maly problem + sprawdzenie loga...

mam problem bo mi sie wlacza siagle jakas stronka przy starcie i co jakis czas mi sie komp resetuje... moze cos nie tak z logiem, byl bym wdzieczny...

Logfile of HijackThis v1.99.0
Scan saved at 21:37:05, on 2005–02–04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32 undll32.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32RUNDLL32.EXE
D:ProgramyWinampwinampa.exe
C:WINDOWSSystem32Fmctrl.EXE
C:Program FilesJavaj2re1.4.2_06injusched.exe
C:WINDOWSSystem32 elcmd.exe
C:WINDOWSSystem32hiden.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32ctfmon.exe
D:ProgramyGadu–Gadugg.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesNorton SystemWorksNorton AntiVirusIWPNPFMntor.exe
D:ProgramyPopTrayPopTray.exe
C:PROGRA~1NORTON~1NORTON~1NPROTECT.EXE
C:WINDOWSSystem32 vsvc32.exe
C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:WINDOWSSystem32hicom.exe
D:ProgramyAvant Browseravant.exe
C:Documents and SettingskamilPulpitHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.allwebsearcher.com/?said=1211
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.allwebsearcher.com/?said=1211
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.allwebsearcher.com/?said=1211
O1 – Hosts: hbin
O1 – Hosts:
O1 – Hosts: 69.20.16.183 auto.search.msn.com
O1 – Hosts: 69.20.16.183 search.netscape.com
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [WinampAgent] d:ProgramyWinampwinampa.exe
O4 – HKLM..Run: [eMusicClient] d:ProgramyWinampeMusiceMusicClient.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [FmctrlTray] Fmctrl.EXE
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_06injusched.exe
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [hiden.exe] hiden.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "D:ProgramyGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – Startup: PopTray.lnk = D:ProgramyPopTrayPopTray.exe
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – D:ProgramyAvant BrowserAddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – D:ProgramyAvant BrowserAddToADBlackList.htm
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – D:ProgramyAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – D:ProgramyAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – D:ProgramyAvant BrowserSearch.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: Manageer Network Connections – Unknown – C:WINDOWSSystem32 elcmd.exe
O23 – Service: Norton AntiVirus Auto–Protect Service – Symantec Corporation – C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service – Symantec Corporation – C:Program FilesNorton SystemWorksNorton AntiVirusIWPNPFMntor.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:PROGRA~1NORTON~1NORTON~1NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:Program FilesNorton SystemWorksNorton AntiVirusSAVScan.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Symantec Network Drivers Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 – Service: Symantec SPBBCSvc – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
O23 – Service: Symantec Core LC – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
O23 – Service: Working Network Connections – Unknown – C:WINDOWSSystem32hicom.exe

–=MC=–:
sory, a gdzie mam usunac te pliki, bo w "szukaj", nie moge znalesc ich...

Bo są super hide
Sciagnij Pocket Killbox i wpisuj sciezki

Lokalizacje rozpoznasz w swoim logu z findit po:
Katalog: C:WINDOWSSystem32
2005–02–04 13:51 Microsoft... itd

Czyli wpisujesz przykladowo
C:WINDOWSSystem32ktr8l79u1.dll

Jesli nie wykosisz wszystkiego to w mgnieniu oka powroci
Wywalasz wszystko w awaryjnym bez neta

Bobi

Dodano: 10.02.2005 11:23:16

sory, a gdzie mam usunac te pliki, bo w "szukaj", nie moge znalesc ich...

–=MC=–

Dodano: 10.02.2005 11:16:58

–=MC=–:
czy mozecie mi jescze zrpawdzic loga z find it:

Prosze bardzo

Do wykoszenia pliki (nie chce mi sie obcinać dat):

2005–02–09 15:20 229173 ktr8l79u1.dll
2005–02–09 15:19 229195 e2200cfmef2a0.dll
2005–02–09 15:16 230619 k644lghq164e.dll
2005–02–09 14:47 231035 r68slgl716q.dll
2005–02–09 14:46 230531 n6l8lg3u16.dll
2005–02–09 09:41 230278 s4pu0e79eh.dll
2005–02–09 08:45 232194 i442leho1h4c.dll
2005–02–08 23:25 229850 e602lgdo160c.dll
2005–02–04 21:07 229866 en26l1fs1.dll
2005–02–04 21:00 229866 en86l1ls1.dll
2005–02–04 20:53 229866 enrsl1971.dll
2005–02–04 18:59 229866 k2pm0c71ef.dll
2005–02–04 16:57 231757 r88s0il7e8q.dll
2005–02–04 16:55 228427 enp2l17o1.dll
2005–02–04 15:44 230173 i2600cjmefoa0.dll
2005–02–04 15:36 229132 irjml5111.dll
2005–02–04 15:29 229332 irj0l51m1.dll
2005–02–04 15:18 229741 hr8605lse.dll
2005–02–04 14:48 228427 q086lals1dq6.dll
2005–02–04 14:40 228427 l4p20e7oeh.dll
2005–02–04 14:31 228772 irpml5711.dll
2005–02–04 13:58 230853 kkdsl.dll
2005–02–04 13:57 229738 e0jmla111d.dll

