YOUR SYSTEM IS INFECTED
Witam
Taki komunikat pojawia mi sie na pulpicie. A wszystko za sprawa choerstwa spysheriff, który mi sie niestety samoczynnie zainstalowal. Chyba udalo mi sie to usunac, ale system i tak jest zainfekowany. Skanowanie Panda online wykrylo jeszce kilka wirusów i programów szpiegowskich. Najgorsze w tym wszystkim jest to, ze wszystkie moje programy nie dzialaja. W zasadzie nic nie moge uruchomic, zmienic ustawien Windowsa itp. No i co ja mam poczac?
Czy musze przeinstalowac system?
Pomocy!
Taki komunikat pojawia mi sie na pulpicie. A wszystko za sprawa choerstwa spysheriff, który mi sie niestety samoczynnie zainstalowal. Chyba udalo mi sie to usunac, ale system i tak jest zainfekowany. Skanowanie Panda online wykrylo jeszce kilka wirusów i programów szpiegowskich. Najgorsze w tym wszystkim jest to, ze wszystkie moje programy nie dzialaja. W zasadzie nic nie moge uruchomic, zmienic ustawien Windowsa itp. No i co ja mam poczac?
Czy musze przeinstalowac system?
Pomocy!
Odpowiedzi: 20
Log chyba czysty. :)
ja mialem ten sam problem. jednak wywalilem ten syf przez przywracanie systemu :)
czy to pomaga?
oto muj log, wszystkie unkown itp. sa mi znane:
Logfile of HijackThis v1.99.1
Scan saved at 11:59:05, on 2005–12–31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\autoclk.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
E:\WINDOWS\PowerS.exe
E:\Program Files\ChrisTV\ChrisTV_Agent.exe
E:\Program Files\D–Tools\daemon.exe
E:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\AutoConnect\AutoConnect.exe
E:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
E:\Program Files\Prolink\PlayTV\TVSCHL.EXE
E:\Program Files\honestech\honestech TVR\scheduleTV.exe
E:\Program Files\Prolink\PlayTV\TVSCHL.EXE
E:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\Program Files\Opera\Opera.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\Kuba\USTAWI~1\Temp\Rar$EX00.953\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: Yahoo! IE Services Button – {5BAB4B5B–68BC–4B02–94D6–2FC0DE4A7897} – E:\Program Files\Yahoo!\Common\yiesrvc.dll
O4 – HKLM\..\Run: [autoclk] autoclk.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 – HKLM\..\Run: [PowerS] E:\WINDOWS\PowerS.exe
O4 – HKLM\..\Run: [ChrisTV Agent] "E:\Program Files\ChrisTV\ChrisTV_Agent.exe"
O4 – HKLM\..\Run: [DAEMON Tools–1033] "E:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [WheelMouse] E:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [AutoConnect] E:\Program Files\AutoConnect\AutoConnect.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "E:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Yahoo! Pager] E:\Program Files\Yahoo!\Messenger\ypager.exe –quiet
O4 – Global Startup: DSLMON.lnk = E:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: Remote Control.lnk = E:\Program Files\Prolink\PlayTV\TVRMVCR.EXE
O4 – Global Startup: Scheduler.lnk = E:\Program Files\Prolink\PlayTV\TVSCHL.EXE
O4 – Global Startup: ScheduleTV.lnk = E:\Program Files\honestech\honestech TVR\scheduleTV.exe
O4 – Global Startup: TV Scheduler.lnk = E:\Program Files\Prolink\PlayTV\TVSCHL.EXE
O4 – Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = E:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 – Extra context menu item: &Yahoo! Search – file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 – Extra context menu item: Yahoo! &Dictionary – file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 – Extra context menu item: Yahoo! &Maps – file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 – Extra context menu item: Yahoo! &SMS – file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 – Extra button: Yahoo! Services – {5BAB4B5B–68BC–4B02–94D6–2FC0DE4A7897} – E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – E:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – E:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {30528230–99f7–4bb4–88d8–fa1d4f56a2ab} (YInstStarter Class) – E:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{CB63E615–7633–4EA0–9F08–96D8163C0732}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – E:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – E:\WINDOWS\system32\nvsvc32.exe
pragne zaznaczyc ze nie mam zadnego antivira a kompa nie formatowalem juz z pol roku :)
czy to pomaga?
