Microsoft AntiSpyware

Odnośniki

• Microsoft Access baza danych
• Microsoft Combat Flight Simulator 2
• Microsoft Combat Flight Simulator 2 download
• Microsoft Combat Flight Simulator II
• Microsoft Common Dialog Control 6.0
• Microsoft Exchange Server 2003
• Microsoft Flight Simulator X accereration
• Microsoft Flight Simulator X Spolszczenie
• Microsoft Internet Information Server
• Microsoft Jet 4.0 Service Pack
• zanotowane.pl
• doc.pisz.pl
• pdf.pisz.pl
• boszanna.htw.pl

Oglądasz wypowiedzi znalezione dla frazy: Microsoft AntiSpyware

---

Temat: Proszę o sprawdzenie loga z HJ
Proszę o sprawdzenie loga z HJ
Logfile of HijackThis v1.99.1
Scan saved at 20:46:28, on 2005-04-02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesDeamondaemon.exe
C:Program FilesSBLiveAudioHQAHQTB.EXE
C:Program FilesKaspersky LabKaspersky Anti-Virusavpcc.exe
C:Program FilesMedia AccessMediaAccK.exe
C:Program FilesMedia AccessMediaAccess.exe
C:Program FilesTlen.pl len.exe
C:Program FilesKaspersky LabKaspersky Anti-Virusavpcc.exe
C:Program FilesKaspersky LabKaspersky Anti-Virusavpm.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesKaspersky LabKaspersky Anti-Virusavp32.exe
C:Program FileseMuleeMule.exe
C:Program FilesWinampwinamp.exe
C:Program FilesOpera7opera.exe
C:Program FileswincmdWINCMD32.EXE
C:Documents and SettingspikolskiPulpithijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.onet.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:WINDOWS em220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:WINDOWSSYSTEMLoader.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FLASHGETjccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FLASHGETfgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesDeamondaemon.exe" -lang 1033
O4 - HKLM..Run: [AudioHQ] C:Program FilesSBLiveAudioHQAHQTB.EXE
O4 - HKLM..Run: [WinampAgent] "C:Program FilesWinampWinampa.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [winmgr.exe] scvhost.exe
O4 - HKLM..Run: [AVPCC] C:Program FilesKaspersky LabKaspersky Anti-Virusavpcc.exe /wait
O4 - HKLM..Run: [MSN Messenger] C:WINDOWSSystem32msmsgs.exe
O4 - HKLM..Run: [vmtuner] gclib.exe
O4 - HKLM..Run: [Media Access] C:Program FilesMedia AccessMediaAccK.exe
O4 - HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..RunServices: [winmgr.exe] scvhost.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:PROGRA~1FLASHGETjc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:PROGRA~1FLASHGETjc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FLASHGETflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FLASHGETflashget.exe
O9 - Extra button: Microsoft AntiSpyware helper - {FBEF42C0-6FDC-4083-A862-5F3913B63776} - C:WINDOWSSystem32wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FBEF42C0-6FDC-4083-A862-5F3913B63776} - C:WINDOWSSystem32wldr.dll (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {FBEF42C0-6FDC-4083-A862-5F3913B63776} - C:WINDOWSSystem32wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FBEF42C0-6FDC-4083-A862-5F3913B63776} - C:WINDOWSSystem32wldr.dll (file missing) (HKCU)
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:Program FilesKaspersky LabKaspersky Anti-Virusavpcc.exe" /Service (file missing)

Z góry dzięki.
P. Przeczytaj wszystkie posty z tego wątku

---

Temat: prosze o sprawdzenie
W dalszym ciagu pliki antk15.dll, hdf15.dll i hdp15.dll mam zarazone tymi
samymi trojanami i MKS nie chce ich usunac ani wyleczyc. Microsoft AntiSpyware
i Adaware nic nie znalazl...

Logfile of HijackThis v1.99.1
Scan saved at 00:19:38, on 2005-04-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesTGTSoftStyleXPStyleXPService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32userinit.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:Program FilesNeostrada TPNeostradaTP.exe
D:InstallAvant Browseravant.exe
D: len len.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1KASIKUSTAWI~1TempRar$EX00.797HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.gazeta.pl
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} -
C:Program FilesCommon FilesReGet SharedCatcher.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} -
D:Installsciaganie plikowReGetDxiebar.dll
O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program
FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe
O8 - Extra context menu item: &Pobierz przez ReGet Deluxe - C:PROGRA~1COMMON~1
REGETS~1CC_Link.htm
O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
D:InstallAvant BrowserAddAllToADBlackList.htm
O8 - Extra context menu item: Dodaj do listy blokowanych reklam -
D:InstallAvant BrowserAddToADBlackList.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
D:InstallAvant BrowserOpenAllLinks.htm
O8 - Extra context menu item: Pobierz &wszystko przez ReGet Deluxe - C:PROGRA~1
COMMON~1REGETS~1CC_All.htm
O8 - Extra context menu item: Podświetl - D:InstallAvant BrowserHighlight.htm
O8 - Extra context menu item: Szukaj - D:InstallAvant BrowserSearch.htm
O16 - DPF: {81E688E8-36A4-4FEF-B70B-8B0A1C5C1308} (WebLauncherX Control) -
www.kuchnie.pl/online/cad/launcher.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{A5AFFB3D-4ABD-4110-B43B-9BBCA789205C}:
NameServer = 194.204.152.34 217.98.63.164
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32
Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:Documents and
SettingsKASIKPulpitCWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
Corporation - C:Program FilesSymantec AntiVirusDefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:Program FilesSymantec
AntiVirusSavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:Program
FilesTGTSoftStyleXPStyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program
FilesSymantec AntiVirusRtvscan.exe

Przeczytaj wszystkie posty z tego wątku

---

Temat: Prośba o sprawdzenie loga
Prośba o sprawdzenie loga
Prosze sprawdzić .Nie wszystko jest w porządku.

