prosze niech ktos sprawdzi mój wpis z Hijacka
Oto mój wpis
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
D:\Programy\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\paytime.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
D:\Programy\Opera\Opera.exe
D:\Programy\Gadu–Gadu\gg.exe
E:\instalki\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Programy\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Programy\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 – HKLM\..\Run: [CTAvTray] D:\Programy\Creative\SBLive\Program\CTAvTray.EXE
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\RunOnce: [CTAVTray] D:\Programy\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Programy\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://C:\nosuch.mht!http://85.255.113.4/dl/adv403/x.chm::/load.exe
O17 – HKLM\System\CCS\Services\Tcpip\..\{E26C6AE0–1332–43DE–967D–C4EC441EE20D}: NameServer = 192.168.33.254,194.204.159.1
O21 – SSODL: SysTray.Exlv – {5368DCFC–4F5C–4f5b–B134–E67294FC78E9} – C:\WINDOWS\System32\iandajco.dll (file missing)
Z gory wielkie dzieki!!!!!!!!!!!!!!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
D:\Programy\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\paytime.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
D:\Programy\Opera\Opera.exe
D:\Programy\Gadu–Gadu\gg.exe
E:\instalki\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Programy\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Programy\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 – HKLM\..\Run: [CTAvTray] D:\Programy\Creative\SBLive\Program\CTAvTray.EXE
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\RunOnce: [CTAVTray] D:\Programy\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Programy\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://C:\nosuch.mht!http://85.255.113.4/dl/adv403/x.chm::/load.exe
O17 – HKLM\System\CCS\Services\Tcpip\..\{E26C6AE0–1332–43DE–967D–C4EC441EE20D}: NameServer = 192.168.33.254,194.204.159.1
O21 – SSODL: SysTray.Exlv – {5368DCFC–4F5C–4f5b–B134–E67294FC78E9} – C:\WINDOWS\System32\iandajco.dll (file missing)
Z gory wielkie dzieki!!!!!!!!!!!!!!
Odpowiedzi: 4
Przeciez wyzej wyraznie napisalem co nalezy usunac – NASTY I UNKNOWN.Peter_l:
Tylko jeszcze niech ktoś na forum to zweryfikuje zanim wywalisz.
To jest Java.O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
Przeczytales tekst posta z linkiem do strony sprawdzajacej logi ? Po co kurna ?
U Ciebie akurat to co oznaczone jako "NASTY" i "UNKNOWN" + wszystkie z http://195.95.218.172/index.php
U Ciebie akurat to co oznaczone jako "NASTY" i "UNKNOWN" + wszystkie z http://195.95.218.172/index.php
ale co mam usunac bo nie kumam?
Nad Twoim tematem masz przyklejony w ktorym sprawdzisz log. Jest kilka pozycji do usuniecia.
Strona 1 / 1