prosze mi spr loga
jakbyscie mogli... x]
Logfile of HijackThis v1.99.1
Scan saved at 15:20:11, on 2005–03–31
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dev32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\Fmctrl.EXE
D:\Programy\Winamp\winampa.exe
C:\WINDOWS\Dqq.exe
C:\WINDOWS\System32\ntddetect.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\edsb.exe
C:\WINDOWS\System32\w?aclt.exe
C:\Program Files\Avant Browser\avant.exe
D:\Programy\Gadu–Gadu\gg.exe
C:\Documents and Settings\kamil\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3112
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: Yahoo! Companion BHO – {02478D38–C3F9–4efb–9B51–7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 – BHO: (no name) – {2906F5BF–6309–3D8D–2176–640384C6CEC9} – C:\WINDOWS\System32\omh.dll
O2 – BHO: (no name) – {2F0EF0B4–3109–35D5–2176–640384C6CEC9} – C:\WINDOWS\System32\omh.dll
O2 – BHO: WHttpHelper Class – {9896231A–C487–43A5–8369–6EC9B0A96CC0} – (no file)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:\Programy\FlashGet\jccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:\Programy\FlashGet\fgiebar.dll
O3 – Toolbar: (no name) – {44BE0690–5429–47f0–85BB–3FFD8020233E} – (no file)
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 – HKLM\..\Run: [WinampAgent] D:\Programy\Winamp\winampa.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKLM\..\Run: [Mnt] C:\WINDOWS\Dqq.exe
O4 – HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 – HKLM\..\Run: [Ssq] C:\WINDOWS\System32\Avr.exe
O4 – HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Programy\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Mnt] C:\WINDOWS\Dqq.exe
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: Szukaj – C:\Program Files\Avant Browser\Search.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – D:\Programy\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – D:\Programy\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\Programy\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\Programy\FlashGet\flashget.exe
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111265280886
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} – http://iframedollars.biz/tb/loader2.ocx
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Provides three management service (FreeBSD) – Unknown owner – C:\WINDOWS\System32\dev32.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: ZESOFT – Unknown owner – C:\WINDOWS\zeta.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 15:20:11, on 2005–03–31
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dev32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\Fmctrl.EXE
D:\Programy\Winamp\winampa.exe
C:\WINDOWS\Dqq.exe
C:\WINDOWS\System32\ntddetect.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\edsb.exe
C:\WINDOWS\System32\w?aclt.exe
C:\Program Files\Avant Browser\avant.exe
D:\Programy\Gadu–Gadu\gg.exe
C:\Documents and Settings\kamil\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3112
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: Yahoo! Companion BHO – {02478D38–C3F9–4efb–9B51–7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 – BHO: (no name) – {2906F5BF–6309–3D8D–2176–640384C6CEC9} – C:\WINDOWS\System32\omh.dll
O2 – BHO: (no name) – {2F0EF0B4–3109–35D5–2176–640384C6CEC9} – C:\WINDOWS\System32\omh.dll
O2 – BHO: WHttpHelper Class – {9896231A–C487–43A5–8369–6EC9B0A96CC0} – (no file)
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:\Programy\FlashGet\jccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:\Programy\FlashGet\fgiebar.dll
O3 – Toolbar: (no name) – {44BE0690–5429–47f0–85BB–3FFD8020233E} – (no file)
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 – HKLM\..\Run: [WinampAgent] D:\Programy\Winamp\winampa.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKLM\..\Run: [Mnt] C:\WINDOWS\Dqq.exe
O4 – HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 – HKLM\..\Run: [Ssq] C:\WINDOWS\System32\Avr.exe
O4 – HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Programy\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Mnt] C:\WINDOWS\Dqq.exe
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: Szukaj – C:\Program Files\Avant Browser\Search.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – D:\Programy\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – D:\Programy\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\Programy\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:\Programy\FlashGet\flashget.exe
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111265280886
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} – http://iframedollars.biz/tb/loader2.ocx
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Provides three management service (FreeBSD) – Unknown owner – C:\WINDOWS\System32\dev32.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: ZESOFT – Unknown owner – C:\WINDOWS\zeta.exe (file missing)
Odpowiedzi: 9
Dobrze, jest OK.TicTac:
Chyba wszystko dobrze zrobilem...