oto muj log, wszystkie unkown itp. sa mi znane:
Logfile of HijackThis v1.99.1
Scan saved at 11:59:05, on 2005–12–31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\autoclk.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
E:\WINDOWS\PowerS.exe
E:\Program Files\ChrisTV\ChrisTV_Agent.exe
E:\Program Files\D–Tools\daemon.exe
E:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\AutoConnect\AutoConnect.exe
E:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
E:\Program Files\Prolink\PlayTV\TVSCHL.EXE
E:\Program Files\honestech\honestech TVR\scheduleTV.exe
E:\Program Files\Prolink\PlayTV\TVSCHL.EXE
E:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\Program Files\Opera\Opera.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\Kuba\USTAWI~1\Temp\Rar$EX00.953\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: Yahoo! IE Services Button – {5BAB4B5B–68BC–4B02–94D6–2FC0DE4A7897} – E:\Program Files\Yahoo!\Common\yiesrvc.dll
O4 – HKLM\..\Run: [autoclk] autoclk.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 – HKLM\..\Run: [PowerS] E:\WINDOWS\PowerS.exe
O4 – HKLM\..\Run: [ChrisTV Agent] "E:\Program Files\ChrisTV\ChrisTV_Agent.exe"
O4 – HKLM\..\Run: [DAEMON Tools–1033] "E:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [WheelMouse] E:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [AutoConnect] E:\Program Files\AutoConnect\AutoConnect.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "E:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Yahoo! Pager] E:\Program Files\Yahoo!\Messenger\ypager.exe –quiet
O4 – Global Startup: DSLMON.lnk = E:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: Remote Control.lnk = E:\Program Files\Prolink\PlayTV\TVRMVCR.EXE
O4 – Global Startup: Scheduler.lnk = E:\Program Files\Prolink\PlayTV\TVSCHL.EXE
O4 – Global Startup: ScheduleTV.lnk = E:\Program Files\honestech\honestech TVR\scheduleTV.exe
O4 – Global Startup: TV Scheduler.lnk = E:\Program Files\Prolink\PlayTV\TVSCHL.EXE
O4 – Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = E:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 – Extra context menu item: &Yahoo! Search – file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 – Extra context menu item: Yahoo! &Dictionary – file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 – Extra context menu item: Yahoo! &Maps – file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 – Extra context menu item: Yahoo! &SMS – file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 – Extra button: Yahoo! Services – {5BAB4B5B–68BC–4B02–94D6–2FC0DE4A7897} – E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – E:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – E:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {30528230–99f7–4bb4–88d8–fa1d4f56a2ab} (YInstStarter Class) – E:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{CB63E615–7633–4EA0–9F08–96D8163C0732}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – E:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – E:\WINDOWS\system32\nvsvc32.exe
pragne zaznaczyc ze nie mam zadnego antivira a kompa nie formatowalem juz z pol roku :)
Witam ponownie!!! sytuacja opanowana dzieku waszej pomocy no i mojej wspaniales siostry!!! hehe dzieki
Obydwaj –> http://forum.centrumxp.pl/viewtopic.php?t=37513
Wpisy O20 z Winlogon Notify jesli beda wracaly –> http://forum.centrumxp.pl/viewtopic.php?t=33140 nr 8.
Rozejrzyjcie sie kurna po wczesniejszych postach w tym temacie. Przeciez mozna porownac swoje logi z podawanymi rozwiazaniami i na tej podstawie usuwac niepotrzebne rzeczy.
Wpisy O20 z Winlogon Notify jesli beda wracaly –> http://forum.centrumxp.pl/viewtopic.php?t=33140 nr 8.
Rozejrzyjcie sie kurna po wczesniejszych postach w tym temacie. Przeciez mozna porownac swoje logi z podawanymi rozwiazaniami i na tej podstawie usuwac niepotrzebne rzeczy.
Witam,ja rowniez mam problem z tym samym,myslalem,ze ja jestem tylko taki genialny i to bedzie pierwszy przypadek na forum a tu widze cala masa :lol: u mnie objawy sa podobne sformatowalem dysk ale to za bardzo nic nie dalo bo znowu zalapalem tego wirusa,moj log wyglada nastepujaco:
czy mozecie mi powiedziec co usunac,co dopisac i gdzie wkleic ewentualnie???
