Usun tylko ta kontrolkę pochodząca od watpliwej reputacji programu anty:

O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540006} (CInstall Class) – http://www.errorguard.com/installation/Install.cab

witam!

Podejscie nr 2 ale prośba ta sama.

Pozdrawiam


Logfile of HijackThis v1.99.1
Scan saved at 22:16:16, on 2005–06–27
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Winamp\winampa.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office\1045\MSOFFICE.EXE
C:\Program Files\MKS\Bin\NetMonSV.exe
E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Outlook Express\msimn.exe
D:\totalcmd\TOTALCMD.EXE
E:\instalki\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – C:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKCU\..\Run: [pasek office] C:\\Program Files\\Microsoft Office\\Office\\1045\\MSOFFICE.EXE
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: ZoneAlarm.lnk = E:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 – DPF: ING Bank Online – https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_52.cab
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540006} (CInstall Class) – http://www.errorguard.com/installation/Install.cab
O16 – DPF: {6CB5E471–C305–11D3–99A8–000086395495} (Google Activate) – http://toolbar.google.com/data/pl/big/1.1.62–big/GoogleNav.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 – Service: Macromedia Licensing Service – Unknown owner – C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs Inc. – C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Juz OK.

Mam nadizje ze juz jest w miare czysto. Dziekuje z gory za wszystko.

Logfile of HijackThis v1.99.1
Scan saved at 2:06:29 PM, on 6/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\COMMON~1\AOL\110082~1\EE\AOLHOS~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL Computer Check–Up\ACCAgnt.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\110082~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\America Online 9.0a\shellmon.exe
D:\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\DOCUME~1\Jay\LOCALS~1\Temp\_tc\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: AOL Toolbar – {4982D40A–C53B–4615–B15B–B5B5E98D167C} – C:\Program Files\AOL Toolbar\toolbar.dll
O3 – Toolbar: McAfee VirusScan – {BA52B914–B692–46c4–B683–905236F6F655} – c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100821514\EE\AOLHostManager.exe
O4 – HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 – HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 – HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 – HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 – HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe –quiet
O4 – HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 – HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe –Hide
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check–Up\ACCAgnt.exe" /startup
O4 – HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 – HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" –b
O8 – Extra context menu item: &AOL Toolbar search – res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 – Extra context menu item: &Yahoo! Search – file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Yahoo! &Dictionary – file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 – Extra context menu item: Yahoo! &Maps – file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Messenger – {4528BBE0–4E08–11D5–AD55–00010333D0AD} – C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 – Extra 'Tools' menuitem: Yahoo! Messenger – {4528BBE0–4E08–11D5–AD55–00010333D0AD} – C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 – Extra button: AOL Toolbar – {4982D40A–C53B–4615–B15B–B5B5E98D167C} – C:\Program Files\AOL Toolbar\toolbar.dll
O9 – Extra 'Tools' menuitem: AOL Toolbar – {4982D40A–C53B–4615–B15B–B5B5E98D167C} – C:\Program Files\AOL Toolbar\toolbar.dll
O9 – Extra button: Research – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {4A3CF76B–EC7A–405D–A67D–8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) – http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095549516659
O16 – DPF: {9FC5238F–12C4–454F–B1B5–74599A21DE47} (Webshots Photo Uploader) – http://community.webshots.com/html/WSPhotoUploader.CAB
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {B9191F79–5613–4C76–AA2A–398534BB8999} (YAddBook Class) – http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 – DPF: {BAC01377–73DD–4796–854D–2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) – http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 – DPF: {D3D83E08–54D1–4E9D–8EAF–9F979D139294} (MaxisSimCityScapeTeleX Control) – http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
O23 – Service: AOL Connectivity Service (AOL ACS) – America Online – C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 – Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) – America Online, Inc – C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 – Service: AOL Spyware Protection Service (AOLService) – Unknown owner – C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.EXE
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: McAfee.com McShield (McShield) – Unknown owner – c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 – Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) – Networks Associates Technology, Inc – C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 – Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) – Networks Associates Technology, Inc – c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 – Service: McAfee Personal Firewall Service (MpfService) – McAfee Corporation – C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 – Service: MSCSPTISRV – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Unknown owner – C:\Documents and Settings\Jay\My Documents\Norton AntiVirus on Noctaro\AdvTools\NPROTECT.EXE (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: PACSPTISVR – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 – Service: Sony SPTI Service (SPTISRV) – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 – Service: SonicStage SCSI Service (SSScsiSV) – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 – Service: StyleXPService – Unknown owner – C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

k3k0:

Dziekuje za pomoc pomoglo.