Zrobione :)
Chyba wszystko dobrze zrobilem :D wielkie dzieki za pomoc EL NINO...i jak jakis [...] koles moze zakladac ankiete na temat "zostawic czy nie". Jeszcze raz wielkie dzieki za szybko i precyzyjna odpowiedz.
Logfile of HijackThis v1.99.1
Scan saved at 18:48:25, on 2005–04–02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Tomasz Jordan\Pulpit\Pliki ściągnięte\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – C:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 – HKLM\..\Run: [TaskMates] c:\program files\taskmates\taskmates.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 – HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe"
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [CleanIt] C:\Program Files\CleanIt\cleanit.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: &Google Search – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: Si&milar Pages – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:\PROGRA~1\DAP\DAP.EXE
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: ING Bank Online – https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 – DPF: map–comm–applet – http://www.idea.pl/gear/mwi/applet/map–comm–applet.cab
O16 – DPF: {0E8D0700–75DF–11D3–8B4A–0008C7450C4A} (DjVuCtl Class) – http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/2/mailcfg.ocx
O16 – DPF: {5F874A6F–8B34–433D–BA4B–47AC91C0567F} (MailCfg Control) – https://poczta.wp.pl/autoryzacja/mailcfg2.ocx
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098693822127
O16 – DPF: {6CB5E471–C305–11D3–99A8–000086395495} (Google Activate) – http://toolbar.google.com/data/pl/big/1.1.62–big/GoogleNav.cab
O16 – DPF: {7B297BFD–85E4–4092–B2AF–16A91B2EA103} (WScanCtl Class) – http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 – DPF: {90C9629E–CD32–11D3–BBFB–00105A1F0D68} (InstallShield International Setup Player) – http://www.installengine.com/engine/isetup.cab
O16 – DPF: {A7196C8E–35A5–4FF0–9E46–E28918B5CAF6} (GINDOMINO Class) – http://gryonline.wp.pl/files/domino_2_0_0_6.cab
O16 – DPF: {AE1C01E3–0283–11D3–9B3F–00C04F8EF466} (HeartbeatCtl Class) – http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GINWORDS Class) – http://gryonline.wp.pl/files/words_2_0_0_18.cab
O16 – DPF: {DCB16E44–D6DB–473E–A251–F6FBB381C1C3} (GINCHESS Class) – http://gryonline.wp.pl/files/chess_2_0_0_6.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Chyba wszystko dobrze zrobilem :D wielkie dzieki za pomoc EL NINO...i jak jakis [...] koles moze zakladac ankiete na temat "zostawic czy nie". Jeszcze raz wielkie dzieki za szybko i precyzyjna odpowiedz.
Nie. HJ po nacisnieciu "scan" wypluwa na ekran kilka/kilkanascie pozycji. Jesli teraz odnajdziesz wsrod nich pozycje ktore pokazalem wyzej, zazaczasz je po lewej stronie i naciskasz przycisk "Fix...".Te pozycje to mam usunąc w pliku tekstowym ktory stworzyl HJ podczas sparawdzania :?:
Pliku mozesz juz nie znalezc, poniewaz fix ktorego uzyles wypisal:Pliku o tej nazwie nie zmalazłem w System32 a w Tempie tylko 2 plikow nie dalo sie usunac.
(4–2–05 09:56:03) File added to delete: c:\windows\system32\beidm.dll
Mozesz dla pewnosci pokazac pelny log po zakonczeniu zabawy.
pojęcia nie mam co to jest, zaraz zobacze czy aby napewno umiem zrobic to co mi napisales :)
––––––––––––––––––––––––––––––––––––––––––––––––––––
Wiec:
po uruchomieniu i restarcie tym programem pokazal sie pliczek to takiej zawartosci:
Te pozycje to mam usunąc w pliku tekstowym ktory stworzyl HJ podczas sparawdzania :?:
Pliku o tej nazwie nie zmalazłem w System32 a w Tempie tylko 2 plikow nie dalo sie usunac.
