pomóźcie znaleźć wirusa
cześć
pomóźcie mi znaleźć wirusa, bo ja się za bardzo na tym nie znam chyba archi ale czy cos jeszce?
ogfile of HijackThis v1.99.1
Scan saved at 17:38:46, on 2006–03–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\archi.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\User\USTAWI~1\Temp\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\archi.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\_Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS\inet20002\services.exe
O4 – HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 – HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start
O4 – HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware Assassin 4.0\Spyware Assassin.exe"
O4 – HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [aupd] C:\WINDOWS\System32\symsvcsa.exe
O4 – HKCU\..\Run: [frik] C:\stub_113_4_0_4_0.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: hpoddt01.exe.lnk = ?
O4 – Global Startup: hp psc 1000 series.lnk = ?
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {3B02AAA2–327C–40ED–A849–4BE819AE5385} (ImgSizer Control) – file://C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DlfnTmp0\imgSizer.ocx
O16 – DPF: {54823A9D–6BAE–11D5–B519–0050BA2413EB} (ChkDVDCtl Class) – http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 – DPF: {5AE70FF8–20A7–4FC4–B896–404196B8B04C} (Smtpauth Control) – http://i.wp.pl/a/i/poczta_xl/smtpauth.ocx
O17 – HKLM\System\CCS\Services\Tcpip\..\{616115C4–B980–4FE8–B474–60CF19B1AA2E}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: H323TSP – C:\WINDOWS\system32\ir82l5lo1.dll
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
pomóźcie mi znaleźć wirusa, bo ja się za bardzo na tym nie znam chyba archi ale czy cos jeszce?
ogfile of HijackThis v1.99.1
Scan saved at 17:38:46, on 2006–03–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\archi.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\User\USTAWI~1\Temp\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\archi.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\_Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS\inet20002\services.exe
O4 – HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 – HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start
O4 – HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware Assassin 4.0\Spyware Assassin.exe"
O4 – HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [aupd] C:\WINDOWS\System32\symsvcsa.exe
O4 – HKCU\..\Run: [frik] C:\stub_113_4_0_4_0.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: hpoddt01.exe.lnk = ?
O4 – Global Startup: hp psc 1000 series.lnk = ?
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {3B02AAA2–327C–40ED–A849–4BE819AE5385} (ImgSizer Control) – file://C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DlfnTmp0\imgSizer.ocx
O16 – DPF: {54823A9D–6BAE–11D5–B519–0050BA2413EB} (ChkDVDCtl Class) – http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 – DPF: {5AE70FF8–20A7–4FC4–B896–404196B8B04C} (Smtpauth Control) – http://i.wp.pl/a/i/poczta_xl/smtpauth.ocx
O17 – HKLM\System\CCS\Services\Tcpip\..\{616115C4–B980–4FE8–B474–60CF19B1AA2E}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: H323TSP – C:\WINDOWS\system32\ir82l5lo1.dll
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
Odpowiedzi: 20
F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\archi.exe
Usunełas wcześniej ten wpis w HijackThis poleceniem fixchecked a plik ręcznie z dysku. :?:
robisz to wszystko z wyłączonym przywracaniem systemu.
Zainstaluj Ewido Zrób update i przeskanuj
ok słuchajcie chyba udało się z tą 20 ale archi niestety nadal miesza :cry:
wklejam nowy log
Logfile of HijackThis v1.99.1
Scan saved at 18:54:21, on 2006–03–04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\archi.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\_Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: hpoddt01.exe.lnk = ?
O4 – Global Startup: hp psc 1000 series.lnk = ?
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {54823A9D–6BAE–11D5–B519–0050BA2413EB} (ChkDVDCtl Class) – http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 – DPF: {5AE70FF8–20A7–4FC4–B896–404196B8B04C} (Smtpauth Control) – http://i.wp.pl/a/i/poczta_xl/smtpauth.ocx
O17 – HKLM\System\CCS\Services\Tcpip\..\{616115C4–B980–4FE8–B474–60CF19B1AA2E}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
sprawdzcie
wklejam nowy log
Logfile of HijackThis v1.99.1
Scan saved at 18:54:21, on 2006–03–04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\archi.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\_Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: hpoddt01.exe.lnk = ?
O4 – Global Startup: hp psc 1000 series.lnk = ?
