!!!!!!!!!!!!!POMOCY!!!!!!!!!!!!!!!
Mam problem!!!
Mam jakieś syfy na kompie które mi się same poinstalowały programy takie jak:
Golden Retreiver Cash Back (Nie wiem co to jest) i jeszcze "Windows FormatAd" Gdy to usuwam to wyskakuje źebym kompa zrestartował gdy to zrobie to znowu siedzi w systemie i tak cały czas!!! Podspodem jest log z HijackThis!
Scan saved at 18:52:25, on 2005–02–08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSSOUNDMAN.EXE
D:ProgramyAlwil SoftwareAvast4aswUpdSv.exe
C:WINDOWSsystem32spooldriversw32x863hpztsb07.exe
D:ProgramyALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32gah95on6.exe
C:Program FilesWindows FormatAdWinForm.exe
C:Program FilesWindows FormatAdWinFormKeep.exe
D:ProgramyAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32 vsvc32.exe
D:ProgramyAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSsystem32wuauclt.exe
D:ProgramyGadu–Gadugg.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
D:Moje dokumentyHijackThis.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = w3cache.icm.edu.pl/waw.pac:8080
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R1 – HKCUSoftwareMicrosoftInternet Connection Wizard,Shellnext = wmplayer.exe //ICWLaunch
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – d:programyAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {FFFFFEF0–5B30–21D4–945D–000000000000} – D:ProgramySTARDO~1SDIEInt.dll (file missing)
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [ashMaiSv] D:ProgramyAvastashmaisv.exe
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb07.exe
O4 – HKLM..Run: [avast!] D:ProgramyALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32\NeroCheck.exe
O4 – HKLM..Run: [gah95on6] C:WINDOWSsystem32gah95on6.exe
O4 – HKLM..Run: [Windows FormatAd] C:Program FilesWindows FormatAdWinForm.exe
O8 – Extra context menu item: Download with Star Downloader – D:ProgramyStar Downloadersdie.htm
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/CDT/ie/bridge–c282.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
!!!!!!!!!!POMOCY!!!!!!!!
Mam jakieś syfy na kompie które mi się same poinstalowały programy takie jak:
Golden Retreiver Cash Back (Nie wiem co to jest) i jeszcze "Windows FormatAd" Gdy to usuwam to wyskakuje źebym kompa zrestartował gdy to zrobie to znowu siedzi w systemie i tak cały czas!!! Podspodem jest log z HijackThis!
Scan saved at 18:52:25, on 2005–02–08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSSOUNDMAN.EXE
D:ProgramyAlwil SoftwareAvast4aswUpdSv.exe
C:WINDOWSsystem32spooldriversw32x863hpztsb07.exe
D:ProgramyALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32gah95on6.exe
C:Program FilesWindows FormatAdWinForm.exe
C:Program FilesWindows FormatAdWinFormKeep.exe
D:ProgramyAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32 vsvc32.exe
D:ProgramyAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSsystem32wuauclt.exe
D:ProgramyGadu–Gadugg.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
D:Moje dokumentyHijackThis.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = w3cache.icm.edu.pl/waw.pac:8080
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R1 – HKCUSoftwareMicrosoftInternet Connection Wizard,Shellnext = wmplayer.exe //ICWLaunch
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – d:programyAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {FFFFFEF0–5B30–21D4–945D–000000000000} – D:ProgramySTARDO~1SDIEInt.dll (file missing)
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [ashMaiSv] D:ProgramyAvastashmaisv.exe
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb07.exe
O4 – HKLM..Run: [avast!] D:ProgramyALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32\NeroCheck.exe
O4 – HKLM..Run: [gah95on6] C:WINDOWSsystem32gah95on6.exe
O4 – HKLM..Run: [Windows FormatAd] C:Program FilesWindows FormatAdWinForm.exe
O8 – Extra context menu item: Download with Star Downloader – D:ProgramyStar Downloadersdie.htm
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/CDT/ie/bridge–c282.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
!!!!!!!!!!POMOCY!!!!!!!!
Odpowiedzi: 1
Wylaczasz przywracanie
Zamykasz procesy:
gah95on6.exe
WinForm.exe
WinFormKeep.exe
Z dysku leci:
gah95on6.exe
C:Program FilesWindows FormatAd
FIX:
Zamykasz procesy:
gah95on6.exe
WinForm.exe
WinFormKeep.exe
Z dysku leci:
gah95on6.exe
C:Program FilesWindows FormatAd
FIX:
O2 – BHO: (no name) – {FFFFFEF0–5B30–21D4–945D–000000000000} – D:ProgramySTARDO~1SDIEInt.dll (file missing)
O4 – HKLM..Run: [gah95on6] C:WINDOWSsystem32gah95on6.exe
O4 – HKLM..Run: [Windows FormatAd] C:Program FilesWindows FormatAdWinForm.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/CDT/ie/bridge–c282.cab
Strona 1 / 1