problem z błędem explorer.exe
witam
mam taki problem źe podczas otwierania partycji F:
wyskakuje mi taki błąd
App name Explorer.exe
App Ver 6.0.2900.2180
Mod Name Impgspl.ax
Mod Ver 4.0.0.77
Off set 00003b18
jak zamkne okno błędu to pulpit sie restartuje
czy maci jakieś pomysły bo moje sie skończyły
mam taki problem źe podczas otwierania partycji F:
wyskakuje mi taki błąd
App name Explorer.exe
App Ver 6.0.2900.2180
Mod Name Impgspl.ax
Mod Ver 4.0.0.77
Off set 00003b18
jak zamkne okno błędu to pulpit sie restartuje
czy maci jakieś pomysły bo moje sie skończyły
Odpowiedzi: 13
Lencew zastanów sie co ty robisz... chesz uczcy sie kosztem userów..? Chyba pomylils miejsc to nie przedszkole tu sie pomoaga userom a jak cos Ci tu nie pasuje to zmykaj stad. Wiec ostatnie ostrzezenie.! :evil:
EL NINO ma w 100% racje, wiec uwazaj co do kogo piszesz bo morze to Ci zaszkodzic!!
EL NINO ma w 100% racje, wiec uwazaj co do kogo piszesz bo morze to Ci zaszkodzic!!
EL NINO:
Jesli nie pamietasz, przyjmij moj wczesniejszy post jako ten polecajacy Ci wstrzemiezliwosc.
Jesli natomiast potrafisz, sprawdz toto –> http://forum.centrumxp.pl/viewtopic.php?t=49131Zrobiles wszystko co Ci polecono ?co z tym zrobić aby nie pojawiał sie błąd
Eh człowieku – ja nie mówie źe UMIEM WSZYSTKO –ja po prostu szukam pomocy i pomagam a to źe google podało taki wynik a nie inny to nie moja wina i jak Ci nie odpowiada mój post o tym wpisie 020 to go skasuj
Jesli nie pamietasz, przyjmij moj wczesniejszy post jako ten polecajacy Ci wstrzemiezliwosc.
Jesli natomiast potrafisz, sprawdz toto –> http://forum.centrumxp.pl/viewtopic.php?t=49131
Jesli natomiast potrafisz, sprawdz toto –> http://forum.centrumxp.pl/viewtopic.php?t=49131
Zrobiles wszystko co Ci polecono ?co z tym zrobić aby nie pojawiał sie błąd
Lencew, pisano Ci juz, ze jesli nie potrafisz, masz zostawic w spokoju logi. Nie dociera ?
BTW, cytowanie calych logow rowniez Ci nie przeszkadza ?
Eheh , gdzie mi pisano źe nie potrafie czegoś i mam zostawić logi w spokoju a po za tym z tym wpisem 020 to lekka omyłka – widocznie Google kłamie :lol: :lol: i jakbym mógł to bym usunął tego posta ( tego drugiego o wpisie 020 )
dobra a wracając do tematu głównego
co z tym zrobić aby nie pojawiał sie błąd
co z tym zrobić aby nie pojawiał sie błąd
Lencew, pisano Ci juz, ze jesli nie potrafisz, masz zostawic w spokoju logi. Nie dociera ?
BTW, cytowanie calych logow rowniez Ci nie przeszkadza ?
BTW, cytowanie calych logow rowniez Ci nie przeszkadza ?
A dlaczego nie?
http://www.sophos.com/virusinfo/analyses/trojjupdropa.html#table4
A Hijackthis analysis of your PC may come up with the a file called msupdate32.dll which is stored in your Windows\System32 directory. This file is part of the JupDrop–A trojan and should be considered malicious!
http://www.sophos.com/virusinfo/analyses/trojjupdropa.html#table4
ja teź tpo O20 bym wywalił :)
Lencew, uwaźaj, co mu kaźesz wywalać – R3 to wpis od Neostrady!
talgo – z tym walczysz:
To mnie dziwi – co to za IE ładowany z dllcache?
C:\WINDOWS\system32\dllcache\IExplore.exe
Dalej:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F3 – REG:win.ini: run=C:\WINDOWS\inet20099\winlogon.exe
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – (no file)
O2 – BHO: C:\WINDOWS\system32\st3d.dll – {86AA461F–2A5B–4889–B543–E1BBA6746D61} – C:\WINDOWS\system32\st3d.dll (file missing)
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS\inet20099\winlogon.exe
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS\inet20099\winlogon.exe
O9 – Extra button: (no name) – {9819CC0E–9669–4D01–9CD7–2C66DA43AC6C} – (no file)
O20 – Winlogon Notify: msupdate – C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 – Winlogon Notify: st3d – C:\WINDOWS\system32\st3d.dll (file missing)
O21 – SSODL: DCOM Server – {2C1CD3D7–86AC–4068–93BC–A02304BB8C34} – C:\WINDOWS\system32\dcom_13.dll (file missing)
O21 – SSODL: VMUNEYoANjl – {4CEF618E–E645–CB24–A255–227C700DB399} – C:\WINDOWS\system32\os.dll (file missing)
Widzę, źe masz NOD–a, więc skoro wywaliłeś zapewnie AVK, to tego się teź pozbywasz.