Z gory dzieki.
Logfile of HijackThis v1.99.1
Scan saved at 23:18:59, on 2005–12–28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\rush\Pulpit\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 – HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O20 – Winlogon Notify: App Paths – C:\WINDOWS\system32\h20q0cd5ef0.dll
O20 – Winlogon Notify: msupdate – C:\WINDOWS\SYSTEM32\msupdate32.dll
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
czy mozecie mi powiedziec co usunac,co dopisac i gdzie wkleic ewentualnie???
Z gory dzieki.
Teź mam problem zrobiłem juź osobny temat ale prosze o pomoc hijackthis pisze
Logfile of HijackThis v1.99.1
Scan saved at 22:47:40, on 2005–12–28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Anti–Blaxx\Anti–Blaxx.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\tomek\USTAWI~1\Temp\Rar$EX00.922\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 – HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 – HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 – HKLM\..\Run: [Anti–Blaxx Manager] C:\Program Files\Anti–Blaxx\Anti–Blaxx.exe
O4 – HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 – HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O20 – Winlogon Notify: msupdate – C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 – Winlogon Notify: Telephony – C:\WINDOWS\system32\o6rolg9316.dll (file missing)
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\system32\CTsvcCDA.EXE
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
Logfile of HijackThis v1.99.1
Scan saved at 22:47:40, on 2005–12–28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Anti–Blaxx\Anti–Blaxx.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\MKS\Bin\ABregmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\tomek\USTAWI~1\Temp\Rar$EX00.922\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 – HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 – HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 – HKLM\..\Run: [Anti–Blaxx Manager] C:\Program Files\Anti–Blaxx\Anti–Blaxx.exe
O4 – HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 – HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O20 – Winlogon Notify: msupdate – C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 – Winlogon Notify: Telephony – C:\WINDOWS\system32\o6rolg9316.dll (file missing)
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\system32\CTsvcCDA.EXE
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
Alicja, wyłącz przywracanie i zakończ procesy:
VCClient.exe
VCMain.exe
To co wyboldowane znika z dysku, wpisy zaznaczasz i fix:
Dodakowo w Hijacku usuń wpis z ALCMTR.EXE, to taki jakby spyware od Realteka.
Jeśli nie Ty osobiście instalowałaś Spyware Doctora to równieź go usuń.
izucha, wpiskasz F8 pod starcie komputera a przed łądowaniem się systemu i z listy wybierasz ten tryb.
Inna moźliwość to zaznaczenie w msconfig w zakładce boot.ini opcję /SAFEBOOT
VCClient.exe
VCMain.exe
To co wyboldowane znika z dysku, wpisy zaznaczasz i fix:
O4 – HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 – HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O20 – Winlogon Notify: Reliability – C:\WINDOWS\system32\dpvx.dll (file missing)
O20 – Winlogon Notify: RunOnce – C:\WINDOWS\system32\pnofmap.dll (file missing)
O20 – Winlogon Notify: ssldr – C:\WINDOWS\SYSTEM32\ssldr32.dll
Dodakowo w Hijacku usuń wpis z ALCMTR.EXE, to taki jakby spyware od Realteka.
Jeśli nie Ty osobiście instalowałaś Spyware Doctora to równieź go usuń.
izucha, wpiskasz F8 pod starcie komputera a przed łądowaniem się systemu i z listy wybierasz ten tryb.
Inna moźliwość to zaznaczenie w msconfig w zakładce boot.ini opcję /SAFEBOOT
tak juz wiem tylko jak mozesz powiedz mi jak przejsc do trybu awaryjnego.. hihi
hmmm ale mam glupie pytanie:jak sie wylacza przywracanie systemu?????? :oops:
mam podobny problem z upierdliwą tapetą i proszę o pomoc
Logfile of HijackThis v1.99.1
Scan saved at 19:50:04, on 2005–12–28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\User\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: PCTools Site Guard – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O2 – BHO: PCTools Browser Monitor – {B56A7D7D–6927–48C8–A975–17DF180C71AC} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 – HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 – HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: RAID Manager.lnk = ?
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/d002/mailcfg.ocx
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109093520278
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O20 – Winlogon Notify: Reliability – C:\WINDOWS\system32\dpvx.dll (file missing)
O20 – Winlogon Notify: RunOnce – C:\WINDOWS\system32\pnofmap.dll (file missing)
O20 – Winlogon Notify: ssldr – C:\WINDOWS\SYSTEM32\ssldr32.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: PC Tools Spyware Doctor (SDhelper) – PC Tools – C:\Program Files\Spyware Doctor\sdhelp.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
proszę napiszcie co tu jest nie tak... co trzeba zmienić bo nie bardzo się w tym orientuję a trafia mnie juz coraz bardziej. Z góry dziękuję za pomoc.
gg 1809538
Logfile of HijackThis v1.99.1
Scan saved at 19:50:04, on 2005–12–28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\User\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: PCTools Site Guard – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O2 – BHO: PCTools Browser Monitor – {B56A7D7D–6927–48C8–A975–17DF180C71AC} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 – HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 – HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: RAID Manager.lnk = ?
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/d002/mailcfg.ocx
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109093520278
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O20 – Winlogon Notify: Reliability – C:\WINDOWS\system32\dpvx.dll (file missing)
O20 – Winlogon Notify: RunOnce – C:\WINDOWS\system32\pnofmap.dll (file missing)
O20 – Winlogon Notify: ssldr – C:\WINDOWS\SYSTEM32\ssldr32.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: PC Tools Spyware Doctor (SDhelper) – PC Tools – C:\Program Files\Spyware Doctor\sdhelp.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
proszę napiszcie co tu jest nie tak... co trzeba zmienić bo nie bardzo się w tym orientuję a trafia mnie juz coraz bardziej. Z góry dziękuję za pomoc.
gg 1809538
Wyłącz przywracanie systemu i pozbądź się w trybie awaryjnym:
Co do tapety to szukaj na forum pod hasłem Wallpaper podając ew. mnie jako autora.
Usuniesz podaną wartość i będziesz miał mozliwość zmiany tapetki.
R3 – URLSearchHook: (no name) – {7194A5B7–4871–548A–76C6–11834BA99996} – (no file)
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O4 – HKLM\..\Run: [FirewallSvr] C:\WINDOWS\FirewallSvr.exe
O4 – HKCU\..\Run: [Oot] C:\WINDOWS\System32\w?auboot.exe
O4 – HKCU\..\Run: [Rrsc] "C:\Program Files\taer\cmht.exe" –vt mt
Co do tapety to szukaj na forum pod hasłem Wallpaper podając ew. mnie jako autora.
Usuniesz podaną wartość i będziesz miał mozliwość zmiany tapetki.
hej, zrobiłam wszytsko wg podanych instrukcji i mam taki log:
Logfile of HijackThis v1.99.1
Scan saved at 14:33:32, on 2005–12–28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\WINDOWS\System32\w?auboot.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\taer\cmht.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Izunia\USTAWI~1\Temp\Rar$EX00.828\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {7194A5B7–4871–548A–76C6–11834BA99996} – (no file)
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [autoclk] autoclk.exe
O4 – HKLM\..\Run: [FirewallSvr] C:\WINDOWS\FirewallSvr.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 – HKCU\..\Run: [Oot] C:\WINDOWS\System32\w?auboot.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Rrsc] "C:\Program Files\taer\cmht.exe" –vt mt
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O17 – HKLM\System\CCS\Services\Tcpip\..\{8D5A40F4–AF0D–45F5–B8A2–D36BE88ABC13}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
usunęłam juź wczesniej część wariatów i balonik z prawej strony mi zniknął. Ale... teraz mam piekna tapetę! :lol:
czy mam cos jeszcze usunąć i jak pozbyć sie tej cholernej tapety?
jestem bardzo początkującym "komputerowcem", więc jesli moźecie, to piszcie jak dziecku :oops:
Logfile of HijackThis v1.99.1
Scan saved at 14:33:32, on 2005–12–28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\WINDOWS\System32\w?auboot.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\taer\cmht.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Izunia\USTAWI~1\Temp\Rar$EX00.828\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {7194A5B7–4871–548A–76C6–11834BA99996} – (no file)
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [autoclk] autoclk.exe
O4 – HKLM\..\Run: [FirewallSvr] C:\WINDOWS\FirewallSvr.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 – HKCU\..\Run: [Oot] C:\WINDOWS\System32\w?auboot.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Rrsc] "C:\Program Files\taer\cmht.exe" –vt mt
O4 – HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O17 – HKLM\System\CCS\Services\Tcpip\..\{8D5A40F4–AF0D–45F5–B8A2–D36BE88ABC13}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
usunęłam juź wczesniej część wariatów i balonik z prawej strony mi zniknął. Ale... teraz mam piekna tapetę! :lol:
czy mam cos jeszcze usunąć i jak pozbyć sie tej cholernej tapety?
