prosze o sprawdzenie loga
Logfile of HijackThis v1.99.1
Scan saved at 12:30:14, on 2005–10–27
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\CiDial\CiDial.exe
C:\Program Files\Opera\Opera.exe
D:\eMule\eMule\eMule.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Izus\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [AntyDialerTP] "c:\program files\antydialer tp\antydialertp.exe" tray
O4 – HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 – HKLM\..\Run: [MS–DOS Security Service] ms–dos.pif
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [Symantec Live Update] symlsvc.exe
O4 – HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 – HKLM\..\Run: [Windows Ocx Service] winocx.exe
O4 – HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [client] c:\client.exe
O4 – HKLM\..\RunServices: [Symantec Live Update] symlsvc.exe
O4 – HKLM\..\RunServices: [Windows Ocx Service] winocx.exe
O4 – HKLM\..\RunServices: [MS–DOS Security Service] ms–dos.pif
O4 – HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Windows Ocx Service] winocx.exe
O4 – HKCU\..\Run: [MS–DOS Security Service] ms–dos.pif
O4 – HKCU\..\Run: [MSDOS Security Service] msdos.pif
O4 – HKCU\..\RunServices: [Windows Ocx Service] winocx.exe
O4 – HKCU\..\RunServices: [MS–DOS Security Service] ms–dos.pif
O4 – HKCU\..\RunServices: [MSDOS Security Service] msdos.pif
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{5CEE4170–721E–476A–BD64–B6087B47B320}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: Windows Codecs (Codec) – Unknown owner – C:\WINDOWS\wincodec.exe (file missing)
O23 – Service: ZeroSpyware FileDeleter (FileDeleter) – Unknown owner – C:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe (file missing)
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Scan saved at 12:30:14, on 2005–10–27
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\CiDial\CiDial.exe
C:\Program Files\Opera\Opera.exe
D:\eMule\eMule\eMule.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Izus\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [AntyDialerTP] "c:\program files\antydialer tp\antydialertp.exe" tray
O4 – HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 – HKLM\..\Run: [MS–DOS Security Service] ms–dos.pif
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [Symantec Live Update] symlsvc.exe
O4 – HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 – HKLM\..\Run: [Windows Ocx Service] winocx.exe
O4 – HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [client] c:\client.exe
O4 – HKLM\..\RunServices: [Symantec Live Update] symlsvc.exe
O4 – HKLM\..\RunServices: [Windows Ocx Service] winocx.exe
O4 – HKLM\..\RunServices: [MS–DOS Security Service] ms–dos.pif
O4 – HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Windows Ocx Service] winocx.exe
O4 – HKCU\..\Run: [MS–DOS Security Service] ms–dos.pif
O4 – HKCU\..\Run: [MSDOS Security Service] msdos.pif
O4 – HKCU\..\RunServices: [Windows Ocx Service] winocx.exe
O4 – HKCU\..\RunServices: [MS–DOS Security Service] ms–dos.pif
O4 – HKCU\..\RunServices: [MSDOS Security Service] msdos.pif
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{5CEE4170–721E–476A–BD64–B6087B47B320}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: Windows Codecs (Codec) – Unknown owner – C:\WINDOWS\wincodec.exe (file missing)
O23 – Service: ZeroSpyware FileDeleter (FileDeleter) – Unknown owner – C:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe (file missing)
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Odpowiedzi: 10
Jak dla mnie log czysty. Dobrze wyczyściłaś.
PS Kolorek dla Bobiego ;)
PS Kolorek dla Bobiego ;)
tak, sory ... podaje jeszcze razo po powturzeniu owych zabiegów :oops:
Logfile of HijackThis v1.99.1
Scan saved at 23:16:06, on 2005–10–27
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\CiDial\CiDial.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Izus\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [AntyDialerTP] "c:\program files\antydialer tp\antydialertp.exe" tray
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 – HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe –autorun
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: Download all by Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Download by Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Download selected by Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O8 – Extra context menu item: Download web site by Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{5CEE4170–721E–476A–BD64–B6087B47B320}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 23:16:06, on 2005–10–27
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\CiDial\CiDial.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Izus\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [AntyDialerTP] "c:\program files\antydialer tp\antydialertp.exe" tray
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 – HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe –autorun
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: Download all by Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Download by Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Download selected by Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O8 – Extra context menu item: Download web site by Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{5CEE4170–721E–476A–BD64–B6087B47B320}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Albo guzik usunąłeś, albo zapomniałes jedynie wpisów wyhaczyć i ubić.