Logfile of HijackThis v1.97.7
Scan saved at 16:09:31, on 2005-04-13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSGtwatch.exe
C:WINDOWSgtwatch.exe
F:Program filesmobile PhoneToolsWatchDog.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesNorton AntiVirus avapsvc.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:Program FilesTlen.pl len.exe
E:emuleemule.exe
C:Program FilesInternet Exploreriexplore.exe
D:HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.wp.pl/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyServer = w3cache.daminet.pl:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program
FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program
FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program
FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:Program FilesNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32
NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [] C:WINDOWSGtwatch.exe
O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..Run: [Gtwatch] C:WINDOWSgtwatch.exe
O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32\NeroCheck.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32
spooldriversw32x863hpztsb03.exe
O4 - HKLM..Run: [WatchDog] F:Program filesmobile PhoneToolsWatchDog.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec
SharedccApp.exe"
O4 - HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec
SharedSecurity CenterUsrPrmpt.exe
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOffice10OSA.EXE
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk =
C:Program FilesUlead SystemsUlead Photo Express 3.0 SECalCheck.exe
O4 - Global Startup: Watch.lnk = C:WINDOWS wain_32A6U16KWATCH.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Microsoft AntiSpyware helper (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{1C3740F4-E723-401D-8E9B-
885862A8026C}: NameServer = 82.139.13.226
O17 - HKLMSystemCS1ServicesTcpip..{1C3740F4-E723-401D-8E9B-
885862A8026C}: NameServer = 82.139.13.226
O17 - HKLMSystemCS2ServicesTcpip..{1C3740F4-E723-401D-8E9B-
885862A8026C}: NameServer = 82.139.13.226

Przeczytaj wszystkie posty z tego wątku

---

Temat: SPYWARE _POMOCY!!!!!!!!!!!!!!!!!
Najpierw przeskanuj tym:
cwshredder.net/bin/CWShredder.exe <- CWS Shredder

Odinstaluj: MySearch,PCTools, Spyware Doctor, RegFreeze

Do tego o ile dobrze widze masz dwa antyvirusy, a wiec odinstaluj jeden chociaz
oba to zamulacze systemu wiec wywal najlepiej oba i zainstaluj avast + kerio :-)

> R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
> res://C:WINDOWSsystem32shdocpl.dll/security.htm#subID=MPV;401
> R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
> www.vobis.pl/
> R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
> www.makemesearch.com/?said=382
> R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
> res://shdocpl.dll/asst.htm
> R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
> O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:Program
> FilesMySearchar1.binS4BAR.DLL
> O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
> C:PROGRA~1SPYWAR~2 oolsiesdsg.dll
> O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -
> C:PROGRA~1SPYWAR~2 oolsiesdpb.dll
> O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D8274} - C:WINDOWSSystem32
> spm8274.dll
> O3 - Toolbar: SuperBar - {2DBDB463-84E1-458A-8ED4-E98F4CEE09C2} - C:Program
> FilesSUPERBARSUPERBAR.dll (file missing)
> O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
> O4 - HKLM..Run: [lsasss.exe] C:WINDOWSlsasss.exe
> O4 - HKLM..Run: [levur] C:WINDOWSlevur.exe
> O4 - HKLM..Run: [FastStart] C:WINDOWSsystem32svcnut.exe home
> O4 - HKLM..RunOnce: [Local runole service] C:WINDOWSSystem32srvc32.exe
> O4 - HKLM..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
> O4 - HKCU..Run: [Spyware Doctor] "C:Program FilesSpyware
> Doctorswdoctor.exe" /Q
> O4 - HKCU..RunOnce: [Local runole service] C:WINDOWSSystem32srvc32.exe
> O4 - HKCU..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
> O4 - Startup: RegFreeze.lnk = C:Program FilesRegFreeze egfreeze.exe
> O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
> C:PROGRA~1SPYWAR~2 oolsiesdpb.dll
> O9 - Extra button: Search and Remove Spyware - {CDB280E8-BE43-4128-8A5A-
> 3FCD094E2D88} - C:Program FilesRegFreeze fsearchhandler.dll
> O9 - Extra 'Tools' menuitem: Search and Remove Spyware - {CDB280E8-BE43-4128-
> 8A5A-3FCD094E2D88} - C:Program FilesRegFreeze fsearchhandler.dll
> O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8171C6FC-F6F9-
> 4499-9DF4-A005F3385E22} - (no file) (HKCU)
> O14 - IERESET.INF: START_PAGE_URL=www.vobis.pl/

Fix Checked i wklej nowy log z hijackthis.
Przeczytaj wszystkie posty z tego wątku

---

Temat: trojan
trojan
pokazuje się napisa na pulpicie...(pulpit jest niebieski)

a fatal erro in EI has occured at 0028: c0011e36 in vxd vmm (01)00010e36.
Error was caused by trojan-spy.html.smitfraud.c


Logfile of HijackThis v1.99.1
Scan saved at 16:23:50, on 2005-04-27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe
C:WINDOWSsvchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32 undll32.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSSystem32devldr32.exe
C:DOCUME~1MareckiUSTAWI~1Tempupdate.tmp
C:Program FilesFlashGetflashget.exe
C:DownloadsHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
res://C:DOCUME~1MareckiUSTAWI~1Tempse.dll/spage.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar =
res://C:DOCUME~1MareckiUSTAWI~1Tempse.dll/spage.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
about:blank
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
about:blank
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyOverride = 127.0.0.1
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {035749F7-79F5-485C-98C6-C92C783ADBF1} - (no file)
O2 - BHO: (no name) - {26CBADF4-0150-4B6F-9A82-9F1B1B5DFA73} -
C:WINDOWSSystem32ikbc.dll
O2 - BHO: (no name) - {6A64C6C7-FF52-4F89-BC20-16979F845E11} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:PROGRA~1FLASHGETjccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:PROGRA~1FLASHGETfgiebar.dll
O4 - HKLM..Run: [Outpost Firewall] C:PROGRA~1AGNITUMOUTPOS~1.0
outpost.exe /waitservice
O4 - HKLM..Run: [TrojanScanner] C:Program FilesTrojan RemoverTrjscan.exe
O4 - HKLM..Run: [sp] rundll32 C:DOCUME~1MareckiUSTAWI~1
Tempse.dll,DllInstall
O4 - HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O8 - Extra context menu item: Download All by FlashGet - C:Program
FilesFlashGetjc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:Program
FilesFlashGetjc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:WINDOWSweb elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:WINDOWSweb elated.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:PROGRA~1FLASHGETflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
0050BA6940E3} - C:PROGRA~1FLASHGETflashget.exe
O9 - Extra button: Microsoft AntiSpyware helper - {471E3BEB-5EBC-4C1D-90AA-
8D1AAAF81FD9} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {471E3BEB-5EBC-
4C1D-90AA-8D1AAAF81FD9} - (no file) (HKCU)
O16 - DPF: {11311111-1111-1111-1111-111111111157} -
file://C:RecycledQ330995.exe
O17 - HKLMSystemCCSServicesTcpip..{DC85E18D-B55A-4756-A3BB-
F0AE03FC1B19}: NameServer = 192.168.0.1
O18 - Filter: text/html - {E556A7EE-B2FA-4784-86C7-6F0D0F67F0DD} -
C:WINDOWSSystem32ikbc.dll
O18 - Filter: text/plain - {E556A7EE-B2FA-4784-86C7-6F0D0F67F0DD} -
C:WINDOWSSystem32ikbc.dll
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum -
C:PROGRA~1AGNITUMOUTPOS~1.0outpost.exe

Przeczytaj wszystkie posty z tego wątku

---

Temat: Bardzo Prosze o sprawdzenie loga hijackthis !!!
Na poczatk usun iSearch "Desktop Search" tak jak masz w opisie tutaj:
www.searchengines.pl/phpbb203/index.php?showtopic=12510&st=0&p=109496&#entry135478

Nastepnie usun Backdoor.Haxdoor tak jak masz podane tutaj:
www.searchengines.pl/phpbb203/index.php?showtopic=12510&st=0&p=109496&#entry132561

Jak juz to wszystko zrobisz to w hijackthis wybierz scan only i zaznacz te
wpisy:

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
81.222.131.49/index.php
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
81.222.131.49/index.php
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
81.222.131.49/index.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
81.222.131.49/index.php
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
81.222.131.49/index.php
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} -
C:WINDOWSBolger.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} -
C:WINDOWSisrvssysupd.dll (file missing)
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} -
C:WINDOWSdrexinit.dll (file missing)
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O4 - HKLM..Run: [Media Pass] C:Program FilesMedia PassMediaPassK.exe
O4 - HKLM..Run: [gah95on6] C:WINDOWSSystem32gah95on6.exe
O4 - HKLM..Run: [Windows Update] C:WINDOWSms1.exe
O4 - HKLM..Run: [Desktop Search] C:WINDOWSisrvsdesktop.exe
O4 - HKLM..Run: [ffis] C:WINDOWSisrvsffisearch.exe
O4 - HKCU..Run: [PayTime] C:WINDOWSSystem32paytime.exe
O9 - Extra button: Microsoft AntiSpyware helper - {7CFDB64D-9514-4861-8188-
4D2B7FBF9A1C} - C:WINDOWSSystem32wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7CFDB64D-9514-
4861-8188-4D2B7FBF9A1C} - C:WINDOWSSystem32wldr.dll (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {7CFDB64D-9514-4861-8188-
4D2B7FBF9A1C} - C:WINDOWSSystem32wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7CFDB64D-9514-
4861-8188-4D2B7FBF9A1C} - C:WINDOWSSystem32wldr.dll (file missing) (HKCU)
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} -
C:WINDOWSisrvsmfiltis.dll
O20 - Winlogon Notify: drct16 - C:WINDOWSSYSTEM32drct16.dll

I Fix Checked i sciagnij KillBox:
www.downloads.subratam.org/KillBox.zip
Rozpakuj, zaznacz Delete file on reboot wklej sciezke do pliku (sam nie szukaj
tylko wklejaj gotowa) i naciskaj czerwony przycik ale na pytanie o reset
odpowiadaj nie i tak zrob z tymi plikami:
C:WINDOWSBolger.dll
C:Program FilesMedia PassMediaPassK.exe
C:WINDOWSSystem32gah95on6.exe
C:WINDOWSSYSTEM32drct16.dll
C:WINDOWSisrvsmfiltis.dll
C:WINDOWSSystem32paytime.exe

Chociaz polowy juz nie powinno byc jak usuniesz wszystko zgodnie z dwoma
opisami podanym na poczatku.Po resecie wklej nowy log z hijackthis bo pewnie
cos zostanie.

Przeczytaj wszystkie posty z tego wątku

---

Temat: Kolejny log hijacks do sprawdzenia
Log mie zmieścił się cały.


Start do trybu awaryjnego:

usuwasz (poprzez dodaj/usun programy)
- 180 SearchAssistant
- BULLSEYE NETWORK
- SearchAccelerator
- CXTPLS
- SECURITY IGUARD


potem szukasz i usuwasz:
> IENUTILW.EXE -> z C:WINDOWSSYSTEM
> ENUBG.EXE -> z C:WINDOWSSYSTEM
> paytime.exe -> z C:WINDOWSSYSTEM
ap9h4qmo.exe -> z C:WINDOWSSYSTEM

uruchamiasz HJ wybierasz "do a system scan only" i zaznaczasz
> R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
> 81.222.131.49/index.php
> R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) =
> keyword.netscape.com/keyword/%s
> R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
> 81.222.131.49/index.php
> R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
> 81.222.131.49/index.php
> O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
> C:WINDOWSNEM220.DLL (file missing)
> O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} -
> C:WINDOWSDREXINIT.DLL
> O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:PROGRAM
> FILESCXTPLSCXTPLS.DLL
> O2 - BHO: (no name) - {9414B321-799B-2366-E1D8-52C0CE965D93} -
> C:WINDOWSSYSTEMUUVDR.DLL
> O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio -
> {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
> O3 - Toolbar: UCmore XP - The Search Accelerator -
> {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:PROGRAM
> FILESTHESEARCHACCELERATORUCMTSAIE.DLL
> O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon
> FilesRealUpdate_OB ealsched.exe" -osboot
> O4 - HKLM..Run: [QuickTime Task] "C:WINDOWSSYSTEMQTTASK.EXE" -atboottime
> O4 - HKLM..Run: [sac] c:program files180searchassistantsac.exe
> O4 - HKLM..Run: [BullsEye Network] C:Program FilesBullsEye
> Networkinargains.exe
> O4 - HKLM..Run: [op8g36j] IENUTILW.EXE
> O4 - HKLM..Run: [AutoLoaderEnvoloAutoUpdater]
> "C:WINDOWSTEMP~COMPOUNDINST0AUTO_UPDATE_LOADER.EXE" /HideUninstall
> /HideDir /PC=CP.AMS /ShowLegalNote=nonbranded
> O4 - HKLM..Run: [Security iGuard] C:PROGRAM FILESSECURITY IGUARDSECURITY
> IGUARD.EXE
> O4 - HKLM..Run: [PayTime] C:WINDOWSSYSTEMpaytime.exe
> > O4 - HKLM..Run: [Service Host]
> C:WINDOWSSYSTEMServices{8756B060-BF4E-11D9-A139-00111E0010F3}SVCHOST.EXE
> O4 - HKLM..Run: [ap9h4qmo] C:WINDOWSSYSTEMap9h4qmo.exe
> O4 - HKLM..Run: [AutoUpdater] "c:Program FilesAutoUpdateAutoUpdate.exe"
> O4 - HKCU..Run: [ZErmRWHnj] ENUBG.EXE
> O4 - HKCU..Run: [PayTime] C:WINDOWSSYSTEMpaytime.exe
> O4 - Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
> OfficeOfficeOSA9.EXE -> nieszkodliwe ale zbedne
> O4 - Startup: Watch.lnk = C:WINDOWSTWAIN_32a4s2_600watch.exe
> > O9 - Extra 'Tools' menuitem: Show &Related Links -
> {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm
> O9 - Extra button: Microsoft AntiSpyware helper -
> {B90977A0-BF4E-11D9-A139-00111E0010F3} - (no file) (HKCU)
> O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
> {B90977A0-BF4E-11D9-A139-00111E0010F3} - (no file) (HKCU)
> > O15 - Trusted Zone: *.windupdates.com
> O15 - Trusted Zone: *.searchmiracle.com
> O15 - Trusted Zone: *.my-internet.info
> O15 - Trusted Zone: *.flingstone.com
> O15 - Trusted Zone: *.blazefind.com
> O15 - Trusted Zone: *.clickspring.net
> O15 - Trusted Zone: *.ysbweb.com
> O15 - Trusted Zone: *.slotchbar.com
> O15 - Trusted Zone: *.windupdates.com (HKLM)
> O15 - Trusted Zone: *.searchbarcash.com (HKLM)
> O15 - Trusted Zone: *.searchmiracle.com (HKLM)
> O15 - Trusted Zone: *.skoobidoo.com (HKLM)
> O15 - Trusted Zone: *.my-internet.info (HKLM)
> O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
> O15 - Trusted Zone: *.slotch.com (HKLM)
> O15 - Trusted Zone: *.flingstone.com (HKLM)
> O15 - Trusted Zone: *.mt-download.com (HKLM)
> O15 - Trusted Zone: *.blazefind.com (HKLM)
> O15 - Trusted IP range: 81.222.131.59
> O15 - Trusted IP range: 81.222.131.59 (HKLM)

i Fix Checked. restart i wklej nowy log.
Przeczytaj wszystkie posty z tego wątku

---

Temat: Przejrzyjcie loga - mam problem
Przejrzyjcie loga - mam problem
Cześć, nie chce mi się wyłączyć komputer. Zawiesza się na ekranie z napisem
"Zamykanie systemu Windows" i stoi. Pomaga jedynie restart i dopiero potem
ponowne wyłączenie. Regularnie skanuję antyvirem (Avast) antyspyware (
Spybot)oraz dodatkowo SpywareBlaster, Microsoft Antispyware, CWSShredder, mam
włączoną ochronę poprzez firewall Agnitum Outpost oraz program blokujący porty
WWDC oraz usuwam śmieci z rejestru poprzez WinAso.
Spójrzcie na loga z Hijack - może mi podpowiecie co tam jest nie tak.
Pozdrawiam
Logfile of HijackThis v1.99.1
Scan saved at 16:20:13, on 2005-07-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAheadInCDInCDsrv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAheadInCDInCD.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32 vsvc32.exe
C:PROGRA~1AgnitumOUTPOS~1outpost.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesWinPatrolwinpatrol.exe
C:Program FilesSpywareGuardsgmain.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesNoweProgramyKomunikatory InternetoweGadu-Gadugg.exe
C:Program FilesSpywareGuardsgbhp.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesVIARAID aid_tool.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsSebaPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection -
{4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:Program
FilesSpywareGuarddlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {BA25708B-154D-4D40-8607-67AA5190C395} - (no file)
O3 - Toolbar: (no name) - {21C32A07-0176-4FFE-BCDA-65D4A24F4303} - (no file)
O3 - Toolbar: (no name) - {C4370071-9FF8-4442-B9C7-F849AC0789CA} - (no file)
O4 - HKLM..Run: [InCD] C:Program FilesAheadInCDInCD.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [Outpost Firewall] C:Program FilesAgnitumOutpost
Firewalloutpost.exe /waitservice
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKLM..Run: [WinPatrol] C:Program FilesWinPatrolwinpatrol.exe
O4 - HKLM..Run: [SpywareGuard] C:Program FilesSpywareGuardsgmain.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesNoweProgramyKomunikatory
InternetoweGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search &
DestroyTeaTimer.exe
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash
/minimized
O4 - Global Startup: raid_tool.exe.lnk = C:Program FilesVIARAID aid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_02in pjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_02in pjpi150_02.dll
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} -
C:PROGRA~1AgnitumOUTPOS~1TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan -
{072F3B8A-2DA2-40e2-B841-88899F240200} -
C:PROGRA~1AgnitumOUTPOS~1TRASH.EXE (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:Program
FilesAheadInCDInCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:WINDOWSsystem32 vsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum -
C:PROGRA~1AgnitumOUTPOS~1outpost.exe