jestem bardzo początkującym "komputerowcem", więc jesli moźecie, to piszcie jak dziecku :oops:
Sorrki źle się wyraziłem – nie plików systemowych tylko tych które się nie chciały wykasowac normalnie z katalogu system32. Wybacz proszę komputerowemu ignorantowi źe czasem coś palnie bez zastanowienia. Chyba ta dłubanina w rejestrze mnie tak ogłupiła. Najlepsze jest to źe robiłem coś o czym prawie źadnego pojecia nie mam. Podziwiam ludzi co się w tych rejestrowych sprawach nie gubią.
Pozdrawiam
Pozdrawiam
Jakich plikow systemowych ?antek_sbesk:
miałem problem z wykasowaniem plików systemowych
Dzięki za pomoc. Poszukałem i zwalczyłem drania choć miałem problem z wykasowaniem plików systemowych ale jak człowiek poszuka to znajdzie rozwiązanie i w tym wypadku pomógł KillBox. okienak przestały wyskakiwać.. na razie;–) nie wiadomo co czai się jeszcze na moim dysku. Pozdrawiam
http://forum.centrumxp.pl/viewtopic.php?t=33140 i nr 8.
Witam mam problem z wyskakującymi okienkami oto mój log. Dzięki za pomoc
Logfile of HijackThis v1.99.1
Scan saved at 21:22:10, on 2005–12–25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad–Aware SE Professional\Ad–Watch.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\GADU–G~1\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kuba\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Solid Converter PDF – {259F616C–A300–44F5–B04A–ED001A26C85C} – C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad–Aware SE Professional\Ad–Watch.exe"
O4 – HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRA~1\GADU–G~1\gg.exe" /tray
O4 – HKCU\..\Run: [wiadomek] C:\Program Files\Wiadomek\wiadomek.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Save Flash by &GetFlash – C:\PROGRA~1\GetFlash\getflash.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\PROGRA~1\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\PROGRA~1\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O15 – Trusted Zone: http://arcaonline.arcabit.com
O15 – Trusted Zone: http://skaner.mks.com.pl
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {3D8700FB–86A4–4CB4–B738–6F0FC016AC7D} (MainControl Class) – http://arcaonline.arcabit.com/ArcaOnline.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O20 – Winlogon Notify: Nls – C:\WINDOWS\system32\g022lafo1d2c.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 21:22:10, on 2005–12–25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lavasoft\Ad–Aware SE Professional\Ad–Watch.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\GADU–G~1\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kuba\Pulpit\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Solid Converter PDF – {259F616C–A300–44F5–B04A–ED001A26C85C} – C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad–Aware SE Professional\Ad–Watch.exe"
O4 – HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRA~1\GADU–G~1\gg.exe" /tray
O4 – HKCU\..\Run: [wiadomek] C:\Program Files\Wiadomek\wiadomek.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Save Flash by &GetFlash – C:\PROGRA~1\GetFlash\getflash.htm
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:\PROGRA~1\FlashGet\jc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:\PROGRA~1\FlashGet\jc_all.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O15 – Trusted Zone: http://arcaonline.arcabit.com
O15 – Trusted Zone: http://skaner.mks.com.pl
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {3D8700FB–86A4–4CB4–B738–6F0FC016AC7D} (MainControl Class) – http://arcaonline.arcabit.com/ArcaOnline.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O20 – Winlogon Notify: Nls – C:\WINDOWS\system32\g022lafo1d2c.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
WIELKI DZIEKI Bobi & El Nino. Jestescie WIELCY!
New.Net odinstaluj w Dodaj/Usuń, wpisy z Acconą zaznacz i teź usuń, plik vxh8jkdq2.exe usuń z pomocą Killboxa po rozruchu, ew. w trybie awaryjnym.