Elektroda.pl
Elektroda.pl
X
Elektroda.pl
Computer Controls
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Spowolnienie komputera-wirusy, ad-aware itp.?(?)

Syntony 21 Kwi 2005 11:44 212866 892
  • Computer Controls
  • #122 26 Kwi 2005 15:29
    flaber007
    Poziom 13  

    Logfile of HijackThis v1.99.1
    Scan saved at 15:09:30, on 2005-04-26
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\DOCUME~1\Tomek\USTAWI~1\Temp\SAHAGE~1.EXE
    C:\Program Files\Media Pass\MediaPassK.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\program files\internet explorer\iexplore.exe
    C:\Program Files\Media Pass\MediaPass.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Tlen.pl\tlen.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Tomek\Pulpit\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Elo Wyder
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Tomek\USTAWI~1\Temp\SAHAGE~1.EXE run
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
    O4 - HKCU\..\Run: [CashFiesta] C:\Documents and Settings\Tomek\Pulpit\Cashfiesta.exe
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge-c18.cab
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  • Computer Controls
  • #123 26 Kwi 2005 17:24
    lobo0
    Poziom 19  

    usun w trybie awaryjnym:
    O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Tomek\USTAWI~1\Temp\SAHAGE~1.EXE run
    O4 - HKCU\..\Run: [CashFiesta] C:\Documents and Settings\Tomek\Pulpit\Cashfiesta.exe
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge-c18.cab

    i skasuj z dysku te pliki:
    C:\Program Files\Media Pass\MediaPassK.exe
    C:\Documents and Settings\Tomek\Pulpit\Cashfiesta.exe
    C:\DOCUME~1\Tomek\USTAWI~1\Temp\SAHAGE~1.EXE

  • #124 26 Kwi 2005 22:03
    flaber007
    Poziom 13  

    ciągle usuwam w tgrybie awaryjnym plik C:\temp\sahagent-cdt1004 a potem po 2-3 dniach on sie znowu pojawia co zrobic zeby sie niepojawiał?

  • #125 27 Kwi 2005 00:19
    lobo0
    Poziom 19  

    podeslij log z hijacka jak skasujesz ten plik i uruchomisz komputer

  • #126 27 Kwi 2005 14:18
    flaber007
    Poziom 13  

    Logfile of HijackThis v1.99.1
    Scan saved at 14:16:13, on 2005-04-27
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Tlen.pl\tlen.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Tomek\Pulpit\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Elo Wyder
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  • #127 27 Kwi 2005 14:44
    lobo0
    Poziom 19  

    wedlug mnie log 100% czysty
    jak nie masz sp2 to zainstaluj...

  • #128 28 Kwi 2005 17:57
    boczi
    Poziom 11  

    Martinez69 - Jaki chcesz antywirus? Płatny czy darmowy?

  • #129 28 Kwi 2005 23:32
    tel-fan
    Poziom 14  

    Logfile of HijackThis v1.99.1
    Scan saved at 23:22:14, on 2005-04-28
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.875\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=31865
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=31865
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=31865
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fkn.pl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=31865
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\W8C6S4~1.DLL (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ie2cltr.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
    O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\fwybuh7ty3thd.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://195.95.218.82/users/zoom/web/axe/x.chm::/update.exe
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB02C9A-8CBA-4C69-9068-289BB99EA550}: NameServer = 69.50.176.156,195.225.176.31
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AFFB6E5C-9E26-4F55-955A-BE2D6F82921A}: NameServer = 69.50.176.156,195.225.176.31
    O20 - AppInit_DLLs: nk3y227vzz.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Dodano po 3 [minuty]:

    Witam, u mnie tez problem, komp mi sie muli,
    panowie specjalisci pomozcie.

  • #132 29 Kwi 2005 23:32
    Kolobos
    Spec od komputerów

    :arrow: tel-fan
    Tutaj masz opis usuwania letgohome.com
    http://www.searchengines.pl/phpbb203/index.php?showtopic=14185&st=50&#entry114898


    W hijackthis zaznacz te wpisy:
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=31865
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=31865
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=31865
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fkn.pl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/hp.htm?id=31865
    O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\W8C6S4~1.DLL (file missing)
    O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ie2cltr.dll
    O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\fwybuh7ty3thd.exe
    O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://195.95.218.82/users/zoom/web/axe/x.chm::/update.exe
    O20 - AppInit_DLLs: nk3y227vzz.dll

    I Fix Checked.

