pomocy bardzo długie uruchamianie xp–proszęsprawdźcie loga
Witam wszystkich
Mam taki problem,komp włancza mi się około 5 minut co mnie strasznie denerwuje no i stał się wogule wolny a przy startowaniu mam tylko nortona gg sterowniki myszki klawiatury i net meter.jestem raczej laikiem w tych sprawachi niewiem czy moźe mam wirusa czy co.Troszkę poczytałem na forum i widzę,źe wiele z was podaje loga z hijacka a wy się w tym doskonale orientujecie niestety ja nie więc i ja go ściągnołem i wam go podam,moźe znajdzie się ktoś kto poświęci mi chwilkę i powie co zrobić by było ok.Ręce mi juź opadają kupiłem nawet na allegro jakiś programik ,który przyspiesza kompa ale niestety nie w moim przypadku.Co mam jeszcze zrobić.
Logfile of HijackThis v1.99.1
Scan saved at 19:39:27, on 2005–03–24
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\program files1\od sprawdzania transferu w necie\NetMeter\NetMeter.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\program files1\skype\Skype.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\marek\Moje dokumenty\hijack\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hhbdp.dll/sp.html#37049
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hhbdp.dll/sp.html#37049
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hhbdp.dll/sp.html#37049
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.25.248:1550
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Response Class – {81A99149–F047–4090–8AAD–D11FF4EFB734} – C:\WINDOWS\System32\dae.dll
O2 – BHO: CNisExtBho Class – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar.dll
O3 – Toolbar: Web assistant – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [C:\program files1\od sprawdzania transferu w necie\NetMeter\NetMeter.exe] C:\program files1\od sprawdzania transferu w necie\NetMeter\NetMeter.exe
O4 – Global Startup: Skrót do iTouch.lnk = C:\Program Files\Logitech\iTouch\iTouch.exe
O8 – Extra context menu item: &Google Search – res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Si&milar Pages – res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096607746771
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GINBILLARD8 Class) – http://66.98.132.156/g_bin_eng/billard8_2_0_0_13.cab
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: GhostStartService – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 – Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: PCTEL Speaker Phone (Pctspk) – PCtel, Inc. – C:\WINDOWS\system32\pctspk.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Z góry dzieki wszystkim za pomoc
pozdrawiam Markomarecki
Mam taki problem,komp włancza mi się około 5 minut co mnie strasznie denerwuje no i stał się wogule wolny a przy startowaniu mam tylko nortona gg sterowniki myszki klawiatury i net meter.jestem raczej laikiem w tych sprawachi niewiem czy moźe mam wirusa czy co.Troszkę poczytałem na forum i widzę,źe wiele z was podaje loga z hijacka a wy się w tym doskonale orientujecie niestety ja nie więc i ja go ściągnołem i wam go podam,moźe znajdzie się ktoś kto poświęci mi chwilkę i powie co zrobić by było ok.Ręce mi juź opadają kupiłem nawet na allegro jakiś programik ,który przyspiesza kompa ale niestety nie w moim przypadku.Co mam jeszcze zrobić.
Logfile of HijackThis v1.99.1
Scan saved at 19:39:27, on 2005–03–24
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\program files1\od sprawdzania transferu w necie\NetMeter\NetMeter.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\program files1\skype\Skype.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\marek\Moje dokumenty\hijack\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hhbdp.dll/sp.html#37049
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hhbdp.dll/sp.html#37049
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hhbdp.dll/sp.html#37049
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.25.248:1550
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: Response Class – {81A99149–F047–4090–8AAD–D11FF4EFB734} – C:\WINDOWS\System32\dae.dll
O2 – BHO: CNisExtBho Class – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar.dll
O3 – Toolbar: Web assistant – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [C:\program files1\od sprawdzania transferu w necie\NetMeter\NetMeter.exe] C:\program files1\od sprawdzania transferu w necie\NetMeter\NetMeter.exe
O4 – Global Startup: Skrót do iTouch.lnk = C:\Program Files\Logitech\iTouch\iTouch.exe
O8 – Extra context menu item: &Google Search – res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Si&milar Pages – res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\Program Files\FlashGet\jc_all.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096607746771
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GINBILLARD8 Class) – http://66.98.132.156/g_bin_eng/billard8_2_0_0_13.cab
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: GhostStartService – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
O23 – Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: PCTEL Speaker Phone (Pctspk) – PCtel, Inc. – C:\WINDOWS\system32\pctspk.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Z góry dzieki wszystkim za pomoc
pozdrawiam Markomarecki
Odpowiedzi: 3
One sie musza znalezc i Ty je musisz usunac. Moze w HiJacku poprzez Config –> Misc tools –> Delete a file on reboot gdzie podasz sciezke do plikow. Jesli nie, inny sofcik – KilBox
Bardzo dziekuję za pomoc.Usunołem te w hijacku ale niestety w systemie tych pogrubionych nie znalazłem a szukałem i ręcznie i przez wyszukaj i nigdzie ich nie ma(nawet w ukrytych)
Markomarecki
Markomarecki
Wyłacz przywracanie
Wystartuj PC w awaryjnym
FIX (tego co nizej w Hijacku) + usun z dysku pogrubione pliki
Oproznij Tempy, cookies
Twoje proxy ??:
i
Tego drugiego sfixowałbym i ustawiłbym w razie czego jeszcze raz bo sie adresy namnozyły
Wiecej o długim wczytywaniu systemu masz w przyklejonym w dziale XP temacie >> Czesto zadawane...
Wystartuj PC w awaryjnym
FIX (tego co nizej w Hijacku) + usun z dysku pogrubione pliki
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hhbdp.dll/sp.html#37049
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hhbdp.dll/sp.html#37049
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hhbdp.dll/sp.html#37049
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 – Default URLSearchHook is missing
O2 – BHO: Response Class – {81A99149–F047–4090–8AAD–D11FF4EFB734} – C:\WINDOWS\System32\dae.dll
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GINBILLARD8 Class) – http://66.98.132.156/g_bin_eng/billard8_2_0_0_13.cab
Oproznij Tempy, cookies
Twoje proxy ??:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.25.248:1550
i
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com;http://www.tranexp.com
Tego drugiego sfixowałbym i ustawiłbym w razie czego jeszcze raz bo sie adresy namnozyły
Wiecej o długim wczytywaniu systemu masz w przyklejonym w dziale XP temacie >> Czesto zadawane...
Strona 1 / 1