your computer is infected! <<jak to usunac??
na moim komputerze zainstalowal sie spysheriff ale usunolem go za pomoca jakiegos tam skanera
on–line:D :D lecz jest jeden problem w prawym dolnym rogu (obok zegarka) pojawily sie dwa X i co jakies 30 sec pokazuje sie informacja your computer is infected i jak nacisne na to ,to instaluje sie mi spysheriff i jest jeszcze jedna sprawa nie moge zmienic tapet:/(your computer is infected)
login z hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 07:36:04, on 2005–09–12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Softwin\BitDefender8\bdoesrv.exe
D:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\winstall.exe
C:\winstall.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender8\vsserv.exe
d:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\UZYTKO~1\USTAWI~1\Temp\Rar$EX00.796\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3026
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3026
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=3026
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O1 – Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 – Hosts: 82.179.166.164 lender–search.com
O1 – Hosts: 82.179.166.165 hot–searches.com
O2 – BHO: (no name) – {B75F75B8–93F3–429D–FF34–660B206D897A} – C:\WINDOWS\System32\zolker010.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NTCommLib3] C:\WINDOWS\System32\NTCommLib3.exe
O4 – HKLM\..\Run: [Jacfuk] C:\Program Files\Qqzfyr\Pyiqtf.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 – HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 – HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 – HKLM\..\Run: [BDOESRV] "D:\Program Files\Softwin\BitDefender8\bdoesrv.exe"
O4 – HKLM\..\Run: [BDNewsAgent] "D:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 – HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: *.asdbiz.biz
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.asdbiz.biz (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe
O16 – DPF: {C5E28B9D–0A68–4B50–94E9–E8F6B4697519} (NsvPlayX Control) – http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O21 – SSODL: Gadu–Gadu – {8E7E4D64–CEDD–27E7–E368–F852C9F80E20} – c:\program files\gadu–gadu\edsrbk32.dll (file missing)
O21 – SSODL: System – {A90F7F71–5DB0–4CE5–B59A–30E5273B32A0} – ssmc.dll (file missing)
O23 – Service: BitDefender Scan Server (bdss) – Unknown owner – C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: BitDefender Virus Shield (VSSERV) – Unknown owner – D:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 – Service: BitDefender Communicator (XCOMM) – Unknown owner – C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
z gory dzieki
PzDr
on–line:D :D lecz jest jeden problem w prawym dolnym rogu (obok zegarka) pojawily sie dwa X i co jakies 30 sec pokazuje sie informacja your computer is infected i jak nacisne na to ,to instaluje sie mi spysheriff i jest jeszcze jedna sprawa nie moge zmienic tapet:/(your computer is infected)
login z hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 07:36:04, on 2005–09–12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Softwin\BitDefender8\bdoesrv.exe
D:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\winstall.exe
C:\winstall.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender8\vsserv.exe
d:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\UZYTKO~1\USTAWI~1\Temp\Rar$EX00.796\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3026
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3026
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=3026
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O1 – Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 – Hosts: 82.179.166.164 lender–search.com
O1 – Hosts: 82.179.166.165 hot–searches.com
O2 – BHO: (no name) – {B75F75B8–93F3–429D–FF34–660B206D897A} – C:\WINDOWS\System32\zolker010.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NTCommLib3] C:\WINDOWS\System32\NTCommLib3.exe
O4 – HKLM\..\Run: [Jacfuk] C:\Program Files\Qqzfyr\Pyiqtf.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 – HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 – HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 – HKLM\..\Run: [BDOESRV] "D:\Program Files\Softwin\BitDefender8\bdoesrv.exe"
O4 – HKLM\..\Run: [BDNewsAgent] "D:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 – HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: *.asdbiz.biz
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.asdbiz.biz (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe
O16 – DPF: {C5E28B9D–0A68–4B50–94E9–E8F6B4697519} (NsvPlayX Control) – http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O21 – SSODL: Gadu–Gadu – {8E7E4D64–CEDD–27E7–E368–F852C9F80E20} – c:\program files\gadu–gadu\edsrbk32.dll (file missing)
O21 – SSODL: System – {A90F7F71–5DB0–4CE5–B59A–30E5273B32A0} – ssmc.dll (file missing)
O23 – Service: BitDefender Scan Server (bdss) – Unknown owner – C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: BitDefender Virus Shield (VSSERV) – Unknown owner – D:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 – Service: BitDefender Communicator (XCOMM) – Unknown owner – C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
z gory dzieki
PzDr
Odpowiedzi: 18
Exa:
mam pytanko to co wkleiles te opisane procesy , to skad to jest ?????
Exa – przejdź do FAQ przyklejonego w tym dziale i poczytaj o HijackThis i jego logach. Następnie wygeneruj sobie takiego loga i sprawdź zgodnie z drugimprzyklejonym tematem o sprawdzaniu logów traktującym. Jak czegoś nie będziesz wiedzieć, bądź coś będzie powracać to pytaj – lepiej jest się zapytać niź usunąć za duźo.
mam pytanko to co wkleiles te opisane procesy , to skad to jest ?????
Oczywiscie ze jest.czy cos jest jeszcze do usuniecia?
O4 – HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
...i plik svchost.exe z tej wlasnie lokalizacji. Nie z \system32
O4 – HKLM\..\Run: [NTCommLib3] C:\WINDOWS\System32\NTCommLib3.exe
...lacznie z plikiem
Nie mam pojecia coz toto jest:
O21 – SSODL: Gadu–Gadu – {8E7E4D64–CEDD–27E7–E368–F852C9F80E20} – c:\program files\gadu–gadu\edsrbk32.dll (file missing)
dobra sciagnolem sobie spybot i zalatwil sprawe raz na zawsze z spysheriff i innymi virusami takze z czerwonym ekranem i przeokazji usunol mi kilka trojanow, dyfuck, i inne robactwo :)
link do spybota(jest calkowicie darmowy!)
http://www.instalki.pl/programy/download/antyspyware/SpyBot–Search&Destroy.php[/url]
link do spybota(jest calkowicie darmowy!)
http://www.instalki.pl/programy/download/antyspyware/SpyBot–Search&Destroy.php[/url]
no fuck znowu mi sie pokazal czerwony ekran:/(your system is infected!)
Logfile of HijackThis v1.99.1
Scan saved at 07:59:58, on 2005–09–16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Softwin\BitDefender8\bdoesrv.exe
D:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender8\vsserv.exe
d:\program files\softwin\bitdefender8\bdmcon.exe
D:\Program Files\Winamp\Winamp.exe
C:\Documents and Settings\uzytkownik\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NTCommLib3] C:\WINDOWS\System32\NTCommLib3.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 – HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 – HKLM\..\Run: [BDOESRV] "D:\Program Files\Softwin\BitDefender8\bdoesrv.exe"
O4 – HKLM\..\Run: [BDNewsAgent] "D:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 – HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {C5E28B9D–0A68–4B50–94E9–E8F6B4697519} (NsvPlayX Control) – http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O21 – SSODL: Gadu–Gadu – {8E7E4D64–CEDD–27E7–E368–F852C9F80E20} – c:\program files\gadu–gadu\edsrbk32.dll (file missing)
O23 – Service: BitDefender Scan Server (bdss) – Unknown owner – C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: BitDefender Virus Shield (VSSERV) – Unknown owner – D:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 – Service: BitDefender Communicator (XCOMM) – Unknown owner – C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
czy cos jest jeszcze do usuniecia?
Logfile of HijackThis v1.99.1
Scan saved at 07:59:58, on 2005–09–16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Softwin\BitDefender8\bdoesrv.exe
D:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender8\vsserv.exe
d:\program files\softwin\bitdefender8\bdmcon.exe
D:\Program Files\Winamp\Winamp.exe
C:\Documents and Settings\uzytkownik\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NTCommLib3] C:\WINDOWS\System32\NTCommLib3.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 – HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 – HKLM\..\Run: [BDOESRV] "D:\Program Files\Softwin\BitDefender8\bdoesrv.exe"
O4 – HKLM\..\Run: [BDNewsAgent] "D:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 – HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {C5E28B9D–0A68–4B50–94E9–E8F6B4697519} (NsvPlayX Control) – http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_aac.cab
O21 – SSODL: Gadu–Gadu – {8E7E4D64–CEDD–27E7–E368–F852C9F80E20} – c:\program files\gadu–gadu\edsrbk32.dll (file missing)
O23 – Service: BitDefender Scan Server (bdss) – Unknown owner – C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: BitDefender Virus Shield (VSSERV) – Unknown owner – D:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 – Service: BitDefender Communicator (XCOMM) – Unknown owner – C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
czy cos jest jeszcze do usuniecia?
misiek, sprawdz loga sam. W przyklejonym temacie. Dopiero pozniej jesli cos nie pojdzie, napiszesz co sie dzieje.
