wielki problem z ngpw36
Probowalem juz wielu sposobow ,ale nie bardzo pomogly.Moze z Waszej strony cos dobrego wpadnie?Logfile of HijackThis v1.99.1
Scan saved at 21:22:13, on 2006–02–28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\ewido anti–malware\ewidoctrl.exe
C:\Programme\ewido anti–malware\ewidoguard.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\D–Link\Air USB Utility\AirCFG.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
H:\CloneCD\CloneCDTray.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Alcohol Soft\Alcohol 120\Alcohol.exe
F:\sterowniki\Winamp\winampa.exe
C:\WINDOWS\system32\sms_msn40.exe
C:\WINDOWS\system32\ctfmon.exe
H:\Spamihilator\spamihilator.exe
C:\Programme\Skype\Phone\Skype.exe
H:\PANICW~1\POP–UP~1\PSFREE.EXE
C:\Programme\mozilla.org\Mozilla\Mozilla.exe
C:\Programme\Tlen.pl\tlen.exe
C:\programme\voipstunt.com\voipstunt\voipstunt.exe
E:\Program Files\eMule\emule.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\irPC\irPC.exe
C:\Programme\OpenOffice.ux.pl 2.0.1\program\soffice.exe
C:\Programme\OpenOffice.ux.pl 2.0.1\program\soffice.BIN
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
H:\SpeedFan\speedfan.exe
C:\WINDOWS\system32\ngpw40.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
H:\programki\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ls–servicecenter.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ls–servicecenter.com
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: (no name) – {7D9CB362–375B–4FB9–8024–E55079CC69D1}" – (no file)
O2 – BHO: EpsonToolBandKicker Class – {E99421FB–68DD–40F0–B4AC–B7027CAE2F1A} – C:\Programme\EPSON\EPSON Web–To–Page\EPSON Web–To–Page.dll
O3 – Toolbar: EPSON Web–To–Page – {EE5D279F–081B–4404–994D–C6B60AAEBA6D} – C:\Programme\EPSON\EPSON Web–To–Page\EPSON Web–To–Page.dll
O4 – HKLM\..\Run: [CHotkey] mHotkey.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [Dit] Dit.exe
O4 – HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe –startgui
O4 – HKLM\..\Run: [D–Link Air USB Utility] C:\Programme\D–Link\Air USB Utility\AirCFG.exe
O4 – HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 – HKLM\..\Run: [CloneCDElbyCDFL] "H:\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 – HKLM\..\Run: [CloneCDTray] "H:\CloneCD\CloneCDTray.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime –Delay
O4 – HKLM\..\Run: [Alcohol.exe Autorun] C:\Programme\Alcohol Soft\Alcohol 120\Alcohol.exe /startup
O4 – HKLM\..\Run: [WinampAgent] F:\sterowniki\Winamp\winampa.exe
O4 – HKLM\..\Run: [sms_msn40] C:\WINDOWS\system32\sms_msn40.exe
O4 – HKLM\..\Run: [RegistryMechanic] C:\Programme\Registry Mechanic\regmech.exe /S
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Spamihilator] "H:\Spamihilator\spamihilator.exe"
O4 – HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [PopUpStopperFreeEdition] "H:\PANICW~1\POP–UP~1\PSFREE.EXE"
O4 – HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\mozilla.org\Mozilla\Mozilla.exe" –turbo
O4 – HKCU\..\Run: [Komunikator] C:\Programme\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [VoipStunt] "C:\programme\voipstunt.com\voipstunt\voipstunt.exe" –nosplash –minimized
O4 – HKCU\..\Run: [eMuleAutoStart] E:\Program Files\eMule\emule.exe –AutoStart
O4 – Startup: irPC.lnk = C:\Programme\irPC\irPC.exe
O4 – Startup: OpenOffice.ux.pl 2.0.1.lnk = C:\Programme\OpenOffice.ux.pl 2.0.1\program\quickstart.exe
O4 – Global Startup: Adobe Reader – Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Konsole – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programme\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programme\Messenger\msmsgs.exe
O14 – IERESET.INF: START_PAGE_URL=http://www.ls–servicecenter.com
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132218944031
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O20 – AppInit_DLLs: sockspy.dll sockspy.dll
O23 – Service: AntiVir Scheduler (AntiVirScheduler) – H+BEDV Datentechnik GmbH – C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 – Service: AntiVir PersonalEdition Classic Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AVM IGD CTRL Service – AVM Berlin – C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 – Service: AVM FRITZ!web Routing Service (de_serv) – AVM Berlin – C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 – Service: ewido security suite control – ewido networks – C:\Programme\ewido anti–malware\ewidoctrl.exe
O23 – Service: ewido security suite guard – ewido networks – C:\Programme\ewido anti–malware\ewidoguard.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Sygate Personal Firewall (SmcService) – Sygate Technologies, Inc. – C:\Programme\Sygate\SPF\smc.exe
:cry: :cry:
Scan saved at 21:22:13, on 2006–02–28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\ewido anti–malware\ewidoctrl.exe
C:\Programme\ewido anti–malware\ewidoguard.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\D–Link\Air USB Utility\AirCFG.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
H:\CloneCD\CloneCDTray.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Alcohol Soft\Alcohol 120\Alcohol.exe
F:\sterowniki\Winamp\winampa.exe
C:\WINDOWS\system32\sms_msn40.exe
C:\WINDOWS\system32\ctfmon.exe
H:\Spamihilator\spamihilator.exe
C:\Programme\Skype\Phone\Skype.exe
H:\PANICW~1\POP–UP~1\PSFREE.EXE
C:\Programme\mozilla.org\Mozilla\Mozilla.exe
C:\Programme\Tlen.pl\tlen.exe
C:\programme\voipstunt.com\voipstunt\voipstunt.exe
E:\Program Files\eMule\emule.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\irPC\irPC.exe
C:\Programme\OpenOffice.ux.pl 2.0.1\program\soffice.exe
C:\Programme\OpenOffice.ux.pl 2.0.1\program\soffice.BIN
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
H:\SpeedFan\speedfan.exe
C:\WINDOWS\system32\ngpw40.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
H:\programki\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ls–servicecenter.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ls–servicecenter.com
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: (no name) – {7D9CB362–375B–4FB9–8024–E55079CC69D1}" – (no file)
O2 – BHO: EpsonToolBandKicker Class – {E99421FB–68DD–40F0–B4AC–B7027CAE2F1A} – C:\Programme\EPSON\EPSON Web–To–Page\EPSON Web–To–Page.dll
O3 – Toolbar: EPSON Web–To–Page – {EE5D279F–081B–4404–994D–C6B60AAEBA6D} – C:\Programme\EPSON\EPSON Web–To–Page\EPSON Web–To–Page.dll
O4 – HKLM\..\Run: [CHotkey] mHotkey.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [Dit] Dit.exe
O4 – HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe –startgui
O4 – HKLM\..\Run: [D–Link Air USB Utility] C:\Programme\D–Link\Air USB Utility\AirCFG.exe
O4 – HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 – HKLM\..\Run: [CloneCDElbyCDFL] "H:\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 – HKLM\..\Run: [CloneCDTray] "H:\CloneCD\CloneCDTray.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime –Delay
O4 – HKLM\..\Run: [Alcohol.exe Autorun] C:\Programme\Alcohol Soft\Alcohol 120\Alcohol.exe /startup
O4 – HKLM\..\Run: [WinampAgent] F:\sterowniki\Winamp\winampa.exe
O4 – HKLM\..\Run: [sms_msn40] C:\WINDOWS\system32\sms_msn40.exe
O4 – HKLM\..\Run: [RegistryMechanic] C:\Programme\Registry Mechanic\regmech.exe /S
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Spamihilator] "H:\Spamihilator\spamihilator.exe"
O4 – HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [PopUpStopperFreeEdition] "H:\PANICW~1\POP–UP~1\PSFREE.EXE"
O4 – HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\mozilla.org\Mozilla\Mozilla.exe" –turbo
O4 – HKCU\..\Run: [Komunikator] C:\Programme\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [VoipStunt] "C:\programme\voipstunt.com\voipstunt\voipstunt.exe" –nosplash –minimized
O4 – HKCU\..\Run: [eMuleAutoStart] E:\Program Files\eMule\emule.exe –AutoStart
O4 – Startup: irPC.lnk = C:\Programme\irPC\irPC.exe
O4 – Startup: OpenOffice.ux.pl 2.0.1.lnk = C:\Programme\OpenOffice.ux.pl 2.0.1\program\quickstart.exe
O4 – Global Startup: Adobe Reader – Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Konsole – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programme\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programme\Messenger\msmsgs.exe
O14 – IERESET.INF: START_PAGE_URL=http://www.ls–servicecenter.com
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132218944031
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O20 – AppInit_DLLs: sockspy.dll sockspy.dll
O23 – Service: AntiVir Scheduler (AntiVirScheduler) – H+BEDV Datentechnik GmbH – C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 – Service: AntiVir PersonalEdition Classic Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AVM IGD CTRL Service – AVM Berlin – C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 – Service: AVM FRITZ!web Routing Service (de_serv) – AVM Berlin – C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 – Service: ewido security suite control – ewido networks – C:\Programme\ewido anti–malware\ewidoctrl.exe
O23 – Service: ewido security suite guard – ewido networks – C:\Programme\ewido anti–malware\ewidoguard.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Sygate Personal Firewall (SmcService) – Sygate Technologies, Inc. – C:\Programme\Sygate\SPF\smc.exe
:cry: :cry:
Odpowiedzi: 4
Dla pewnosci pokaz log jeszcze raz – np. sms_msn40.exe usuniety rowniez ?