zrobiłam jak mówiłeś, a oto nowy log:
Logfile of HijackThis v1.99.1
Scan saved at 22:26:20, on 2005–10–27
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CiDial\CiDial.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Izus\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [AntyDialerTP] "c:\program files\antydialer tp\antydialertp.exe" tray
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 – HKLM\..\Run: [MS–DOS Security Service] ms–dos.pif
O4 – HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 – HKLM\..\Run: [Symantec Live Update] symlsvc.exe
O4 – HKLM\..\Run: [Windows Ocx Service] winocx.exe
O4 – HKLM\..\Run: [client] c:\client.exe
O4 – HKLM\..\RunServices: [Windows Ocx Service] winocx.exe
O4 – HKLM\..\RunServices: [MS–DOS Security Service] ms–dos.pif
O4 – HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 – HKLM\..\RunServices: [Symantec Live Update] symlsvc.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe –autorun
O4 – HKCU\..\Run: [MS–DOS Security Service] ms–dos.pif
O4 – HKCU\..\Run: [MSDOS Security Service] msdos.pif
O4 – HKCU\..\RunServices: [MS–DOS Security Service] ms–dos.pif
O4 – HKCU\..\RunServices: [MSDOS Security Service] msdos.pif
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: Download all by Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Download by Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Download selected by Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O8 – Extra context menu item: Download web site by Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{5CEE4170–721E–476A–BD64–B6087B47B320}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 22:26:20, on 2005–10–27
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CiDial\CiDial.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Izus\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [AntyDialerTP] "c:\program files\antydialer tp\antydialertp.exe" tray
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
O4 – HKLM\..\Run: [MS–DOS Security Service] ms–dos.pif
O4 – HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 – HKLM\..\Run: [Symantec Live Update] symlsvc.exe
O4 – HKLM\..\Run: [Windows Ocx Service] winocx.exe
O4 – HKLM\..\Run: [client] c:\client.exe
O4 – HKLM\..\RunServices: [Windows Ocx Service] winocx.exe
O4 – HKLM\..\RunServices: [MS–DOS Security Service] ms–dos.pif
O4 – HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 – HKLM\..\RunServices: [Symantec Live Update] symlsvc.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe –autorun
O4 – HKCU\..\Run: [MS–DOS Security Service] ms–dos.pif
O4 – HKCU\..\Run: [MSDOS Security Service] msdos.pif
O4 – HKCU\..\RunServices: [MS–DOS Security Service] ms–dos.pif
O4 – HKCU\..\RunServices: [MSDOS Security Service] msdos.pif
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\DSLMON.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: Download all by Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Download by Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Download selected by Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O8 – Extra context menu item: Download web site by Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{5CEE4170–721E–476A–BD64–B6087B47B320}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
dafnis:
a więc usługi usunięte, ale tych plików to za nic mi nie znajduje ... źadnego :(
Ściągnij sobie programik KillBox zaznaczasz "Delete on reboot" i wklejaj do niego podane ścieźki, nie przejmując się tym, źe nie da się pliku odnaleźć. Po kaźdej wklejonej ścieźce wciskaj czerwony krzyźyk. Komputer zrestartuj dopiero po wklejeniu ostatniej ścieźki.
c:\windows\ms–dos.pif
c:\windows\symlsvc.exe
c:\windows\winocx.exe
c:\windows\msdos.pif
c:\windows\system32\ms–dos.pif
c:\windows\system32\symlsvc.exe
c:\windows\system32\winocx.exe
c:\windows\system32\msdos.pif
Po wykonaniu pokaź log HijackThis.
a więc usługi usunięte, ale tych plików to za nic mi nie znajduje ... źadnego :(
Dafnis – usługi usuwasz za pomocą poleceń sc delete Codec i sc delete FileDeleter wydanych w wierszu polecenia (start –> uruchom –> cmd). Jak będziesz plików szukała to zaznacz aby wyszukiwało równieź wśród plików ukrytych i plików systemowych w "Bardziej zaawansowanych opcjach"
dafnis skup się :)
Uruchom kopma w trybie awaryjnym (przy wczytywaniu płyty głównej naciśnij i przytrzymaj F8. Wybierz Polecenie "Uruchom w trybie awaryjnym" Odpal HijackThis i usuń to co kazał Żółty. Reszte znajdz ręcznie na dysku Start –> wyszukaj –> Pliki i foldery. Uruchomione usługi znajdziesz wpisując komende msconfig w Start –> uruchom (zakładka usługi)Odznacz je z tamtąd. Jeźeli jakieś niechciane procesy ładują sie wraz ze startem systemu to odznacz je teź z zakładki uruchamianie, a następnie wywal z dysku.