Witam
mam podobny problem tylko ze mam 4 takie krzyzyki kolo zegarka :/
bardzo prosze o pomoc
mam podobny problem tylko ze mam 4 takie krzyzyki kolo zegarka :/
bardzo prosze o pomoc
Logfile of HijackThis v1.99.1
Scan saved at 09:01:41, on 2005–09–14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
D:\programy\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
D:\programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\paytime.exe
C:\windows\system32\mdms.exe
D:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\AutoConnect\AutoConnect.exe
D:\Programy\Gadu–Gadu\gg.exe
C:\WINDOWS\System32\paytime.exe
C:\winstall.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool2.exe
D:\Programy\Pogoda\pogoda.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Delux\PS2 Keyboard English Edition 2.0\kb_2k.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\usr\mysql\bin\mysqld–nt.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Misiek\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400011&utm_content=leftnav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400011&utm_content=leftnav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = ..::Tysia i Misiek::..
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O1 – Hosts: 127.0.0.3 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.3 x.full–tgp.net
O1 – Hosts: 127.0.0.3 counter.sexmaniack.com
O1 – Hosts: 127.0.0.3 autoescrowpay.com
O1 – Hosts: 127.0.0.3 www.autoescrowpay.com
O1 – Hosts: 127.0.0.3 www.awmdabest.com
O1 – Hosts: 127.0.0.3 www.sexfiles.nu
O1 – Hosts: 127.0.0.3 awmdabest.com
O1 – Hosts: 127.0.0.3 sexfiles.nu
O1 – Hosts: 127.0.0.3 allforadult.com
O1 – Hosts: 127.0.0.3 www.allforadult.com
O1 – Hosts: 127.0.0.3 www.iframe.biz
O1 – Hosts: 127.0.0.3 iframe.biz
O1 – Hosts: 127.0.0.3 www.newiframe.biz
O1 – Hosts: 127.0.0.3 newiframe.biz
O1 – Hosts: 127.0.0.3 www.vesbiz.biz
O1 – Hosts: 127.0.0.3 vesbiz.biz
O1 – Hosts: 127.0.0.3 www.pizdato.biz
O1 – Hosts: 127.0.0.3 pizdato.biz
O1 – Hosts: 127.0.0.3 www.aaasexypics.com
O1 – Hosts: 127.0.0.3 aaasexypics.com
O1 – Hosts: 127.0.0.3 www.virgin–tgp.net
O1 – Hosts: 127.0.0.3 virgin–tgp.net
O1 – Hosts: 127.0.0.3 www.awmcash.biz
O1 – Hosts: 127.0.0.3 awmcash.biz
O1 – Hosts: 127.0.0.3 buldog–stats.com
O1 – Hosts: 127.0.0.3 www.buldog–stats.com
O1 – Hosts: 127.0.0.3 fregat.drocherway.com
O1 – Hosts: 127.0.0.3 slutmania.biz
O1 – Hosts: 127.0.0.3 www.slutmania.biz
O1 – Hosts: 127.0.0.3 toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.megapornix.com
O1 – Hosts: 127.0.0.3 megapornix.com
O1 – Hosts: 127.0.0.3 www.sp2fucked.biz
O1 – Hosts: 127.0.0.3 sp2fucked.biz
O1 – Hosts: 127.0.0.3 greg–tut.com
O1 – Hosts: 127.0.0.3 www.greg–tut.com
O1 – Hosts: 127.0.0.3 nylonsexy.com
O1 – Hosts: 127.0.0.3 www.nylonsexy.com
O1 – Hosts: 127.0.0.3 vparivalka.com
O1 – Hosts: 127.0.0.3 www.vparivalka.com
O1 – Hosts: 127.0.0.3 iframeprofit.com
O1 – Hosts: 127.0.0.3 www.iframeprofit.com
O1 – Hosts: 127.0.0.3 topsearch10.com
O1 – Hosts: 127.0.0.3 www.topsearch10.com
O1 – Hosts: 127.0.0.3 statscash.biz
O1 – Hosts: 127.0.0.3 www.statscash.biz
