Prosze o sprawdzenie loGA
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
D:Winampwinampa.exe
C:program filesgatorfsg.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesRoxioGoBackGBPoll.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:Program FilesRoxioGoBackGBTray.exe
C:Program FilesNorton AntiVirusSAVScan.exe
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesGadu–Gadugg.exe
C:Documents and SettingsWiolettaPulpitHijackThis.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://www.searchgateway.net/search/%s
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll (file missing)
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O2 – BHO: WhIeHelperObj Class – {c900b400–cdfe–11d3–976a–00e02913a9e0} – C:Program FileswebHancerprogramswhiehlpr.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll (file missing)
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [NAV CfgWiz] C:Program FilesCommon FilesSymantec SharedCfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 – HKLM..Run: [WinampAgent] D:Winampwinampa.exe
O4 – HKLM..Run: [webHancer Agent] "C:Program FileswebHancerProgramswhAgent.exe"
O4 – HKLM..Run: [Trickler] "c:program filesgatorfsg.exe"
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – Global Startup: GoBack.lnk = C:Program FilesRoxioGoBackGBTray.exe
O8 – Extra context menu item: Download All by FlashGet – C:PROGRA~1FLASHGETjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:PROGRA~1FLASHGETjc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe (file missing)
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe (file missing)
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O16 – DPF: {0585238B–9CA6–4CCB–A9B2–FE4BA495E880} (AXWebMon Control) – http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: GBPoll – Roxio, Inc. – C:Program FilesRoxioGoBackGBPoll.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O23 – Service: SAVScan – Symantec Corporation – C:Program FilesNorton AntiVirusSAVScan.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
O23 – Service: SymWMI Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
D:Winampwinampa.exe
C:program filesgatorfsg.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesRoxioGoBackGBPoll.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:Program FilesRoxioGoBackGBTray.exe
C:Program FilesNorton AntiVirusSAVScan.exe
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesGadu–Gadugg.exe
C:Documents and SettingsWiolettaPulpitHijackThis.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://www.searchgateway.net/search/%s
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll (file missing)
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O2 – BHO: WhIeHelperObj Class – {c900b400–cdfe–11d3–976a–00e02913a9e0} – C:Program FileswebHancerprogramswhiehlpr.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll (file missing)
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [NAV CfgWiz] C:Program FilesCommon FilesSymantec SharedCfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 – HKLM..Run: [WinampAgent] D:Winampwinampa.exe
O4 – HKLM..Run: [webHancer Agent] "C:Program FileswebHancerProgramswhAgent.exe"
O4 – HKLM..Run: [Trickler] "c:program filesgatorfsg.exe"
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – Global Startup: GoBack.lnk = C:Program FilesRoxioGoBackGBTray.exe
O8 – Extra context menu item: Download All by FlashGet – C:PROGRA~1FLASHGETjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:PROGRA~1FLASHGETjc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe (file missing)
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe (file missing)
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O16 – DPF: {0585238B–9CA6–4CCB–A9B2–FE4BA495E880} (AXWebMon Control) – http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: GBPoll – Roxio, Inc. – C:Program FilesRoxioGoBackGBPoll.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O23 – Service: SAVScan – Symantec Corporation – C:Program FilesNorton AntiVirusSAVScan.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
O23 – Service: SymWMI Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
Odpowiedzi: 8
Jesli jest juz OK, to prosze bardzo.
dzięki ZA pomoC !!
To zostalo, jak wyzej zreszta:
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1
localhost
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
Jesli usuniesz tego ProxyOverride i nie bedzie neta, wejdz do Opcji internetowych i w Polaczneiach sieci Lan odznacz i zaznacz "automatycznie wykryj ustawienia".
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1
localhost
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
Jesli usuniesz tego ProxyOverride i nie bedzie neta, wejdz do Opcji internetowych i w Polaczneiach sieci Lan odznacz i zaznacz "automatycznie wykryj ustawienia".
ale sie strachu najadłem.wywaliłem ten new dot i przestał chodzić explorer i wogóle.kombinowałem aź wszedłem na HJ i wywaliłem jakiś wpis apropo uninstalki tego i podziałało.Moźesz EL_NINO albo kto inny rzucić okiem na loga.Jak coś nie tak to mówcie jeźeli to jest powaźne.Pozdrawiam.