Nie wiem czy pomoglo, bo widac cus jeszcze.

Wylacz procesy i usun pliki:

C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\SoftwareDistribution\Download\85edc023096735764b42f7ffe25be521\update\update.exe

Dziekuje za pomoc pomoglo. Ale wrazie czego dolanczam swoj log dla pewnosci.

Logfile of HijackThis v1.99.1
Scan saved at 12:51:23 PM, on 6/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\popuper.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\System32\intmonp.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\AOL Computer Check–Up\ACCAgnt.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\COMMON~1\AOL\110082~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\AOL\110082~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\85edc023096735764b42f7ffe25be521\update\update.exe
D:\totalcmd\TOTALCMD.EXE
C:\DOCUME~1\Jay\LOCALS~1\Temp\_tc\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)
O3 – Toolbar: AOL Toolbar – {4982D40A–C53B–4615–B15B–B5B5E98D167C} – C:\Program Files\AOL Toolbar\toolbar.dll
O3 – Toolbar: McAfee VirusScan – {BA52B914–B692–46c4–B683–905236F6F655} – c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100821514\EE\AOLHostManager.exe
O4 – HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 – HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 – HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 – HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 – HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe –quiet
O4 – HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 – HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe –Hide
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check–Up\ACCAgnt.exe" /startup
O4 – HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O8 – Extra context menu item: &AOL Toolbar search – res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 – Extra context menu item: &Yahoo! Search – file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Yahoo! &Dictionary – file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 – Extra context menu item: Yahoo! &Maps – file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Messenger – {4528BBE0–4E08–11D5–AD55–00010333D0AD} – C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 – Extra 'Tools' menuitem: Yahoo! Messenger – {4528BBE0–4E08–11D5–AD55–00010333D0AD} – C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 – Extra button: AOL Toolbar – {4982D40A–C53B–4615–B15B–B5B5E98D167C} – C:\Program Files\AOL Toolbar\toolbar.dll
O9 – Extra 'Tools' menuitem: AOL Toolbar – {4982D40A–C53B–4615–B15B–B5B5E98D167C} – C:\Program Files\AOL Toolbar\toolbar.dll
O9 – Extra button: Research – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O16 – DPF: {4A3CF76B–EC7A–405D–A67D–8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) – http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095549516659
O16 – DPF: {9FC5238F–12C4–454F–B1B5–74599A21DE47} (Webshots Photo Uploader) – http://community.webshots.com/html/WSPhotoUploader.CAB
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {B9191F79–5613–4C76–AA2A–398534BB8999} (YAddBook Class) – http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 – DPF: {BAC01377–73DD–4796–854D–2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) – http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 – DPF: {D3D83E08–54D1–4E9D–8EAF–9F979D139294} (MaxisSimCityScapeTeleX Control) – http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
O23 – Service: AOL Connectivity Service (AOL ACS) – America Online – C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 – Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) – America Online, Inc – C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 – Service: AOL Spyware Protection Service (AOLService) – Unknown owner – C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.EXE
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: McAfee.com McShield (McShield) – Unknown owner – c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 – Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) – Networks Associates Technology, Inc – C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 – Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) – Networks Associates Technology, Inc – c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 – Service: McAfee Personal Firewall Service (MpfService) – McAfee Corporation – C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 – Service: MSCSPTISRV – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Unknown owner – C:\Documents and Settings\Jay\My Documents\Norton AntiVirus on Noctaro\AdvTools\NPROTECT.EXE (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: PACSPTISVR – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 – Service: Sony SPTI Service (SPTISRV) – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 – Service: SonicStage SCSI Service (SSScsiSV) – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 – Service: StyleXPService – Unknown owner – C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Wylacz procesy i usun pozniej pliki:
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmon.exe

Usuwaj w HJ:

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R3 – URLSearchHook: (no name) – _{20EC3D2D–33C1–4C9D–BC37–C2D500688DA2} – (no file)
R3 – URLSearchHook: (no name) – {20EC3D2D–33C1–4C9D–BC37–C2D500688DA2} – (no file)
F2 – REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 – BHO: (no name) – {FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA} – C:\WINDOWS\System32\hp851F.tmp
O3 – Toolbar: Search – {4CB5BA9E–3F98–6743–B5CC–0D447B85441D} – C:\WINDOWS\Shvsuhrv.dll (file missing)
O4 – HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O16 – DPF: {1D0D9077–3798–49BB–9058–393499174D5D} – file://c:\counter.cab