O1 – Hosts: 127.0.0.3 vxiframe.biz
O1 – Hosts: 127.0.0.3 www.vxiframe.biz
O1 – Hosts: 127.0.0.3 crazy–toolbar.com
O1 – Hosts: 127.0.0.3 www.crazy–toolbar.com
O1 – Hosts: 127.0.0.3 topcash.biz
O1 – Hosts: 127.0.0.3 www.topcash.biz
O1 – Hosts: 127.0.0.3 loadcash.biz
O1 – Hosts: 127.0.0.3 www.loadcash.biz
O1 – Hosts: 127.0.0.3 txiframe.biz
O1 – Hosts: 127.0.0.3 www.txiframe.biz
O1 – Hosts: 127.0.0.3 procounter.biz
O1 – Hosts: 127.0.0.3 www.procounter.biz
O1 – Hosts: 127.0.0.3 advadmin.biz
O1 – Hosts: 127.0.0.3 www.advadmin.biz
O1 – Hosts: 127.0.0.3 trafficbest.net
O1 – Hosts: 127.0.0.3 www.trafficbest.net
O1 – Hosts: 127.0.0.3 besthvac.com
O1 – Hosts: 127.0.0.3 www.besthvac.com
O1 – Hosts: 127.0.0.3 traff4.com
O1 – Hosts: 127.0.0.3 www.traff4.com
O1 – Hosts: 127.0.0.3 ambush–script.com
O1 – Hosts: 127.0.0.3 www.ambush–script.com
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Programy\adobe readed\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – C:\WINDOWS\system32\appwiz.dll
O2 – BHO: BHObj Class – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:\WINDOWS\wsem303.dll (file missing)
O2 – BHO: Accoona Search Assistant – {944864A5–3916–46E2–96A9–A2E84F3F1208} – C:\Program Files\Accoona\ASearchAssist.dll
O2 – BHO: (no name) – {A0269420–A638–4509–889C–8FC3CC85DA7E} – C:\WINDOWS\drexinit.dll
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – C:\Program Files\DAP\DAPIEBar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 – HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
O4 – HKLM\..\Run: [WinampAgent] d:\programy\Winamp\winampa.exe
O4 – HKLM\..\Run: [No–IP Client 1.2] "C:\Documents and Settings\Misiek\Pulpit\noipclient.exe"
O4 – HKLM\..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr
O4 – HKLM\..\Run: [qi7v18rq] C:\WINDOWS\System32\qi7v18rq.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Fhkrx] C:\Program Files\Kptsex\Qpsk.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 – HKLM\..\Run: [PCSuiteTrayApplication] D:\programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe –onlytray
O4 – HKLM\..\Run: [Windows FormatAd] C:\Program Files\Windows FormatAd\WinForm.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKLM\..\Run: [MouseDrv] C:\DOCUME~1\Misiek\USTAWI~1\Temp\link.txt
O4 – HKCU\..\Run: [PcSync] D:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 – HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 – HKCU\..\Run: [Anty_16BitNT Automatyczna Ochrona] C:\WINDOWS\Anty_16BitNT.exe AO
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Programy\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 – HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe
O4 – HKCU\..\Run: [MouseDrv] C:\DOCUME~1\Misiek\USTAWI~1\Temp\link.txt
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 – HKCU\..\Run: [tray] D:\Programy\Pogoda\pogoda.exe /tray
O4 – Startup: PowerReg Scheduler V3.exe
O4 – Startup: PowerReg Scheduler.exe
O4 – Startup: WinMySQLadmin.lnk = C:\usr\mysql\bin\winmysqladmin.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 – Global Startup: PS2 Keyboard English Edition 2.0.lnk = ?
