Chcesz sprawdzić swój log z Hijackthisa? Wklej go tutaj...

[vito31]

proszę o sprawdzenie loga

Logfile of HijackThis v1.99.1
Scan saved at 01:31:33, on 2006-02-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSinet20010winlogon.exe
C:WINDOWSsystem32CTHELPER.EXE
C:WINDOWSsystem32spooldriversw32x863hpztsb04.exe
Crogram FilesCreativeMouse Opticalmouse_2k.exe
DrogramyPowerDVD6PDVDServ.exe
Crogram FilesJavajre1.5.0_06binjusched.exe
Crogram FilesMKSBinmks_menu.exe
Crogram FilesMKSBinABregmon.exe
Crogram FilesMKSBinNetMonSV.exe
C:WINDOWSsystem32CTsvcCDA.exe
Crogram FilesMKSBinmksmonsv.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32wdfmgr.exe
C:WINDOWSsystem32MsPMSPSv.exe
Crogram FilesMKSBinmks_scan.exe
C:WINDOWSinet20010mm4.exe
Cocuments and SettingsAnia&JarekPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.onet.pl
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.onet.pl
F3 - REG:win.ini: run=C:WINDOWSinet20010winlogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_06binssv.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb04.exe
O4 - HKLM..Run: [CreativeMouse ] Crogram FilesCreativeMouse Opticalmouse_2k.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [RemoteControl] DrogramyPowerDVD6PDVDServ.exe
O4 - HKLM..Run: [SunJavaUpdateSched] Crogram FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [MKS_MENU] Crogram FilesMKSBinmks_menu.exe
O4 - HKLM..Run: [ABREGMON] Crogram FilesMKSBinABregmon.exe
O4 - HKLM..Run: [xp_system] C:WINDOWSinet20010winlogon.exe
O4 - HKCU..Run: [NBJ] "DrogramyNeroNero BackItUpNBJ.exe"
O4 - HKCU..Run: [xp_system] C:WINDOWSinet20010winlogon.exe
O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O20 - Winlogon Notify: avpe32 - C:WINDOWSSYSTEM32avpe32.dll
O20 - Winlogon Notify: dvd4free - C:WINDOWSSYSTEM32dvd4free.dll
O20 - Winlogon Notify: msctl32.dll - C:WINDOWS
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - Crogram FilesMKSBinNetMonSV.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe
O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:WINDOWSsystem32cmdtel.exe (file missing)
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - Crogram FilesMKSbinMkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - Crogram FilesMKSBinmksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - Crogram FilesMKSBinmks_scan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

 

[RedCrow]

Tryb awaryjny (albo użyj KillBox patrz post 3boot'a

) i usuwasz:

C:WINDOWSinet20010winlogon.exe

C:WINDOWSinet20010mm4.exe

najlepiej cały ten folder "inet20010"
znajdz to i usuń:

C:WINDOWSSYSTEM32avpe32.dll

C:WINDOWSSYSTEM32dvd4free.dll

C:WINDOWSmsctl32.dll

To fix:

O4 - HKLM..Run: [xp_system] C:WINDOWSinet20010winlogon.exe

O4 - HKCU..Run: [xp_system] C:WINDOWSinet20010winlogon.exe

O20 - Winlogon Notify: avpe32 - C:WINDOWSSYSTEM32avpe32.dll

O20 - Winlogon Notify: dvd4free - C:WINDOWSSYSTEM32dvd4free.dll

O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:WINDOWSsystem32cmdtel.exe (file missing)

O20 - Winlogon Notify: msctl32.dll - C:WINDOWS

Daj nowy log

 

[vito31]

załatwione

Poszło. Juz po problemie. Wielkie Dzięki Pzdr

 

[vito31]

Jednak nie wszystko ok. Nowy log.