Tego toolbara juz usunales ?
O3 – Toolbar: &Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)

Nortona rowniez ?
O23 – Service: Norton Unerase Protection (NProtectService) – Unknown owner – C:\Documents and Settings\Jay\My Documents\Norton AntiVirus on Noctaro\AdvTools\NPROTECT.EXE (file missing)

wlasnie zauwazylem :]

Logfile of HijackThis v1.99.1
Scan saved at 9:30:21 AM, on 6/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\shnlog.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AOL Computer Check–Up\ACCAgnt.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\intmon.exe
C:\PROGRA~1\COMMON~1\AOL\110082~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\AOL\110082~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Gadu–Gadu\gg.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\totalcmd\TOTALCMD.EXE
C:\DOCUME~1\Jay\LOCALS~1\Temp\_tc\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R3 – URLSearchHook: (no name) – _{20EC3D2D–33C1–4C9D–BC37–C2D500688DA2} – (no file)
R3 – URLSearchHook: (no name) – {20EC3D2D–33C1–4C9D–BC37–C2D500688DA2} – (no file)
F2 – REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 – BHO: (no name) – {FFFFFFFF–FFFF–FFFF–FFFF–FFFFFFFFFFFA} – C:\WINDOWS\System32\hp851F.tmp
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll (file missing)
O3 – Toolbar: Search – {4CB5BA9E–3F98–6743–B5CC–0D447B85441D} – C:\WINDOWS\Shvsuhrv.dll (file missing)
O3 – Toolbar: AOL Toolbar – {4982D40A–C53B–4615–B15B–B5B5E98D167C} – C:\Program Files\AOL Toolbar\toolbar.dll
O3 – Toolbar: McAfee VirusScan – {BA52B914–B692–46c4–B683–905236F6F655} – c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100821514\EE\AOLHostManager.exe
O4 – HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 – HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 – HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 – HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 – HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 – HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe –quiet
O4 – HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 – HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe –Hide
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check–Up\ACCAgnt.exe" /startup
O4 – HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O8 – Extra context menu item: &AOL Toolbar search – res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 – Extra context menu item: &Yahoo! Search – file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Yahoo! &Dictionary – file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 – Extra context menu item: Yahoo! &Maps – file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Messenger – {4528BBE0–4E08–11D5–AD55–00010333D0AD} – C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 – Extra 'Tools' menuitem: Yahoo! Messenger – {4528BBE0–4E08–11D5–AD55–00010333D0AD} – C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 – Extra button: AOL Toolbar – {4982D40A–C53B–4615–B15B–B5B5E98D167C} – C:\Program Files\AOL Toolbar\toolbar.dll
O9 – Extra 'Tools' menuitem: AOL Toolbar – {4982D40A–C53B–4615–B15B–B5B5E98D167C} – C:\Program Files\AOL Toolbar\toolbar.dll
O9 – Extra button: Research – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O16 – DPF: {1D0D9077–3798–49BB–9058–393499174D5D} – file://c:\counter.cab
O16 – DPF: {4A3CF76B–EC7A–405D–A67D–8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) – http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095549516659
O16 – DPF: {9FC5238F–12C4–454F–B1B5–74599A21DE47} (Webshots Photo Uploader) – http://community.webshots.com/html/WSPhotoUploader.CAB
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {B9191F79–5613–4C76–AA2A–398534BB8999} (YAddBook Class) – http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 – DPF: {BAC01377–73DD–4796–854D–2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) – http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 – DPF: {D3D83E08–54D1–4E9D–8EAF–9F979D139294} (MaxisSimCityScapeTeleX Control) – http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
O23 – Service: AOL Connectivity Service (AOL ACS) – America Online – C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 – Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) – America Online, Inc – C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 – Service: AOL Spyware Protection Service (AOLService) – Unknown owner – C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.EXE
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: McAfee.com McShield (McShield) – Unknown owner – c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 – Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) – Networks Associates Technology, Inc – C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 – Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) – Networks Associates Technology, Inc – c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 – Service: McAfee Personal Firewall Service (MpfService) – McAfee Corporation – C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 – Service: MSCSPTISRV – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Unknown owner – C:\Documents and Settings\Jay\My Documents\Norton AntiVirus on Noctaro\AdvTools\NPROTECT.EXE (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: PACSPTISVR – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 – Service: Sony SPTI Service (SPTISRV) – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 – Service: SonicStage SCSI Service (SSScsiSV) – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 – Service: StyleXPService – Unknown owner – C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Uuuuuuuu...obciety log! Podaj PELNY LOG.