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\WINDOWS\System32\msjava.dll
O9 – Extra button: Run WinHTTrack – {36ECAF82–3300–8F84–092E–AFF36D6C7040} – d:\programy\WinHTTrack\WinHTTrackIEBar.dll
O9 – Extra 'Tools' menuitem: Launch WinHTTrack – {36ECAF82–3300–8F84–092E–AFF36D6C7040} – d:\programy\WinHTTrack\WinHTTrackIEBar.dll
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:\PROGRA~1\DAP\DAP.EXE
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:\programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O12 – Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 – Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 – Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 – Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O16 – DPF: {0585238B–9CA6–4CCB–A9B2–FE4BA495E880} (AXWebMon Control) – http://www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
O16 – DPF: {0E8D0700–75DF–11D3–8B4A–0008C7450C4A} (DjVuCtl Class) – http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_63.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (Ganymede Board Games) – http://67.15.101.3/g_bin/pl/boards_2_0_0_21.cab
O16 – DPF: {4C39376E–FA9D–4349–BACC–D305C1750EF3} (EPUImageControl Class) – http://tools.ebayimg.com/eps/activex/EPUWALControl_v1–0–3–18.cab
O16 – DPF: {631FF594–EC25–4CFF–B869–402DF294E1D6} (Instalator oprogramowania Onet.pl) – http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123484783763
O16 – DPF: {745395C8–D0E1–4227–8586–624CA9A10A8D} (AxisMediaControl Class) – http://217.96.55.11//activex/AMC.cab
O16 – DPF: {881290B9–F53C–4676–8DAF–3DBEFC297308} (GameDesire Makao) – http://67.15.101.3/g_bin/pl/makao_2_0_0_16.cab
O16 – DPF: {A854AD6D–6DB5–41FB–8044–0BD38092A007} (Ganymede Sudoku) – http://67.15.101.3/g_bin/pl/sudoku_2_0_0_5.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_22.cab
O16 – DPF: {E23FABEE–12E3–33DA–DA12–195DAC123984} (GameDesire Mahjong) – http://67.15.101.3/g_bin/pl/mahjong_2_0_0_19.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O16 – DPF: {E7D2588A–7FB5–47DC–8830–832605661009} (Live Collaboration) – http://bok.plusgsm.pl/rnt/rnl/java/RntX.cab
O16 – DPF: {E95CF138–A587–4C54–8175–3AD80997CB14} (GameDesire Soccer) – http://67.15.101.3/g_bin/pl/soccer_2_0_0_8.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{D310E6BE–E6E5–4FCA–86AB–492E4A1CE1DE}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Proxy Service (ccPxySvc) – Symantec Corporation – C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 – Service: Crypkey License – Kenonic Controls Ltd. – C:\WINDOWS\SYSTEM32\crypserv.exe
O23 – Service: Macromedia Licensing Service – Unknown owner – C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: MySql – Unknown owner – c:/usr/mysql/bin/mysqld–nt.exe
O23 – Service: Norton Personal Firewall Accounts Manager (NISUM) – Symantec Corporation – C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Tak. Juz jest OK.czy wszystko jest juź oki?
Tak na przyszlosc – nie laduj HiJacka w takie miejsce –> C:\DOCUME~1\BARTEK~1.DOM\USTAWI~1\Temp\Rar$EX00.844\HijackThis.exe
HiJack powinien byc w glownym folderze dysku. Np. –> C:\HiJack\HiJackThis.exe
zrobiłem tak jak mówiles :) wszystko poznikało 8)
w tej chwili jest tak :
Logfile of HijackThis v1.99.1
Scan saved at 23:36:13, on 2005–09–13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BARTEK~1.DOM\USTAWI~1\Temp\Rar$EX00.844\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2.satfilm.net.pl:8080
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – C:\Program Files\DAP\DAPIEBar.dll
O4 – HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 – HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.exe
czy wszystko jest juź oki? czy jeszcze coś mam usunąć?
z góry dziękuje za poprzednie wskazówki :)
w tej chwili jest tak :
Logfile of HijackThis v1.99.1
Scan saved at 23:36:13, on 2005–09–13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BARTEK~1.DOM\USTAWI~1\Temp\Rar$EX00.844\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2.satfilm.net.pl:8080
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – C:\Program Files\DAP\DAPIEBar.dll
O4 – HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 – HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.exe
czy wszystko jest juź oki? czy jeszcze coś mam usunąć?
z góry dziękuje za poprzednie wskazówki :)
Było i to nie raz... tylko nie wiem co co Ci to w tym momencie ?
Userinita wyedytuj w rejestrze spod normalnie uruchomionego systemu, albo inaczej:
Wklej to do notatnika i zapisz z rozszerzeniem reg
Poźniej dodaj do rejestru:
Userinita wyedytuj w rejestrze spod normalnie uruchomionego systemu, albo inaczej:
Wklej to do notatnika i zapisz z rozszerzeniem reg
Poźniej dodaj do rejestru:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
Startujemy do konsoli odzyskiwania :?
chodzi mi głównie o to .. jak mam to poprawić ??
krok po kroku .. bo juź poczatek jest tragedia dla mnie :(
chodzi mi głównie o to .. jak mam to poprawić ??
krok po kroku .. bo juź poczatek jest tragedia dla mnie :(
Czego nei rozumiesz ? Wszystko jest bez problemu do znalezienia.
– wyłaczanie przywracania FAQ w tym dziale
– start do awaryjnego klepiesz w F8 po starcie kompa i z listy odpowiednią opcję wybierasz
– zaznaczasz podane wpisy w programie i klikasz "fix checked"
– oprózniasz zawartosć katalogu Temp
– plik zaznaczony boldem wyszukujesz na dysku i do zsypu
– poprawiasz na wszelki wypadek dane wartosci Userinit, szczegóły w podlinkowanym temacie.
– wyłaczanie przywracania FAQ w tym dziale
– start do awaryjnego klepiesz w F8 po starcie kompa i z listy odpowiednią opcję wybierasz
– zaznaczasz podane wpisy w programie i klikasz "fix checked"
– oprózniasz zawartosć katalogu Temp
– plik zaznaczony boldem wyszukujesz na dysku i do zsypu
– poprawiasz na wszelki wypadek dane wartosci Userinit, szczegóły w podlinkowanym temacie.
Kroki jak kolega wyźej tylko masz do zafixowania i usunięcia z dysku takie coś:R3 – Default URLSearchHook is missing
F2 – REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [MouseDrv] C:\DOCUME~1\BARTEK~1.DOM\USTAWI~1\Temp\link.txt
O4 – HKCU\..\Run: [MouseDrv] C:\DOCUME~1\BARTEK~1.DOM\USTAWI~1\Temp\link.txt
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
Co do userinitu to IMO HijackThis wyplul ten wpis ze względu na brak przecinka na końcu.
Wyedytuj tą wartosc recznie przed przelogowaniem, zeby nie było niedomówień.
Opis: http://forum.centrumxp.pl/viewtopic.php?t=29728#faq28
to pierwsze potrafie zrobić .. ale o tym 2 to nawet nie mam pojecia o co c'mon :cry: moźna jakoś jaśniej 8)
Kroki jak kolega wyźej tylko masz do zafixowania i usunięcia z dysku takie coś:
Co do userinitu to IMO HijackThis wyplul ten wpis ze względu na brak przecinka na końcu.
Wyedytuj tą wartosc recznie przed przelogowaniem, zeby nie było niedomówień.
Opis: http://forum.centrumxp.pl/viewtopic.php?t=29728#faq28
R3 – Default URLSearchHook is missing
F2 – REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [MouseDrv] C:\DOCUME~1\BARTEK~1.DOM\USTAWI~1\Temp\link.txt
O4 – HKCU\..\Run: [MouseDrv] C:\DOCUME~1\BARTEK~1.DOM\USTAWI~1\Temp\link.txt
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
Co do userinitu to IMO HijackThis wyplul ten wpis ze względu na brak przecinka na końcu.
Wyedytuj tą wartosc recznie przed przelogowaniem, zeby nie było niedomówień.