Przeczytaj wszystkie posty z tego wątku

---

Temat: Pomocy!!!180 Solutions, Web_Rebates
Sprawdzilem tym Microsoft Antispyware. Znalazł sporo tego szjasu. Wszystko usunąłem, sprawdziłem jeszcze raz i juz nie znalazł niczego.
To nowy log:

Logfile of HijackThis v1.99.0
Scan saved at 19:58:01, on 2005-02-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.ex e
C:WINDOWSsystem32services.ex e
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32RunDll32.ex e
C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe
C:Program FilesCommon FilesRealUpdate_OB ealsched. exe
C:PROGRA~1ALWILS~1Avast4ash Disp.exe
C:WINDOWSsystem32RUNDLL32.EX E
C:Program FilesGadu-Gadugg.exe
C:Program FilesNetropaMultimedia KeyboardTrayMon.exe
C:Program FilesNetropaOnscreen DisplayOSD.exe
C:Program FilesNetropaMultimedia Keyboard hksrv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32 vsvc32.exe
C:Program FilesKerioPersonal Firewallpersfw.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesSpeedFanspeedfan.exe
C:Program FilesOpera7Opera.exe
C:InstalkiOchronaHijackThis. exe

R1 - HKCUSoftwareMicrosoftInterne t ExplorerMain,Search Bar = www.couldnotfind.com/search_page.html?&account_id=1002535
R1 - HKCUSoftwareMicrosoftInterne t ExplorerMain,Search Page = www.couldnotfind.com/search_page.html?&account_id=1002535
R0 - HKCUSoftwareMicrosoftInterne t ExplorerMain,Start Page = www.onet.pl/
R1 - HKLMSoftwareMicrosoftInterne t ExplorerMain,Search Bar = www.couldnotfind.com/search_page.html?&account_id=1002535
R1 - HKLMSoftwareMicrosoftInterne t ExplorerMain,Search Page = www.couldnotfind.com/search_page.html?&account_id=1002535
R0 - HKLMSoftwareMicrosoftInterne t ExplorerMain,Start Page = www.onet.pl/
R1 - HKCUSoftwareMicrosoftInterne t ExplorerSearch,SearchAssistant = www.couldnotfind.com/search_page.html?&account_id=1002535
R0 - HKLMSoftwareMicrosoftInterne t ExplorerSearch,SearchAssistant = www.couldnotfind.com/search_page.html?&account_id=1002535
R0 - HKCUSoftwareMicrosoftInterne t ExplorerToolbar,LinksFolderNam e = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} - C:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper. ocx
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A 26C85C} - C:Program FilesSolidDocumentsSolidConve rterPDFSCPDFExploreExtPDF.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A 26C85C} - C:Program FilesSolidDocumentsSolidConve rterPDFSCPDFExploreExtPDF.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A 3F5686} - C:PROGRA~1YOURSI~1ysb.dll (file missing)
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.e xe
O4 - HKLM..Run: [MULTIMEDIA KEYBOARD] C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB ealsched. exe" -osboot
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ash Disp.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,N vStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dl l,NvTaskbarInit
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [sais] c:program files180solutionssais.exe
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFI CE11EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C57 1A8263} - C:PROGRA~1MICROS~2OFFICE11R EFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F 795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F 795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .rar: C:Program FilesOpera7PLUGINSNPFgc1.dll
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF3 3E833C} (WUWebControl Class) - v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104771103225
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) - skaner.mks.com.pl/SkanerOnline.cab
O23 - Service: avast! iAVS4 Control Service - Unknown - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: Netropa NHK Server - Unknown - C:Program FilesNetropaMultimedia Keyboard hksrv.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:WINDOWSsystem32 vsvc32.exe
O23 - Service: Kerio Personal Firewall - Kerio Technologies - C:Program FilesKerioPersonal Firewallpersfw.exe
O23 - Service: Prime95 Service - Unknown - C:Program FilesPrime95prime95.exe (file missing)

Z tego co się orientuję to nie wygląda on jeszcze dobrze?
Przeczytaj wszystkie posty z tego wątku

---

Temat: zablokowana tapeta i zablokowane właściwości ekran
zablokowana tapeta i zablokowane właściwości ekran
na drugim komputerze mam podobny problem - tym razem niebieski ekran -
tapete już zliwkidowałem ale niestety ystawienia ekranu "zgubiły" możliwość
ustawienia koloró i tapety - mogę ją jedynie zmieniać na zasadzie użj plik
jako
tło - ale nie moge jej ustawić pojedynczo lub rozciągnąć.

oto log:
Logfile of HijackThis v1.99.1
Scan saved at 19:20:36, on 2005-04-12
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesMKSBinNetMonSV.exe
C:Program FilesAVPersonalAVWUPSRV.EXE
C:WINDOWSSystem32CTsvcCDA.EXE
C:Program FilesMKSBinmksmonsv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesMKSBinmks_scan.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesMessengermsmsgs.exe
C:PROGRA~1NEOSTR~1TaskbarIcon.exe
C:PROGRA~1NEOSTR~1NeostradaTP.exe
C:Program FilesMKSBinmks_menu.exe
C:Program FilesMKSBinABregmon.exe
C:WINDOWSSystem32devldr32.exe
C:PROGRA~1NEOSTR~1ComComp.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesInterMuteSpySubtractSpySub.exe
C:PROGRA~1NEOSTR~1Watch.exe
C:PROGRA~1MICROS~2OfficeOUTLOOK.EXE
C:Program FilesTC PowerPack otalcmd.exe
C:Program FilesMicrosoft OfficeOfficeEXCEL.EXE
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesWinAceWinAce.exe
C:Program FilesFlashGetflashget.exe
C:Program FilesWinAceWinAce.exe
C:Program FilesWinAceWinAce.exe
C:Program FilesWinAceWinAce.exe
C:Program FilesWinAceWinAce.exe
C:Program FilesWinAceWinAce.exe
C:DOCUME~1DIRKDI~1USTAWI~1Temp~AceTemphijackthisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
szukaj.wp.pl
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.neostrada.pl
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada
TP
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {22A0437E-87A2-48A3-AEC2-A09B7ADF1535} -
C:WINDOWSSystem32 plk.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1
SPYBOT~1SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:PROGRA~1
FLASHGETjccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:PROGRA~1FLASHGETfgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe
O4 - HKLM..Run: [WOOKIT] C:PROGRA~1NEOSTR~1NeostradaTP.exe
O4 - HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 - HKLM..Run: [ABREGMON] C:Program FilesMKSBinABregmon.exe
O4 - HKLM..RunServices: [PCprot] crcss.exe
O4 - HKLM..RunServices: [ykkixntfeqf] C:WINDOWSSystem32qmnjvim.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search &
DestroyTeaTimer.exe
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840
dslmon.exe
O4 - Global Startup: SpySubtract.lnk = C:Program
FilesInterMuteSpySubtractSpySub.exe
O8 - Extra context menu item: Download All by FlashGet - C:Program
FilesFlashGetjc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:Program
FilesFlashGetjc_link.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:PROGRA~1FLASHGETflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
0050BA6940E3} - C:PROGRA~1FLASHGETflashget.exe
O9 - Extra button: Microsoft AntiSpyware helper - {5B93DD4B-03B2-4A7D-86E3-
6CBE295DACA0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B93DD4B-03B2-
4A7D-
86E3-6CBE295DACA0} - (no file) (HKCU)
O12 - Plugin for .spop: C:Program FilesInternet
ExplorerPluginsNPDocBox.dll
O16 - DPF: {11311111-1111-1111-1111-111111111157} -
file://C:RecycledQ330995.exe
O17 - HKLMSystemCCSServicesTcpip..{19A8B79D-F643-49F3-A2D6-
1967490E2E19}:
NameServer = 194.204.152.34 217.98.63.164
O17 - HKLMSystemCS1ServicesTcpip..{19A8B79D-F643-49F3-A2D6-
1967490E2E19}:
NameServer = 194.204.152.34 217.98.63.164
O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. -
C:Program
FilesMKSBinNetMonSV.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
C:Program FilesAVPersonalAVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32
Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -

C:Program FilesAVPersonalAVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:WINDOWSSystem32CTsvcCDA.EXE
O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:Program
FilesMKSinMkSUpdateInt.exe
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:Program
FilesMKSBinmksmonsv.exe
O23 - Service: MkS_Scan - Unknown owner - C:Program
FilesMKSBinmks_scan.exe
O23 - Service: RadClock - Unknown owner - C:WINDOWSsystem32RadClock.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program
FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 - Service: Universal Plug and Play Device Configuration (UPnP
Configuration) - Unknown owner - C:WINDOWSsystem32zox.exe (file missing)
O23 - Service: Windows 32-bit PnP Driver (winpnp32) - Unknown owner -
C:WINDOWSSystem32winpnp32.exe (file missing)

co i jak mam wywalić?, żeby zaczeło działąć normlanie?
Przeczytaj wszystkie posty z tego wątku

---

Temat: Prośba o sprawdzenie loga
Logfile of HijackThis v1.99.1
Scan saved at 17:07:00, on 2005-04-13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSGtwatch.exe
C:WINDOWSgtwatch.exe
F:Program filesmobile PhoneToolsWatchDog.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesNorton AntiVirus avapsvc.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:Program FilesTlen.pl len.exe
E:emuleemule.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.wp.pl/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyServer = w3cache.daminet.pl:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program
FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program
FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:Program FilesNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32
NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [] C:WINDOWSGtwatch.exe
O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..Run: [Gtwatch] C:WINDOWSgtwatch.exe
O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32\NeroCheck.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32
spooldriversw32x863hpztsb03.exe
O4 - HKLM..Run: [WatchDog] F:Program filesmobile PhoneToolsWatchDog.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec
SharedccApp.exe"
O4 - HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec
SharedSecurity CenterUsrPrmpt.exe
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOffice10OSA.EXE
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk =
C:Program FilesUlead SystemsUlead Photo Express 3.0 SECalCheck.exe
O4 - Global Startup: Watch.lnk = C:WINDOWS wain_32A6U16KWATCH.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavaj2re1.4.1_07in pjpi141_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:Program FilesJavaj2re1.4.1_07in pjpi141_07.dll
O9 - Extra button: Microsoft AntiSpyware helper - {966D6EAA-0CCF-40CC-9E77-
F656C78E7BCB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {966D6EAA-0CCF-40CC-
9E77-F656C78E7BCB} - (no file) (HKCU)
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLMSystemCCSServicesTcpip..{1C3740F4-E723-401D-8E9B-885862A8026C}:
NameServer = 82.139.13.226
O17 - HKLMSystemCS1ServicesTcpip..{1C3740F4-E723-401D-8E9B-885862A8026C}:
NameServer = 82.139.13.226
O17 - HKLMSystemCS2ServicesTcpip..{1C3740F4-E723-401D-8E9B-885862A8026C}:
NameServer = 82.139.13.226
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
Corporation - C:Program FilesNorton AntiVirus avapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec
Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:WINDOWSSystem32 vsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton
AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program
FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program
FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

Przeczytaj wszystkie posty z tego wątku

---

Temat: winsock.cfg

Scan saved at 16:32:27, on 2005-04-24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesMSN MessengerMsgPlus.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesMessengermsmsgs.exe
c:progra~1intern~1iexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program Files rHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
www.mjwjpyvkdllosnpamvmje.com/NoTX7I5Ha9I63GBNeHDgtuqBozlh5U6ceu7cyXdClX23k_2FoxW4CNZt8CFkx7It.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.newgenlook.info/ad/ad0278/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar =
txicbykybogkwxsnpyps.net/NoTX7I5Ha9I63GBNeHDgtuqBozlh5U6ceu7cyXdClX18bfz1eZA20tZt8CFkx7It.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.newgenlook.info/ad/ad0278/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: Super Popup Blocker - {F1C0FAF2-E52F-4370-BC75-2C828C027B9E} -
C:WINDOWSSystem32popkill.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} -
C:Program FilesSolidDocumentsSolidConverterPDFSCPDFExploreExtPDF.dll
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [MessengerPlus3] "C:Program FilesMSN MessengerMsgPlus.exe"
O4 - HKLM..Run: [Fork loud four lite] C:Documents and SettingsAll
UsersDane aplikacjifast pile fork loudjoy new.exe
O4 - HKLM..Run: [Super Popup Blocker] C:SagaSuper Popup Blockerpopkill.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [MessengerPlus3] "C:Program FilesMSN
MessengerMsgPlus.exe" /WinStart
O4 - HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O4 - HKCU..Run: [roam bind] C:DOCUME~1kamilkaDANEAP~1PROGRA~1List
Bleh.exe
O4 - HKCU..Run: [Skype] "C:Program
FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - Startup: SAM.lnk = C:Program FilesSkypeSAMSAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOfficeOSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A34548C0-7648-48FB-B406-
FD7B2A67573D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A34548C0-7648-48FB-
B406-FD7B2A67573D} - (no file) (HKCU)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLMSystemCCSServicesTcpip..{00D20B4C-5497-479D-B5F0-6026AF230EAA}:
NameServer = 212.191.64.10
O17 - HKLMSystemCCSServicesTcpip..{DEC39FC5-D38A-42F7-AF8B-3AA877A61259}:
NameServer = 212.191.64.10
O17 - HKLMSystemCS1ServicesTcpip..{00D20B4C-5497-479D-B5F0-6026AF230EAA}:
NameServer = 212.191.64.10
O17 - HKLMSystemCS2ServicesTcpip..{00D20B4C-5497-479D-B5F0-6026AF230EAA}:
NameServer = 212.191.64.10
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashWebSv.exe" /service (file missing)

Przeczytaj wszystkie posty z tego wątku

---

Temat: prosze o sprawdzenie loga!!
prosze o sprawdzenie loga!!

Scan saved at 16:32:27, on 2005-04-24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesMSN MessengerMsgPlus.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesMessengermsmsgs.exe
c:progra~1intern~1iexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program Files rHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
www.mjwjpyvkdllosnpamvmje.com/NoTX7I5Ha9I63GBNeHDgtuqBozlh5U6ceu7cyXdClX23k_2FoxW4CNZt8CFkx7It.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.newgenlook.info/ad/ad0278/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar =
txicbykybogkwxsnpyps.net/NoTX7I5Ha9I63GBNeHDgtuqBozlh5U6ceu7cyXdClX18bfz1eZA20tZt8CFkx7It.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.newgenlook.info/ad/ad0278/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: Super Popup Blocker - {F1C0FAF2-E52F-4370-BC75-2C828C027B9E} -
C:WINDOWSSystem32popkill.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} -
C:Program FilesSolidDocumentsSolidConverterPDFSCPDFExploreExtPDF.dll
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [MessengerPlus3] "C:Program FilesMSN
MessengerMsgPlus.exe"
O4 - HKLM..Run: [Fork loud four lite] C:Documents and SettingsAll
UsersDane aplikacjifast pile fork loudjoy new.exe
O4 - HKLM..Run: [Super Popup Blocker] C:SagaSuper Popup
Blockerpopkill.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [MessengerPlus3] "C:Program FilesMSN
MessengerMsgPlus.exe" /WinStart
O4 - HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O4 - HKCU..Run: [roam bind] C:DOCUME~1kamilkaDANEAP~1PROGRA~1List
Bleh.exe
O4 - HKCU..Run: [Skype] "C:Program
FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - Startup: SAM.lnk = C:Program FilesSkypeSAMSAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOfficeOSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A34548C0-7648-48FB-B406-
FD7B2A67573D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A34548C0-7648-
48FB-B406-FD7B2A67573D} - (no file) (HKCU)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLMSystemCCSServicesTcpip..{00D20B4C-5497-479D-B5F0-
6026AF230EAA}: NameServer = 212.191.64.10
O17 - HKLMSystemCCSServicesTcpip..{DEC39FC5-D38A-42F7-AF8B-
3AA877A61259}: NameServer = 212.191.64.10
O17 - HKLMSystemCS1ServicesTcpip..{00D20B4C-5497-479D-B5F0-
6026AF230EAA}: NameServer = 212.191.64.10
O17 - HKLMSystemCS2ServicesTcpip..{00D20B4C-5497-479D-B5F0-
6026AF230EAA}: NameServer = 212.191.64.10
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil
SoftwareAvast4ashWebSv.exe" /service (file missing)

Przeczytaj wszystkie posty z tego wątku

---

Temat: Mam problemy z wirusem
Mam problemy z wirusem
mam problemy z jakims wirusem tapeta wyskakuje mi niebieska z jakas
informacja prosze o sprawdzenie loga z gory dziekuje

