prosze o sprawdzenie loga
[list=]Logfile of HijackThis v1.99.0
Scan saved at 11:40:20, on 2005–02–27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AdTools Service\AdTools.exe
C:\temp\salm.exe
C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\SAHAGE~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AdTools Service\AdToolsKeep.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl–pl\msnappau.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Documents and Settings\Administrator\Pulpit\schowek\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: ST – {9394EDE7–C8B5–483E–8773–474BF36AF6E4} – C:\Program Files\MSN Apps\ST\01.02.3000.1002\en–xu\stmain.dll
O2 – BHO: MSNToolBandBHO – {BDBD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\pl–pl\msntb.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: MSN – {BDAD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\pl–pl\msntb.dll
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 – HKLM\..\Run: [salm] c:\temp\salm.exe
O4 – HKLM\..\Run: [SAHBundle] C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\SAHAGE~1.EXE run
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 – HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 – Extra context menu item: Allow Popups – C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xa.chm::/bridge–c46.cab
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {CFAC00A4–E9E7–4A40–97A4–1E888B3DF0A6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://xxxtoolbar.ath.cx/toolbar/xt.chm::/xtoolbar.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{BECC21CA–99ED–408E–BBF9–B586AAEB2BB2}: NameServer = 217.30.129.149,217.30.137.200
O23 – Service: Symantec Event Manager – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Symantec AntiVirus Definition Watcher – Symantec Corporation – C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: SAVRoam – symantec – C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 – Service: Symantec Network Drivers Service – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec AntiVirus – Symantec Corporation – C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Scan saved at 11:40:20, on 2005–02–27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AdTools Service\AdTools.exe
C:\temp\salm.exe
C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\SAHAGE~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AdTools Service\AdToolsKeep.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl–pl\msnappau.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Documents and Settings\Administrator\Pulpit\schowek\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: ST – {9394EDE7–C8B5–483E–8773–474BF36AF6E4} – C:\Program Files\MSN Apps\ST\01.02.3000.1002\en–xu\stmain.dll
O2 – BHO: MSNToolBandBHO – {BDBD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\pl–pl\msntb.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: MSN – {BDAD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\pl–pl\msntb.dll
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 – HKLM\..\Run: [salm] c:\temp\salm.exe
O4 – HKLM\..\Run: [SAHBundle] C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\SAHAGE~1.EXE run
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 – HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 – Extra context menu item: Allow Popups – C:\Program Files\Meaya\Popup Ad Filter\WhiteGetUrl.js
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_02\bin\npjpi142_02.dll
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xa.chm::/bridge–c46.cab
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {CFAC00A4–E9E7–4A40–97A4–1E888B3DF0A6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://xxxtoolbar.ath.cx/toolbar/xt.chm::/xtoolbar.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{BECC21CA–99ED–408E–BBF9–B586AAEB2BB2}: NameServer = 217.30.129.149,217.30.137.200
O23 – Service: Symantec Event Manager – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Symantec AntiVirus Definition Watcher – Symantec Corporation – C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 – Service: SAVRoam – symantec – C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 – Service: Symantec Network Drivers Service – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec AntiVirus – Symantec Corporation – C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Odpowiedzi: 2
Nad czym tu sie zastanawiac ? To MSN.Hubi:
ZASTANAWIAŁBYM SIĘ NAD TYM:
O2 – BHO: ST – {9394EDE7–C8B5–483E–8773–474BF36AF6E4} – C:\Program Files\MSN Apps\ST\01.02.3000.1002\en–xu\stmain.dll
O2 – BHO: MSNToolBandBHO – {BDBD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\pl–pl\msntb.dll
O3 – Toolbar: MSN – {BDAD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\pl–pl\msntb.dll
Jestem nowym uźytkownikiem i poczekaj na potwierdzenie ekspertów. Według mnie powinieneś zrobić tak:
:arrow: wejdź do trybu awaryjnego (trzaskaj F8 przy starcie systemu),
:arrow: w hijacku usuń podane niźej wpisy,
:arrow: usuń pogrubione pliki/foldery.
ZASTANAWIAŁBYM SIĘ NAD TYM:
Potem wchodzisz do trybu normalnego i powinno wszystko śmigać.
P.S. Radziłbym robić aktualizacje :wink:
:arrow: wejdź do trybu awaryjnego (trzaskaj F8 przy starcie systemu),
:arrow: w hijacku usuń podane niźej wpisy,
:arrow: usuń pogrubione pliki/foldery.
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 – HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 – HKLM\..\Run: [salm] c:\temp\salm.exe
O4 – HKLM\..\Run: [SAHBundle] C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\SAHAGE~1.EXE run
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xa.chm::/bridge–c46.cab
O16 – DPF: {CFAC00A4–E9E7–4A40–97A4–1E888B3DF0A6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://xxxtoolbar.ath.cx/toolbar/xt.chm::/xtoolbar.cab
ZASTANAWIAŁBYM SIĘ NAD TYM:
O2 – BHO: ST – {9394EDE7–C8B5–483E–8773–474BF36AF6E4} – C:\Program Files\MSN Apps\ST\01.02.3000.1002\en–xu\stmain.dll
O2 – BHO: MSNToolBandBHO – {BDBD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\pl–pl\msntb.dll
O3 – Toolbar: MSN – {BDAD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\pl–pl\msntb.dll
Potem wchodzisz do trybu normalnego i powinno wszystko śmigać.
P.S. Radziłbym robić aktualizacje :wink:
Strona 1 / 1