pomocy!!!!!

IP: *.echostar.pl 28.10.04, 12:57
O co tu biega??Logfile of HijackThis v1.98.2
Scan saved at 12:50:31, on 2004-10-28
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\carpserv.exe
D:\qttask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\datray.exe
C:\WINDOWS\System32\rundll32.exe
D:\Mistrz Klawiatury 1.0\program\soffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP
Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AntyDialerTP] "c:\program files\antydialer
tp\antydialertp.exe" tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1
\Aquatica\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [EMACSJZF] c:\windows\system32\emacsjzf.exe /install
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [rundisclog] C:\WINDOWS\System32\diagspool.exe
O4 - HKCU\..\Run: [Desktop Architect] "D:\datray.exe" -S
O4 - HKCU\..\Run: [Instant Access] rundll32.exe
p2esocks_1021.dll,InstantAccess
O4 - Startup: OpenOffice.org 1.1.0.lnk = D:\Mistrz Klawiatury 1.0
\program\quickstart.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} -
akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1021_EN_XP.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
www.cult3d.com/download/cult.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} -
akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} -
megapanel.gem.pl/temp/netp/9379/2012/5202/7200/5_9379201252027200.ocx
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
www.netvenda.com/sites/games-intl/pl/games4.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -
www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} -
akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program
Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Filter: text/html - {087218A2-EEB8-4DC9-8129-F9ECF2F6632F} -
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane
aplikacji\microsoft\internet explorer\V0.26.dat

    • netsec Re: pomocy! Na początek :) 28.10.04, 13:04
      Na początek ściągnij i zainstaluj Ad-Aware SE Personal Edition v1.05
      Pobieranie najnowszej wersji: www.download.com/3000-2144-10045910.html
      Przeskanuj Ad-Aware cały system. W celu zapewnienia maksymalnej skuteczności,
      należy przed skanowaniem wykonać aktualizacje bazy wykrywania.
      W trakcie uruchamiania skanowania, należy w zakładce "Preparing System Scan"
      wybrać "Perform full system scan".
      Po zakończeniu skanowania pojawi się lista obiektów do usunięcia. Każdą z
      pozycji należy zaznaczyć(haczykiem) lub prawym klawiszem myszki można wybrać z
      menu kontekstowego(prawy klawisz myszki) "Select All Objects". Po zaznaczeniu
      wszystkich pozycji należy kliknąć Next.W ten sposób zaznaczone obiekty zostaną
      usunięte.
      Po zakończeniu uruchom komputer ponownie i wklej nowy log z HiJackThis.
      • Gość: zabol Re: pomocy! Na początek :) IP: *.echostar.pl 29.10.04, 00:02
        Logfile of HijackThis v1.98.2
        Scan saved at 00:01:03, on 2004-10-29
        Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\SYSTEM32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\AVPersonal\AVGUARD.EXE
        C:\Program Files\AVPersonal\AVWUPSRV.EXE
        C:\WINDOWS\System32\nvsvc32.exe
        C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
        C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
        C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
        C:\Program Files\Winamp\winampa.exe
        C:\WINDOWS\System32\carpserv.exe
        D:\qttask.exe
        C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
        C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE
        C:\Program Files\AVPersonal\AVGNT.EXE
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        D:\datray.exe
        C:\WINDOWS\System32\rundll32.exe
        D:\Mistrz Klawiatury 1.0\program\soffice.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        D:\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.google.pl/
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
        red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
        www.google.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
        file)
        O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
        \NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
        \spool\drivers\w32x86\3\hpztsb09.exe
        O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP
        Software Update\HPWuSchd.exe"
        O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
        Files\HP\hpcoretech\hpcmpmgr.exe"
        O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
        Imaging\bin\hpotdd01.exe
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [CARPService] carpserv.exe
        O4 - HKLM\..\Run: [AntyDialerTP] "c:\program files\antydialer
        tp\antydialertp.exe" tray
        O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
        Networking.exe /AUTOSTART
        O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner
        AQ3
        O4 - HKLM\..\Run: [EMACSJZF] c:\windows\system32\emacsjzf.exe /install
        O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [rundisclog] C:\WINDOWS\System32\diagspool.exe
        O4 - HKCU\..\Run: [Desktop Architect] "D:\datray.exe" -S
        O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
        O4 - Startup: OpenOffice.org 1.1.0.lnk = D:\Mistrz Klawiatury 1.0
        \program\quickstart.exe
        O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
        D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} -
        akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1021_EN_XP.cab
        O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
        ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
        O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
        O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
        www.cult3d.com/download/cult.cab
        O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
        akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
        O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} -
        akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
        O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} -
        megapanel.gem.pl/temp/netp/9379/2012/5202/7200/5_9379201252027200.ocx
        O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
        www.netvenda.com/sites/games-intl/pl/games4.cab
        O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -
        www2.incredimail.com/contents/setup/downloader/imloader.cab
        O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} -
        akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
        O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program
        Files\HP\hpcoretech\comp\hpuiprot.dll
        O18 - Filter: text/html - {087218A2-EEB8-4DC9-8129-F9ECF2F6632F} - C:\Documents
        and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\microsoft\internet
        explorer\V0.26.dat

        • netsec Re: HiJackLog 29.10.04, 10:20
          Ściągnij nowy CWShredder 2.0
          cwshredder.net/bin/CWSInstall.exe
          Sprawdź czy masz włączoną zaporę Internetową we właściwościach Twojego
          połączenia do Internetu. Tu jest opis jak to wykonać
          www.microsoft.com/poland/security/protect/windowsxp/firewall.aspx
          Wyłącz przywracanie systemu:
          support.microsoft.com/default.aspx?scid=kb;pl;310405
          Uruchom komputer w trybie awaryjnym:
          support.microsoft.com/default.aspx?scid=KB;PL;315222
          Po uruchomieniu komputera w trybie awaryjnym, nie otwieraj Internet Explorera.

          Uruchom ponownie HiJackThis wykonaj SCAN i zaznacz(haczykiem) te pozycje:

          R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
          red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*www.yahoo.com
          R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
          file)
          O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
          O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
          Networking.exe /AUTOSTART
          O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner
          AQ3
          O4 - HKLM\..\Run: [EMACSJZF] c:\windows\system32\emacsjzf.exe /install
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [rundisclog] C:\WINDOWS\System32\diagspool.exe
          O4 - HKCU\..\Run: [Desktop Architect] "D:\datray.exe" -S
          O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
          O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
          ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
          O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
          O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
          akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
          O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} -
          akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
          O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} -
          megapanel.gem.pl/temp/netp/9379/2012/5202/7200/5_9379201252027200.ocx
          O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
          www.netvenda.com/sites/games-intl/pl/games4.cab
          O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -
          www2.incredimail.com/contents/setup/downloader/imloader.cab
          O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} -
          akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
          O18 - Filter: text/html - {087218A2-EEB8-4DC9-8129-F9ECF2F6632F} - C:\Documents
          and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\microsoft\internet
          explorer\V0.26.dat

          Po zaznaczeniu wykonaj FIX CHECKED i potwierdź TAK/OK.

          W Panel Sterowania => Opcje Internetowe usuń
          Tymczasowe pliki Internetowe (Wszystkie) i Cooki.

          Odinstaluj w Panelu sterowania Dodaj/Usuń programy wszystkie
          programy, co do których nie masz pewności, że Ci są potrzebne.
          Odinstaluj szczególnie P2P Networking i Instant Access.

          Uruchom CWShredder i wykonaj Fix.

          Oczyść kosz.

          Uruchom komputer w normalnym trybie.

          Sprawdź czy baza wirusów w AVG aktualizuje się, przeskanuj cały system,
          najlepiej zmień antywirusa.

          o wszystkim wklej nowego loga HiJack.
          • Gość: zabol Re: HiJackLog IP: *.echostar.pl 30.10.04, 00:09
            ładny bałagan.Logfile of HijackThis v1.98.2
            Scan saved at 00:01:24, on 2004-10-30
            Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\SYSTEM32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\AVPersonal\AVGUARD.EXE
            C:\Program Files\AVPersonal\AVWUPSRV.EXE
            C:\WINDOWS\System32\nvsvc32.exe
            C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
            C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
            C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
            C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
            C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
            C:\Program Files\Winamp\winampa.exe
            C:\WINDOWS\System32\carpserv.exe
            D:\qttask.exe
            C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE
            C:\Program Files\AVPersonal\AVGNT.EXE
            C:\WINDOWS\System32\ctfmon.exe
            C:\Program Files\Messenger\msmsgs.exe
            D:\datray.exe
            C:\WINDOWS\System32\rundll32.exe
            D:\Mistrz Klawiatury 1.0\program\soffice.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\WINDOWS\System32\wuauclt.exe
            D:\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.google.pl/
            R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
            red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
            www.google.pl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
            file)
            O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
            \NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
            \spool\drivers\w32x86\3\hpztsb09.exe
            O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP
            Software Update\HPWuSchd.exe"
            O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
            Files\HP\hpcoretech\hpcmpmgr.exe"
            O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
            Imaging\bin\hpotdd01.exe
            O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
            O4 - HKLM\..\Run: [CARPService] carpserv.exe
            O4 - HKLM\..\Run: [AntyDialerTP] "c:\program files\antydialer
            tp\antydialertp.exe" tray
            O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE /partner
            AQ3
            O4 - HKLM\..\Run: [EMACSJZF] c:\windows\system32\emacsjzf.exe /install
            O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [rundisclog] C:\WINDOWS\System32\diagspool.exe
            O4 - HKCU\..\Run: [Desktop Architect] "D:\datray.exe" -S
            O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1021.dll,InstantAccess
            O4 - Startup: OpenOffice.org 1.1.0.lnk = D:\Mistrz Klawiatury 1.0
            \program\quickstart.exe
            O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
            D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
            C:\Program Files\Messenger\MSMSGS.EXE
            O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
            00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
            O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} -
            akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1021_EN_XP.cab
            O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
            ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
            O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
            O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
            www.cult3d.com/download/cult.cab
            O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
            akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
            O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} -
            akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab
            O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} -
            megapanel.gem.pl/temp/netp/9379/2012/5202/7200/5_9379201252027200.ocx
            O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
            www.netvenda.com/sites/games-intl/pl/games4.cab
            O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) -
            www2.incredimail.com/contents/setup/downloader/imloader.cab
            O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} -
            akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
            O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program
            Files\HP\hpcoretech\comp\hpuiprot.dll
            O18 - Filter: text/html - {087218A2-EEB8-4DC9-8129-F9ECF2F6632F} - C:\Documents
            and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\microsoft\internet
            explorer\V0.26.dat

            • netsec Re: HiJackLog 30.10.04, 00:48
              Sprawdź dokładnie, usuń w HiJack te pozycje o których pisałem.
              Log wygląda jakbyś prawie nic nie zrobił.
              • Gość: ZABOL Re: HiJackLog IP: *.echostar.pl 30.10.04, 12:04
                Teraz lepiej?Logfile of HijackThis v1.98.2
                Scan saved at 12:03:12, on 2004-10-30
                Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\SYSTEM32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\AVPersonal\AVGUARD.EXE
                C:\Program Files\AVPersonal\AVWUPSRV.EXE
                C:\WINDOWS\System32\nvsvc32.exe
                C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
                C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
                C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
                C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
                C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                C:\Program Files\Winamp\winampa.exe
                C:\WINDOWS\System32\carpserv.exe
                D:\qttask.exe
                C:\PROGRA~1\Aquatica\AQ3HEL~1.EXE
                C:\Program Files\AVPersonal\AVGNT.EXE
                C:\WINDOWS\System32\ctfmon.exe
                C:\Program Files\Messenger\msmsgs.exe
                D:\datray.exe
                C:\WINDOWS\System32\rundll32.exe
                D:\Mistrz Klawiatury 1.0\program\soffice.exe
                D:\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                www.google.pl/
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
                www.google.pl/
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                C:\WINDOWS\System32\msdxm.ocx
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
                \NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
                \spool\drivers\w32x86\3\hpztsb09.exe
                O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP
                Software Update\HPWuSchd.exe"
                O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
                Files\HP\hpcoretech\hpcmpmgr.exe"
                O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
                Imaging\bin\hpotdd01.exe
                O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                O4 - HKLM\..\Run: [CARPService] carpserv.exe
                O4 - HKLM\..\Run: [AntyDialerTP] "c:\program files\antydialer
                tp\antydialertp.exe" tray
                O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                O4 - Startup: OpenOffice.org 1.1.0.lnk = D:\Mistrz Klawiatury 1.0
                \program\quickstart.exe
                O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
                D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                C:\Program Files\Messenger\MSMSGS.EXE
                O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
                00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} -
                akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1021_EN_XP.cab
                O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
                www.cult3d.com/download/cult.cab
                O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
                akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
                O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program
                Files\HP\hpcoretech\comp\hpuiprot.dll

                • netsec Re: HiJackLog - ZABOL 30.10.04, 20:00
                  Teraz lepiej, zaktualizuj system w www.windowsupdate.com o wszystkie
                  krytyczne poprawki.Dodatkowo zainstaluj Jave Sun:
                  java.sun.com/webapps/download/AutoDL?BundleId=9723
Pełna wersja