Juz po wszystkim. wyrabalem dziadostwo SPY SWEEPEREM!!!
sorry! napisalem tylko w temacie. pojawil mi sie proces ngpw36 i probowalem to jakos unicestwic ale nic nie wyszlo. moze ktos zerknie.w winndows tasku, w zakladce1( Anwendungen)pojawia sie ngpw36. Windows XP Home ed. deutsch. Logfile of HijackThis v1.99.1
Scan saved at 14:06:21, on 2006–03–01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\ewido anti–malware\ewidoctrl.exe
C:\Programme\ewido anti–malware\ewidoguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
H:\CloneCD\CloneCDTray.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
F:\sterowniki\Winamp\winampa.exe
C:\WINDOWS\system32\sms_msn40.exe
C:\Programme\D–Link\Air USB Utility\AirCFG.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ngpw40.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\mozilla.org\Mozilla\Mozilla.exe
C:\Programme\Tlen.pl\tlen.exe
C:\programme\voipstunt.com\voipstunt\voipstunt.exe
C:\Programme\irPC\irPC.exe
C:\Programme\OpenOffice.ux.pl 2.0.1\program\soffice.exe
C:\Programme\OpenOffice.ux.pl 2.0.1\program\soffice.BIN
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
c:\progra~1\mozill~1\firefox.exe
C:\totalcmd\TOTALCMD.EXE
H:\programki\HijackThis.exe
C:\WINDOWS\system32\regsvr32.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ls–servicecenter.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ls–servicecenter.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ls–servicecenter.com/
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: (no name) – {7D9CB362–375B–4FB9–8024–E55079CC69D1}" – (no file)
O2 – BHO: EpsonToolBandKicker Class – {E99421FB–68DD–40F0–B4AC–B7027CAE2F1A} – C:\Programme\EPSON\EPSON Web–To–Page\EPSON Web–To–Page.dll
O3 – Toolbar: EPSON Web–To–Page – {EE5D279F–081B–4404–994D–C6B60AAEBA6D} – C:\Programme\EPSON\EPSON Web–To–Page\EPSON Web–To–Page.dll
O4 – HKLM\..\Run: [CHotkey] mHotkey.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [Dit] Dit.exe
O4 – HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe –startgui
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 – HKLM\..\Run: [CloneCDElbyCDFL] "H:\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 – HKLM\..\Run: [CloneCDTray] "H:\CloneCD\CloneCDTray.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime –Delay
O4 – HKLM\..\Run: [WinampAgent] F:\sterowniki\Winamp\winampa.exe
O4 – HKLM\..\Run: [sms_msn40] C:\WINDOWS\system32\sms_msn40.exe
O4 – HKLM\..\Run: [D–Link Air USB Utility] C:\Programme\D–Link\Air USB Utility\AirCFG.exe
O4 – HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Spamihilator] "H:\Spamihilator\spamihilator.exe"
O4 – HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\mozilla.org\Mozilla\Mozilla.exe" –turbo
O4 – HKCU\..\Run: [Komunikator] C:\Programme\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [VoipStunt] "C:\programme\voipstunt.com\voipstunt\voipstunt.exe" –nosplash –minimized
O4 – Startup: irPC.lnk = C:\Programme\irPC\irPC.exe
O4 – Startup: OpenOffice.ux.pl 2.0.1.lnk = C:\Programme\OpenOffice.ux.pl 2.0.1\program\quickstart.exe
O4 – Global Startup: Adobe Reader – Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Konsole – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programme\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programme\Messenger\msmsgs.exe
O14 – IERESET.INF: START_PAGE_URL=http://www.ls–servicecenter.com
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132218944031
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O20 – AppInit_DLLs: sockspy.dll sockspy.dll
O23 – Service: AntiVir Scheduler (AntiVirScheduler) – H+BEDV Datentechnik GmbH – C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 – Service: AntiVir PersonalEdition Classic Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AVM IGD CTRL Service – AVM Berlin – C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 – Service: AVM FRITZ!web Routing Service (de_serv) – AVM Berlin – C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 – Service: ewido security suite control – ewido networks – C:\Programme\ewido anti–malware\ewidoctrl.exe
O23 – Service: ewido security suite guard – ewido networks – C:\Programme\ewido anti–malware\ewidoguard.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Sygate Personal Firewall (SmcService) – Sygate Technologies, Inc. – C:\Programme\Sygate\SPF\smc.exe