Logfile of HijackThis v1.97.7
Scan saved at 20:50:06, on 05–01–05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESPANDA SOFTWAREPANDA ANTIVIRUS PLATINUMPAVPROXY.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMINTERNAT.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSSYSTEMSTIMON.EXE
C:PROGRAM FILESPANDA SOFTWAREPANDA ANTIVIRUS PLATINUMAPVXDWIN.EXE
C:WINDOWSRUNDLL32.EXE
C:PROGRAM FILESPANDA SOFTWAREPANDA ANTIVIRUS PLATINUMFIREWALLPAVFIRES.EXE
C:PROGRAM FILESGADU–GADUGG.EXE
C:WINDOWSSYSTEMRNAAPP.EXE
C:WINDOWSSYSTEMTAPISRV.EXE
E:INSTALKIANTIVIRYHIJACKTHIS.EXE
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.eu.microsoft.com/poland/
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1
localhost
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRAM FILESFLASHGETJCCATCH.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRAM FILESFLASHGETFGIEBAR.DLL
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [SoundMan] soundman.exe
O4 – HKLM..Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSYSTEMNvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [QuickTime Task] "C:WINDOWSSYSTEMQTTASK.EXE" –atboottime
O4 – HKLM..Run: [StillImageMonitor] C:WINDOWSSYSTEMSTIMON.EXE
O4 – HKLM..Run: [SCANINICIO] "C:Program FilesPanda SoftwarePanda Antivirus PlatinumInicio.exe"
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Antivirus PlatinumAPVXDWIN.EXE" /s
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..RunServices: [SchedulingAgent] C:WINDOWSSYSTEMmstask.exe
O4 – HKLM..RunServices: [PANDASCHEDULER] "C:Program FilesPanda SoftwarePanda Antivirus PlatinumPavsched.exe"
O4 – HKLM..RunServices: [PAVFIRES] C:Program FilesPanda SoftwarePanda Antivirus PlatinumFirewallPavFires.exe
O4 – HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSYSTEMNVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU..Run: [Gadu–Gadu] "C:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:PROGRAM FILESFLASHGETjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:PROGRAM FILESFLASHGETjc_all.htm
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {9085316E–42BA–11D4–BAA3–0080C8D7ED4A} (GameDesire JungleHunter) – http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C4} (GameDesire Pool Training) – http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
Odinstaluj jesli pojdzie tym unistallerem. Jesli nie, znajdziesz w tym dziale linka do uninstallera.Pawko:
...pojawiło mi się teź jakiś folder new dot net.
jest tam jakiś plik do uniintalowania
Zaznacz w HJ i usun:
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1
localhost
O2 – BHO: (no name) – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:Program FilesNewDotNet ewdotnet6_38.dll
O4 – HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup –s
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
Te biblioteki net....dll rowniez z dysku.
podłącze się do tematu.sorki źe znowu zawracam wam głowe ale zainstalowałem pewien wygaszacz i razem z nim lycos page search i bunzi budyy czy jakaś taka małpa.odinstalowałem lycosa i chyba budniego ale pojawiło mi się teź jakiś folder new dot net.
jest tam jakiś plik do uniintalowania ale nie wiem czy to potrzebne kiedyś to wywaliłem i miałem kłopot.poniźej wrzucam loga jakby ktoś mógł to prosze o odpowiedź czy coś zostało co sfixować i czy to new dot net moge za pomocą tego wywalić czy lepiej zostawić.Pozdrawiam.
PS. dodam tylko źe w procesach systemowych mam podwójnie wpisany rundll 32 a przedtem firewall pytałe się czy mam mu dać dostęp.mam windows 98.czy moźe jeden podmienia drugi?wywaliłem jakiś folder w programów files z tym bundim :P mam nadzieje źe nic nie pójdzie jak wywale z kosza
jest tam jakiś plik do uniintalowania ale nie wiem czy to potrzebne kiedyś to wywaliłem i miałem kłopot.poniźej wrzucam loga jakby ktoś mógł to prosze o odpowiedź czy coś zostało co sfixować i czy to new dot net moge za pomocą tego wywalić czy lepiej zostawić.Pozdrawiam.