2005–02–04 13:03 230488 o0ns0a57ed.dll
2005–02–04 11:18 229736 d0j0la1m1d.dll
2005–02–04 10:27 231161 j4n2le5o1h.dll
2005–02–04 10:13 229870 lv6u09j9e.dll
2005–02–04 10:11 231030 lvpo0973e.dll
2005–02–04 10:07 230040 lvjs0917e.dll
2005–02–04 10:03 230744 lv8209loe.dll
2005–02–01 15:44 413696 t?skmgr.exe
2005–01–29 18:26 848 KGyGaAvL.sys
2005–01–29 18:21 56 3C11EDCE4C.sys

2005–02–03 23:12 49152 tmksrvu.exe
2005–02–01 15:44 413696 t?skmgr.exe
2005–01–29 18:26 848 KGyGaAvL.sys
2005–01–29 18:21 56 3C11EDCE4C.sys
2005–01–24 20:24 106496 xplugin.dll

oraz klucze:

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsUser AgentPost Platform]
"{F39984CD–5FBB–4567–918E–705BA30640A0}"=""

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifyShellCompatibility]
"Asynchronous"=dword:00000000
"DllName"="C:\WINDOWS\system32\e2200cfmef2a0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

Bobi

Dodano: 09.02.2005 22:42:20

czy mozecie mi jescze zrpawdzic loga z find it:

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

––––––– System Files in System32 Directory –––––––

Wolumin w stacji C nie ma etykiety.
Numer seryjny woluminu: 2474–ECB0

Katalog: C:WINDOWSSystem32

2005–02–09 15:20 229173 ktr8l79u1.dll
2005–02–09 15:19 229195 e2200cfmef2a0.dll
2005–02–09 15:16 230619 k644lghq164e.dll
2005–02–09 14:47 231035 r68slgl716q.dll
2005–02–09 14:46 230531 n6l8lg3u16.dll
2005–02–09 09:41 230278 s4pu0e79eh.dll
2005–02–09 08:45 232194 i442leho1h4c.dll
2005–02–08 23:25 229850 e602lgdo160c.dll
2005–02–04 21:07 229866 en26l1fs1.dll
2005–02–04 21:00 229866 en86l1ls1.dll
2005–02–04 20:53 229866 enrsl1971.dll
2005–02–04 18:59 229866 k2pm0c71ef.dll
2005–02–04 16:57 231757 r88s0il7e8q.dll
2005–02–04 16:55 228427 enp2l17o1.dll
2005–02–04 15:44 230173 i2600cjmefoa0.dll
2005–02–04 15:36 229132 irjml5111.dll
2005–02–04 15:29 229332 irj0l51m1.dll
2005–02–04 15:18 229741 hr8605lse.dll
2005–02–04 14:48 228427 q086lals1dq6.dll
2005–02–04 14:40 228427 l4p20e7oeh.dll
2005–02–04 14:31 228772 irpml5711.dll
2005–02–04 13:58 230853 kkdsl.dll
2005–02–04 13:57 229738 e0jmla111d.dll
2005–02–04 13:51 Microsoft
2005–02–04 13:03 230488 o0ns0a57ed.dll
2005–02–04 11:18 229736 d0j0la1m1d.dll
2005–02–04 10:27 231161 j4n2le5o1h.dll
2005–02–04 10:13 229870 lv6u09j9e.dll
2005–02–04 10:11 231030 lvpo0973e.dll
2005–02–04 10:07 230040 lvjs0917e.dll
2005–02–04 10:03 230744 lv8209loe.dll
2005–02–01 15:44 413696 t?skmgr.exe
2005–01–29 18:26 848 KGyGaAvL.sys
2005–01–29 18:21 56 3C11EDCE4C.sys
2005–01–22 12:39 dllcache
1999–09–30 19:21 166672 mstext35.dll
1999–09–28 21:42 1050896 msjet35.dll
1999–09–09 22:06 168720 msltus35.dll
1999–09–09 22:06 252688 msexcl35.dll
1999–08–25 14:57 415504 msrepl35.dll
1999–06–10 09:34 24848 msjter35.dll
1999–06–10 09:34 123664 msjint35.dll
1999–06–07 18:59 250128 mspdox35.dll
1999–04–25 17:00 287504 Msxbse35.dll
1999–04–25 17:00 368912 Vbar332.dll
1999–04–25 17:00 252176 Msrd2x35.dll
44 plik(w) 10676499 bajtw
2 katalog(w) 2649333760 bajtw wolnych

