Dodaj do ulubionych

Sprawdzenie loga z Hijack This

IP: *.neoplus.adsl.tpnet.pl 08.07.05, 14:55
Logfile of HijackThis v1.99.1
Scan saved at 11:20:11, on 2005-07-08
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AntiVirenKit\AVKPOP.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Programy\Gadu-Gadu\gg.exe
D:\Tlen.pl\tlen.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AntiVirenKit\AVKService.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\DOCUME~1\MONIKA\USTAWI~1\TEMP\_VWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Avant Browser\iexplore.exe
C:\Program Files\Avant Browser\aHTTP.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Monika\USTAWI~1\Temp\Rar$EX00.047\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\Monika\USTAWI~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\Monika\USTAWI~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no
file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
R3 - URLSearchHook: (no name) - {2C70DBBB-9134-BD3B-0008-8C4362E98413} -
sysmon12.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} -
C:\WINDOWS\System32\ie2cltr.dll
O2 - BHO: ActiveX Control - {3717F888-0DE3-4B9D-942C-BEFB305FC754} -
C:\WINDOWS\System32\msvjq.dll (file missing)
O2 - BHO: (no name) - {B6B36DA3-816A-4259-A159-14B317A91F50} -
C:\WINDOWS\System32\adjn.dll
O2 - BHO: (no name) - {D919F972-62B7-1E1A-E90E-6DF39C564299} -
C:\WINDOWS\System32\kaipw.dll
O2 - BHO: IE SP2 AddOn - {E806F878-81B5-4F2F-B9B6-716E505E4D6E} -
C:\WINDOWS\System32\spdqz.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} -
C:\WINDOWS\System32\ie2cltr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Generic Host Process326a System Backup] scvhost326a.exe
O4 - HKLM\..\Run: [bingo9] XTermInit.exe
O4 - HKLM\..\Run: [backorif] init32.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
lang 1033
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Program
Files\AntiVirenKit\AVKPOP.EXE"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [Generic Host Process326a System Backup]
scvhost326a.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Generic Host Process326a System Backup] scvhost326a.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Komunikator] D:\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [pi..] systemdll.exe
O4 - HKCU\..\Run: [SysSupport] defect08.exe
O4 - HKCU\..\Run: [WareOut] C:\Program Files\WareOut\WareOut.exe
O4 - HKCU\..\Run: [Owat] C:\Documents and Settings\Monika\Dane
aplikacji\ahel.exe
O4 - HKCU\..\Run: [Cbfo] C:\WINDOWS\System32\?ti2evxx.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} -
C:\Program Files\Common Files\moje.js
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.63.219.181.7
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA9C8F9D-E6F2-45B7-B3AD-
37418CF4AEF6}: NameServer = 69.50.176.156,195.225.176.31
O18 - Filter: text/html - {D0F6E90A-B126-45EE-9B65-8FEECDA2A473} -
C:\WINDOWS\System32\adjn.dll
O18 - Filter: text/plain - {D0F6E90A-B126-45EE-9B65-8FEECDA2A473} -
C:\WINDOWS\System32\adjn.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q1058859_disk.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt
Edytor zaawansowany
  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 08.07.05, 15:08
    Pisalem, nie zakladaj nowych watkow, a Ty dalej swoje!
    Nie uruchamiaj hijackthis z zipa!
    Odinstaluj wszystkie antyvirusy i zostaw tylko jeden!

    Przeskanuj i usun wszystko tym:
    download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
    Uzyj tego:
    www.trojaner-info.de/files/SpSeHjfix112.exe
    www.firewallleaktester.com/tools/wwdc.exe
    www.searchengines.pl/phpbb203/index.php?
    s=5debf1bfeab0c89e54567f66c39699f0&act=Attach&type=post&id=459
    www.searchengines.pl/phpbb203/index.php?act=Attach&type=post&id=1310
    W hijackthis usun te wpisy:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://C:\DOCUME~1\Monika\USTAWI~1\Temp\se.dll/spage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://C:\DOCUME~1\Monika\USTAWI~1\Temp\se.dll/spage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no
    file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
    file)
    R3 - URLSearchHook: (no name) - {2C70DBBB-9134-BD3B-0008-8C4362E98413} -
    sysmon12.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} -
    C:\WINDOWS\System32\ie2cltr.dll
    O2 - BHO: ActiveX Control - {3717F888-0DE3-4B9D-942C-BEFB305FC754} -
    C:\WINDOWS\System32\msvjq.dll (file missing)
    O2 - BHO: (no name) - {B6B36DA3-816A-4259-A159-14B317A91F50} -
    C:\WINDOWS\System32\adjn.dll
    O2 - BHO: (no name) - {D919F972-62B7-1E1A-E90E-6DF39C564299} -
    C:\WINDOWS\System32\kaipw.dll
    O2 - BHO: IE SP2 AddOn - {E806F878-81B5-4F2F-B9B6-716E505E4D6E} -
    C:\WINDOWS\System32\spdqz.dll (file missing)
    O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} -
    C:\WINDOWS\System32\ie2cltr.dll
    O4 - HKLM\..\Run: [Generic Host Process326a System Backup] scvhost326a.exe
    O4 - HKLM\..\Run: [bingo9] XTermInit.exe
    O4 - HKLM\..\Run: [backorif] init32.exe
    O4 - HKLM\..\RunServices: [Generic Host Process326a System Backup]
    scvhost326a.exe
    O4 - HKCU\..\Run: [Generic Host Process326a System Backup] scvhost326a.exe
    O4 - HKCU\..\Run: [pi..] systemdll.exe
    O4 - HKCU\..\Run: [SysSupport] defect08.exe
    O4 - HKCU\..\Run: [WareOut] C:\Program Files\WareOut\WareOut.exe
    O4 - HKCU\..\Run: [Owat] C:\Documents and Settings\Monika\Dane
    aplikacji\ahel.exe
    O4 - HKCU\..\Run: [Cbfo] C:\WINDOWS\System32\?ti2evxx.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
    00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
    file)
    O15 - Trusted Zone: *.63.219.181.7
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.iframedollars.biz
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.skoobidoo.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.slotchbar.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.iframedollars.biz (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.skoobidoo.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.slotchbar.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted IP range: 213.159.117.202
    O15 - Trusted IP range: 213.159.117.202 (HKLM)
    O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BA9C8F9D-E6F2-45B7-B3AD-
    37418CF4AEF6}: NameServer = 69.50.176.156,195.225.176.31 <- rootkit
    O18 - Filter: text/html - {D0F6E90A-B126-45EE-9B65-8FEECDA2A473} -
    C:\WINDOWS\System32\adjn.dll
    O18 - Filter: text/plain - {D0F6E90A-B126-45EE-9B65-8FEECDA2A473} -
    C:\WINDOWS\System32\adjn.dll
    O20 - Winlogon Notify: style2 - C:\WINDOWS\q1058859_disk.dll
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)