––––––––––––––––––––––––––––––––––––––––––––––––––––
Wiec:
po uruchomieniu i restarcie tym programem pokazal sie pliczek to takiej zawartosci:
(4–2–05 09:55:43) SPSeHjFix started v1.1.1
(4–2–05 09:55:43) OS: WinXP (5.1.2600)
(4–2–05 09:55:43) Language: polski
(4–2–05 09:56:03) Disinfection started
(4–2–05 09:56:03) Bad–Dll(IEP): c:\docume~1\tomasz~1\ustawi~1\temp\sp.dll
(4–2–05 09:56:03) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\beidm.dll
(4–2–05 09:56:03) Searchassistant Uninstaller – Keys Deleted
(4–2–05 09:56:03) FilterKey: HKCR\text/html (deleted)
(4–2–05 09:56:03) FilterKey: HKCR\CLSID\{B481E5AC–8EC4–45A9–8501–E91B2A2B8477} (deleted)
(4–2–05 09:56:03) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(4–2–05 09:56:03) FilterKey: HKCR\text/plain (deleted)
(4–2–05 09:56:03) FilterKey: HKCR\CLSID\{B481E5AC–8EC4–45A9–8501–E91B2A2B8477} (error while deleting)
(4–2–05 09:56:03) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(4–2–05 09:56:03) UBF: 6
(4–2–05 09:56:03) UBB: 0
(4–2–05 09:56:03) UBR: 14
(4–2–05 09:56:03) Bad IE–pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\tomasz~1\ustawi~1\temp\sp.dll/sp.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\tomasz~1\ustawi~1\temp\sp.dll/sp.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(4–2–05 09:56:03) Stealth–String not found
(4–2–05 09:56:03) Temp–Files delete on Reboot
(4–2–05 09:56:03) File added to delete: c:\windows\system32\beidm.dll
(4–2–05 09:56:03) File added to delete: c:\docume~1\tomasz~1\ustawi~1\temp\~dfde3a.tmp
(4–2–05 09:56:03) Reboot
(4–2–05 09:59:09) SPSeHjFix started v1.1.1
(4–2–05 09:59:09) OS: WinXP (5.1.2600)
(4–2–05 09:59:09) Language: polski
Te pozycje to mam usunąc w pliku tekstowym ktory stworzyl HJ podczas sparawdzania :?:
Pliku o tej nazwie nie zmalazłem w System32 a w Tempie tylko 2 plikow nie dalo sie usunac.
Najpierw sciagnij i odpal http://www.trojaner–info.de/cgi–bin/download.cgi?file=sphjfix
Pozniej usun w HJ:
Nastepnie usuniesz C:\WINDOWS\System32\beidm.dll jesli znajdziesz, oraz recznie Tempy do czysta.
Wiesz co to jest ?
O4 – HKLM\..\Run: [TaskMates] c:\program files\taskmates\taskmates.exe
Pozniej usun w HJ:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\TOMASZ~1\USTAWI~1\Temp\sp.dll/sp.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\TOMASZ~1\USTAWI~1\Temp\sp.dll/sp.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O9 – Extra button: Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – C:\Program Files\Agnitum\Outpost Firewall 1.0\trash.exe (file missing) (HKCU)
O9 – Extra 'Tools' menuitem: Show Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – C:\Program Files\Agnitum\Outpost Firewall 1.0\trash.exe (file missing) (HKCU)
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MusicUnlimited/ie/Bridge–c106.cab
O18 – Filter: text/html – {B481E5AC–8EC4–45A9–8501–E91B2A2B8477} – C:\WINDOWS\System32\beidm.dll
O18 – Filter: text/plain – {B481E5AC–8EC4–45A9–8501–E91B2A2B8477} – C:\WINDOWS\System32\beidm.dll
Nastepnie usuniesz C:\WINDOWS\System32\beidm.dll jesli znajdziesz, oraz recznie Tempy do czysta.