Scan saved at 14:06:21, on 2006–03–01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\ewido anti–malware\ewidoctrl.exe
C:\Programme\ewido anti–malware\ewidoguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
H:\CloneCD\CloneCDTray.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
F:\sterowniki\Winamp\winampa.exe
C:\WINDOWS\system32\sms_msn40.exe
C:\Programme\D–Link\Air USB Utility\AirCFG.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ngpw40.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\mozilla.org\Mozilla\Mozilla.exe
C:\Programme\Tlen.pl\tlen.exe
C:\programme\voipstunt.com\voipstunt\voipstunt.exe
C:\Programme\irPC\irPC.exe
C:\Programme\OpenOffice.ux.pl 2.0.1\program\soffice.exe
C:\Programme\OpenOffice.ux.pl 2.0.1\program\soffice.BIN
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
c:\progra~1\mozill~1\firefox.exe
C:\totalcmd\TOTALCMD.EXE
H:\programki\HijackThis.exe
C:\WINDOWS\system32\regsvr32.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ls–servicecenter.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ls–servicecenter.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ls–servicecenter.com/
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: (no name) – {7D9CB362–375B–4FB9–8024–E55079CC69D1}" – (no file)
O2 – BHO: EpsonToolBandKicker Class – {E99421FB–68DD–40F0–B4AC–B7027CAE2F1A} – C:\Programme\EPSON\EPSON Web–To–Page\EPSON Web–To–Page.dll
O3 – Toolbar: EPSON Web–To–Page – {EE5D279F–081B–4404–994D–C6B60AAEBA6D} – C:\Programme\EPSON\EPSON Web–To–Page\EPSON Web–To–Page.dll
O4 – HKLM\..\Run: [CHotkey] mHotkey.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [Dit] Dit.exe
O4 – HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe –startgui
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 – HKLM\..\Run: [CloneCDElbyCDFL] "H:\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 – HKLM\..\Run: [CloneCDTray] "H:\CloneCD\CloneCDTray.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime –Delay
O4 – HKLM\..\Run: [WinampAgent] F:\sterowniki\Winamp\winampa.exe
O4 – HKLM\..\Run: [sms_msn40] C:\WINDOWS\system32\sms_msn40.exe
O4 – HKLM\..\Run: [D–Link Air USB Utility] C:\Programme\D–Link\Air USB Utility\AirCFG.exe
O4 – HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Spamihilator] "H:\Spamihilator\spamihilator.exe"
O4 – HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\mozilla.org\Mozilla\Mozilla.exe" –turbo
O4 – HKCU\..\Run: [Komunikator] C:\Programme\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [VoipStunt] "C:\programme\voipstunt.com\voipstunt\voipstunt.exe" –nosplash –minimized
O4 – Startup: irPC.lnk = C:\Programme\irPC\irPC.exe
O4 – Startup: OpenOffice.ux.pl 2.0.1.lnk = C:\Programme\OpenOffice.ux.pl 2.0.1\program\quickstart.exe
O4 – Global Startup: Adobe Reader – Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Konsole – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programme\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programme\Messenger\msmsgs.exe
O14 – IERESET.INF: START_PAGE_URL=http://www.ls–servicecenter.com
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132218944031
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O20 – AppInit_DLLs: sockspy.dll sockspy.dll
O23 – Service: AntiVir Scheduler (AntiVirScheduler) – H+BEDV Datentechnik GmbH – C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 – Service: AntiVir PersonalEdition Classic Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AVM IGD CTRL Service – AVM Berlin – C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 – Service: AVM FRITZ!web Routing Service (de_serv) – AVM Berlin – C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 – Service: ewido security suite control – ewido networks – C:\Programme\ewido anti–malware\ewidoctrl.exe
O23 – Service: ewido security suite guard – ewido networks – C:\Programme\ewido anti–malware\ewidoguard.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Sygate Personal Firewall (SmcService) – Sygate Technologies, Inc. – C:\Programme\Sygate\SPF\smc.exe
Sposobow na co ?Jay:
Probowalem juz wielu sposobow ,ale nie bardzo pomogly.
Nad Twoim postem znajdziesz przyklejone tematy. Sprawdz sobie log w odpowiednim – masz kilka dziwnych pozycji.
Strona 1 / 1