Logfile of HijackThis v1.99.1
Scan saved at 17:29:53, on 2005-04-27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32logonui.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32CTHELPER.EXE
C:Program FilesSymantecNorton Ghost 2003GhostStartTrayApp.exe
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:Program FilesMedia AccessMediaAccK.exe
C: empsalm.exe
C:Program FilesInternet Optimizeroptimize.exe
C:Program FilesMedia AccessMediaAccess.exe
C:WINDOWSSystem32gah95on6.exe
C:WINDOWSSystem32DRIVERSCDANTSRV.EXE
C:WINDOWSwbevcbqn.exe
C:Program FilesSbojWpuq.exe
C:WINDOWSSystem32ctfmon.exe
C:WINDOWSSystem32CTsvcCDA.exe
C:PROGRA~1SymantecNORTON~1GHOSTS~2.EXE
C:Program FilesSkypePhoneSkype.exe
C:wp.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesAdobeAcrobat 7.0Reader eader_sl.exe
C:Program FilesYDPYdpDictWatch.exe
C:Program FilesCommon FilesYDPUserAccessManageruseraccess.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesInternet Exploreriexplore.exe
E:ForumGazeta.plhijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.onet.pl/
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
about:blank
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
about:blank
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyServer = 10.4.0.50:80
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:WINDOWS em220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
C:WINDOWSwsem303.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [CTHelper] CTHELPER.EXE
O4 - HKLM..Run: [Jet Detection] "C:Program
FilesCreativeSBLivePROGRAMADGJDet.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [GhostStartTrayApp] C:Program FilesSymantecNorton Ghost
2003GhostStartTrayApp.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon
FilesRealUpdate_OB ealsched.exe" -osboot
O4 - HKLM..Run: [Media Access] C:Program FilesMedia AccessMediaAccK.exe
O4 - HKLM..Run: [salm] c: empsalm.exe
O4 - HKLM..Run: [Internet Optimizer] "C:Program FilesInternet
Optimizeroptimize.exe"
O4 - HKLM..Run: [gah95on6] C:WINDOWSSystem32gah95on6.exe
O4 - HKLM..Run: [wbevcbqn] C:WINDOWSwbevcbqn.exe
O4 - HKLM..Run: [Security iGuard] C:Program FilesSecurity iGuardSecurity
iGuard.exe
O4 - HKLM..Run: [Pnpgeavy] C:Program FilesSbojWpuq.exe
O4 - HKLM..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [Skype] "C:Program
FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [WindowsFY] c:wp.exe
O4 - HKCU..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program
FilesAdobeAcrobat 7.0Reader eader_sl.exe
O4 - Global Startup: Aktywacja Testera.lnk = C:Program
FilesYDPYdpDictWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {F2570A0D-001D-477D-93D1-D05EF5EB95CD} - (no
file)
O9 - Extra button: Microsoft AntiSpyware helper - {4A0390F2-185B-4546-97C8-
FD8566329C86} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4A0390F2-185B-
4546-97C8-FD8566329C86} - (no file) (HKCU)
O12 - Plugin for .spop: C:Program FilesInternet
ExplorerPluginsNPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c282.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O17 - HKLMSystemCCSServicesTcpip..{C3547571-9223-4C76-8EF2-
49E45879292B}: NameServer = 195.136.250.200,195.136.250.201
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:WINDOWSSystem32
DRIVERSCDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:WINDOWSSystem32CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:PROGRA~1
SymantecNORTON~1GHOSTS~2.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:Program
FilesCommon FilesMacromedia SharedServiceMacromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:WINDOWSSystem32 vsvc32.exe
O23 - Service: Securom User Access for Windows 2000 and Windows XP a
technology by Sony DADC (UserAccess) - Unknown owner - C:Program
FilesCommon FilesYDPUserAccessManageruseraccess.exe

Przeczytaj wszystkie posty z tego wątku

---

Temat: Bardzo Prosze o sprawdzenie loga hijackthis !!!
Bardzo Prosze o sprawdzenie loga hijackthis !!!
Bardzo prosze o sprawdzenie loga, dopiero dzisaj zinstalowałam Hijackthis,
nie wiem co to jest, ale prosze o sprawdzenie i instrukcje. Miałam problem z
Trojan-Spy.HTML.Sfitfraud.c, porazdiłam sobie ale chyba nie do konca.

LOG

Logfile of HijackThis v1.99.1
Scan saved at 22:39:58, on 2005-04-30
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32Atievxx.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSExplorer.EXE
C:Program FilesJavajre1.5.0_01injusched.exe
C:Program FilesMedia PassMediaPassK.exe
C:WINDOWSms1.exe
C:WINDOWSisrvsdesktop.exe
C:Program FilesMedia PassMediaPass.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGadu-Gadugg.exe
C:Program FilesSkypePhoneSkype.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsmegiPulpitHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
81.222.131.49/index.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
www.interia.pl/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
81.222.131.49/index.php
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
81.222.131.49/index.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
81.222.131.49/index.php
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
81.222.131.49/index.php
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} -
C:WINDOWSBolger.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} -
C:WINDOWSisrvssysupd.dll (file missing)
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} -
C:WINDOWSdrexinit.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_01
injusched.exe
O4 - HKLM..Run: [Media Pass] C:Program FilesMedia PassMediaPassK.exe
O4 - HKLM..Run: [gah95on6] C:WINDOWSSystem32gah95on6.exe
O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32\NeroCheck.exe
O4 - HKLM..Run: [Windows Update] C:WINDOWSms1.exe
O4 - HKLM..Run: [Desktop Search] C:WINDOWSisrvsdesktop.exe
O4 - HKLM..Run: [ffis] C:WINDOWSisrvsffisearch.exe
O4 - HKLM..Run: [KAVPersonal50] C:Program FilesKaspersky LabKaspersky
Anti-Virus Personalkav.exe /minimize
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [Skype] "C:Program
FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [PayTime] C:WINDOWSSystem32paytime.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_01in pjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:Program FilesJavajre1.5.0_01in pjpi150_01.dll
O9 - Extra button: Microsoft AntiSpyware helper - {7CFDB64D-9514-4861-8188-
4D2B7FBF9A1C} - C:WINDOWSSystem32wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7CFDB64D-9514-
4861-8188-4D2B7FBF9A1C} - C:WINDOWSSystem32wldr.dll (file missing)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {7CFDB64D-9514-4861-8188-
4D2B7FBF9A1C} - C:WINDOWSSystem32wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7CFDB64D-9514-
4861-8188-4D2B7FBF9A1C} - C:WINDOWSSystem32wldr.dll (file missing) (HKCU)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) - security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106302989924
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} -
C:WINDOWSisrvsmfiltis.dll
O20 - Winlogon Notify: drct16 - C:WINDOWSSYSTEM32drct16.dll
O23 - Service: kavsvc - Kaspersky Lab - C:Program FilesKaspersky
LabKaspersky Anti-Virus Personalkavsvc.exe

Przeczytaj wszystkie posty z tego wątku

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

erfly06132.opx.pl

---

Strona 3 z 4 • Zostało wyszukane 210 wypowiedzi • 1, 2, 3, 4