Logfile of HijackThis v1.99.1
Scan saved at 11:17:46, on 2006-02-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesMKSBinNetMonSV.exe
C:WINDOWSsystem32CTsvcCDA.exe
Crogram FilesMKSBinmksmonsv.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32wdfmgr.exe
C:WINDOWSsystem32MsPMSPSv.exe
Crogram FilesMKSBinmks_scan.exe
C:WINDOWSsystem32CTHELPER.EXE
C:WINDOWSsystem32spooldriversw32x863hpztsb04.exe
Crogram FilesCreativeMouse Opticalmouse_2k.exe
DrogramyPowerDVD6PDVDServ.exe
Crogram FilesJavajre1.5.0_06binjusched.exe
Crogram FilesMKSBinmks_menu.exe
Crogram FilesMKSBinABregmon.exe
C:WINDOWSsystem32sms_msn40.exe
C:WINDOWSsystem32sms_msn.exe
C:WINDOWSsystem32ngpw40.exe
Crogram FilesInternet ExplorerIEXPLORE.EXE
Cocuments and SettingsAnia&JarekPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.onet.pl
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.onet.pl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: ngsh35.clsIS - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - C:WINDOWSsystem32ngsh35.dll
O2 - BHO: Local Spool Net support DLL - {41943050-65CC-454B-81E4-9C8A9D7CBAEA} - C:WINDOWSsystem32localsplnet.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:WINDOWSinet200103.01.00.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb04.exe
O4 - HKLM..Run: [CreativeMouse ] Crogram FilesCreativeMouse Opticalmouse_2k.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [RemoteControl] DrogramyPowerDVD6PDVDServ.exe
O4 - HKLM..Run: [SunJavaUpdateSched] Crogram FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [MKS_MENU] Crogram FilesMKSBinmks_menu.exe
O4 - HKLM..Run: [ABREGMON] Crogram FilesMKSBinABregmon.exe
O4 - HKLM..Run: [sms_msn40] C:WINDOWSsystem32sms_msn40.exe
O4 - HKLM..Run: [sms_msn] C:WINDOWSsystem32sms_msn.exe
O4 - HKCU..Run: [NBJ] "DrogramyNeroNero BackItUpNBJ.exe"
O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O20 - Winlogon Notify: avpe32 - C:WINDOWSSYSTEM32avpe32.dll
O20 - Winlogon Notify: dvd4free - C:WINDOWSSYSTEM32dvd4free.dll
O20 - Winlogon Notify: hpprintx - C:WINDOWSSYSTEM32hpprintx.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:WINDOWSsystem32boaooibo.dll (file missing)
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:WINDOWSsystem32aehdgofm.dll
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - Crogram FilesMKSBinNetMonSV.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - Crogram FilesMKSbinMkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - Crogram FilesMKSBinmksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - Crogram FilesMKSBinmks_scan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

 

[RedCrow]

Użyj KillBox'a POBIERZ
Wyłacz przywracanie systemu!
Znajdź i usuń to pogrubione za pomocą tego programiku

C:WINDOWSsystem32sms_msn40.exe
C:WINDOWSsystem32sms_msn.exe
C:WINDOWSsystem32ngpw40.exe

To fixuj w Hijacku

O2 - BHO: ngsh35.clsIS - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - C:WINDOWSsystem32ngsh35.dll

O2 - BHO: Local Spool Net support DLL - {41943050-65CC-454B-81E4-9C8A9D7CBAEA} - C:WINDOWSsystem32localsplnet.dll

O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:WINDOWSinet200103.01.00.dll (file missing)

O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)

O4 - HKLM..Run: [sms_msn40] C:WINDOWSsystem32sms_msn40.exe

O4 - HKLM..Run: [sms_msn] C:WINDOWSsystem32sms_msn.exe

O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:WINDOWSsystem32boaooibo.dll (file missing)

Tu juz jest problem :twisted:

O20 - Winlogon Notify: avpe32 - C:WINDOWSSYSTEM32avpe32.dll

O20 - Winlogon Notify: dvd4free - C:WINDOWSSYSTEM32dvd4free.dll

O20 - Winlogon Notify: hpprintx - C:WINDOWSSYSTEM32hpprintx.dll

O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:WINDOWSsystem32aehdgofm.dll

Spróbuj Kilboxem zniczczyć pliki dll

Wbijasz sie w tryb awaryjny F8 :-D
odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej scieżke:
C:WINDOWSSYSTEM32avpe32.dll
,wciskasz x i zostaniesz zapytany o restart ,nie zgadzasz sie i wklejasz
C:WINDOWSSYSTEM32avpe32.dll
i nastepne:
C:WINDOWSSYSTEM32dvd4free.dll
C:WINDOWSSYSTEM32hpprintx.dll
C:WINDOWSsystem32aehdgofm.dll
jak wkleisz wszystko to program będzie pytał o restart-potwierdzasz
Potem FIX w Hijacku tych 020 i 021
Może pomoże :wink:

 

[vito31]

nowy log

A teraz tak to wygląda. Czysto?