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {54823A9D–6BAE–11D5–B519–0050BA2413EB} (ChkDVDCtl Class) – http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 – DPF: {5AE70FF8–20A7–4FC4–B896–404196B8B04C} (Smtpauth Control) – http://i.wp.pl/a/i/poczta_xl/smtpauth.ocx
O17 – HKLM\System\CCS\Services\Tcpip\..\{616115C4–B980–4FE8–B474–60CF19B1AA2E}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
sprawdzcie
A które mam otworzyć?
locate
process
keypress
strings
second
ntriht
l2mfix?
bo jak wejdę to są te rzeczy a ja nie wiem który otworzyć
przepraszam,źe taka mało kumata, ale moźe się uda jak pomoźecie
acha i czy przed uruchomieniem odłączyć internet?
locate
process
keypress
strings
second
ntriht
l2mfix?
bo jak wejdę to są te rzeczy a ja nie wiem który otworzyć
przepraszam,źe taka mało kumata, ale moźe się uda jak pomoźecie
acha i czy przed uruchomieniem odłączyć internet?
MR. Anderson:
Daj loga z l2mfix z opcji nr.1
Nie potzeba ręcznego źmudnego usuwania. Niech uźyje najpierw narzędzie Look2Me–Destroyer bardzo dobrze sobie radzi z kaźdą narazie odmianą VX2.
Co do błedu Look2Me–Destroyer ściągnij ten plik http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX i zapisz go C:\Windows\System32 i ponownie uźyj narzędzia Look2Me–Destroyer
O4 – HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware Assassin 4.0\Spyware Assassin.exe"
O4 – HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll\
te dwa juź wywaliłam :D
O4 – HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll\
te dwa juź wywaliłam :D
ja chyba się do tego nie nadaje :cry:
nie umiem, niby wszystko pisze krok po kroku ale ja niewiem jak, zaznaczam usuwam i nic to nie daje a ten programik look2 nie chce mi się otworzyc jakis błąd wyskakuje
nie umiem, niby wszystko pisze krok po kroku ale ja niewiem jak, zaznaczam usuwam i nic to nie daje a ten programik look2 nie chce mi się otworzyc jakis błąd wyskakuje
W trybie awaryjnym z wyłączonym przywracaniem systemu usuń wpisy i pugrubione pliki/foldery:
Daj loga z l2mfix z opcji nr.1
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\archi.exe
(odinstaluj Spyware Doctor i Spy Assasin w dodaj/usuń(Czemu ? bo to są fałszywe programy anty, jeśli Spyware doctor jest w wersji Full nie trial to zostaw)
O4 – HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware Assassin 4.0\Spyware Assassin.exe"
O4 – HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll\
O20 – Winlogon Notify: policies – C:\WINDOWS\system32\f4l02e3mgh.dll
Daj loga z l2mfix z opcji nr.1
Dlaczego nie usuwasz wszystkich smieci ? Pisano Ci juz o wpisie O20.
Niestety tak jak przypuszczałam plik archi.exe ciągle robi sobie kopie i nie pozwla się usunąć
wstawiam logo moźe ktoś znajdzie jeszce jakieś inne świństwo
Logfile of HijackThis v1.99.1
Scan saved at 18:03:58, on 2006–03–04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\archi.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad–Aware SE Personal\Ad–Aware.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\archi.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\_Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start
O4 – HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware Assassin 4.0\Spyware Assassin.exe"
O4 – HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: hpoddt01.exe.lnk = ?
O4 – Global Startup: hp psc 1000 series.lnk = ?
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {54823A9D–6BAE–11D5–B519–0050BA2413EB} (ChkDVDCtl Class) – http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 – DPF: {5AE70FF8–20A7–4FC4–B896–404196B8B04C} (Smtpauth Control) – http://i.wp.pl/a/i/poczta_xl/smtpauth.ocx
O17 – HKLM\System\CCS\Services\Tcpip\..\{616115C4–B980–4FE8–B474–60CF19B1AA2E}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: policies – C:\WINDOWS\system32\f4l02e3mgh.dll
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
wstawiam logo moźe ktoś znajdzie jeszce jakieś inne świństwo
Logfile of HijackThis v1.99.1
Scan saved at 18:03:58, on 2006–03–04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\archi.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad–Aware SE Personal\Ad–Aware.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\User\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\archi.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\_Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" –start
O4 – HKCU\..\Run: [Spyware Assassin v.4.0] "C:\Program Files\Spyware Assassin 4.0\Spyware Assassin.exe"
O4 – HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: hpoddt01.exe.lnk = ?
O4 – Global Startup: hp psc 1000 series.lnk = ?
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {54823A9D–6BAE–11D5–B519–0050BA2413EB} (ChkDVDCtl Class) – http://www.gocyberlink.com/winxp/CheckDVD.cab
O16 – DPF: {5AE70FF8–20A7–4FC4–B896–404196B8B04C} (Smtpauth Control) – http://i.wp.pl/a/i/poczta_xl/smtpauth.ocx
O17 – HKLM\System\CCS\Services\Tcpip\..\{616115C4–B980–4FE8–B474–60CF19B1AA2E}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: policies – C:\WINDOWS\system32\f4l02e3mgh.dll
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
Coś niekompletny ten log. W HijackThis uruchom "Do a system scan only", zaznacz
pozamykaj wszystkie aktywne programy poza HJT, klik "Fix Checked" . Uruchom przeglądarkę akceptującą ActiveX, np. IExplore, wejdź na stronę http://www.kaspersky.com/virusscanner lub http://www.pandasoftware.com/products/activescan.htm i przeskanuj system, Trochę potrwa, ale wart. Potem podaj loga ponownie.F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\archi.exe
a jak się ściąga ze strony symanteka bo coś mi się nie chciało otworzyć
Logfile of HijackThis v1.99.1
Scan saved at 21:16:21, on 2006–03–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\User\USTAWI~1\Temp\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\archi.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\_Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\C
wkleiłam nowy czy juz nic tu nie ma?
Scan saved at 21:16:21, on 2006–03–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Wanadoo\Watch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\User\USTAWI~1\Temp\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\archi.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\_Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe –startup
O4 – HKLM\..\Run: [ISUSScheduler] "C:\Program Files\C
wkleiłam nowy czy juz nic tu nie ma?
Przepraszam ale ja za bardzo nie wiem jak to sie usuwa w trybie awaryjnym :cry: ,
czyli jeszce raz co powinnam zrobić?
czyli jeszce raz co powinnam zrobić?
Under, ile razy mam powtarzać, źe jeśli się na czymś nie znasz, nie tykaj sie tego?
Kto usunie to co ponieźej + to co juź panowie wyźej podali?
Spyware Assassin i Spyware Doctor nie ufałbym specjalnie, sugerowałbym zamienić ten zestaw na coś innego.
Kto usunie to co ponieźej + to co juź panowie wyźej podali?
O4 – HKCU\..\Run: [aupd] C:\WINDOWS\System32\symsvcsa.exe
O4 – HKCU\..\Run: [frik] C:\stub_113_4_0_4_0.exe
Spyware Assassin i Spyware Doctor nie ufałbym specjalnie, sugerowałbym zamienić ten zestaw na coś innego.
Archi.exe – W32.Ftrap
http://www.symantec.com/avcenter/venc/data/w32.ftrap.html
http://www.symantec.com/avcenter/venc/data/w32.ftrap.html
O20 – Winlogon Notify: H323TSP – C:\WINDOWS\system32\ir82l5lo1.dll
Masz VX2
Poczytaj ten temat http://forum.centrumxp.pl/viewtopic.php?t=43523
Jak ci nie pomoźe masz jeszcze to http://forum.twojastrefapc.pl/index.php?showtopic=214
I zastosuj narzędzie Look2Me–Destroyer.exe
Jest virus
F2 – REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\archi.exe
mam jeszce pytanko
a czy to nie jest wirus?
mam jeszce pytanko
a czy to nie jest wirus?
mam ad–aware se
ale dzięki za pomoc :wink:
ale dzięki za pomoc :wink:
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 – Default URLSearchHook is missing
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS\inet20002\services.exe
O4 – HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 – HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
DPF: {3B02AAA2–327C–40ED–A849–4BE819AE5385} (ImgSizer Control) – file://C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DlfnTmp0\imgSizer.ocx
Wywal to.
Zainstaluj SP2 bo raczej nie masz i poleam Spybot – Search & Destroy albo Ad–Aware SE Personal.
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 – Default URLSearchHook is missing
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS\inet20002\services.exe
O4 – HKLM\..\Run: [winsysupd] C:\windows\winsysupd.exe
O4 – HKLM\..\Run: [winsysban] C:\windows\winsysban.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
DPF: {3B02AAA2–327C–40ED–A849–4BE819AE5385} (ImgSizer Control) – file://C:\Documents and Settings\User\Ustawienia lokalne\Temp\~DlfnTmp0\imgSizer.ocx
Wywal to.
Zainstaluj SP2 bo raczej nie masz i poleam Spybot – Search & Destroy albo Ad–Aware SE Personal.