PILNE !!! Virus Alert!
Od paru dni na pasku zadań miga mi ikonka "Virus Alert" na zmianie coś zielonego i coś ala zakaz wjazdu. Od czasu do czasu rozwija sie okienko, w którym pisze : "Your computer is infected! Critical System Error! System detectede virus activities. ..." Sprawdziłem kompa pare razy Nortonem AntiVirusem 2002 z najnowszymi bibliotekami wirusów i wykrył pare i je usunoł, a to okienko nadal sie pojawia. Przeskanowałem kompa jeszcze raz i nie znalazł źadnych wirusów.
I jeszcze coś. Jak pojawiła sie ta ikona w IE za kaźdym razem jak chciałem otworzyć stronę startową lub powrócić do niej to pojawiała sie stronka właśnie o tym, źe mój komputer jest zainfekowany oraz, źe ktos ma dostęp do kilku katalogów na moim kompie(były podane ich scieźki np. C:\ , Program Files\Internet Explorer ). Dalej pisało, źe jeźeli chce sie tego (wirusa) pozbyć to musze ściągnąć jeden z dwóch programów, do których były tam linki. Ale jak juź sie ściągło owy program aby usunąć wirusa naleźało wykupić licencje za 50$.
Problem z tą stroną udało mi sie rozwiązać ale moźe to być pomocne przy diagnozie.
Prosze o pomoc bo nie wiem co mam zrobić.
I jeszcze coś. Jak pojawiła sie ta ikona w IE za kaźdym razem jak chciałem otworzyć stronę startową lub powrócić do niej to pojawiała sie stronka właśnie o tym, źe mój komputer jest zainfekowany oraz, źe ktos ma dostęp do kilku katalogów na moim kompie(były podane ich scieźki np. C:\ , Program Files\Internet Explorer ). Dalej pisało, źe jeźeli chce sie tego (wirusa) pozbyć to musze ściągnąć jeden z dwóch programów, do których były tam linki. Ale jak juź sie ściągło owy program aby usunąć wirusa naleźało wykupić licencje za 50$.
Problem z tą stroną udało mi sie rozwiązać ale moźe to być pomocne przy diagnozie.
Prosze o pomoc bo nie wiem co mam zrobić.
Odpowiedzi: 13
Dodatkowo sprawdzić i zablokować kontrolki ActiveX: SecureLogin class, plik: securelogin.ocx
Pozdro!
Pozdro!
Teź miałem taki problem...
Lecz, juź sobie poradziłem
.
Przeskanowałem system wieloma antywirusami , lecz źaden niczego nie wykrywał. W końcu zaaktualizowałem ewido anti–malware (do pobrania stąd .http://download.ewido.net/ewido–setup.exe )i wykryło mi wira, który był za to odpowiedzialny.
Trzeba usunąć plik z ścieźki: X:\WINDOWS\System32\xenadot.dll , a wir nazywa się Trojan.Fakealert.
Lecz, juź sobie poradziłem
.
Przeskanowałem system wieloma antywirusami , lecz źaden niczego nie wykrywał. W końcu zaaktualizowałem ewido anti–malware (do pobrania stąd .http://download.ewido.net/ewido–setup.exe )i wykryło mi wira, który był za to odpowiedzialny.
Trzeba usunąć plik z ścieźki: X:\WINDOWS\System32\xenadot.dll , a wir nazywa się Trojan.Fakealert.
bardzo proszę o pomooooc!!!
Ja mam taki sam objaw z tym Virus Alert!