Logfile of HijackThis v1.99.1

Scan saved at 00:16:10, on 2006-02-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32CTHELPER.EXE

C:WINDOWSsystem32spooldriversw32x863hpztsb04.exe

C:Program FilesCreativeMouse Opticalmouse_2k.exe

D:ProgramyPowerDVD6PDVDServ.exe

C:Program FilesJavajre1.5.0_06binjusched.exe

C:Program FilesMKSBinmks_menu.exe

C:Program FilesMKSBinABregmon.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32LSASS.EXE

C:Program FilesMKSBinNetMonSV.exe

C:WINDOWSsystem32CTsvcCDA.exe

C:Program FilesMKSBinmksmonsv.exe

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSsystem32MsPMSPSv.exe

C:Program FilesMKSBinmks_scan.exe

C:Program FilesInternet ExplorerIEXPLORE.EXE

C:Documents and SettingsAnia&JarekPulpitHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.onet.pl/[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = [url]http://www.onet.pl[/url]

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.onet.pl[/url]

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = 

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = [url]http://www.onet.pl[/url]

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM..Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb04.exe

O4 - HKLM..Run: [CreativeMouse ] C:Program FilesCreativeMouse Opticalmouse_2k.exe

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [RemoteControl] D:ProgramyPowerDVD6PDVDServ.exe

O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe

O4 - HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe

O4 - HKLM..Run: [ABREGMON] C:Program FilesMKSBinABregmon.exe

O4 - HKLM..Run: [Microsoft Office] C:WINDOWSsystem32msoff.exe

O4 - HKCU..Run: [NBJ] "D:ProgramyNeroNero BackItUpNBJ.exe"

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - [url]http://www.cult3d.com/download/cult.cab[/url]

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) - 

O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) - 

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - [url]http://www.mks.com.pl/skaner/SkanerOnline.cab[/url]

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - [url]http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab[/url]

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:Program FilesMKSBinNetMonSV.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe

O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:Program FilesMKSbinMkSUpdateInt.exe

O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:Program FilesMKSBinmksmonsv.exe

O23 - Service: MkS_Scan - Unknown owner - C:Program FilesMKSBinmks_scan.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

 

[vito31]

Mam nadzieje że sie uporałem

 

[Kyniu]

u mnie takie cos

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32logonui.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSMixer.exe

G:ProgramyWinampwinampa.exe

G:ProgramyDAEMON Toolsdaemon.exe

C:Program FilesJavajre1.5.0_06binjusched.exe

C:WINDOWSSystem32ctfmon.exe

C:Program FilesMessengermsmsgs.exe

C:WINDOWSSystem32rundll32.exe

G:ProgramyGadu-Gadugg.exe

C:WINDOWSSystem32nvsvc32.exe

C:Program FilesSunbelt SoftwarePersonal Firewall 4kpf4ss.exe

C:Program FilesSunbelt SoftwarePersonal Firewall 4kpf4gui.exe

C:Program FilesSunbelt SoftwarePersonal Firewall 4kpf4gui.exe

C:Program FilesInternet Exploreriexplore.exe

C:Program FilesInternet Exploreriexplore.exe

G:PROGRAMYFLASHGETflashget.exe

C:Documents and SettingsGrzegorzPulpithijackthisHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.onet.pl/[/url]

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - G:PROGRAMYFLASHGETjccatch.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:PROGRAMYFLASHGETfgiebar.dll

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM..Run: [WinampAgent] g:ProgramyWinampwinampa.exe

O4 - HKLM..Run: [DAEMON Tools] "g:ProgramyDAEMON Toolsdaemon.exe" -lang 1033

O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe

O4 - HKLM..Run: [CloneCDElbyCDFL] "g:ProgramyCloneCDElbyCheck.exe" /L ElbyCDFL

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU..Run: [Gadu-Gadu] "G:ProgramyGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [Skype] "g:ProgramySkypePhoneSkype.exe" /nosplash /minimized

O4 - Global Startup: Microsoft Office.lnk = G:ProgramyMicrosoft OfficeOfficeOSA9.EXE

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - G:PROGRAMYFLASHGETjc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - G:PROGRAMYFLASHGETjc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:ProgramYMICROS~1OFFICE11REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:PROGRAMYFLASHGETflashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:PROGRAMYFLASHGETflashget.exe

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - [url]http://67.15.101.3/g_bin/pl/boards_2_0_0_24.cab[/url]

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - [url]http://67.15.101.3/g_bin/pl/navy_2_0_0_19.cab[/url]

O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - [url]http://67.15.101.3/g_bin/pl/makao_2_0_0_16.cab[/url]

O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - [url]http://67.15.101.3/g_bin/pl/marbles_2_0_0_23.cab[/url]

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - [url]http://67.15.101.3/g_bin/pl/darts_2_0_0_31.cab[/url]

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - [url]http://67.15.101.3/g_bin/pl/words_2_0_0_38.cab[/url]

O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - [url]http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_36.cab[/url]

O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - [url]http://67.15.101.3/g_bin/pl/mahjong_2_0_0_20.cab[/url]

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - [url]http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab[/url]

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - [url]http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab[/url]

O17 - HKLMSystemCCSServicesTcpip..{A906B0F3-C64F-46B7-B49F-365A9426F34E}: NameServer = 194.204.159.1

O17 - HKLMSystemCS1ServicesTcpip..{A906B0F3-C64F-46B7-B49F-365A9426F34E}: NameServer = 194.204.159.1

O17 - HKLMSystemCS2ServicesTcpip..{A906B0F3-C64F-46B7-B49F-365A9426F34E}: NameServer = 194.204.159.1

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewall 4kpf4ss.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

 

[3boot]

vito31 log czysty

Natomiast ty Kyniu
Obowiazkowo usuwasz:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

Mozesz takze dla pozadku pozbys sie:

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - [url]http://67.15.101.3/g_bin/pl/boards_2_0_0_24.cab[/url]

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - [url]http://67.15.101.3/g_bin/pl/navy_2_0_0_19.cab[/url]

O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - [url]http://67.15.101.3/g_bin/pl/makao_2_0_0_16.cab[/url]

O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - [url]http://67.15.101.3/g_bin/pl/marbles_2_0_0_23.cab[/url]

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - [url]http://67.15.101.3/g_bin/pl/darts_2_0_0_31.cab[/url]

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - [url]http://67.15.101.3/g_bin/pl/words_2_0_0_38.cab[/url]

O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - [url]http://67.15.101.3/g_bin/pl/wordssingle_2_0_0_36.cab[/url]

O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - [url]http://67.15.101.3/g_bin/pl/mahjong_2_0_0_20.cab[/url] 

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - [url]http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab[/url]

O17 - HKLMSystemCCSServicesTcpip..{A906B0F3-C64F-46B7-B49F-365A9426F34E}: NameServer = 194.204.159.1

O17 - HKLMSystemCS1ServicesTcpip..{A906B0F3-C64F-46B7-B49F-365A9426F34E}: NameServer = 194.204.159.1

O17 - HKLMSystemCS2ServicesTcpip..{A906B0F3-C64F-46B7-B49F-365A9426F34E}: NameServer = 194.204.159.1

 

[lecter]

Logfile of HijackThis v1.99.1
Scan saved at 17:52:53, on 2006-02-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32rundll32.exe
Crogram FilesSpyware Nukerswnxt.exe
Crogram FilesInternet Exploreriexplore.exe
CROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
Cocuments and SettingsAdminPulpithijackthisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchbar.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [SWN2] Crogram FilesSpyware Nukerswnxt.exe /h
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_cracks.cab
O20 - Winlogon Notify: Telephony - C:WINDOWSsystem32e4202efmgh2a2.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

 

[Kaffior]

Logfile of HijackThis v1.99.1

Scan saved at 17:53:06, on 2006-02-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesKerioPersonal Firewall 4kpf4ss.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

C:WINDOWSsystem32nvsvc32.exe

C:Program FilesKerioPersonal Firewall 4kpf4gui.exe

C:WINDOWSSystem32alg.exe

C:WINDOWSExplorer.EXE

C:Program FilesKerioPersonal Firewall 4kpf4gui.exe

C:Program FilesThomsonSpeedTouch USBDragdiag.exe

C:Program FilesJavajre1.5.0_06binjusched.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesKonnektkonnekt.exe

C:Documents and SettingsMateuszPulpitHijackThis.exe



R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [url]http://www.google.pl/[/url]

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = 

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:Program FilesTechSmithSnagIt 7SnagItBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FlashGetfgiebar.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:Program FilesTechSmithSnagIt 7SnagItIEAddin.dll

O4 - HKLM..Run: [KAVPersonal50] "C:Program FilesKaspersky LabKaspersky Anti-Virus Personal Prokav.exe" /minimize

O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon

O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [D0D7A3821] C:WINDOWSsystem32DantonS 4.3.0. alpha.exe

O4 - HKLM..Run: [NT598307] C:WINDOWSsystem32userinit.exe

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:Program FilesFlashGetjc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:Program FilesFlashGetjc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - [url]http://skaner.mks.com.pl/SkanerOnline.cab[/url]

O17 - HKLMSystemCCSServicesTcpip..{55207A97-2F92-445A-B6D6-31DE0504F2A6}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLMSystemCCSServicesTcpip..{F61B599B-5357-4D5E-A9E7-60DC4B86B2DD}: Domain = mshome.net

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)

O23 - Service: Cerberus FTP Server - Unknown owner - C:Program FilesCerberusCerberus.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: kavsvc - Kaspersky Lab - C:Program FilesKaspersky LabKaspersky Anti-Virus Personal Prokavsvc.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:Program FilesKerioPersonal Firewall 4kpf4ss.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe (file missing)

 

[3boot]

Kaffior
Do usuniecia:

O4 - HKLM..Run: [D0D7A3821] C:WINDOWSsystem32DantonS 4.3.0. alpha.exe

O4 - HKLM..Run: [NT598307] C:WINDOWSsystem32userinit.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O17 - HKLMSystemCCSServicesTcpip..{55207A97-2F92-445A-B6D6-31DE0504F2A6}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLMSystemCCSServicesTcpip..{F61B599B-5357-4D5E-A9E7-60DC4B86B2DD}: Domain = mshome.net

lecter
Do usuniecia:

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = [url]http://searchbar.findthewebsiteyouneed.com[/url]

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = [url]http://searchbar.findthewebsiteyouneed.com[/url]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = [url]http://searchbar.findthewebsiteyouneed.com[/url]

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - [url]http://www.ysbweb.com/ist/softwares/v4.0/ysb_cracks.cab[/url]

O20 - Winlogon Notify: Telephony - C:WINDOWSsystem32e4202efmgh2a2.dll

Usuwacie wpisy w HijackThis

 

[pkoper]

To może i na mój lukniecie czy wszystko gra

Logfile of HijackThis v1.99.1
Scan saved at 19:47:36, on 2006-03-09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
DrogramyAvast4aswUpdSv.exe
DrogramyAvast4ashServ.exe
DrogramyfirewallPersonal Firewall 4kpf4ss.exe
Crogram FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesRealVNCVNC4winvnc4.exe
C:WINDOWSSystem32MsPMSPSv.exe
DrogramyfirewallPersonal Firewall 4kpf4gui.exe
DrogramyAvast4ashWebSv.exe
DrogramyAvast4ashMaiSv.exe
C:WINDOWSExplorer.EXE
DrogramyfirewallPersonal Firewall 4kpf4gui.exe
DrogramyAvast4ashDisp.exe
C:WINDOWShtpatch.exe
C:WINDOWSSystem32RunDll32.exe
Crogram FilesJavajre1.5.0_06binjusched.exe
Crogram FilesLexmark 2300 Serieslxcgmon.exe
Crogram FilesLexmark 2300 Seriesezprint.exe
C:WINDOWSSystem32explorer.exe
C:WINDOWSSystem32lxcgcoms.exe
DrogramyTlentlen.exe
DrogramySpybot - Search & DestroyTeaTimer.exe
DrogramySkypePhoneSkype.exe
DROGRAMYINCRED~1binIMAPP.EXE
DrogramyBandwidth MonitorBandwidth Monitor.exe
DROGRAMYINCRED~1binIncMail.exe
Crogram FilesHide IP Platinumhideippla.exe
DrogramyMozilla FireFoxfirefox.exe
DrogramyMacromediaDreamweaver MXDreamweaver.exe
C:usrKrasnal Start.exe
c:usrSMTP Serverlocalsrv.exe
c:usrApacheapache.exe
c:usrmysqlbinwinmysqladmin.exe
c:usrApacheapache.exe
c:usrMYSQLbinmysqld.exe
Cocuments and SettingskoperPulpitanty wiryHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.sygate.com/swat/support/spf50_reg.htm
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 68.87.64.117:553
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [avast!] DrogramyAvast4ashDisp.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [HTpatch] C:WINDOWShtpatch.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "Crogram FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [FineReader7NewsReaderPro] "DrogramyABBYY FineReader 7.0 Professional EditionAbbyyNewsReader.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] Crogram FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [LXCGCATS] rundll32 C:WINDOWSSystem32spoolDRIVERSW32X863LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM..Run: [lxcgmon.exe] "Crogram FilesLexmark 2300 Serieslxcgmon.exe"
O4 - HKLM..Run: [EzPrint] "Crogram FilesLexmark 2300 Seriesezprint.exe"
O4 - HKLM..Run: [FaxCenterServer] "Crogram FilesLexmark Fax Solutionsfm3032.exe" /s
O4 - HKLM..Run: [RealJukeboxSystray] Crogram FilesRealRealJukeboxtsystray.exe
O4 - HKLM..Run: [Windows Explorer] C:WINDOWSSystem32explorer.exe
O4 - HKCU..Run: [IncrediMail] DROGRAMYINCRED~1binIncMail.exe /c
O4 - HKCU..Run: [Komunikator] DrogramyTlentlen.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] DrogramySpybot - Search & DestroyTeaTimer.exe
O4 - HKCU..Run: [supelek bogiego] drogramysupelek bogiegosupb.exe -spr
O4 - HKCU..Run: [Skype] "DrogramySkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [Gadu-Gadu] "Crogram FilesGadu-Gadugg.exe" /tray
O4 - Startup: Desktop Calendar StartUp.lnk = DrogramykalendarzDESKCAL.EXE
O4 - Startup: Bandwidth Monitor.lnk = DrogramyBandwidth MonitorBandwidth Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = Crogram FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = DrogramyMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - DROGRAMYINCRED~1binresourcesWebMenuImg.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://DrogramyMICROS~1Office10EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O16 - DPF: {2DF91772-19DC-47AE-B52F-B8E2FE545625} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {A6916797-7ABD-4F07-93AE-098B6F543129} -
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O17 - HKLMSystemCCSServicesTcpip..{1B19DA47-D7C9-4AE3-82CA-9272DE3C3FD8}: NameServer = 194.24.244.3,194.24.244.4
O17 - HKLMSystemCCSServicesTcpip..{9292306C-8192-4BD0-AA2E-D2863EDD36E2}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - DrogramyAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - DrogramyAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - DrogramyAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - DrogramyAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - DrogramyfirewallPersonal Firewall 4kpf4ss.exe
O23 - Service: lxcg_device - Unknown owner - C:WINDOWSSystem32lxcgcoms.exe
O23 - Service: MySql - Unknown owner - c:usr/MYSQL/bin/mysqld.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - Crogram FilesRealVNCVNC4winvnc4.exe" -service (file missing)

Wiem wiem, ale dłuższego juz nie miałem. =] Z góry dzięki

Pozdrawiam

 

[patology]

Usuwasz:

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: (no name) - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)

O4 - HKLM..Run: [Windows Explorer] C:WINDOWSSystem32explorer.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O16 - DPF: {2DF91772-19DC-47AE-B52F-B8E2FE545625} -

O16 - DPF: {A6916797-7ABD-4F07-93AE-098B6F543129} -

O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} -

O17 - HKLMSystemCCSServicesTcpip..{1B19DA47-D7C9-4AE3-82CA-9272DE3C3FD8}: NameServer = 194.24.244.3,194.24.244.4

O17 - HKLMSystemCCSServicesTcpip..{9292306C-8192-4BD0-AA2E-D2863EDD36E2}: NameServer = 194.204.152.34 217.98.63.164[/b]

A co to np

C:usrKrasnal Start.exe[/b]

to juz sam musisz wiedziec

 

[pkoper]

A co to np
<div class='quotetop'>CYTAT

C:usrKrasnal Start.exe[/b]

to juz sam musisz wiedziec

[/b][/quote]

Tak to wiem co to jest.

Dzieki za pomoc.

Jeszcze pytanko. Dlaczego mam usuwać:

O4 - HKLM..Run: [Windows Explorer] C:WINDOWSSystem32explorer.exe[/b]

?? To chyba cały windows na explorerze sie trzyma.

 

[patology]

Bo to nie jest poprawny wpis explorer.exe tylko hmm jakby ci to wytlumaczyc, falszywka podszywajaca sie pod niego (C:/Windows)

 

[Speedie88]

Sprwadzcie moje logi bo cos u mnie chyba nie gra:

Logfile of HijackThis v1.99.1
Scan saved at 18:38:03, on 06-03-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesCommon FilesSymantec SharedccSetMgr.exe
Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesCommon FilesEPSONEBAPISAgent2.exe
Crogram FilesKerioPersonal Firewall 4kpf4ss.exe
Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
Crogram FilesNorton AntiVirusnavapsvc.exe
Crogram FilesNorton AntiVirusSAVScan.exe
Crogram FilesKerioPersonal Firewall 4kpf4gui.exe
Crogram FilesAnalog DevicesSoundMAXSMAgent.exe
Crogram FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
Crogram FilesKerioPersonal Firewall 4kpf4gui.exe
Crogram FilesCyberLinkPowerDVDPDVDServ.exe
Crogram FilesMultiResMultiRes.exe
Crogram FilesCommon FilesSymantec SharedccApp.exe
Crogram FilesPWNDefinicjeBinStarter.exe
C:WINDOWSsystem32P2P NetworkingP2P Networking.exe
Crogram FilesCommon FilesRealUpdate_OBrealsched.exe
Crogram FilesiTunesiTunesHelper.exe
Crogram FilesQuickTimeqttask.exe
C:WINDOWSsystem32rundll32.exe
Crogram FilesiPodbiniPodService.exe
Crogram FilesAnalog DevicesSoundMAXSMTray.exe
Crogram FilesWinampwinampa.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesMessengermsmsgs.exe
Crogram FilesGadu-Gadugg.exe
crogra~1intern~1iexplore.exe
Crogram FilesD-Link AirPlusAirPlus.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_S10IC2.EXE
Crogram FilesMozilla Firefoxfirefox.exe
Crogram FilesHbToolsBin4.7.0.0HbtSrv.exe
Cocuments and SettingsArtiPulpitPDHhijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - Crogram FilesiMeshiMesh5iMeshBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - Crogram FilesNewDotNetnewdotnet7_22.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - Crogram FilesiMeshBarbar1.binIMESHBAR.DLL
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - Crogram FilesHbToolsBin4.7.0.0HbtHostIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_06binssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - Crogram FilesNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {D1164253-B1AC-4998-5660-767C817D0F71} - COCUME~1ArtiDANEAP~1STUPID~1Tray Real.exe
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - CROGRA~1FlashFXPIEFlash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Crogram FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - Crogram FilesHbToolsBin4.7.0.0HbtHostIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - Crogram FilesiMeshBarbar1.binIMESHBAR.DLL
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [RemoteControl] "Crogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [MultiRes] Crogram FilesMultiResMultiRes.exe
O4 - HKLM..Run: [ccApp] "Crogram FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [Symantec NetDriver Monitor] CROGRA~1SYMNET~1SNDMon.exe /Consumer
O4 - HKLM..Run: [DemonStarter] Crogram FilesPWNDefinicjeBinStarter.exe
O4 - HKLM..Run: [P2P Networking] C:WINDOWSsystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 - HKLM..Run: [mormpifc] C:WINDOWSsystem32pjrxutkn.exe
O4 - HKLM..Run: [TkBellExe] "Crogram FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [iTunesHelper] "Crogram FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [QuickTime Task] "Crogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [New.net Startup] rundll32 CROGRA~1NEWDOT~1NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM..Run: [Smapp] Crogram FilesAnalog DevicesSoundMAXSMTray.exe
O4 - HKLM..Run: [WinampAgent] Crogram FilesWinampwinampa.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Wipe ace] COCUME~1ArtiDANEAP~1IDLETH~1internet seek.exe
O4 - HKCU..Run: [Gadu-Gadu] "Crogram FilesGadu-Gadugg.exe" /tray
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:WINDOWSsystem32spooldriversw32x863E_SRCV02.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - Crogram FilesAdvanced JPEG Compressorajcieex.htm
O8 - Extra context menu item: Pobierz z &BitSpirit - Crogram FilesBitSpiritbsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA...bridge-c282.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O17 - HKLMSystemCCSServicesTcpip..{1CDC9033-1E20-4670-B859-8923C6DBABFE}: NameServer = 192.168.1.1
O17 - HKLMSystemCCSServicesTcpip..{8A080ED1-7EFB-4180-A627-206FBD6F7E26}: NameServer = 192.168.2.1
O17 - HKLMSystemCCSServicesTcpip..{CF0B056C-2592-431E-944B-95BB5E6156B0}: NameServer = 192.168.2.1,0.0.0.0
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - Crogram FilesCommon FilesEPSONEBAPISAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - Crogram FilesiPodbiniPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - Crogram FilesKerioPersonal Firewall 4kpf4ss.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - Crogram FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - Crogram FilesNorton AntiVirusnavapsvc.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:WINDOWSPSSDNSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - Crogram FilesNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - CROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - Crogram FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe

 

[RedCrow]

No pięknie spyware napchane po korek :hahaha:

Zaopatrz się w to: Spybot-Search&Destroy


Zaktualizuj i pełen skan!!!

Po akcji wklej nowy log!

Chyba że chcesz sie "pobawić" sam to:

C:WINDOWSsystem32P2P NetworkingP2P Networking.exe[/b]

Odinstaluj to

Crogram FilesHbToolsBin4.7.0.0HbtSrv.exe[/b]

Odinstaluj to

Fixuj to:

R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - Crogram FilesiMeshiMesh5iMeshBHO.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - Crogram FilesNewDotNetnewdotnet7_22.dll Odinstaluj NewDotNet
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - Crogram FilesiMeshBarbar1.binIMESHBAR.DLLOdinstaluj iMeshBar
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - Crogram FilesHbToolsBin4.7.0.0HbtHostIE.dllSkasuj HbTools z dysku
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - Crogram FilesHbToolsBin4.7.0.0HbtHostIE.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - Crogram FilesiMeshBarbar1.binIMESHBAR.DLL
O4 - HKLM..Run: [New.net Startup] rundll32 CROGRA~1NEWDOT~1NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU..Run: [Wipe ace] COCUME~1ArtiDANEAP~1IDLETH~1internet seek.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates...bridge-c282.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist...006_regular.cab[/b]

Co do tego to niewiem co to jest:

O4 - HKLM..Run: [mormpifc] C:WINDOWSsystem32pjrxutkn.exe[/b]

To chyba wszystko ;]

 

[patology]

O10 - Hijacked Internet access by New.Net[/b]

Te wpisy usuniesz tylko w awaryjnym programem lspfix.
Najlepiej przeskanuj jeszcze skanerem McAfee - on powinien usunac wiekszosc blednym wpisow. Ponadto masz NewDotNet (awaryjny - dodaj usuń programy). Potem log do kontroli.

 

[Speedie88]

To looknijcie teraz:

Logfile of HijackThis v1.99.1
Scan saved at 13:32:38, on 06-03-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesCommon FilesSymantec SharedccSetMgr.exe
Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesCommon FilesEPSONEBAPISAgent2.exe
Crogram FilesKerioPersonal Firewall 4kpf4ss.exe
Crogram FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
Crogram FilesNorton AntiVirusnavapsvc.exe
Crogram FilesKerioPersonal Firewall 4kpf4gui.exe
Crogram FilesNorton AntiVirusSAVScan.exe
Crogram FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
Crogram FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
Crogram FilesKerioPersonal Firewall 4kpf4gui.exe
Crogram FilesCyberLinkPowerDVDPDVDServ.exe
Crogram FilesMultiResMultiRes.exe
Crogram FilesCommon FilesSymantec SharedccApp.exe
Crogram FilesPWNDefinicjeBinStarter.exe
Crogram FilesCommon FilesRealUpdate_OBrealsched.exe
Crogram FilesiTunesiTunesHelper.exe
Crogram FilesQuickTimeqttask.exe
Crogram FilesAnalog DevicesSoundMAXSMTray.exe
Crogram FilesWinampwinampa.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesMessengermsmsgs.exe
Crogram FilesGadu-Gadugg.exe
Crogram FilesiPodbiniPodService.exe
Crogram FilesD-Link AirPlusAirPlus.exe
C:WINDOWSSystem32spoolDRIVERSW32X863E_S10IC2.EXE
Crogram FilesMozilla Firefoxfirefox.exe
Cocuments and SettingsArtiPulpitPDHhijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - Crogram FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_06binssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - Crogram FilesNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {D1164253-B1AC-4998-5660-767C817D0F71} - COCUME~1ArtiDANEAP~1STUPID~1Tray Real.exe
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - CROGRA~1FlashFXPIEFlash.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Crogram FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Crogram FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [RemoteControl] "Crogram FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [MultiRes] Crogram FilesMultiResMultiRes.exe
O4 - HKLM..Run: [ccApp] "Crogram FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [Symantec NetDriver Monitor] CROGRA~1SYMNET~1SNDMon.exe /Consumer
O4 - HKLM..Run: [DemonStarter] Crogram FilesPWNDefinicjeBinStarter.exe
O4 - HKLM..Run: [P2P Networking] C:WINDOWSsystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 - HKLM..Run: [TkBellExe] "Crogram FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [iTunesHelper] "Crogram FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [QuickTime Task] "Crogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Smapp] Crogram FilesAnalog DevicesSoundMAXSMTray.exe
O4 - HKLM..Run: [WinampAgent] Crogram FilesWinampwinampa.exe
O4 - HKLM..RunOnce: [iMeshBar Uninstall] rundll32 CROGRA~1UNINST~1.DLL,O -2
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Gadu-Gadu] "Crogram FilesGadu-Gadugg.exe" /tray
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:WINDOWSsystem32spooldriversw32x863E_SRCV02.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - Crogram FilesAdvanced JPEG Compressorajcieex.htm
O8 - Extra context menu item: Pobierz z &BitSpirit - Crogram FilesBitSpiritbsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O17 - HKLMSystemCCSServicesTcpip..{1CDC9033-1E20-4670-B859-8923C6DBABFE}: NameServer = 192.168.1.1
O17 - HKLMSystemCCSServicesTcpip..{8A080ED1-7EFB-4180-A627-206FBD6F7E26}: NameServer = 192.168.2.1
O17 - HKLMSystemCCSServicesTcpip..{CF0B056C-2592-431E-944B-95BB5E6156B0}: NameServer = 192.168.2.1,0.0.0.0
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - Crogram FilesCommon FilesEPSONEBAPISAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - Crogram FilesiPodbiniPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - Crogram FilesKerioPersonal Firewall 4kpf4ss.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - Crogram FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - Crogram FilesNorton AntiVirusnavapsvc.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:WINDOWSPSSDNSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - Crogram FilesNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - CROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - Crogram FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - Crogram FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe