proszę o sprawdzenie loga
Jeźeli by ktoś mógł spojźeć łaskawym okiem byłbym wdzięczny.
Logfile of HijackThis v1.99.0
Scan saved at 00:07:12, on 2005–03–21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\DVBViewerTE\ts_winlirc.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=145499
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=145499
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.azesearch.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=145499
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: bho2gr Class – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – C:\Program Files\GetRight\xx2gr.dll
O2 – BHO: ZToolbar Activator Class – {FFF5092F–7172–4018–827B–FA5868FB0478} – C:\Program Files\GetRight\azesearch.dll
O3 – Toolbar: (no name) – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – (no file)
O3 – Toolbar: AZESearch toolbar – {A6790AA5–C6C7–4BCF–A46D–0FDAC4EA90EB} – C:\Program Files\GetRight\azesearch.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 – Startup: ts_winlirc.lnk = C:\Program Files\DVBViewerTE\ts_winlirc.exe
O4 – Global Startup: GetRight – Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: RtlWake.lnk = ?
O4 – Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:\PROGRA~1\DAP\DAP.EXE (file missing)
O23 – Service: ArcaBit NetMonitor – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor – Unknown – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
Logfile of HijackThis v1.99.0
Scan saved at 00:07:12, on 2005–03–21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\DVBViewerTE\ts_winlirc.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=145499
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=145499
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.azesearch.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=145499
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: bho2gr Class – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – C:\Program Files\GetRight\xx2gr.dll
O2 – BHO: ZToolbar Activator Class – {FFF5092F–7172–4018–827B–FA5868FB0478} – C:\Program Files\GetRight\azesearch.dll
O3 – Toolbar: (no name) – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – (no file)
O3 – Toolbar: AZESearch toolbar – {A6790AA5–C6C7–4BCF–A46D–0FDAC4EA90EB} – C:\Program Files\GetRight\azesearch.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 – Startup: ts_winlirc.lnk = C:\Program Files\DVBViewerTE\ts_winlirc.exe
O4 – Global Startup: GetRight – Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: RtlWake.lnk = ?
O4 – Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\system32\msjava.dll
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:\PROGRA~1\DAP\DAP.EXE (file missing)
O23 – Service: ArcaBit NetMonitor – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor – Unknown – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
Odpowiedzi: 2
Dziękuję ślicznie :)
Wylacz przywracanie
Zakoncz proces:
wo.exe
Usun:
+ pozostałosci po DAPie którego juz chyba nie masz
Chodzi o te z 08
Z dysku katalog C:\PROGRA~1\Web Offer
Zakoncz proces:
wo.exe
Usun:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=145499
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=145499
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.azesearch.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=145499
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
O3 – Toolbar: (no name) – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – (no file)
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:\PROGRA~1\DAP\DAP.EXE (file missing)
+ pozostałosci po DAPie którego juz chyba nie masz
Chodzi o te z 08
Z dysku katalog C:\PROGRA~1\Web Offer
Strona 1 / 1