    Odwiedz tez www.windowsupdate.com i sciagnij aktualizacje do tego zainstaluj:
    http://www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D -> przeskanuj i wlacz ochrone przegladarki
    http://www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz ochrone przegladarki
    http://www.wilderssecurity.net/spywareguard.html <- SpywareGuard

    Po wszystkim wklej po resecie nowy log z hijackthis.

  • #133 30 Kwi 2005 00:01
    tel-fan
    Poziom 14  

    Dziekuje za dotychczasowe podpowiedzi własnie walcze.

    Mam jednak zasadniczy problem,
    Service Pack 2 nie bardzo chce mi sie zainstalowac, wywala komunikat o... "złym kluczy Win Xp.." - jest na to jakies lekarstwo?

  • #134 30 Kwi 2005 00:04
    Kolobos
    Spec od komputerów

    :arrow: tel-fan
    Kupno oryginalnego Windows'a, a skoro masz piracka kopie to windowsupdate sobie odpusc.

  • #135 30 Kwi 2005 00:11
    tel-fan
    Poziom 14  

    Mam oryginalnego Win XP home edition, ale on mnie nie ratował bo pewne aplikacje nie działały[siemens - sterowniki PLC].

    Istotnie mam pirata. Moze kiedys jak studenci beda zarabic , bedzie ich stac, aby miec komputer i aplikacje..

    Tymczasem dziekuje uprzejmie za poswiecony czas. Pobawie sie i zamieszcze loga, ale to juto bo dzis czas odpoczac. Dobranoc.

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 12:42:38, on 2005-04-30
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.781\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
    O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\fwybuh7ty3thd.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
    O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm
    O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm
    O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB02C9A-8CBA-4C69-9068-289BB99EA550}: NameServer = 69.50.176.156,195.225.176.31
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AFFB6E5C-9E26-4F55-955A-BE2D6F82921A}: NameServer = 69.50.176.156,195.225.176.31
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


    Tak to wygląda na ta chwile
    Dodam ze Spybot usunął mi 30 jakis plikow? Nie moze poradzic sobie z "Gator"

  • #136 30 Kwi 2005 22:42
    Kolobos
    Spec od komputerów

    Chyba nie stosowales sie do opisu na stronie, ktora podalem bo dalej w logu widze:
    O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\fwybuh7ty3thd.exe

    Usun ten wpis w hijackthis, a sam plik usun killbox'em:
    http://www.downloads.subratam.org/KillBox.zip
    zaznacz delete file on reboot i wklej do niego sciezke do:
    C:\WINDOWS\System32\fwybuh7ty3thd.exe

  • #137 01 Maj 2005 21:35
    Clone
    Poziom 10  

    Witam

    Logfile of HijackThis v1.99.1
    Scan saved at 21:26:50, on 2005-05-01
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)
    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\DEVLDR16.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\PROGRAM FILES\MKS\BIN\MKS_MENU.EXE
    C:\PROGRAM FILES\MKS\BIN\MKS_MON.EXE
    C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE
    C:\PROGRAM FILES\GADU-GADU\GG.EXE
    C:\PROGRAM FILES\MKS\BIN\MKS_SCAN.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\MKS\BIN\FIREWALL.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\PULPIT\PLIKI Z INTERNETU\HIJACKTHIS.EXE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res/C:\WINDOWS\TEMP\se.dll/spage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res/C:\WINDOWS\TEMP\se.dll/spage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: (no name) - {D494AD3D-64D7-3027-F2F9-6013438F3BC0} - C:\WINDOWS\SYSTEM\BSCIR.DLL
    O2 - BHO: (no name) - {C9C1309D-39E8-4EF1-8254-E987AB8049CB} - C:\WINDOWS\SYSTEM\AMDN.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
    O4 - HKLM\..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe
    O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
    O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Devldr16] C:\WINDOWS\SYSTEM\devldr16.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor]
    C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
    O4 - HKCU\..\RunServices: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O18 - Filter: text/html - {DBA7D41C-14FB-4C9A-9CCD-7E20E9261389} - C:\WINDOWS\SYSTEM\AMDN.DLL
    O18 - Filter: text/plain - {DBA7D41C-14FB-4C9A-9CCD-7E20E9261389} - C:\WINDOWS\SYSTEM\AMDN.DLL


    Moze ktos pomoc ?

  • #138 01 Maj 2005 21:54
    Kolobos
    Spec od komputerów

    :arrow: Clone
    I po co sobie tak zasmieciles system?

    Na poczatek uzyj tego:
    http://www.trojaner-info.de/files/SpSeHjfix112.exe

    W hijackthis zaznacz te wpisy:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res/C:\WINDOWS\TEMP\se.dll/spage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res/C:\WINDOWS\TEMP\se.dll/spage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {D494AD3D-64D7-3027-F2F9-6013438F3BC0} - C:\WINDOWS\SYSTEM\BSCIR.DLL
    O2 - BHO: (no name) - {C9C1309D-39E8-4EF1-8254-E987AB8049CB} - C:\WINDOWS\SYSTEM\AMDN.DLL
    O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    O18 - Filter: text/html - {DBA7D41C-14FB-4C9A-9CCD-7E20E9261389} - C:\WINDOWS\SYSTEM\AMDN.DLL
    O18 - Filter: text/plain - {DBA7D41C-14FB-4C9A-9CCD-7E20E9261389} - C:\WINDOWS\SYSTEM\AMDN.DLL

    I Fix Checked, zainstaluj tez:
    http://www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D -> przeskanuj i wlacz ochrone przegladarki
    http://www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz ochrone przegladarki
    http://www.wilderssecurity.net/spywareguard.html <- SpywareGuard

    Oraz IE 6:
    http://www.microsoft.com/downloads/details.as...FamilyID=1e1550cb-5e5d-48f5-b02b-20b602228de6

    Po wszystkim wklej nowy log :-)

  • #139 02 Maj 2005 22:58
    flaber007
    Poziom 13  

    a ja mam inny problem niż wirusy (chyba) gdy prubuje coś zainstalowac to często wyświetla sie na ułamek sekundy niebieski eran z jakimiś napisami i komp sie resetuje. takie coś występuje przy dłuższych instalacjach np gier NFSU 2. Jak gram w gry nic sie niepsuje. jeżeli to coś pomoze w rozwiązaniu problemu to dodam ze mam win xp prof.

  • #140 02 Maj 2005 23:39
    stan000
    Poziom 22  

    flaber007
    to temat raczej do "hardware" - jeśli masz przyśpieszony komputer to spowolnij go trochę, może być winnych wiele rzeczy ja bym na poczatek sprawdził z innym zasilaczem (włącz raportowanie błędów)
    pozdrawiam

  • #141 05 Maj 2005 14:41
    infinity
    Specjalista od telefonów

    Mnie tez dopadł problem spowolnionego komputera, byłbym wdzieczny za informacje czy aby na pewno moj system jest wolny od smieci.


    Logfile of HijackThis v1.99.1
    Scan saved at 14:10:41, on 2005-05-05
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\WINDOWS\system32\RegSrvc.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    C:\IBMTOOLS\UTILS\ibmprc.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\zstatus.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
    O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
    O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
    O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
    O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
    O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite\UIWatcher.exe
    O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
    O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3A8DC640-9394-4ED6-85BD-5C78D1FF9B1D}: NameServer = 194.204.159.1
    O18 - Protocol: bw+0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {FEC75A7D-B387-46CF-8E7D-D77A9B08602D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
    O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: KLBLMain - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
    O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

  • #142 05 Maj 2005 15:36
    Kolobos
    Spec od komputerów

    :arrow: infinity
    Odinstaluj Logitech Desktop Messenger, ten program robi tylko smietnik co zreszta widac w logu (wszystkie wpisy O18 sa jego)

    W hijackthis zaznacz te wpisy:
    Wsztstkie O18
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    Reszta wyglada ok.

  • #143 05 Maj 2005 15:51
    tel-fan
    Poziom 14  

    Dzięki bardzo, ja tez chyba juz sie uporałem ze smieciami!
    Pozdrowienia

  • #144 09 Maj 2005 13:49
    flaber007
    Poziom 13  

    Logfile of HijackThis v1.99.1
    Scan saved at 13:20:49, on 2005-05-09
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Documents and Settings\Tomek\Dane aplikacji\oute.exe
    C:\WINDOWS\System32\?ttrib.exe
    C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Tomek\Pulpit\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Elo Wyder
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {FE3AA85D-3BE1-1263-EE7C-1FF3E92C47E7} - C:\WINDOWS\System32\vucty.dll
    O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite Rewolucja\kpp.exe" "C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp" /SYSTRAY
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Espt] C:\Documents and Settings\Tomek\Dane aplikacji\oute.exe
    O4 - HKCU\..\Run: [Qivq] C:\WINDOWS\System32\?ttrib.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge-c18.cab
    O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_20.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - ms-its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/mt.chm::/MediaTicketsInstaller.cab
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


    komp mi wyrażnie zwolnił i coś sie psuje moze tu coś znajdziecie?

  • #145 09 Maj 2005 13:55
    Kolobos
    Spec od komputerów

    :arrow: flaber007

    W hijackthis zaznacz te wpisy:

    O2 - BHO: (no name) - {FE3AA85D-3BE1-1263-EE7C-1FF3E92C47E7} - C:\WINDOWS\System32\vucty.dll
    O4 - HKCU\..\Run: [Espt] C:\Documents and Settings\Tomek\Dane aplikacji\oute.exe
    O4 - HKCU\..\Run: [Qivq] C:\WINDOWS\System32\?ttrib.exe
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge-c18.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - ms-its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/mt.chm::/MediaTicketsInstaller.cab


    Nastepnie sciagnij killbox:
    http://www.downloads.subratam.org/KillBox.zip
    zaznacz delete file on reboot i dodaj do niego po jednym te pliki:

    C:\WINDOWS\System32\vucty.dll
    C:\WINDOWS\System32\?ttrib.exe
    C:\Documents and Settings\Tomek\Dane aplikacji\oute.exe

    Nie zaszkodzi tez przeskanowac system tym:
    http://download.microsoft.com/download/8/1/5/...-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
    oraz zainstalowac:
    http://www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D -> przeskanuj i wlacz ochrone przegladarki
    http://www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz ochrone przegladarki
    http://www.wilderssecurity.net/spywareguard.html <- SpywareGuard

    Po wszystkim wklej nowy log z hijackthis.

  • #146 09 Maj 2005 23:05
    tibzor
    Poziom 10  

    A co powiecie nt. antyvira NOD32.?????????????

    Dodano po 8 [minuty]:

    Logfile of HijackThis v1.98.2
    Scan saved at 22:34:19, on 2005-05-09
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\system32\MMTrayLSI.exe
    C:\WINDOWS\system32\MMTray2k.exe
    C:\WINDOWS\system32\MMTray.exe
    C:\WINDOWS\system32\qttask.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\COMMON~1\Nokia\Services\SERVIC~1.EXE
    C:\Program Files\InterMute\SpySubtract\SpySub.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\programy\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pgjscwnjjdiyoxpkmon.com/lbAmjQJFpg...4e1qBkN485wyNI0XCRCTiNvSkC6uTarOwSlU10WT.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {258B0D24-9D26-FF24-1E65-5B5804668864} - C:\DOCUME~1\Robert\DANEAP~1\SAFEAN~1\SpamAxis.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [MMTrayLSI] C:\WINDOWS\system32\MMTrayLSI.exe
    O4 - HKLM\..\Run: [MMTray2K] C:\WINDOWS\system32\MMTray2k.exe
    O4 - HKLM\..\Run: [MMTray] C:\WINDOWS\system32\MMTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
    O4 - HKLM\..\Run: [boldgreyerrortick] C:\Documents and Settings\All Users\Dane aplikacji\SectGramBoldGrey\LoadBike.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [pure pop] C:\DOCUME~1\Robert\DANEAP~1\BASHHO~1\wave software live.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PC Health.lnk = C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Utwórz Ulubione dla urządzenia przenośnego - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consu...ls/en/x86/client/wuweb_site.cab?1113251984707
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

    Pomocy !!
    Podczas uruchamiania IE "wyskakuje" mikilka złosliwych okienek no i procek 2,4 chodzi jak 800 - tka .

    Dodano po 1 [minuty]:

    pomocy!!!

  • #147 10 Maj 2005 10:53
    flaber007
    Poziom 13  

    kolega poprosił mnie abym to wkleił tutaj i zaczerpnął porady od was co zrobic aby było dobrze


    Logfile of HijackThis v1.99.1
    Scan saved at 21:16:03, on 2005-05-17
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\System32\KAMERA.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\kula\Dane aplikacji\ioct.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Tlen.pl\tlen.exe
    C:\Program Files\Winamp\Winamp.exe
    C:\Program Files\mozilla.org\Mozilla\mozilla.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\DOCUME~1\kula\USTAWI~1\Temp\zang.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Documents and Settings\kula\Pulpit\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\kula\USTAWI~1\Temp\se.dll/spage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\kula\USTAWI~1\Temp\se.dll/spage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {0BBCF47C-8546-4546-BF9D-F8748B7AD05F} - C:\WINDOWS\System32\kmea.dll
    O2 - BHO: (no name) - {D9FEA5BA-6427-1288-5D87-1353760D16E1} - C:\WINDOWS\System32\rcga.dll
    O2 - BHO: (no name) - {EDD395BD-4917-50BF-70B0-567E373A3BA4} - C:\WINDOWS\System32\rcga.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [RCServer] "C:\PROGRA~1\REMOTE~1\REMOTE~1.EXE" -servicehelper
    O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
    O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\kula\USTAWI~1\Temp\se.dll,DllInstall
    O4 - HKLM\..\Run: [Winsock2 driver] KAMERA.EXE
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Sitb] C:\Documents and Settings\kula\Dane aplikacji\ioct.exe
    O4 - HKCU\..\Run: [Tscddvd] C:\WINDOWS\System32\?hkdsk.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [180ClientStubInstall] "C:\DOCUME~1\kula\USTAWI~1\Temp\zang.exe"
    O4 - HKCU\..\RunOnce: [Winsock2 driver] KAMERA.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191} (VacPro.internazionale_ver11) - http://advnt01.com/dialer/internazionale_ver11.CAB
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
    O18 - Filter: text/html - {D2AD96E0-0A9B-4D56-9EB7-5987B4126920} - C:\WINDOWS\System32\kmea.dll
    O18 - Filter: text/plain - {D2AD96E0-0A9B-4D56-9EB7-5987B4126920} - C:\WINDOWS\System32\kmea.dll
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Remote Control Server (RCSERVER) - Unknown owner - C:\PROGRA~1\REMOTE~1\REMOTE~1.EXE" -service (file missing)

  • #148 02 Lip 2005 09:12
    ddmar
    Poziom 12  

    Proszę o sprawdzenie loga, bo coś chyba siedzi w mojej maszynce a stawiać systemu i wszystkich programów mi się nie chce :-)

    Logfile of HijackThis v1.99.1
    Scan saved at 08:13:32, on 2005-07-02
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Documents and Settings\Marko\Pulpit\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fotolog.net/grupomur/[/url
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 148.244.150.58:80
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ODSPConfig] C:\Program Files\ODSP\ODSPConfig.exe
    O4 - HKCU\..\Run: [SMS Express] "C:\Program Files\SMS Express\smsexpr.exe" /tray
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.skoobidoo.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.slotchbar.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.skoobidoo.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.slotchbar.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted IP range: 195.95.218.173
    O15 - Trusted IP range: 195.95.218.173 (HKLM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ODSP Host Service (ODSP Host) - Unknown owner - C:\Program Files\ODSP\ODSPHost_NT.exe (file missing)

  • #149 02 Lip 2005 13:30
    Kolobos
    Spec od komputerów

    Gdzie masz aktualizacje?

    Odinstaluj:
    Desktop Surveillance Personal
    I nie instaluj tego wiecej.

    Przeskanuj tez tym i usun wszystko co znajdzie:
    http://download.microsoft.com/download/8/1/5/...-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe

    Zamknij porty:
    http://www.firewallleaktester.com/tools/wwdc.exe

    Uzyj tez tego:
    http://www.searchengines.pl/phpbb203/index.ph...e54567f66c39699f0&act=Attach&type=post&id=459


    W hijackthis usun:

    O4 - HKLM\..\Run: [ODSPConfig] C:\Program Files\ODSP\ODSPConfig.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.skoobidoo.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.slotchbar.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.skoobidoo.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.slotchbar.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted IP range: 195.95.218.173
    O15 - Trusted IP range: 195.95.218.173 (HKLM)
    O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSvcCDA.exe (file missing)
    O23 - Service: ODSP Host Service (ODSP Host) - Unknown owner - C:\Program Files\ODSP\ODSPHost_NT.exe (file missing)

    Znasz ten host:
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 148.244.150.58:80

    Jezeli sam ustawiles to proxy to zostaw jezeli nie to usun, ale wczesniej zapisz sobie adres albo nie kasuj kopi wpisow w backup.Bedziesz mogl przywrocic wpis jakby byl potrzebny :-)

  • #150 02 Lip 2005 21:21
    ddmar
    Poziom 12  

    Nie nie znałem tego hosta więc go usunołem. Całkiem inaczej komputer chodzi :-)) Dzięki. Jeszcze dla sprawdzenia jeden log:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:38:56, on 2005-07-02
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\rsmsink.exe
    C:\Documents and Settings\Marko\Pulpit\hijackthis\HijackThis.exe

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [SMS Express] "C:\Program Files\SMS Express\smsexpr.exe" /tray
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ODSP Host Service (ODSP Host) - Unknown owner - C:\Program Files\ODSP\ODSPHost_NT.exe (file missing)