Ps. Nie jest aź tak obeznany jak admini czy moderatorzy, ale chciałem pomódz, jeśli ktoś bardziej znający sie na rzeczy zauwaźy, źe gdzieś źle podałem, to krzyczcie :) Człowiek wkońcu uczy sie na błędach :)
Pozdrawiam:)
Uruchom kopma w trybie awaryjnym (przy wczytywaniu płyty głównej naciśnij i przytrzymaj F8. Wybierz Polecenie "Uruchom w trybie awaryjnym" Odpal HijackThis i usuń to co kazał Żółty. Reszte znajdz ręcznie na dysku Start –> wyszukaj –> Pliki i foldery. Uruchomione usługi znajdziesz wpisując komende msconfig w Start –> uruchom (zakładka usługi)Odznacz je z tamtąd. Jeźeli jakieś niechciane procesy ładują sie wraz ze startem systemu to odznacz je teź z zakładki uruchamianie, a następnie wywal z dysku.
Ps. Nie jest aź tak obeznany jak admini czy moderatorzy, ale chciałem pomódz, jeśli ktoś bardziej znający sie na rzeczy zauwaźy, źe gdzieś źle podałem, to krzyczcie :) Człowiek wkońcu uczy sie na błędach :)
Pozdrawiam:)
hmm kurde szukałam na forum ale nic takiego nie znalazłam o usuwaniu tych usług ... no i nie wiem jak znaleźć tamtw pliki :( pomoze ktos ?
Wyłącz przywracanie systemu i uruchom komputer w trybie awaryjnym.
Te wpisy zaznacz do fixa a pliki pogrubione odszukaj i usuń z dysku.
To są pozostałości po jakichś usługach – wpisy fix a usługi usuń – było na forum podawane jak.
Ten plik znasz ?? Jak nie to wywal go i wpis w Hijacku do fixa leci.
O4 – HKLM\..\Run: [MS–DOS Security Service] ms–dos.pif
O4 – HKLM\..\Run: [Symantec Live Update] symlsvc.exe
O4 – HKLM\..\Run: [Windows Ocx Service] winocx.exe
O4 – HKLM\..\Run: [MSDOS Security Service] msdos.pif
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\RunServices: [Symantec Live Update] symlsvc.exe
O4 – HKLM\..\RunServices: [Windows Ocx Service] winocx.exe
O4 – HKLM\..\RunServices: [MS–DOS Security Service] ms–dos.pif
O4 – HKLM\..\RunServices: [MSDOS Security Service] msdos.pif
O4 – HKCU\..\Run: [Windows Ocx Service] winocx.exe
O4 – HKCU\..\Run: [MS–DOS Security Service] ms–dos.pif
O4 – HKCU\..\Run: [MSDOS Security Service] msdos.pif
O4 – HKCU\..\RunServices: [Windows Ocx Service] winocx.exe
O4 – HKCU\..\RunServices: [MS–DOS Security Service] ms–dos.pif
O4 – HKCU\..\RunServices: [MSDOS Security Service] msdos.pif
Te wpisy zaznacz do fixa a pliki pogrubione odszukaj i usuń z dysku.
O23 – Service: Windows Codecs (Codec) – Unknown owner – C:\WINDOWS\wincodec.exe (file missing)
O23 – Service: ZeroSpyware FileDeleter (FileDeleter) – Unknown owner – C:\Program Files\FBM Software\ZeroSpyware Limited Edition\FileDeleter.exe (file missing)
To są pozostałości po jakichś usługach – wpisy fix a usługi usuń – było na forum podawane jak.
O4 – HKLM\..\Run: [client] c:\client.exe
Ten plik znasz ?? Jak nie to wywal go i wpis w Hijacku do fixa leci.
Strona 1 / 1