 – Service: MySql – Unknown owner – c:/usr/mysql/bin/mysqld–nt.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – D:\Programy\NORTON~2\NORTON~1\NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVRoam (SavRoam) – symantec – D:\Programy\Norton AntiVirus\SavRoam.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – D:\Programy\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 – Service: Symantec AntiVirus – Symantec Corporation – D:\Programy\Norton AntiVirus\Rtvscan.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZONELABS\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 20:38:01, on 2005–07–24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Programy\ZoneAlarm\zlclient.exe
D:\Programy\Norton AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\usr\mysql\bin\mysqld–nt.exe
D:\Programy\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\Integrator.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Programy\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\Programy\hijack\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = NOT USED (OK)
R1 – HKLM\Software\Microsoft\Internet Explorer,Search = http://szukaj.wp.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://szukaj.wp.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – {426F81A5–0B8C–4948–8115–11606FD3F389} – (no file)
O2 – BHO: BHOMoneyGainer Class – {2559D0B1–AF60–4BD5–965D–0E51383A6367} – C:\WINDOWS\shginas.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:\PROGRAMY\FLASHGET\jccatch.dll
O3 – Toolbar: Search Toolbar – {A6790AA5–C6C7–4BCF–A46D–0FDAC4EA90EB} – C:\WINDOWS\system32\azesearch2.ocx
O4 – HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 – HKLM\..\Run: [QuickTime Task] "D:\programy\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [Zone Labs Client] D:\Programy\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKCU\..\Run: [SpyKiller] D:\Programy\SpyKiller\spykiller.exe /startup
O4 – Startup: Zoom.lnk = D:\Programy\Dachshund Software\Zoom\Zoom.exe
O4 – Startup: AntiCrash.lnk = D:\Programy\Dachshund Software\AntiCrash\AntiCrash.exe
O4 – Startup: Hare.lnk = D:\Programy\Dachshund Software\Hare\Hare.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 – Extra context menu item: Pobierz z &BitSpirit – D:\Programy\BitSpirit\bsurl.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – D:\Programy\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – D:\Programy\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\PROGRAMY\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\PROGRAMY\FLASHGET\flashget.exe
O16 – DPF: {15589FA1–C456–11CE–BF01–000000000000} – http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/DownloadAccess/ie/bridge–c18.cab
O16 – DPF: {4208FB4D–4E53–4F5A–BF7A–3E047DDB5281} (ActiveX Control) – http://www.icannnews.com/app/ST/ActiveX.ocx
O16 – DPF: {4418DD4D–7265–4C32–BC0A–3FDB3C2DA938} (Protecter Class) – http://www.slotchbar.com/ist/softwares/v4.0/protect_regular.cab
O16 – DPF: {706F3805–27D7–478D–80E5–E25D2BB030B3} – http://www.advnt01.com/dialer/internazionale_ver3.CAB
O17 – HKLM\System\CCS\Services\Tcpip\..\{8BD39D44–F1B0–4BC5–9440–B9BD5C49ED0A}: NameServer = 194.116.248.40,194.116.248.70,194.116.248.100
O20 – Winlogon Notify: Extensions – C:\WINDOWS\system32\svextspk.dll
O20 – Winlogon Notify: NavLogon – C:\WINDOWS\System32\NavLogon.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Symantec AntiVirus Definition Watcher (DefWatch) – Symantec Corporation – D:\Programy\Norton AntiVirus\DefWatch.exe
O23 – Service: IMAPI CD–Burning COM Service (ImapiService) – Roxio Inc. – C:\WINDOWS\System32\ImapiRox.exe
O23 – Service: MySql – Unknown owner – c:/usr/mysql/bin/mysqld–nt.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – D:\Programy\NORTON~2\NORTON~1\NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVRoam (SavRoam) – symantec – D:\Programy\Norton AntiVirus\SavRoam.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – D:\Programy\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 – Service: Symantec AntiVirus – Symantec Corporation – D:\Programy\Norton AntiVirus\Rtvscan.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZONELABS\vsmon.exe
Odpowiedzi: 1
Usun toto wszystko:
R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = NOT USED (OK)
R1 – HKLM\Software\Microsoft\Internet Explorer,Search = http://szukaj.wp.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://szukaj.wp.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – {426F81A5–0B8C–4948–8115–11606FD3F389} – (no file)
O2 – BHO: BHOMoneyGainer Class – {2559D0B1–AF60–4BD5–965D–0E51383A6367} – C:\WINDOWS\shginas.dll
O3 – Toolbar: Search Toolbar – {A6790AA5–C6C7–4BCF–A46D–0FDAC4EA90EB} – C:\WINDOWS\system32\azesearch2.ocx
O6 – HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 – DPF: {15589FA1–C456–11CE–BF01–000000000000} – http://www.errornuker.com/products/errn2004/installers/default/ErrorNukerInstaller.exe
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/DownloadAccess/ie/bridge–c18.cab
O16 – DPF: {4208FB4D–4E53–4F5A–BF7A–3E047DDB5281} (ActiveX Control) – http://www.icannnews.com/app/ST/ActiveX.ocx
O16 – DPF: {4418DD4D–7265–4C32–BC0A–3FDB3C2DA938} (Protecter Class) – http://www.slotchbar.com/ist/softwares/v4.0/protect_regular.cab
O16 – DPF: {706F3805–27D7–478D–80E5–E25D2BB030B3} – http://www.advnt01.com/dialer/internazionale_ver3.CAB
O20 – Winlogon Notify: Extensions – C:\WINDOWS\system32\svextspk.dll
Strona 1 / 1