CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Prosze o sprawdzenie loga

Prosze o sprawdzenie loga

Bardzo bardzo bardzo prosze... :P
Logfile of HijackThis v1.99.0
Scan saved at 21:02:04, on 03.02.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgrammeGemeinsame DateienSymantec SharedccEvtMgr.exe
C:ProgrammeGemeinsame DateienEPSONEBAPISAgent2.exe
C:ProgrammeNorton SystemWorksNorton AntiVirus avapsvc.exe
C:ProgrammeNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:PROGRA~1NORTON~1SPEEDD~1 opdb.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe
C:ProgrammeJavaj2re1.4.2_03injusched.exe
C:PROGRA~1MYWEBS~1ar2.binmwsoemon.exe
C:ProgrammeGemeinsame DateienRealUpdate_OB ealsched.exe
C:ProgrammeHotbarin4.5.3.0HbInst.exe
C:ProgrammeMSN MessengerMsnMsgr.Exe
C:ProgrammeMeayaPopup Ad FilterPopFilter.exe
C:WINDOWSSystem32dnsserv.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_S10IC2.EXE
C:ProgrammeInternet ExplorerIEXPLORE.EXE
C:ProgrammeHotbarin4.5.3.0HbSrv.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSSystem32dllhost.exe
C:ProgrammeWinAceWinAce.exe
C:Dokumente und EinstellungenBaxiLokale EinstellungenTempHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.t–online.de/
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – C:ProgrammeMyWebSearchSrchAstt2.binMWSSRCAS.DLL
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1–072E–44cf–8957–5838F569A31D} – C:ProgrammeMyWebSearchSrchAstt2.binMWSSRCAS.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:ProgrammeAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – C:ProgrammeMyWebSearchar2.binMWSBAR.DLL
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: Hotbar – {B195B3B3–8A05–11D3–97A4–0004ACA6948E} – C:ProgrammeHotbarin4.5.3.0HbHostIE.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:ProgrammeNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:ProgrammeNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Hotbar – {B195B3B3–8A05–11D3–97A4–0004ACA6948E} – C:ProgrammeHotbarin4.5.3.0HbHostIE.dll
O4 – HKLM..Run: [ccRegVfy] "C:ProgrammeGemeinsame DateienSymantec SharedccRegVfy.exe"
O4 – HKLM..Run: [ccApp] "C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe"
O4 – HKLM..Run: [SunJavaUpdateSched] C:ProgrammeJavaj2re1.4.2_03injusched.exe
O4 – HKLM..Run: [SSC_UserPrompt] C:ProgrammeGemeinsame DateienSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1ar2.binmwsoemon.exe
O4 – HKLM..Run: [TkBellExe] "C:ProgrammeGemeinsame DateienRealUpdate_OB ealsched.exe" –osboot
O4 – HKLM..Run: [NAV Auto Protect] dnsserv.exe
O4 – HKLM..Run: [Hotbar] C:ProgrammeHotbarin4.5.3.0HbInst.exe /Upgrade
O4 – HKLM..RunServices: [NAV Auto Protect] dnsserv.exe
O4 – HKCU..Run: [msnmsgr] "C:ProgrammeMSN MessengerMsnMsgr.Exe" /background
O4 – HKCU..Run: [Popup Ad Filter] C:ProgrammeMeayaPopup Ad FilterPopFilter.exe
O4 – HKCU..Run: [NAV Auto Protect] dnsserv.exe
O4 – Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:WINDOWSsystem32spooldriversw32x863E_SRCV02.EXE
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYDE
O8 – Extra context menu item: Allow Popups – C:ProgrammeMeayaPopup Ad FilterWhiteGetUrl.js
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:ProgrammeJavaj2re1.4.2_03in pjpi142_03.dll
O9 – Extra 'Tools' menuitem: Sun Java Konsole – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:ProgrammeJavaj2re1.4.2_03in pjpi142_03.dll
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 – HKLMSystemCCSServicesTcpip..{B7A1F079–03F9–4C55–B229–E2C7B8A9C478}: NameServer = 62.27.27.62 62.27.53.66
O23 – Service: Symantec Event Manager – Symantec Corporation – C:ProgrammeGemeinsame DateienSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation Service – Symantec Corporation – C:ProgrammeGemeinsame DateienSymantec SharedccPwdSvc.exe
O23 – Service: EPSON Printer Status Agent2 – SEIKO EPSON CORPORATION – C:ProgrammeGemeinsame DateienEPSONEBAPISAgent2.exe
O23 – Service: Norton AntiVirus Auto Protect Service – Symantec Corporation – C:ProgrammeNorton SystemWorksNorton AntiVirus avapsvc.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:ProgrammeNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1GEMEIN~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:PROGRA~1NORTON~1SPEEDD~1 opdb.exe
O23 – Service: SymWMI Service – Symantec Corporation – C:ProgrammeGemeinsame DateienSymantec SharedSecurity CenterSymWSC.exe

Odpowiedzi: 11

Jolleh:
EL NINO i Bobi_robert jestescie WIELCY :!: :!: :!: :!: :!: :!: :!:

Nie wiem jak EL ale ja mam tylko 1,87 m wzrostu :wink:

Jolleh:
Serdeczne dzieki za pomoc :D

Nie ma sprawy oczywiscie :P
Bobi
Dodano
04.02.2005 16:25:43
EL NINO i Bobi_robert jestescie WIELCY :!: :!: :!: :!: :!: :!: :!:
Serdeczne dzieki za pomoc :D
Jolleh
Dodano
04.02.2005 16:15:34
@Jolleh, tak sobie oglądam Twojego loga i stwierdzam ze jest gładki znaczy sie czysciutki jak pupcia niemowlecia :wink:
Znaczy sie ze wszystko okey :mrgreen:

Programow do ochrony jest parenascie, kilka omowionych w archwalnych postach userów
Poza tym Service Packi – pomysl nad tym
Bobi
Dodano
04.02.2005 15:04:17
Mysle ze sobie poradzilam z tym wstretnym typkiem
:oops:
Wlasciwie El Nino sobie poradzil... No ja dzialalam tylko zgodnie z wskazowkami
Cichutkie yuupiii :D

Oto moj sliczny :?: nowy log

Logfile of HijackThis v1.99.0
Scan saved at 12:07:53, on 04.02.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgrammeGemeinsame DateienSymantec SharedccEvtMgr.exe
C:ProgrammeGemeinsame DateienEPSONEBAPISAgent2.exe
C:ProgrammeNorton SystemWorksNorton AntiVirus avapsvc.exe
C:ProgrammeNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:PROGRA~1NORTON~1SPEEDD~1 opdb.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe
C:ProgrammeJavaj2re1.4.2_03injusched.exe
C:ProgrammeGemeinsame DateienSymantec SharedSecurity CenterUsrPrmpt.exe
C:ProgrammeMSN MessengerMsnMsgr.Exe
C:ProgrammeMeayaPopup Ad FilterPopFilter.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_S10IC2.EXE
C:ProgrammehijackthisHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.t–online.de/
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:ProgrammeAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:ProgrammeNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:ProgrammeNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [ccRegVfy] "C:ProgrammeGemeinsame DateienSymantec SharedccRegVfy.exe"
O4 – HKLM..Run: [ccApp] "C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe"
O4 – HKLM..Run: [SunJavaUpdateSched] C:ProgrammeJavaj2re1.4.2_03injusched.exe
O4 – HKLM..Run: [SSC_UserPrompt] C:ProgrammeGemeinsame DateienSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 – HKCU..Run: [msnmsgr] "C:ProgrammeMSN MessengerMsnMsgr.Exe" /background
O4 – HKCU..Run: [Popup Ad Filter] C:ProgrammeMeayaPopup Ad FilterPopFilter.exe
O4 – Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:WINDOWSsystem32spooldriversw32x863E_SRCV02.EXE
O8 – Extra context menu item: Allow Popups – C:ProgrammeMeayaPopup Ad FilterWhiteGetUrl.js
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:ProgrammeJavaj2re1.4.2_03in pjpi142_03.dll
O9 – Extra 'Tools' menuitem: Sun Java Konsole – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:ProgrammeJavaj2re1.4.2_03in pjpi142_03.dll
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 – Service: Symantec Event Manager – Symantec Corporation – C:ProgrammeGemeinsame DateienSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation Service – Symantec Corporation – C:ProgrammeGemeinsame DateienSymantec SharedccPwdSvc.exe
O23 – Service: EPSON Printer Status Agent2 – SEIKO EPSON CORPORATION – C:ProgrammeGemeinsame DateienEPSONEBAPISAgent2.exe
O23 – Service: Norton AntiVirus Auto Protect Service – Symantec Corporation – C:ProgrammeNorton SystemWorksNorton AntiVirus avapsvc.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:ProgrammeNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1GEMEIN~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:PROGRA~1NORTON~1SPEEDD~1 opdb.exe
O23 – Service: SymWMI Service – Symantec Corporation – C:ProgrammeGemeinsame DateienSymantec SharedSecurity CenterSymWSC.exe


Teraz chyba pozostaje mi sie zastanowic jaki program powinnam nagrac zeby nie wpuszczal wiecej takich swinstw na moj komputer :roll:
Jolleh
Dodano
04.02.2005 13:24:18
Jolleh, powiedz systemowi zeby pokazal Ci wszystkie pliki. Jak na obrazku ponizej.
Mimo ze w logu wszystkiego nie widac, odszukaj na dysku pliki:
dnsserv.exe
winhost.exe
winis.exe
cz.exe
msnus.exe
Uruchom rowniez Task manager (CTRL+ALT+DEL) i zobacz czy sa pokazane i jesli tak, wylacz.
Przeszukaj rejestr – z Uruchom "regedit", wcisnij F3, wpisz "dnsserv" i usuwaj z kazdej pozycji jaka znajdzie. To samo z pozostalymi czterema nazwami.
EL NINO
Dodano
04.02.2005 12:23:57
Pewny nie jestem ale sadzac po wpisach to moze byc ktoras z wersji W32.Rbot

Wklej jeszcze nowy log z Hijack This
Obajrzyj w rejestrze klucze HKLMSoftwareMicrosoftWindowsCurrentVersionRun
HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices
Pokaz prawdziwemu Nortonowi ten plik i niech go zeskanuje, moze jakis alias wyskoczy
Bobi
Dodano
04.02.2005 01:31:34
:cry: Sprobowalam ,wykonalam zgodnie z instrukcja i z przykroscia informuje uparte to diabelstwo jest :cry:
Rece opadaja i zostaja sie wisiec :twisted:

Jednak czuje w kosciach ze z pomoca takiego fachowca uda sie wszystko i dni tego "bydlaka" sa policzone :oops: GODZINY :P
Jolleh
Dodano
04.02.2005 01:22:48
Poszlo Ci lepiej niz dobrze :wink: .
Jolleh:
A na C:Windowssystem32dnsserv.exe go nie widac.
Sprobuj tak:
– nacisnij w HiJacku przycisk "Config", pozniej zakladke "Misc Tools", nastepnie przycisk "Delete a file on reboot" i podaj mu sciezke dostepu do tego pliku czyli C:Windowssystem32dnsserv.exe
Oczywiscie zrestartuj komputer.

Jesli pozostanie, bedziemy sie dalej martwic.
EL NINO
Dodano
04.02.2005 00:50:19
Dziekuje bardzo za pomoc mysle ze jak na debiutantke dobrze mi poszlo :wink:
Co umialam to posprzatalam jednak nie moge sie pozbyc jednego `"bydlaka" .
Uruchamia sie w msconfig gdy go odznacze,zrestartuje komputer on zaznacza sie ponownie i to w dwoch pozycjach.
A na C:Windowssystem32dnsserv.exe go nie widac.
Nie umiem sobie z nim poradzic ja go tak a on mnie tak :
Prosze o spojrzenie ponownie na moj log i podpowiedz jak moge zniszczyc ten nieszczesny dnsserv.exe


Logfile of HijackThis v1.99.0
Scan saved at 23:27:52, on 03.02.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:ProgrammeGemeinsame DateienSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:ProgrammeGemeinsame DateienEPSONEBAPISAgent2.exe
C:ProgrammeNorton SystemWorksNorton AntiVirus avapsvc.exe
C:ProgrammeNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:PROGRA~1NORTON~1SPEEDD~1 opdb.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe
C:ProgrammeJavaj2re1.4.2_03injusched.exe
C:ProgrammeMSN MessengerMsnMsgr.Exe
C:ProgrammeMeayaPopup Ad FilterPopFilter.exe
C:WINDOWSSystem32dnsserv.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_S10IC2.EXE
C:ProgrammeInternet Exploreriexplore.exe
C:WINDOWSsystem32cmd.exe
C:ProgrammeOutlook Expressmsimn.exe
C:ProgrammeWinAceWinAce.exe
C:Dokumente und EinstellungenBaxiLokale EinstellungenTempHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.t–online.de/
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:ProgrammeAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:ProgrammeNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:ProgrammeNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [ccRegVfy] "C:ProgrammeGemeinsame DateienSymantec SharedccRegVfy.exe"
O4 – HKLM..Run: [ccApp] "C:ProgrammeGemeinsame DateienSymantec SharedccApp.exe"
O4 – HKLM..Run: [SunJavaUpdateSched] C:ProgrammeJavaj2re1.4.2_03injusched.exe
O4 – HKLM..Run: [SSC_UserPrompt] C:ProgrammeGemeinsame DateienSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 – HKLM..Run: [NAV Auto Protect] dnsserv.exe
O4 – HKLM..RunServices: [Task Manager Settings] taskman32.exe
O4 – HKLM..RunServices: [NAV Auto Protect] dnsserv.exe
O4 – HKCU..Run: [msnmsgr] "C:ProgrammeMSN MessengerMsnMsgr.Exe" /background
O4 – HKCU..Run: [Popup Ad Filter] C:ProgrammeMeayaPopup Ad FilterPopFilter.exe
O4 – HKCU..Run: [NAV Auto Protect] dnsserv.exe
O4 – Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:WINDOWSsystem32spooldriversw32x863E_SRCV02.EXE
O8 – Extra context menu item: Allow Popups – C:ProgrammeMeayaPopup Ad FilterWhiteGetUrl.js
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:ProgrammeJavaj2re1.4.2_03in pjpi142_03.dll
O9 – Extra 'Tools' menuitem: Sun Java Konsole – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:ProgrammeJavaj2re1.4.2_03in pjpi142_03.dll
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 – HKLMSystemCCSServicesTcpip..{B7A1F079–03F9–4C55–B229–E2C7B8A9C478}: NameServer = 62.27.27.62 62.27.53.66
O23 – Service: Symantec Event Manager – Symantec Corporation – C:ProgrammeGemeinsame DateienSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation Service – Symantec Corporation – C:ProgrammeGemeinsame DateienSymantec SharedccPwdSvc.exe
O23 – Service: EPSON Printer Status Agent2 – SEIKO EPSON CORPORATION – C:ProgrammeGemeinsame DateienEPSONEBAPISAgent2.exe
O23 – Service: Norton AntiVirus Auto Protect Service – Symantec Corporation – C:ProgrammeNorton SystemWorksNorton AntiVirus avapsvc.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:ProgrammeNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1GEMEIN~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:PROGRA~1NORTON~1SPEEDD~1 opdb.exe
O23 – Service: SymWMI Service – Symantec Corporation – C:ProgrammeGemeinsame DateienSymantec SharedSecurity CenterSymWSC.exe

Dziekuje bardzo i z niecierpliwoscia czekam na podpowiedz jak zamordowac drania :twisted:

[/b]
Jolleh
Dodano
04.02.2005 00:38:23
Ciut wiecej niz u Bobiego:


C:PROGRA~1MYWEBS~1ar2.binmwsoemon.exe
C:ProgrammeHotbarin4.5.3.0HbInst.exe
C:WINDOWSSystem32dnsserv.exe
C:ProgrammeHotbarin4.5.3.0HbSrv.exe
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – C:ProgrammeMyWebSearchSrchAstt2.binMWSSRCAS.DLL
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1–072E–44cf–8957–5838F569A31D} – C:ProgrammeMyWebSearchSrchAstt2.binMWSSRCAS.DLL
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – C:ProgrammeMyWebSearchar2.binMWSBAR.DLL
O2 – BHO: Hotbar – {B195B3B3–8A05–11D3–97A4–0004ACA6948E} – C:ProgrammeHotbarin4.5.3.0HbHostIE.dll
O3 – Toolbar: Hotbar – {B195B3B3–8A05–11D3–97A4–0004ACA6948E} – C:ProgrammeHotbarin4.5.3.0HbHostIE.dll
O4 – HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1ar2.binmwsoemon.exe
O4 – HKLM..Run: [NAV Auto Protect] dnsserv.exe
O4 – HKLM..Run: [Hotbar] C:ProgrammeHotbarin4.5.3.0HbInst.exe /Upgrade
O4 – HKLM..RunServices: [NAV Auto Protect] dnsserv.exe
O4 – HKCU..Run: [NAV Auto Protect] dnsserv.exe
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYDE
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
EL NINO
Dodano
03.02.2005 22:37:11
Wywal z loga i dysku:
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – C:ProgrammeMyWebSearchSrchAstt2.binMWSSRCAS.DLL
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1–072E–44cf–8957–5838F569A31D} –
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – C:ProgrammeMyWebSearchar2.binMWSBAR.DLL
O2 – BHO: Hotbar – {B195B3B3–8A05–11D3–97A4–0004ACA6948E} – C:ProgrammeHotbarin4.5.3.0HbHostIE.dll
O3 – Toolbar: Hotbar – {B195B3B3–8A05–11D3–97A4–0004ACA6948E} – C:ProgrammeHotbarin4.5.3.0HbHostIE.dll
O4 – HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1ar2.binmwsoemon.exe
O4 – HKLM..Run: [Hotbar] C:ProgrammeHotbarin4.5.3.0HbInst.exe /Upgrade
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYDE
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab


Te tez IMO lewe:
O4 – HKLM..Run: [NAV Auto Protect] dnsserv.exe
O4 – HKCU..Run: [NAV Auto Protect] dnsserv.exe
O4 – HKLM..RunServices: [NAV Auto Protect] dnsserv.exe
Bobi
Dodano
03.02.2005 22:33:57
Jolleh
Dodano:
03.02.2005 22:14:07
Komentarzy:
11
Strona 1 / 1