Opis: http://forum.centrumxp.pl/viewtopic.php?t=29728#faq28
jau! niestety mam podobny problem .. niestety w sprawach polityki z komputerami jestem zielony :( jak mało kto .. kumpel kazał wkleić mi to .. moźe ktoś mi podpowie (krok po kroku) co mam zrobić aby to usunąć :cry:
Logfile of HijackThis v1.99.1
Scan saved at 03:34:31, on 2005–09–13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\DOCUME~1\BARTEK~1.DOM\USTAWI~1\Temp\Rar$EX02.391\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2.satfilm.net.pl:8080
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
F2 – REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – C:\Program Files\DAP\DAPIEBar.dll
O4 – HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 – HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [MouseDrv] C:\DOCUME~1\BARTEK~1.DOM\USTAWI~1\Temp\link.txt
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [MouseDrv] C:\DOCUME~1\BARTEK~1.DOM\USTAWI~1\Temp\link.txt
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:\PROGRA~1\DAP\DAP.EXE
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
O16 – DPF: {70BA88C8–DAE8–4CE9–92BB–979C4A75F53B} (GSDACtl Class) – http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.exe
Logfile of HijackThis v1.99.1
Scan saved at 03:34:31, on 2005–09–13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\DOCUME~1\BARTEK~1.DOM\USTAWI~1\Temp\Rar$EX02.391\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy2.satfilm.net.pl:8080
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
F2 – REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – C:\Program Files\DAP\DAPIEBar.dll
O4 – HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 – HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 – HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [MouseDrv] C:\DOCUME~1\BARTEK~1.DOM\USTAWI~1\Temp\link.txt
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [MouseDrv] C:\DOCUME~1\BARTEK~1.DOM\USTAWI~1\Temp\link.txt
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: &Download with &DAP – C:\PROGRA~1\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\PROGRA~1\DAP\dapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:\PROGRA~1\DAP\DAP.EXE
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
O16 – DPF: {70BA88C8–DAE8–4CE9–92BB–979C4A75F53B} (GSDACtl Class) – http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.exe
to nie jest wina bitdefendera!:)
poprostu skonczyla mi sie licencja:/
i akurat wtedy wlazlem na ........ jakas strone i tak mam;p
a tak przeokazji zrobilem co napisales i wszystko jest wporzatku
thenx :lol:
poprostu skonczyla mi sie licencja:/
i akurat wtedy wlazlem na ........ jakas strone i tak mam;p
a tak przeokazji zrobilem co napisales i wszystko jest wporzatku
thenx :lol:
Najpierw to wypadało w szukajke wpisac "your computer is infected" bo podobne tematy były.
Masz jeszcze kupe innego badziewia.
1. Wyłaczyc przywracanie
2. Wystartować system w trybie awaryjnym
3. Usunąć wpisy:
4. Wytłuszczone pliki/katalogi usuń recznie z dysku.
Na przyszłość masz przyklejony temat, z jego pomocą odsiejesz większość syfiostwa.
BitDefender dał ciała.
PS. Przypominam o funkcji zmień
Masz jeszcze kupe innego badziewia.
1. Wyłaczyc przywracanie
2. Wystartować system w trybie awaryjnym
3. Usunąć wpisy:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3026
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3026
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=3026
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O1 – Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 – Hosts: 82.179.166.164 lender–search.com
O1 – Hosts: 82.179.166.165 hot–searches.com
O2 – BHO: (no name) – {B75F75B8–93F3–429D–FF34–660B206D897A} – C:\WINDOWS\System32\zolker010.dll (file missing)
O4 – HKLM\..\Run: [NTCommLib3] C:\WINDOWS\System32\NTCommLib3.exe
O4 – HKLM\..\Run: [Jacfuk] C:\Program Files\Qqzfyr\Pyiqtf.exe
O4 – HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 – HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 – HKLM\..\RunOnce: [tlc] C:\WINDOWS\update13.js
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\winstall.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: *.asdbiz.biz
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.asdbiz.biz (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe
O21 – SSODL: Gadu–Gadu – {8E7E4D64–CEDD–27E7–E368–F852C9F80E20} – c:\program files\gadu–gadu\edsrbk32.dll (file missing)
O21 – SSODL: System – {A90F7F71–5DB0–4CE5–B59A–30E5273B32A0} – ssmc.dll (file missing)
4. Wytłuszczone pliki/katalogi usuń recznie z dysku.
Na przyszłość masz przyklejony temat, z jego pomocą odsiejesz większość syfiostwa.
BitDefender dał ciała.
PS. Przypominam o funkcji zmień
o tak wyglada ten x 
Strona 1 / 1