Wiesz co to jest ?
O4 – HKLM\..\Run: [TaskMates] c:\program files\taskmates\taskmates.exe
Nie chcialem juz nowego posta zakladac. Moge prosic o to samo :?: :)
Logfile of HijackThis v1.99.1
Scan saved at 23:36:41, on 2005–04–01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tomasz Jordan\Pulpit\Pliki ściągnięte\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\TOMASZ~1\USTAWI~1\Temp\sp.dll/sp.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\TOMASZ~1\USTAWI~1\Temp\sp.dll/sp.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – C:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 – HKLM\..\Run: [TaskMates] c:\program files\taskmates\taskmates.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 – HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe"
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [CleanIt] C:\Program Files\CleanIt\cleanit.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: &Google Search – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 – Extra context menu item: Backward &Links – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 – Extra context menu item: Cac&hed Snapshot of Page – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: Si&milar Pages – res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:\PROGRA~1\DAP\DAP.EXE
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra button: Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – C:\Program Files\Agnitum\Outpost Firewall 1.0\trash.exe (file missing) (HKCU)
O9 – Extra 'Tools' menuitem: Show Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – C:\Program Files\Agnitum\Outpost Firewall 1.0\trash.exe (file missing) (HKCU)
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: ING Bank Online – https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 – DPF: map–comm–applet – http://www.idea.pl/gear/mwi/applet/map–comm–applet.cab
O16 – DPF: {0E8D0700–75DF–11D3–8B4A–0008C7450C4A} (DjVuCtl Class) – http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MusicUnlimited/ie/Bridge–c106.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/2/mailcfg.ocx
O16 – DPF: {5F874A6F–8B34–433D–BA4B–47AC91C0567F} (MailCfg Control) – https://poczta.wp.pl/autoryzacja/mailcfg2.ocx
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098693822127
O16 – DPF: {6CB5E471–C305–11D3–99A8–000086395495} (Google Activate) – http://toolbar.google.com/data/pl/big/1.1.62–big/GoogleNav.cab
O16 – DPF: {7B297BFD–85E4–4092–B2AF–16A91B2EA103} (WScanCtl Class) – http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 – DPF: {90C9629E–CD32–11D3–BBFB–00105A1F0D68} (InstallShield International Setup Player) – http://www.installengine.com/engine/isetup.cab
O16 – DPF: {A7196C8E–35A5–4FF0–9E46–E28918B5CAF6} (GINDOMINO Class) – http://gryonline.wp.pl/files/domino_2_0_0_6.cab
O16 – DPF: {AE1C01E3–0283–11D3–9B3F–00C04F8EF466} (HeartbeatCtl Class) – http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GINWORDS Class) – http://gryonline.wp.pl/files/words_2_0_0_18.cab
O16 – DPF: {DCB16E44–D6DB–473E–A251–F6FBB381C1C3} (GINCHESS Class) – http://gryonline.wp.pl/files/chess_2_0_0_6.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O18 – Filter: text/html – {B481E5AC–8EC4–45A9–8501–E91B2A2B8477} – C:\WINDOWS\System32\beidm.dll
O18 – Filter: text/plain – {B481E5AC–8EC4–45A9–8501–E91B2A2B8477} – C:\WINDOWS\System32\beidm.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Pierwszy kod to wpis, ktorego HJT nie usunie, taki bug.
Usuniesz go natomiast recznie w edytorze rejestru, badz szybciej wklejajac podany tekst w kodzie drugim z kolei do notatnika itd.
Trzeci kod to wpisy 015 Trusted z ktorymi niekiedy HJT sobie nie radzi i powracaja. Zmasakruje je natomiast program, do ktorego link dostałes.