––––––– Hidden Files in System32 Directory –––––––

Wolumin w stacji C nie ma etykiety.
Numer seryjny woluminu: 2474–ECB0

Katalog: C:WINDOWSSystem32

2005–02–03 23:12 49152 tmksrvu.exe
2005–02–01 15:44 413696 t?skmgr.exe
2005–01–29 18:26 848 KGyGaAvL.sys
2005–01–29 18:21 56 3C11EDCE4C.sys
2005–01–24 20:24 106496 xplugin.dll
2005–01–22 12:57 488 logonui.exe.manifest
2005–01–22 12:57 488 WindowsLogon.manifest
2005–01–22 12:57 749 cdplayer.exe.manifest
2005–01–22 12:57 749 sapi.cpl.manifest
2005–01–22 12:57 749 nwc.cpl.manifest
2005–01–22 12:57 749 ncpa.cpl.manifest
2005–01–22 12:57 749 wuaucpl.cpl.manifest
2005–01–22 12:39 dllcache
12 plik(w) 574969 bajtw
1 katalog(w) 2649325568 bajtw wolnych

–––––––––– Files Named "Guard" –––––––––––––

Wolumin w stacji C nie ma etykiety.
Numer seryjny woluminu: 2474–ECB0

Katalog: C:WINDOWSSystem32

2005–02–09 21:18 229195 guard.tmp
1 plik(w) 229195 bajtw
0 katalog(w) 2649317376 bajtw wolnych

––––––––– Temp Files in System32 Directory ––––––––

Wolumin w stacji C nie ma etykiety.
Numer seryjny woluminu: 2474–ECB0

Katalog: C:WINDOWSSystem32

2005–02–09 21:18 229195 guard.tmp
2001–10–26 16:45 2596 CONFIG.TMP
2 plik(w) 231791 bajtw
0 katalog(w) 2649309184 bajtw wolnych

–––––––––––––––– User Agent ––––––––––––

REGEDIT4

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsUser AgentPost Platform]
"{F39984CD–5FBB–4567–918E–705BA30640A0}"=""

–––––––––––– Keys Under Notify ––––––––––––

REGEDIT4

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycrypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifycscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifydraw32]
"DllName"=hex(2):64,72,61,77,33,32,2e,64,6c,6c,00
"Startup"="MedManager"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
"MaxWait"=dword:00000001

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifyScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifySchedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifysclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifySensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifyShellCompatibility]
"Asynchronous"=dword:00000000
"DllName"="C:\WINDOWS\system32\e2200cfmef2a0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify ermsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c,6c,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifywlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

–––––––––––––––– Xfind Locked Files –––––––––––––––––

System nie moe wykona okrelonego programu.

–––––––––––––– XFind Qoologic Results ––––––––––––––

System nie moe wykona okrelonego programu.
System nie moe wykona okrelonego programu.

–––––––––––––– XFind Aspack Results –––––––––––––––

System nie moe wykona okrelonego programu.
System nie moe wykona okrelonego programu.

–––––––––––––– Locate.com Results –––––––––––––––

–=MC=–

Dodano: 09.02.2005 22:31:44

Wal w awaryjnym w takim razie

Bobi

Dodano: 08.02.2005 22:37:29

ale w tym tasku wlasnie nie ma takiego procesu... a w hijackthis jest...

–=MC=–

Dodano: 08.02.2005 22:33:44

Najpierw wyłaczasz proces w tasku (alt + ctrl + del)

Bobi

Dodano: 08.02.2005 14:31:56

kurde ale nie wiem co mam zrobic w hijackthis zaznaczylem to hiden.exe i dalem fix ale nie moglem tego usunac bo pisze ze jest urzywany... ;/

–=MC=–

Dodano: 08.02.2005 14:28:18

Wylacz przywracanie

Zakoncz proces:
hiden.exe

Usun z dysku:
hiden.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.allwebsearcher.com/?said=1211
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.allwebsearcher.com/?said=1211
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.allwebsearcher.com/?said=1211
O1 – Hosts: hbin
O1 – Hosts:
O4 – HKLM..Run: [hiden.exe] hiden.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k

Odnosnie tych

O1 – Hosts: 69.20.16.183 auto.search.msn.com
O1 – Hosts: 69.20.16.183 search.netscape.com
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch

i tych

O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll

wpisow znajdziesz odpowiedz w tym temacie

Bobi

Dodano: 05.02.2005 10:42:09

maly problem + sprawdzenie loga...

Odpowiedzi: 9