PS. dodam tylko źe w procesach systemowych mam podwójnie wpisany rundll 32 a przedtem firewall pytałe się czy mam mu dać dostęp.mam windows 98.czy moźe jeden podmienia drugi?wywaliłem jakiś folder w programów files z tym bundim :P mam nadzieje źe nic nie pójdzie jak wywale z kosza
Logfile of HijackThis v1.97.7
Scan saved at 19:51:44, on 05–01–05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAM FILESPANDA SOFTWAREPANDA ANTIVIRUS PLATINUMFIREWALLPAVFIRES.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSEXPLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMINTERNAT.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSSYSTEMSTIMON.EXE
C:PROGRAM FILESPANDA SOFTWAREPANDA ANTIVIRUS PLATINUMAPVXDWIN.EXE
C:WINDOWSRUNDLL32.EXE
C:WINDOWSRUNDLL32.EXE
C:PROGRAM FILESGADU–GADUGG.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESPANDA SOFTWAREPANDA ANTIVIRUS PLATINUMPAVPROXY.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
E:INSTALKIANTIVIRYHIJACKTHIS.EXE
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.eu.microsoft.com/poland/
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = 127.0.0.1
localhost
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRAM FILESFLASHGETJCCATCH.DLL
O2 – BHO: (no name) – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:Program FilesNewDotNet ewdotnet6_38.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRAM FILESFLASHGETFGIEBAR.DLL
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [SoundMan] soundman.exe
O4 – HKLM..Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSYSTEMNvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [QuickTime Task] "C:WINDOWSSYSTEMQTTASK.EXE" –atboottime
O4 – HKLM..Run: [StillImageMonitor] C:WINDOWSSYSTEMSTIMON.EXE
O4 – HKLM..Run: [SCANINICIO] "C:Program FilesPanda SoftwarePanda Antivirus PlatinumInicio.exe"
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Antivirus PlatinumAPVXDWIN.EXE" /s
O4 – HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..RunServices: [SchedulingAgent] C:WINDOWSSYSTEMmstask.exe
O4 – HKLM..RunServices: [PANDASCHEDULER] "C:Program FilesPanda SoftwarePanda Antivirus PlatinumPavsched.exe"
O4 – HKLM..RunServices: [PAVFIRES] C:Program FilesPanda SoftwarePanda Antivirus PlatinumFirewallPavFires.exe
O4 – HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSYSTEMNVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU..Run: [Gadu–Gadu] "C:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:PROGRAM FILESFLASHGETjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:PROGRAM FILESFLASHGETjc_all.htm
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {9085316E–42BA–11D4–BAA3–0080C8D7ED4A} (GameDesire JungleHunter) – http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C4} (GameDesire Pool Training) – http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
Usun w HJ (FIX...) jak i z dysku pliki:
C:program filesgatorfsg.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://www.searchgateway.net/search/%s
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll (file missing)
O2 – BHO: WhIeHelperObj Class – {c900b400–cdfe–11d3–976a–00e02913a9e0} – C:Program FileswebHancerprogramswhiehlpr.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll (file missing)
O4 – HKLM..Run: [webHancer Agent] "C:Program FileswebHancerProgramswhAgent.exe"
O4 – HKLM..Run: [Trickler] "c:program filesgatorfsg.exe"
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe (file missing)
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe (file missing)
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O16 – DPF: {0585238B–9CA6–4CCB–A9B2–FE4BA495E880} (AXWebMon Control) – http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
C:program filesgatorfsg.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://www.searchgateway.net/search/%s
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FLASHGETjccatch.dll (file missing)
O2 – BHO: WhIeHelperObj Class – {c900b400–cdfe–11d3–976a–00e02913a9e0} – C:Program FileswebHancerprogramswhiehlpr.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll (file missing)
O4 – HKLM..Run: [webHancer Agent] "C:Program FileswebHancerProgramswhAgent.exe"
O4 – HKLM..Run: [Trickler] "c:program filesgatorfsg.exe"
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe (file missing)
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETflashget.exe (file missing)
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O16 – DPF: {0585238B–9CA6–4CCB–A9B2–FE4BA495E880} (AXWebMon Control) – http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
Na poczatek wywal katalog gator z program files.
Strona 1 / 1