Te wpisy złozone z trzech liter wyglada na syf zmieniajacy tapete i blokujacy prawoklik. Smart Security
Usuniesz go natomiast recznie w edytorze rejestru, badz szybciej wklejajac podany tekst w kodzie drugim z kolei do notatnika itd.
Trzeci kod to wpisy 015 Trusted z ktorymi niekiedy HJT sobie nie radzi i powracaja. Zmasakruje je natomiast program, do ktorego link dostałes.
Te wpisy złozone z trzech liter wyglada na syf zmieniajacy tapete i blokujacy prawoklik. Smart Security
sory ale nie wiem zabardzo co mam z tym zrobic do konca...
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
Otworz notatnik, wklej do niego:Windows Registry Editor Version 5.00
[–HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00–17A6–11D0–99CB–00C04FD64497}
I zapisz jako wszystkie pliki >> cos_tam.reg
Dodaj do rejestruO15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
Poniewaz przez HiJack This moga byc problemy z usunieciem sciagnij KillTrusted i uruchom program.
Wyłącz przywracanie
Wystartuj system w trybie awaryjnym
Pozbadz sie wpisów oraz pogrubionych przeze mnie plikow/katalogow z dysku, zaznacz najpierw pokazywanie plikow ukrytych i systemowych:
edsb.exe
Ten pytajnikowiec nie niezła bestia. W tasku go nie widać bo uzywa zastrzezonego w nazwie znaku "?"
Musisz wejsc do system32, posortowac pliki wg nazw albo dat, poniewaz pliki beda miały identyczne nazwy (2x wuaclt.exe) i:
– usunać plik o nowszej dacie powstania, albo
– usunac ten, ktory we własciwosciach nie ma jako firmy Microsoftu
Otworz notatnik, wklej do niego:
I zapisz jako wszystkie pliki >> cos_tam.reg
Dodaj do rejestru
Poniewaz przez HiJack This moga byc problemy z usunieciem sciagnij KillTrusted i uruchom program.
Wystartuj system w trybie awaryjnym
Pozbadz sie wpisów oraz pogrubionych przeze mnie plikow/katalogow z dysku, zaznacz najpierw pokazywanie plikow ukrytych i systemowych:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3112
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
O2 – BHO: (no name) – {2906F5BF–6309–3D8D–2176–640384C6CEC9} – C:\WINDOWS\System32\omh.dll
O2 – BHO: (no name) – {2F0EF0B4–3109–35D5–2176–640384C6CEC9} – C:\WINDOWS\System32\omh.dll
O2 – BHO: WHttpHelper Class – {9896231A–C487–43A5–8369–6EC9B0A96CC0} – (no file)
O4 – HKLM\..\Run: [Mnt] C:\WINDOWS\Dqq.exe
O4 – HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 – HKLM\..\Run: [Ssq] C:\WINDOWS\System32\Avr.exe
O4 – HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKCU\..\Run: [Mnt] C:\WINDOWS\Dqq.exe
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} – http://iframedollars.biz/tb/loader2.ocx
O23 – Service: ZESOFT – Unknown owner – C:\WINDOWS\zeta.exe (file missing)
edsb.exe
C:\WINDOWS\System32\w?aclt.exe
Ten pytajnikowiec nie niezła bestia. W tasku go nie widać bo uzywa zastrzezonego w nazwie znaku "?"
Musisz wejsc do system32, posortowac pliki wg nazw albo dat, poniewaz pliki beda miały identyczne nazwy (2x wuaclt.exe) i:
– usunać plik o nowszej dacie powstania, albo
– usunac ten, ktory we własciwosciach nie ma jako firmy Microsoftu
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
Otworz notatnik, wklej do niego:
Windows Registry Editor Version 5.00
[–HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00–17A6–11D0–99CB–00C04FD64497}
I zapisz jako wszystkie pliki >> cos_tam.reg
Dodaj do rejestru
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
Poniewaz przez HiJack This moga byc problemy z usunieciem sciagnij KillTrusted i uruchom program.
Strona 1 / 1