a oto mój log:
Logfile of HijackThis v1.99.1
Scan saved at 23:16:29, on 2006–04–23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Programy\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Programy\QuickTime\qttask.exe
D:\Programy\SlySoft\CloneCD\CloneCDTray.exe
D:\Programy\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Programy\a–TimeSync\TimeSync.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\usr\MYSQL\bin\mysqld.exe
D:\Programy\Norton AntiVirus\navapsvc.exe
D:\Programy\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\oodag.exe
D:\Programy\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Programy\Total Commander\TOTALCMD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
K:\Programy\hijackthis\HijackThis.exe
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – D:\Programy\SPYBOT~1\SDHelper.dll
O2 – BHO: (no name) – {8d83b16e–0de1–452b–ac52–96ec0b34aa4b} – (no file)
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – D:\Programy\Norton AntiVirus\NavShExt.dll (file missing)
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 – HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 – HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [HP Component Manager] "D:\Programy\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 – HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] D:\Programy\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [QuickTime Task] "D:\Programy\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [MOD] D:\Programy\Microangelo\muamgr.exe
O4 – HKLM\..\Run: [CloneCDTray] "D:\Programy\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 – HKCU\..\Run: [eMuleAutoStart] D:\Programy\eMule\emule.exe –AutoStart
O4 – Startup: Atomic Time Synchronizer.lnk = D:\Programy\a–TimeSync\TimeSync.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = D:\Programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: InterVideo WinCinema Manager.lnk = D:\Programy\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – D:\Programy\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – D:\Programy\FlashGet\jc_all.htm
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 – Extra button: @C:\Program Files\Messenger\Msgslang.dll,–61144 – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,–61144 – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139011824710
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139013166317
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 – Protocol: msnim – {828030A1–22C1–4009–854F–8E305202313F} – "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 – Winlogon Notify: WRNotifier – C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: MySql – Unknown owner – c:\usr/MYSQL/bin/mysqld.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – D:\Programy\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – D:\Programy\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: O&O Defrag – O&O Software GmbH – C:\WINDOWS\system32\oodag.exe
O23 – Service: SAVScan – Symantec Corporation – D:\Programy\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Webroot Spy Sweeper Engine (svcWRSSSDK) – Webroot Software, Inc. – D:\Programy\Webroot\Spy Sweeper\WRSSSDK.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: Ulead Burning Helper (UleadBurningHelper) – Ulead Systems, Inc. – C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
a oto mój log:
Logfile of HijackThis v1.99.1
Scan saved at 23:16:29, on 2006–04–23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Programy\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Programy\QuickTime\qttask.exe
D:\Programy\SlySoft\CloneCD\CloneCDTray.exe
D:\Programy\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Programy\a–TimeSync\TimeSync.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\usr\MYSQL\bin\mysqld.exe
D:\Programy\Norton AntiVirus\navapsvc.exe
D:\Programy\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\oodag.exe
D:\Programy\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Programy\Total Commander\TOTALCMD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
K:\Programy\hijackthis\HijackThis.exe
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – D:\Programy\SPYBOT~1\SDHelper.dll
O2 – BHO: (no name) – {8d83b16e–0de1–452b–ac52–96ec0b34aa4b} – (no file)
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – D:\Programy\Norton AntiVirus\NavShExt.dll (file missing)
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 – HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 – HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [HP Component Manager] "D:\Programy\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 – HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] D:\Programy\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [QuickTime Task] "D:\Programy\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [MOD] D:\Programy\Microangelo\muamgr.exe
O4 – HKLM\..\Run: [CloneCDTray] "D:\Programy\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 – HKCU\..\Run: [eMuleAutoStart] D:\Programy\eMule\emule.exe –AutoStart
O4 – Startup: Atomic Time Synchronizer.lnk = D:\Programy\a–TimeSync\TimeSync.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = D:\Programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: InterVideo WinCinema Manager.lnk = D:\Programy\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – D:\Programy\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – D:\Programy\FlashGet\jc_all.htm
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 – Extra button: @C:\Program Files\Messenger\Msgslang.dll,–61144 – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,–61144 – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139011824710
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139013166317
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 – Protocol: msnim – {828030A1–22C1–4009–854F–8E305202313F} – "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 – Winlogon Notify: WRNotifier – C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: MySql – Unknown owner – c:\usr/MYSQL/bin/mysqld.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – D:\Programy\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – D:\Programy\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: O&O Defrag – O&O Software GmbH – C:\WINDOWS\system32\oodag.exe
O23 – Service: SAVScan – Symantec Corporation – D:\Programy\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Webroot Spy Sweeper Engine (svcWRSSSDK) – Webroot Software, Inc. – D:\Programy\Webroot\Spy Sweeper\WRSSSDK.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: Ulead Burning Helper (UleadBurningHelper) – Ulead Systems, Inc. – C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
kosmetycznie usuń to
Uzyj narzędzia do zamknięcia portów Windows Woorms Doors Cleaner. I zmien znaczki z disable na Enable.