O23 – Service: AVK Service (AVKService) – Unknown owner – d:\AntiVirenKit\AVKService.exe (file missing)
O23 – Service: Straźnik AVK (AVKWCtl) – Unknown owner – d:\AntiVirenKit\AVKWCtl.exe (file missing)
Eheh , jeśli kaźesz mu usuwać to O20 – Winlogon Notify: msupdate – C:\WINDOWS\SYSTEM32\msupdate32.dll
To wole tego nie komentować (...)
Lencew, uwaźaj, co mu kaźesz wywalać – R3 to wpis od Neostrady!
talgo – z tym walczysz:
To mnie dziwi – co to za IE ładowany z dllcache?
Dalej:
Widzę, źe masz NOD–a, więc skoro wywaliłeś zapewnie AVK, to tego się teź pozbywasz.
talgo – z tym walczysz:
To mnie dziwi – co to za IE ładowany z dllcache?
C:\WINDOWS\system32\dllcache\IExplore.exe
Dalej:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F3 – REG:win.ini: run=C:\WINDOWS\inet20099\winlogon.exe
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – (no file)
O2 – BHO: C:\WINDOWS\system32\st3d.dll – {86AA461F–2A5B–4889–B543–E1BBA6746D61} – C:\WINDOWS\system32\st3d.dll (file missing)
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS\inet20099\winlogon.exe
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS\inet20099\winlogon.exe
O9 – Extra button: (no name) – {9819CC0E–9669–4D01–9CD7–2C66DA43AC6C} – (no file)
O20 – Winlogon Notify: msupdate – C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 – Winlogon Notify: st3d – C:\WINDOWS\system32\st3d.dll (file missing)
O21 – SSODL: DCOM Server – {2C1CD3D7–86AC–4068–93BC–A02304BB8C34} – C:\WINDOWS\system32\dcom_13.dll (file missing)
O21 – SSODL: VMUNEYoANjl – {4CEF618E–E645–CB24–A255–227C700DB399} – C:\WINDOWS\system32\os.dll (file missing)
Widzę, źe masz NOD–a, więc skoro wywaliłeś zapewnie AVK, to tego się teź pozbywasz.
O23 – Service: AVK Service (AVKService) – Unknown owner – d:\AntiVirenKit\AVKService.exe (file missing)
O23 – Service: Straźnik AVK (AVKWCtl) – Unknown owner – d:\AntiVirenKit\AVKWCtl.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 06:42, on 2006–02–04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\inet20099\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Eset\nod32kui.exe
D:\Gadu–Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
D:\GetRight\getright.exe
D:\GetRight\getright.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F3 – REG:win.ini: run=C:\WINDOWS\inet20099\winlogon.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – (no file)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – d:\SPYBOT~1\SDHelper.dll
O2 – BHO: C:\WINDOWS\system32\st3d.dll – {86AA461F–2A5B–4889–B543–E1BBA6746D61} – C:\WINDOWS\system32\st3d.dll (file missing)
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 – HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS\inet20099\winlogon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS\inet20099\winlogon.exe
O4 – Global Startup: ATI CATALYST pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: GetRight – Tray Icon.lnk = D:\GetRight\getright.exe
O4 – Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 – Global Startup: NOD32 FiX.lnk = C:\WINDOWS\system32\regedt32.exe
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Otwórz w nowym Avant Browser – C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: Szukaj – C:\Program Files\Avant Browser\Search.htm
O9 – Extra button: Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\WINDOWS\system32\shdocvw.dll
O9 – Extra 'Tools' menuitem: Windows Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\WINDOWS\system32\shdocvw.dll
O9 – Extra button: (no name) – {9819CC0E–9669–4D01–9CD7–2C66DA43AC6C} – (no file)
O12 – Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{F1DA48FA–7F9E–4329–931E–C769D6E52B4E}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: msupdate – C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 – Winlogon Notify: st3d – C:\WINDOWS\system32\st3d.dll (file missing)
O21 – SSODL: DCOM Server – {2C1CD3D7–86AC–4068–93BC–A02304BB8C34} – C:\WINDOWS\system32\dcom_13.dll (file missing)
O21 – SSODL: VMUNEYoANjl – {4CEF618E–E645–CB24–A255–227C700DB399} – C:\WINDOWS\system32\os.dll (file missing)
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AVK Service (AVKService) – Unknown owner – d:\AntiVirenKit\AVKService.exe (file missing)
O23 – Service: Straźnik AVK (AVKWCtl) – Unknown owner – d:\AntiVirenKit\AVKWCtl.exe (file missing)
O23 – Service: InCD Helper (InCDsrv) – Ahead Software AG – C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 – Service: Kodak Camera Connection Software (KodakCCS) – Eastman Kodak Company – C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 – Service: NOD32 Kernel Service (NOD32krn) – Eset – C:\Program Files\Eset\nod32krn.exe
Do wywalenia napewno :
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
Logfile of HijackThis v1.99.1
Scan saved at 06:42, on 2006–02–04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\inet20099\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Eset\nod32kui.exe
D:\Gadu–Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
D:\GetRight\getright.exe
D:\GetRight\getright.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F3 – REG:win.ini: run=C:\WINDOWS\inet20099\winlogon.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – (no file)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – d:\SPYBOT~1\SDHelper.dll
O2 – BHO: C:\WINDOWS\system32\st3d.dll – {86AA461F–2A5B–4889–B543–E1BBA6746D61} – C:\WINDOWS\system32\st3d.dll (file missing)
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 – HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS\inet20099\winlogon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS\inet20099\winlogon.exe
O4 – Global Startup: ATI CATALYST pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: GetRight – Tray Icon.lnk = D:\GetRight\getright.exe
O4 – Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 – Global Startup: NOD32 FiX.lnk = C:\WINDOWS\system32\regedt32.exe
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Otwórz w nowym Avant Browser – C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: Szukaj – C:\Program Files\Avant Browser\Search.htm
O9 – Extra button: Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\WINDOWS\system32\shdocvw.dll
O9 – Extra 'Tools' menuitem: Windows Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\WINDOWS\system32\shdocvw.dll
O9 – Extra button: (no name) – {9819CC0E–9669–4D01–9CD7–2C66DA43AC6C} – (no file)
O12 – Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{F1DA48FA–7F9E–4329–931E–C769D6E52B4E}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: msupdate – C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 – Winlogon Notify: st3d – C:\WINDOWS\system32\st3d.dll (file missing)
O21 – SSODL: DCOM Server – {2C1CD3D7–86AC–4068–93BC–A02304BB8C34} – C:\WINDOWS\system32\dcom_13.dll (file missing)
O21 – SSODL: VMUNEYoANjl – {4CEF618E–E645–CB24–A255–227C700DB399} – C:\WINDOWS\system32\os.dll (file missing)
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AVK Service (AVKService) – Unknown owner – d:\AntiVirenKit\AVKService.exe (file missing)
O23 – Service: Straźnik AVK (AVKWCtl) – Unknown owner – d:\AntiVirenKit\AVKWCtl.exe (file missing)
O23 – Service: InCD Helper (InCDsrv) – Ahead Software AG – C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 – Service: Kodak Camera Connection Software (KodakCCS) – Eastman Kodak Company – C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 – Service: NOD32 Kernel Service (NOD32krn) – Eset – C:\Program Files\Eset\nod32krn.exe
Scan saved at 06:42, on 2006–02–04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\inet20099\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Eset\nod32kui.exe
D:\Gadu–Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
D:\GetRight\getright.exe
D:\GetRight\getright.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F3 – REG:win.ini: run=C:\WINDOWS\inet20099\winlogon.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – (no file)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – d:\SPYBOT~1\SDHelper.dll
O2 – BHO: C:\WINDOWS\system32\st3d.dll – {86AA461F–2A5B–4889–B543–E1BBA6746D61} – C:\WINDOWS\system32\st3d.dll (file missing)
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 – HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS\inet20099\winlogon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS\inet20099\winlogon.exe
O4 – Global Startup: ATI CATALYST pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: GetRight – Tray Icon.lnk = D:\GetRight\getright.exe
O4 – Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 – Global Startup: NOD32 FiX.lnk = C:\WINDOWS\system32\regedt32.exe
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Otwórz w nowym Avant Browser – C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: Szukaj – C:\Program Files\Avant Browser\Search.htm
O9 – Extra button: Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\WINDOWS\system32\shdocvw.dll
O9 – Extra 'Tools' menuitem: Windows Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\WINDOWS\system32\shdocvw.dll
O9 – Extra button: (no name) – {9819CC0E–9669–4D01–9CD7–2C66DA43AC6C} – (no file)
O12 – Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{F1DA48FA–7F9E–4329–931E–C769D6E52B4E}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: msupdate – C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 – Winlogon Notify: st3d – C:\WINDOWS\system32\st3d.dll (file missing)
O21 – SSODL: DCOM Server – {2C1CD3D7–86AC–4068–93BC–A02304BB8C34} – C:\WINDOWS\system32\dcom_13.dll (file missing)
O21 – SSODL: VMUNEYoANjl – {4CEF618E–E645–CB24–A255–227C700DB399} – C:\WINDOWS\system32\os.dll (file missing)
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AVK Service (AVKService) – Unknown owner – d:\AntiVirenKit\AVKService.exe (file missing)
O23 – Service: Straźnik AVK (AVKWCtl) – Unknown owner – d:\AntiVirenKit\AVKWCtl.exe (file missing)
O23 – Service: InCD Helper (InCDsrv) – Ahead Software AG – C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 – Service: Kodak Camera Connection Software (KodakCCS) – Eastman Kodak Company – C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 – Service: NOD32 Kernel Service (NOD32krn) – Eset – C:\Program Files\Eset\nod32krn.exe
Zapodaj loga z Hijacka
Strona 1 / 1