A czy ktos moze popatrzyc na to i powiedziec co zrobic ???? bo nie moge zmienic strony startowej

Logfile of HijackThis v1.99.1
Scan saved at 9:30:21 AM, on 6/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\shnlog.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AOL Computer Check–Up\ACCAgnt.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\intmon.exe
C:\PROGRA~1\COMMON~1\AOL\110082~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\AOL\110082~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Gadu–Gadu\gg.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\totalcmd\TOTALCMD.EXE
C:\DOCUME~1\Jay\LOCALS~1\Temp\_tc\HijackThis.exe

Ciachnij:

O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/WebsiteAccess/ie/bridge–c403.cab

looknijcie na mój bo troche wiecej juz sie uzbierało :P

Logfile of HijackThis v1.99.1
Scan saved at 20:03:34, on 2005–06–24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Maxthon\Maxthon.exe
D:\OCHRONA KOMPA\hijackthis\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Pobierz z &BitSpirit – C:\Program Files\BitSpirit\bsurl.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/WebsiteAccess/ie/bridge–c403.cab
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: NOD32 Kernel Service (NOD32krn) – Unknown owner – C:\Program Files\Eset\nod32krn.exe

thx

thx

O2 – BHO: (no name) – {C26F587F–DA14–4C18–A01F–47C64E8F9826} – C:\WINDOWS\system32\oook.dll (file missing)

Wyglada jak by pliku nie bylo. Usun (jezeli jednak plik jest) i FIX wpis.
Usun pliki:

c:\windows\system32\juzfwid.exe
c:\windows\system32\jiaejoe.exe
c:\windows\system32\huqnohc.exe

To fixuj w HJT:

O3 – Toolbar: (no name) – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – (no file)
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [hvobuja] c:\windows\system32\juzfwid.exe
O4 – HKLM\..\Run: [laxpjym] c:\windows\system32\jiaejoe.exe r
O4 – HKLM\..\Run: [lnnrmmg] c:\windows\system32\huqnohc.exe r

O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe

START–uruchom–cmd– wpisz cos takiego:
NET STOP SvcProc
Odpal HJT ponownie. Wybierz Misc Tools–Delete NT Service i wpisz:
SvcProc
Plik tez oczywiscie wylatuja:
C:\WINDOWS\svcproc.exe

Na se masz latke w przyklejonym EL NINO –> http://forum.centrumxp.pl/viewtopic.php?t=33138

to kompo mojego kuzyna, odpalilem to co bylo


Logfile of HijackThis v1.99.1
Scan saved at 19:51:12, on 2005–06–23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Dzieci\krzysztof\download\programy\BitComet_0.56\BitComet\BitComet.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kasiek\Pulpit\hijackthis\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Kasiek\USTAWI~1\Temp\se.dll/sp.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Marek\USTAWI~1\Temp\se.dll/sp.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 – BHO: DAPHelper Class – {0000CC75–ACF3–4cac–A0A9–DD3868E06852} – C:\Program Files\DAP\dapbho.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 – BHO: (no name) – {C26F587F–DA14–4C18–A01F–47C64E8F9826} – C:\WINDOWS\system32\oook.dll (file missing)
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: (no name) – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – (no file)
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=062905 serial=DR12WTX–9999998–YSP lang=EN
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 – HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [hvobuja] c:\windows\system32\juzfwid.exe
O4 – HKLM\..\Run: [laxpjym] c:\windows\system32\jiaejoe.exe r
O4 – HKLM\..\Run: [lnnrmmg] c:\windows\system32\huqnohc.exe r
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [BitComet] "D:\Dzieci\krzysztof\download\programy\BitComet_0.56\BitComet\BitComet.exe"
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/eng/billard8_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{B4F36E3F–A92A–453A–8518–A754E835A7D7}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe

Widac co prawda jakis se to fixa mozna zastosowac, ale ogolnie stara wersja analizatora, to nie ma ani co sprawdzac ;).