Wklej loga z silent runners info w przyklejonych
Uruchomiłem ten program, który daliście i znowu wszystko sie zwaliło. Znowu pojawiła sie tamta strona startowa.
Logfile of HijackThis v1.99.1
Scan saved at 17:00:57, on 2006–04–03
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\lkcitdl.exe
C:\WINDOWS\System32\lkads.exe
C:\WINDOWS\System32\lktsrv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\System32\nisvcloc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Documents and Settings\Rodzinka\Pulpit\hijackthis_199\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Norton Personal Firewall – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:\Documents and Settings\Rodzinka\Ustawienia lokalne\Temp\NPF8\Setup\ISCommon\SYMSHARE\ADBLCK\NISShExt.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 – HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O8 – Extra context menu item: &Google Search – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O8 – Extra context menu item: Similar Pages – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {A93B47FD–9BF6–4DA8–97FC–9270B9D64A6C} (VaPgCtrl Class) – http://83.208.4.203:8082/plugin/h263ctrl.cab
O23 – Service: Lookout Citadel Server (LkCitadelServer) – National Instruments, Inc. – C:\WINDOWS\System32\lkcitdl.exe
O23 – Service: National Instruments PSP Server Locator (lkClassAds) – National Instruments, Inc. – C:\WINDOWS\System32\lkads.exe
O23 – Service: National Instruments Time Synchronization (lkTimeSync) – National Instruments, Inc. – C:\WINDOWS\System32\lktsrv.exe
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: National Instruments Domain Service (NIDomainService) – National Instruments, Inc. – C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 – Service: NI Service Locator (niSvcLoc) – National Instruments Corp. – C:\WINDOWS\System32\nisvcloc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZONELABS\vsmon.exe
Scan saved at 17:00:57, on 2006–04–03
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\lkcitdl.exe
C:\WINDOWS\System32\lkads.exe
C:\WINDOWS\System32\lktsrv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\System32\nisvcloc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Documents and Settings\Rodzinka\Pulpit\hijackthis_199\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Norton Personal Firewall – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:\Documents and Settings\Rodzinka\Ustawienia lokalne\Temp\NPF8\Setup\ISCommon\SYMSHARE\ADBLCK\NISShExt.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 – HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O8 – Extra context menu item: &Google Search – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O8 – Extra context menu item: Similar Pages – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {A93B47FD–9BF6–4DA8–97FC–9270B9D64A6C} (VaPgCtrl Class) – http://83.208.4.203:8082/plugin/h263ctrl.cab
O23 – Service: Lookout Citadel Server (LkCitadelServer) – National Instruments, Inc. – C:\WINDOWS\System32\lkcitdl.exe
O23 – Service: National Instruments PSP Server Locator (lkClassAds) – National Instruments, Inc. – C:\WINDOWS\System32\lkads.exe
O23 – Service: National Instruments Time Synchronization (lkTimeSync) – National Instruments, Inc. – C:\WINDOWS\System32\lktsrv.exe
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: National Instruments Domain Service (NIDomainService) – National Instruments, Inc. – C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 – Service: NI Service Locator (niSvcLoc) – National Instruments Corp. – C:\WINDOWS\System32\nisvcloc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZONELABS\vsmon.exe
bugsbuny napisał:
Potem Dajesz loga do kontroli.
Zaznacz te wpisy w HijackThis które podalem ja i kolega Wiewia , to sa wpisy do usuniecia.. Kasujesz Fix Checked.Czyli mam usunąć tylko ten plik czy jeszcze coś zrobić? }
Potem Dajesz loga do kontroli.
O2 – BHO: Nothing – {4da4616d–7e6e–4fd9–a2d5–b6c535733e22} –C:\WINDOWS\System32\hp8A5D.tmp
R3 – Default URLSearchHook is missing
to równieź masz usunąć z dysku. To jest prawdopodobnie jedna z odmian spyaxe. Uźyj dodatkowo tego narzędzia SmitRem
Czyli mam usunąć tylko ten plik czy jeszcze coś zrobić?
Usunołem ten plik, a ta ikona nadal jest.
Usunołem ten plik, a ta ikona nadal jest.
C:\WINDOWS\System32\nvctrl.exe
F2 – REG:system.ini: Shell=explorer.exe
O3 – Toolbar: (no name) – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – (no file)
O2 – BHO: Nothing – {4da4616d–7e6e–4fd9–a2d5–b6c535733e22} – C:\WINDOWS\System32\hp8A5D.tmp
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
pliki zaznacone na czerwono usuwasz recznie z dysku w trybie awaryjnym bez przywracania systemu.
Logfile of HijackThis v1.99.1
Scan saved at 16:48:46, on 2006–04–02
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\lkcitdl.exe
C:\WINDOWS\System32\lkads.exe
C:\WINDOWS\System32\lktsrv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\System32\nisvcloc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\GetRight\GetRight.exe
C:\Documents and Settings\Rodzinka\Pulpit\hijackthis_199\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: Nothing – {4da4616d–7e6e–4fd9–a2d5–b6c535733e22} – C:\WINDOWS\System32\hp8A5D.tmp
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: (no name) – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – (no file)
O3 – Toolbar: Norton Personal Firewall – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:\Documents and Settings\Rodzinka\Ustawienia lokalne\Temp\NPF8\Setup\ISCommon\SYMSHARE\ADBLCK\NISShExt.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 – HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O8 – Extra context menu item: &Google Search – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O8 – Extra context menu item: Similar Pages – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {A93B47FD–9BF6–4DA8–97FC–9270B9D64A6C} (VaPgCtrl Class) – http://83.208.4.203:8082/plugin/h263ctrl.cab
O23 – Service: Lookout Citadel Server (LkCitadelServer) – National Instruments, Inc. – C:\WINDOWS\System32\lkcitdl.exe
O23 – Service: National Instruments PSP Server Locator (lkClassAds) – National Instruments, Inc. – C:\WINDOWS\System32\lkads.exe
O23 – Service: National Instruments Time Synchronization (lkTimeSync) – National Instruments, Inc. – C:\WINDOWS\System32\lktsrv.exe
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: National Instruments Domain Service (NIDomainService) – National Instruments, Inc. – C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 – Service: NI Service Locator (niSvcLoc) – National Instruments Corp. – C:\WINDOWS\System32\nisvcloc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZONELABS\vsmon.exe
Scan saved at 16:48:46, on 2006–04–02
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\lkcitdl.exe
C:\WINDOWS\System32\lkads.exe
C:\WINDOWS\System32\lktsrv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\System32\nisvcloc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\GetRight\GetRight.exe
C:\Documents and Settings\Rodzinka\Pulpit\hijackthis_199\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: Nothing – {4da4616d–7e6e–4fd9–a2d5–b6c535733e22} – C:\WINDOWS\System32\hp8A5D.tmp
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: (no name) – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – (no file)
O3 – Toolbar: Norton Personal Firewall – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:\Documents and Settings\Rodzinka\Ustawienia lokalne\Temp\NPF8\Setup\ISCommon\SYMSHARE\ADBLCK\NISShExt.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 – HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O8 – Extra context menu item: &Google Search – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O8 – Extra context menu item: Similar Pages – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {A93B47FD–9BF6–4DA8–97FC–9270B9D64A6C} (VaPgCtrl Class) – http://83.208.4.203:8082/plugin/h263ctrl.cab
O23 – Service: Lookout Citadel Server (LkCitadelServer) – National Instruments, Inc. – C:\WINDOWS\System32\lkcitdl.exe
O23 – Service: National Instruments PSP Server Locator (lkClassAds) – National Instruments, Inc. – C:\WINDOWS\System32\lkads.exe
O23 – Service: National Instruments Time Synchronization (lkTimeSync) – National Instruments, Inc. – C:\WINDOWS\System32\lktsrv.exe
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: National Instruments Domain Service (NIDomainService) – National Instruments, Inc. – C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 – Service: NI Service Locator (niSvcLoc) – National Instruments Corp. – C:\WINDOWS\System32\nisvcloc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZONELABS\vsmon.exe
Prosze o Loga HijackThis.Jest przyklejony w tematach.
Strona 1 / 1