    Nastepni:
    www.downloads.subratam.org/KillBox.zip
    Rozpakuj, zaznacz Delete on reboot wklej sciezke do pliku (sam nie szukaj tylko
    wklejaj gotowa) i naciskaj czerwony przycisk ale na pytanie o reset odpowiadaj
    nie i tak zrob z tymi plikami:

    C:\WINDOWS\q1058859_disk.dll
    c:\ied_s7.cab
    C:\WINDOWS\System32\ie2cltr.dll
    C:\WINDOWS\System32\kaipw.dll
    C:\WINDOWS\System32\XTermInit.exe
    C:\WINDOWS\System32\init32.exe
    C:\WINDOWS\System32\scvhost326a.exe
    C:\WINDOWS\System32\systemdll.exe
    C:\WINDOWS\System32\defect08.exe
    C:\Program Files\WareOut\WareOut.exe
    C:\Documents and Settings\Monika\Dane aplikacji\ahel.exe
    C:\WINDOWS\System32\?ti2evxx.exe

    Start->Uruchom->regedit przejdz do:
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
    i usun tam:
    _{08C06D61-F1F3-4799-86F8-BE1A89362C85}
    _{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

    Po resecie wklej nowy log.
  • Gość: wkleilem loga-kacp IP: *.neoplus.adsl.tpnet.pl 09.07.05, 19:47
    Logfile of HijackThis v1.99.1
    Scan saved at 19:43:22, on 2005-07-09
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\AntiVirenKit\AVKService.exe
    C:\Program Files\AntiVirenKit\AVKWCtl.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\DOCUME~1\MONIKA\USTAWI~1\TEMP\_VWUPSRV.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Monika\USTAWI~1\Temp\Rar$EX00.594\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://C:\DOCUME~1\Monika\USTAWI~1\Temp\se.dll/spage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {378B63C5-88A2-4B13-9F59-F75DD12F1172} -
    C:\WINDOWS\System32\adjn.dll
    O15 - Trusted Zone: *.63.219.181.7
    O18 - Filter: text/html - {6888E4F4-A5D0-429B-80D9-93D419B3CD26} -
    C:\WINDOWS\System32\adjn.dll
    O18 - Filter: text/plain - {6888E4F4-A5D0-429B-80D9-93D419B3CD26} -
    C:\WINDOWS\System32\adjn.dll
    O20 - Winlogon Notify: style2 - C:\WINDOWS\q1058859_disk.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1
    \Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program
    Files\AntiVirenKit\AVKService.exe
    O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program
    Files\AntiVirenKit\AVKWCtl.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program
    Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH,
    Germany - C:\DOCUME~1\MONIKA\USTAWI~1\TEMP\_VWUPSRV.EXE

  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 09.07.05, 21:12
    No pewnie, ze zostalo skoro nie zrobiles tego co napisalem!

    Uzyj tego:
    www.trojaner-info.de/files/SpSeHjfix112.exe
    www.malwarebytes.biz/AboutBuster.zip
    Skanowanie i usuwanie tym:
    download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe

    Dalej masz dwa antyvirusy wiec odinstaluj jeden!

    W hijackthis usun:

    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    > res://C:\DOCUME~1\Monika\USTAWI~1\Temp\se.dll/spage.html
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    > about:blank
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    > about:blank
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    > R3 - Default URLSearchHook is missing
    > O2 - BHO: (no name) - {378B63C5-88A2-4B13-9F59-F75DD12F1172} -
    > C:\WINDOWS\System32\adjn.dll
    > O15 - Trusted Zone: *.63.219.181.7
    > O18 - Filter: text/html - {6888E4F4-A5D0-429B-80D9-93D419B3CD26} -
    > C:\WINDOWS\System32\adjn.dll
    > O18 - Filter: text/plain - {6888E4F4-A5D0-429B-80D9-93D419B3CD26} -
    > C:\WINDOWS\System32\adjn.dll
    > O20 - Winlogon Notify: style2 - C:\WINDOWS\q1058859_disk.dll (file missing)

    W ogole nic nie zrobiles z tego co napisalem za to usunales potrzebne wpisy,
    zaczynam watpic czy dalsza pomoc ma w ogole jakis sens...

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka