Dodaj do ulubionych

złapałem syfa tzn SWIZZOR.BR i co?

30.10.04, 11:29
i nie moge tego niczym usunac
pomocy
Obserwuj wątek
        • sntx Re: złapałem syfa tzn SWIZZOR.BR i co? 31.10.04, 10:43
          Logfile of HijackThis v1.98.2
          Scan saved at 10:43:06, on 2004-10-31
          Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\SYSTEM32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\DU Meter\DUMeter.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
          C:\Program Files\Spyware Doctor\spydoctor.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          C:\WINDOWS\system32\crypserv.exe
          C:\WINDOWS\system32\drivers\KodakCCS.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
          C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
          C:\WINDOWS\System32\nvsvc32.exe
          C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
          C:\WINDOWS\System32\ScsiAccess.EXE
          C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
          C:\Program Files\Mozilla Thunderbird\thunderbird.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          c:\progra~1\intern~1\iexplore.exe
          C:\Program Files\Avant Browser\avant.exe
          C:\Program Files\Gadu-Gadu\gg.exe
          C:\totalcmd\TOTALCMD.EXE
          C:\Program Files\Messenger\msmsgs.exe
          c:\RADEK\hj\HijackThis.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
          web.vxnehgsrajxuuytonatgfcb.com/VePyHmzsUCrJ7j74bdRMuViCVK6oZmwARWKWpORq8Us7/ewv4lX2mDxEVpuEEnni.htm
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.bdqdwuujvkkubztxplv.net/VePyHmzsUCpyT_aY4IvfFRQgm1CAZt8wu9crb0DQejM.html
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          C:\WINDOWS\about.htm
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
          Internet Explorer
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
          Settings,ProxyServer = http=localhost:1035
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
          C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {99175980-6844-DD26-95EC-86542F6EFB29} - C:\DOCUME~1
          \DIABLO\DANEAP~1\EGGSTI~1\RuleAxis.exe
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
          Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
          C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
          O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
          \NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
          Shared\ccApp.exe"
          O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password
          Manager\AcctMgr.exe /startup
          O4 - HKLM\..\Run: [dart default store second] C:\Documents and Settings\All
          Users\Dane aplikacji\THEJUMPDARTDEFAULT\OWNS INTERNET.exe
          O4 - HKCU\..\Run: [fork five] C:\DOCUME~1\DIABLO\DANEAP~1\PLANMA~1\wmabash.exe
          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
          O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
          Doctor\spydoctor.exe" /Q
          O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
          Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
          C:\Program Files\Avant Browser\AddAllToADBlackList.htm
          O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program
          Files\Avant Browser\AddToADBlackList.htm
          O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
          C:\Program Files\Avant Browser\OpenAllLinks.htm
          O8 - Extra context menu item: Podświetl - C:\Program Files\Avant
          Browser\Highlight.htm
          O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
          C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
          00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
          ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
          O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -
          www.webshots.com/samplers/WSDownloader.ocx
          O17 - HKLM\System\CCS\Services\Tcpip\..\{66FE68D1-7E39-4984-8BD6-534BFB4B73DB}:
          NameServer = 192.168.100.1

          • netsec Re: HiJack log - sntx 31.10.04, 15:35
            Ściągnij nowy CWShredder 2.0
            cwshredder.net/bin/CWSInstall.exe
            Sprawdź czy masz włączoną zaporę Internetową we właściwościach Twojego
            połączenia do Internetu.

            Wyłącz przywracanie systemu:
            support.microsoft.com/default.aspx?scid=kb;pl;310405
            Uruchom komputer w trybie awaryjnym:
            support.microsoft.com/default.aspx?scid=KB;PL;315222
            Po uruchomieniu komputera w trybie awaryjnym, nie otwieraj Internet Explorera.

            Uruchom ponownie HiJackThis wykonaj SCAN i zaznacz te pozycje:


            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
            web.vxnehgsrajxuuytonatgfcb.com/VePyHmzsUCrJ7j74bdRMuViCVK6oZmwARWKWpORq8Us7/ewv
            4lX2mDxEVpuEEnni.htm
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.bdqdwuujvkkubztxplv.net/VePyHmzsUCpyT_aY4IvfFRQgm1CAZt8wu9crb0DQejM.html
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            C:\WINDOWS\about.htm
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
            Internet Explorer
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
            Settings,ProxyServer = http=localhost:1035
            O2 - BHO: (no name) - {99175980-6844-DD26-95EC-86542F6EFB29} - C:\DOCUME~1
            \DIABLO\DANEAP~1\EGGSTI~1\RuleAxis.exe
            O4 - HKLM\..\Run: [dart default store second] C:\Documents and Settings\All
            Users\Dane aplikacji\THEJUMPDARTDEFAULT\OWNS INTERNET.exe
            O4 - HKCU\..\Run: [fork five] C:\DOCUME~1\DIABLO\DANEAP~1\PLANMA~1\wmabash.exe
            O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
            ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8
            .cab
            O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -
            www.webshots.com/samplers/WSDownloader.ocx

            Po zaznaczeniu wykonaj FIX CHECKED i potwierdź TAK/OK.

            W Panel Sterowania =>Opcje Internetowe usuń
            Tymczasowe pliki Internetowe (Wszystkie) i Cooki.

            Odinstaluj w Panelu sterowania Dodaj/Usuń programy wszystkie
            programy, co do których nie masz pewności, że Ci są potrzebne.

            Uruchom CWShredder i wykonaj Fix.

            Usuń wszystkie pliki tymczasowe.
            Czyli otwierasz Mój Komputer, w pasku adresów wklejasz %temp% co przerzuci cię
            natychmiastowo do folderu TEMP.
            Wyrzuć stamtąd wszystko co się da. Upewnij się że masz w Opcje folderów
            włączone pokazywanie ukrytych plików i folderów.

            Oczyść kosz.

            Uruchom komputer w normalnym trybie.

            Ściągnij i zainstaluj Ad-Aware SE Personal Edition v1.05
            Pobieranie najnowszej wersji:
            www.download.com/3000-2144-10045910.html
            Przeskanuj Ad-Aware cały system.
            W celu zapewnienia maksymalnej skuteczności programu,
            należy przed skanowaniem wykonać aktualizacje bazy wykrywania.
            W trakcie uruchamiania skanowania, należy w zakładce
            "Preparing System Scan" wybrać "Perform full system scan".
            Po zakończeniu skanowania przez Ad-aware pojawi się lista obiektów do
            usunięcia.

            Dodatkowo zaktualizuj Nortona aktualizacją offilne:
            definitions.symantec.com/defs/20041030-041-i32.exe
            i przeskanuj cały system.

            Zaktualizuj system w www.windowsupdate.com o wszystkie krytyczne
            poprawki po SP2.
                  • sntx log 02.11.04, 07:15
                    Logfile of HijackThis v1.98.2
                    Scan saved at 07:14:11, on 2004-11-02
                    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
                    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                    Running processes:
                    C:\WINDOWS\System32\smss.exe
                    C:\WINDOWS\SYSTEM32\winlogon.exe
                    C:\WINDOWS\system32\services.exe
                    C:\WINDOWS\system32\lsass.exe
                    C:\WINDOWS\system32\svchost.exe
                    C:\WINDOWS\System32\svchost.exe
                    C:\WINDOWS\Explorer.EXE
                    C:\WINDOWS\system32\spoolsv.exe
                    C:\Program Files\DU Meter\DUMeter.exe
                    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
                    C:\Program Files\Spyware Doctor\spydoctor.exe
                    C:\Program Files\Gadu-Gadu\gg.exe
                    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                    c:\progra~1\intern~1\iexplore.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                    C:\WINDOWS\system32\crypserv.exe
                    C:\WINDOWS\system32\drivers\KodakCCS.exe
                    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
                    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
                    C:\WINDOWS\System32\nvsvc32.exe
                    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
                    C:\WINDOWS\System32\ScsiAccess.EXE
                    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
                    C:\WINDOWS\System32\svchost.exe
                    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
                    C:\Program Files\Avant Browser\avant.exe
                    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
                    C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe
                    C:\RADEK\hj\HijackThis.exe
                    C:\Program Files\Messenger\msmsgs.exe

                    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
                    www.mzyogydxjhoouiynnrchthf.com/VePyHmzsUCrJ7j74bdRMuViCVK6oZmwARWKWpORq8UvEAvNCqjNpUTxEVpuEEnni.asp
                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                    C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
                    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
                    Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
                    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
                    C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
                    O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
                    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
                    \NvCpl.dll,NvStartup
                    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
                    Shared\ccApp.exe"
                    O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password
                    Manager\AcctMgr.exe /startup
                    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
                    Doctor\spydoctor.exe" /Q
                    O4 - HKCU\..\Run: [fork five] C:\DOCUME~1\DIABLO\DANEAP~1\PLANMA~1\wmabash.exe
                    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
                    Files\Adobe\Calibration\Adobe Gamma Loader.exe
                    O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
                    C:\Program Files\Avant Browser\AddAllToADBlackList.htm
                    O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program
                    Files\Avant Browser\AddToADBlackList.htm
                    O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
                    C:\Program Files\Avant Browser\OpenAllLinks.htm
                    O8 - Extra context menu item: Podświetl - C:\Program Files\Avant
                    Browser\Highlight.htm
                    O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                    C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
                    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O17 - HKLM\System\CCS\Services\Tcpip\..\{66FE68D1-7E39-4984-8BD6-534BFB4B73DB}:
                    NameServer = 192.168.100.1

                    • netsec Re: log 02.11.04, 09:56
                      Ponownie uruchom komputer w trybie awaryjnym z wyłączonym przywracaniem systemu.
                      W trybie awaryjnym nie otwieraj żadnych aplikacji z wyjątkiem HiJackThis.

                      Uruchom ponownie HiJackThis wykonaj SCAN i zaznacz(haczykiem) te pozycje:

                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
                      www.mzyogydxjhoouiynnrchthf.com/VePyHmzsUCrJ7j74bdRMuViCVK6oZmwARWKWpORq8UvEAvNCqjNpUTxEVpuEEnni.asp
                      O4 - HKCU\..\Run: [fork five] C:\DOCUME~1\DIABLO\DANEAP~1\PLANMA~1\wmabash.exe

                      Po zaznaczeniu wykonaj FIX CHECKED i potwierdź TAK/OK.

                      Upewnij się, że opcja Pokaż wszystkie pliki w Eksploratorze Windows jest
                      włączona.

                      a. Kliknij przycisk Start, kliknij polecenie Mój komputer, kliknij menu
                      Narzędzia, a następnie kliknij polecenie Opcje folderów. Kliknij kartę
                      Widok.

                      b. W sekcji Ustawienia zaawansowane kliknij pozycję Pokaż ukryte pliki i
                      foldery.

                      c. W sekcji Ustawienia zaawansowane kliknij, aby wyczyścić pole wyboru
                      Ukryj chronione pliki systemu operacyjnego (zalecane).

                      Odszukaj plik wmabash.exe i usuń.

                      Uruchom komputer w normalny sposób.

                      Masz zainstalowane dwa programy antywirusowe:
                      Norton - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
                      Avast - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

                      Odinstaluj jeden z nich, jak widzisz ilość nie ma znaczenia.
                      Przy wykryciu intruza skanery rezydentne wzajemnie będą się blokować. Ponadto
                      niektóre programy antywirusowe mimo wyłączenia skanera rezydentnego nie
                      likwidują całkowicie swoich szponów i dalej działają w tle jako skaner poczty etc.
    • sntx TAK TO TERAZ WYGLADA 02.11.04, 18:01
      Logfile of HijackThis v1.98.2
      Scan saved at 17:59:40, on 2004-11-02
      Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\DU Meter\DUMeter.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
      C:\Program Files\Spyware Doctor\spydoctor.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\WINDOWS\system32\crypserv.exe
      C:\WINDOWS\system32\drivers\KodakCCS.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
      C:\Program Files\Avant Browser\avant.exe
      C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
      C:\WINDOWS\System32\ScsiAccess.EXE
      C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Mozilla Thunderbird\thunderbird.exe
      C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\RADEK\hj\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.pls.pl
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
      Internet Explorer
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
      Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
      C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
      O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
      \NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
      Shared\ccApp.exe"
      O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password
      Manager\AcctMgr.exe /startup
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
      Doctor\spydoctor.exe" /Q
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
      Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
      C:\Program Files\Avant Browser\AddAllToADBlackList.htm
      O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program
      Files\Avant Browser\AddToADBlackList.htm
      O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
      C:\Program Files\Avant Browser\OpenAllLinks.htm
      O8 - Extra context menu item: Podświetl - C:\Program Files\Avant
      Browser\Highlight.htm
      O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
      00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{66FE68D1-7E39-4984-8BD6-534BFB4B73DB}:
      NameServer = 192.168.100.1

            • sntx Re: avast usuniety ale 03.11.04, 07:36
              kilka minut po odpaleniu przegladarki ;-(

              Logfile of HijackThis v1.98.2
              Scan saved at 07:35:53, on 2004-11-03
              Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\SYSTEM32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\DU Meter\DUMeter.exe
              C:\Program Files\Common Files\Symantec Shared\ccApp.exe
              C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
              C:\Program Files\Gadu-Gadu\gg.exe
              C:\Program Files\Spyware Doctor\spydoctor.exe
              C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
              C:\WINDOWS\system32\crypserv.exe
              C:\WINDOWS\system32\drivers\KodakCCS.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
              C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
              C:\WINDOWS\System32\nvsvc32.exe
              C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
              C:\WINDOWS\System32\ScsiAccess.EXE
              C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
              C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
              C:\Program Files\Mozilla Thunderbird\thunderbird.exe
              C:\Program Files\Avant Browser\avant.exe
              C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\RADEK\hj\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.pls.pl
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
              Internet Explorer
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
              C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
              O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
              Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
              O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
              C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
              O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
              O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password
              Manager\AcctMgr.exe /startup
              O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
              O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
              Doctor\spydoctor.exe" /Q
              O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
              Files\Adobe\Calibration\Adobe Gamma Loader.exe
              O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera -
              C:\Program Files\Avant Browser\AddAllToADBlackList.htm
              O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program
              Files\Avant Browser\AddToADBlackList.htm
              O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... -
              C:\Program Files\Avant Browser\OpenAllLinks.htm
              O8 - Extra context menu item: Podświetl - C:\Program Files\Avant
              Browser\Highlight.htm
              O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
              C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger -
              {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O17 - HKLM\System\CCS\Services\Tcpip\..\{66FE68D1-7E39-4984-8BD6-534BFB4B73DB}:
              NameServer = 192.168.100.1

              • netsec Re: avast usuniety ale 03.11.04, 11:50
                Uruchom ponownie HiJackThis przejdź do Config później do Misc Tools i
                kliknij Generate StartupList log.
                Program zapyta czy wygenerować listę, potwierdź a zawartość listy wklej na forum.
                • sntx Re: avast usuniety ale 03.11.04, 17:42
                  StartupList report, 2004-11-03, 17:39:22
                  StartupList version: 1.52.2
                  Started from : C:\RADEK\hj\HijackThis.EXE
                  Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)
                  Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                  * Using default options
                  ==================================================

                  Running processes:

                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\SYSTEM32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\DU Meter\DUMeter.exe
                  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                  C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
                  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                  c:\progra~1\intern~1\iexplore.exe
                  C:\WINDOWS\system32\crypserv.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\WINDOWS\system32\drivers\KodakCCS.exe
                  C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                  C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
                  C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
                  C:\WINDOWS\System32\nvsvc32.exe
                  C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
                  C:\WINDOWS\System32\ScsiAccess.EXE
                  C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                  C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
                  C:\Program Files\Mozilla Thunderbird\thunderbird.exe
                  C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe
                  C:\Program Files\Avant Browser\avant.exe
                  C:\RADEK\hj\HijackThis.exe
                  C:\Program Files\Messenger\msmsgs.exe

                  --------------------------------------------------

                  Listing of startup folders:

                  Shell folders Common Startup:
                  [C:\Documents and Settings\All Users\Menu Start\Programy\Autostart]
                  Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe
                  Gamma Loader.exe

                  --------------------------------------------------

                  Checking Windows NT UserInit:

                  [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
                  UserInit = C:\WINDOWS\system32\userinit.exe,

                  --------------------------------------------------

                  Autorun entries from Registry:
                  HKLM\Software\Microsoft\Windows\CurrentVersion\Run

                  DU Meter = C:\Program Files\DU Meter\DUMeter.exe
                  NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                  ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                  AcctMgr = C:\Program Files\Norton SystemWorks\Password
                  Manager\AcctMgr.exe /startup

                  --------------------------------------------------

                  Autorun entries from Registry:
                  HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

                  (Default) =

                  --------------------------------------------------

                  Autorun entries from Registry:
                  HKCU\Software\Microsoft\Windows\CurrentVersion\Run

                  Gadu-Gadu = "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                  Spyware Doctor = "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
                  fork five = C:\DOCUME~1\DIABLO\DANEAP~1\PLANMA~1\wmabash.exe

                  --------------------------------------------------

                  Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

                  Shell=*INI section not found*
                  SCRNSAVE.EXE=*INI section not found*
                  drivers=*INI section not found*

                  Shell & screensaver key from Registry:

                  Shell=Explorer.exe
                  SCRNSAVE.EXE=
                  drivers=*Registry value not found*

                  Policies Shell key:

                  HKCU\..\Policies: Shell=*Registry key not found*
                  HKLM\..\Policies: Shell=*Registry value not found*

                  --------------------------------------------------


                  Enumerating Browser Helper Objects:

                  (no name) - C:\Program Files\Adobe\Acrobat 6.0
                  CE\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
                  NAV Helper - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll -
                  {BDF3E430-B101-42AD-A544-FADC6B084872}

                  --------------------------------------------------

                  Enumerating Task Scheduler jobs:

                  ACD2A92691855B46.job
                  ACFB51069194C372.job
                  Funkcja One Button Checkup pakietu Norton SystemWorks.job
                  Norton AntiVirus - Skanuj komputer.job
                  Symantec Drmc.job
                  Symantec NetDetect.job
                  WebReg 20041102221210.job

                  --------------------------------------------------

                  Enumerating Download Program Files:

                  [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
                  CODEBASE = v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?
                  38090.1242013889

                  [Shockwave Flash Object]
                  InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
                  CODEBASE = download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

                  --------------------------------------------------

                  Enumerating ShellServiceObjectDelayLoad items:

                  PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
                  CDBurn: C:\WINDOWS\system32\SHELL32.dll
                  WebCheck: C:\WINDOWS\$NtServicePackUninstall$\webcheck.dll
                  SysTray: C:\WINDOWS\System32\stobject.dll

                  --------------------------------------------------
                  End of report, 5 695 bytes
                  Report generated in 0,265 seconds

                  Command line options:
                  /verbose - to add additional info on each section
                  /complete - to include empty sections and unsuspicious data
                  /full - to include several rarely-important sections
                  /force9x - to include Win9x-only startups even if running on WinNT
                  /forcent - to include WinNT-only startups even if running on Win9x
                  /forceall - to include all Win9x and WinNT startups, regardless of platform
                  /history - to list version history only
                  • netsec Re: Startuplist 03.11.04, 20:28
                    To jest Twój problem, usuń ten wpis w trybie awaryjnym:

                    fork five = C:\DOCUME~1\DIABLO\DANEAP~1\PLANMA~1\wmabash.exe

                    i zawartość ktalogu gdzie jest ten plik wmabash.exe
                              • sntx Re: znowu jest 06.11.04, 11:03
                                StartupList report, 2004-11-06, 11:02:41
                                StartupList version: 1.52.2
                                Started from : C:\RADEK\hj\HijackThis.EXE
                                Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)
                                Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                                * Using default options
                                ==================================================

                                Running processes:

                                C:\WINDOWS\System32\smss.exe
                                C:\WINDOWS\SYSTEM32\winlogon.exe
                                C:\WINDOWS\system32\services.exe
                                C:\WINDOWS\system32\lsass.exe
                                C:\WINDOWS\system32\svchost.exe
                                C:\WINDOWS\System32\svchost.exe
                                C:\WINDOWS\Explorer.EXE
                                C:\WINDOWS\system32\spoolsv.exe
                                C:\Program Files\DU Meter\DUMeter.exe
                                C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                                C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
                                C:\Program Files\Windows AdTools\WinAdTools.exe
                                C:\WINDOWS\system32\cthjew.exe
                                C:\temp\salm.exe
                                C:\WINDOWS\system32\ctfmon.exe
                                C:\Program Files\Gadu-Gadu\gg.exe
                                C:\Program Files\Windows AdTools\WinRatchet.exe
                                c:\progra~1\intern~1\iexplore.exe
                                C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                                C:\Program Files\Internet Explorer\iexplore.exe
                                C:\WINDOWS\system32\crypserv.exe
                                C:\WINDOWS\system32\drivers\KodakCCS.exe
                                C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                                C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
                                C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
                                C:\WINDOWS\System32\nvsvc32.exe
                                C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
                                C:\WINDOWS\System32\ScsiAccess.EXE
                                C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
                                C:\WINDOWS\System32\svchost.exe
                                C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                                C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
                                C:\Program Files\Avant Browser\avant.exe
                                C:\Program Files\Mozilla Thunderbird\thunderbird.exe
                                C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe
                                C:\RADEK\hj\HijackThis.exe

                                --------------------------------------------------

                                Listing of startup folders:

                                Shell folders Common Startup:
                                [C:\Documents and Settings\All Users\Menu Start\Programy\Autostart]
                                Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe
                                Gamma Loader.exe

                                --------------------------------------------------

                                Checking Windows NT UserInit:

                                [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
                                UserInit = C:\WINDOWS\system32\userinit.exe,

                                --------------------------------------------------

                                Autorun entries from Registry:
                                HKLM\Software\Microsoft\Windows\CurrentVersion\Run

                                DU Meter = C:\Program Files\DU Meter\DUMeter.exe
                                NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                                ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                                AcctMgr = C:\Program Files\Norton SystemWorks\Password
                                Manager\AcctMgr.exe /startup
                                Windows AdTools = C:\Program Files\Windows AdTools\WinAdTools.exe
                                vwwxdtzt = C:\WINDOWS\system32\cthjew.exe
                                salm = c:\temp\salm.exe
                                gjytsx = C:\WINDOWS\gjytsx.exe

                                --------------------------------------------------

                                Autorun entries from Registry:
                                HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

                                (Default) =

                                --------------------------------------------------

                                Autorun entries from Registry:
                                HKCU\Software\Microsoft\Windows\CurrentVersion\Run

                                ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
                                fork five = C:\DOCUME~1\DIABLO\DANEAP~1\PLANMA~1\wmabash.exe
                                Gadu-Gadu = "C:\Program Files\Gadu-Gadu\gg.exe" /tray

                                --------------------------------------------------

                                Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

                                Shell=*INI section not found*
                                SCRNSAVE.EXE=*INI section not found*
                                drivers=*INI section not found*

                                Shell & screensaver key from Registry:

                                Shell=Explorer.exe
                                SCRNSAVE.EXE=
                                drivers=*Registry value not found*

                                Policies Shell key:

                                HKCU\..\Policies: Shell=*Registry key not found*
                                HKLM\..\Policies: Shell=*Registry value not found*

                                --------------------------------------------------


                                Enumerating Browser Helper Objects:

                                (no name) - C:\WINDOWS\multimpp.dll - {002EB272-2590-4693-B166-FBD5D9B6FEA6}
                                (no name) - C:\Program Files\Adobe\Acrobat 6.0
                                CE\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
                                (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-
                                206D7942484F}
                                NAV Helper - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll -
                                {BDF3E430-B101-42AD-A544-FADC6B084872}

                                --------------------------------------------------

                                Enumerating Task Scheduler jobs:

                                ACD2A92691855B46.job
                                ACFB51069194C372.job
                                Funkcja One Button Checkup pakietu Norton SystemWorks.job
                                Norton AntiVirus - Skanuj komputer.job
                                Symantec Drmc.job
                                Symantec NetDetect.job
                                WebReg 20041102221210.job

                                --------------------------------------------------

                                Enumerating Download Program Files:

                                [{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}]
                                InProcServer32 = C:\WINDOWS\Downloaded Program Files\WinAdToolsX.dll
                                CODEBASE = public.windupdates.com/get_file.php?
                                bt=ie&p=7fd1b1487ea24557e81cb1f266ef2780947d11d735d3f73d567bbcc1cd65aeb860d24e26
                                488494fe11db2684f9909f72dc77fd77a214:2e5848e0a9d3ad577e6a6478c1291781

                                [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
                                CODEBASE = v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?
                                38090.1242013889

                                [Shockwave Flash Object]
                                InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
                                CODEBASE = download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

                                --------------------------------------------------

                                Enumerating ShellServiceObjectDelayLoad items:

                                PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
                                CDBurn: C:\WINDOWS\system32\SHELL32.dll
                                WebCheck: C:\WINDOWS\$NtServicePackUninstall$\webcheck.dll
                                SysTray: C:\WINDOWS\System32\stobject.dll

                                --------------------------------------------------
                                End of report, 6 449 bytes
                                Report generated in 0,703 seconds

                                Command line options:
                                /verbose - to add additional info on each section
                                /complete - to include empty sections and unsuspicious data
                                /full - to include several rarely-important sections
                                /force9x - to include Win9x-only startups even if running on WinNT
                                /forcent - to include WinNT-only startups even if running on Win9x
                                /forceall - to include all Win9x and WinNT startups, regardless of platform
                                /history - to list version history only
                                • netsec Re: Startuplist2 06.11.04, 11:39
                                  Uruchom HiJack przy wyłączonym przywracaniu systemu w trybie awaryjnym.
                                  Usuń te pozycje:

                                  Windows AdTools = C:\Program Files\Windows AdTools\WinAdTools.exe
                                  vwwxdtzt = C:\WINDOWS\system32\cthjew.exe
                                  salm = c:\temp\salm.exe
                                  gjytsx = C:\WINDOWS\gjytsx.exe
                                  fork five = C:\DOCUME~1\DIABLO\DANEAP~1\PLANMA~1\wmabash.exe

                                  (no name) - C:\WINDOWS\multimpp.dll - {002EB272-2590-4693-B166-FBD5D9B6FEA6}
                                  [{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}]

                                  InProcServer32 = C:\WINDOWS\Downloaded Program Files\WinAdToolsX.dll
                                  CODEBASE = public.windupdates.com/get_file.php?
                                  bt=ie&p=7fd1b1487ea24557e81cb1f266ef2780947d11d735d3f73d567bbcc1cd65aeb860d24e26
                                  488494fe11db2684f9909f72dc77fd77a214:2e5848e0a9d3ad577e6a6478c1291781

                                  Upewnij się, że opcja Pokaż wszystkie pliki w Eksploratorze Windows jest
                                  włączona.

                                  a. Kliknij przycisk Start, kliknij polecenie Mój komputer, kliknij menu
                                  Narzędzia, a następnie kliknij polecenie Opcje folderów. Kliknij kartę
                                  Widok.

                                  b. W sekcji Ustawienia zaawansowane kliknij pozycję Pokaż ukryte pliki i
                                  foldery.

                                  c. W sekcji Ustawienia zaawansowane kliknij, aby wyczyścić pole wyboru
                                  Ukryj chronione pliki systemu operacyjnego (zalecane).

                                  Następnie skasuj folder C:\Program Files\Windows AdTools\
                                  Skasuj pliki:
                                  C:\WINDOWS\system32\cthjew.exe
                                  c:\temp\salm.exe
                                  C:\WINDOWS\gjytsx.exe

                                  Skasuj cały folder w którym jest plik wmabash.exe
                                  Czyli C:\DOCUME~1\DIABLO\DANEAP~1\PLANMA~1

                                  Przejdź do menu start wybierz Uruchom i wpisz :
                                  regsvr32 /u C:\WINDOWS\Downloaded Program Files\WinAdToolsX.dll

                                  Otwórz Mój Komputer wpisz w pasku adresu %TEMP%.
                                  Przejdziesz do folderu TEMP. Skasuj w nim wszystkie pliki które uda się
                                  skasować.

                                  Uruchom komputer w normalnym trybie i wklej nowy log z startuplist.
                                  • sntx Re: Startuplist2 06.11.04, 13:34
                                    StartupList report, 2004-11-06, 13:30:29
                                    StartupList version: 1.52.2
                                    Started from : C:\RADEK\hj\HijackThis.EXE
                                    Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)
                                    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
                                    * Using default options
                                    ==================================================

                                    Running processes:

                                    C:\WINDOWS\System32\smss.exe
                                    C:\WINDOWS\SYSTEM32\winlogon.exe
                                    C:\WINDOWS\system32\services.exe
                                    C:\WINDOWS\system32\lsass.exe
                                    C:\WINDOWS\system32\svchost.exe
                                    C:\WINDOWS\System32\svchost.exe
                                    C:\WINDOWS\Explorer.EXE
                                    C:\WINDOWS\system32\spoolsv.exe
                                    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                                    C:\WINDOWS\system32\crypserv.exe
                                    C:\WINDOWS\system32\drivers\KodakCCS.exe
                                    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                                    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
                                    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
                                    C:\WINDOWS\System32\nvsvc32.exe
                                    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
                                    C:\WINDOWS\System32\ScsiAccess.EXE
                                    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
                                    C:\WINDOWS\System32\svchost.exe
                                    C:\Program Files\DU Meter\DUMeter.exe
                                    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                                    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                                    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
                                    C:\WINDOWS\system32\ctfmon.exe
                                    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
                                    C:\WINDOWS\system32\wuauclt.exe
                                    C:\Program Files\Messenger\msmsgs.exe
                                    C:\Program Files\Gadu-Gadu\gg.exe
                                    C:\RADEK\hj\HijackThis.exe

                                    --------------------------------------------------

                                    Listing of startup folders:

                                    Shell folders Common Startup:
                                    [C:\Documents and Settings\All Users\Menu Start\Programy\Autostart]
                                    Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe
                                    Gamma Loader.exe

                                    --------------------------------------------------

                                    Checking Windows NT UserInit:

                                    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
                                    UserInit = C:\WINDOWS\system32\userinit.exe,

                                    --------------------------------------------------

                                    Autorun entries from Registry:
                                    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

                                    DU Meter = C:\Program Files\DU Meter\DUMeter.exe
                                    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                                    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
                                    AcctMgr = C:\Program Files\Norton SystemWorks\Password
                                    Manager\AcctMgr.exe /startup
                                    mzrmov = C:\WINDOWS\system32\cthjew.exe

                                    --------------------------------------------------

                                    Autorun entries from Registry:
                                    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

                                    (Default) =

                                    --------------------------------------------------

                                    Autorun entries from Registry:
                                    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

                                    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
                                    Gadu-Gadu = "C:\Program Files\Gadu-Gadu\Powergg.exe" /tray

                                    --------------------------------------------------

                                    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

                                    Shell=*INI section not found*
                                    SCRNSAVE.EXE=*INI section not found*
                                    drivers=*INI section not found*

                                    Shell & screensaver key from Registry:

                                    Shell=Explorer.exe
                                    SCRNSAVE.EXE=
                                    drivers=*Registry value not found*

                                    Policies Shell key:

                                    HKCU\..\Policies: Shell=*Registry key not found*
                                    HKLM\..\Policies: Shell=*Registry value not found*

                                    --------------------------------------------------


                                    Enumerating Browser Helper Objects:

                                    (no name) - C:\WINDOWS\multimpp.dll (file missing) - {002EB272-2590-4693-B166-
                                    FBD5D9B6FEA6}
                                    (no name) - C:\Program Files\Adobe\Acrobat 6.0
                                    CE\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
                                    (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-
                                    206D7942484F}
                                    NAV Helper - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll -
                                    {BDF3E430-B101-42AD-A544-FADC6B084872}

                                    --------------------------------------------------

                                    Enumerating Task Scheduler jobs:

                                    ACD2A92691855B46.job
                                    ACFB51069194C372.job
                                    Funkcja One Button Checkup pakietu Norton SystemWorks.job
                                    Norton AntiVirus - Skanuj komputer.job
                                    Symantec Drmc.job
                                    Symantec NetDetect.job
                                    WebReg 20041102221210.job

                                    --------------------------------------------------

                                    Enumerating ShellServiceObjectDelayLoad items:

                                    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
                                    CDBurn: C:\WINDOWS\system32\SHELL32.dll
                                    WebCheck: C:\WINDOWS\$NtServicePackUninstall$\webcheck.dll
                                    SysTray: C:\WINDOWS\System32\stobject.dll

                                    --------------------------------------------------
                                    End of report, 5 225 bytes
                                    Report generated in 0,078 seconds

                                    Command line options:
                                    /verbose - to add additional info on each section
                                    /complete - to include empty sections and unsuspicious data
                                    /full - to include several rarely-important sections
                                    /force9x - to include Win9x-only startups even if running on WinNT
                                    /forcent - to include WinNT-only startups even if running on Win9x
                                    /forceall - to include all Win9x and WinNT startups, regardless of platform
                                    /history - to list version history only
                                    • sntx Re: Startuplist2 06.11.04, 13:38
                                      a z trudem usunolem to gowno cthjew.exe i widze ze znow jest
                                      pisze ze nie mozna usunac pliku bo jest aktualnie uzywany nawet w trybie
                                      awaryjnym
    • sntx AKTUALNY LOOG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 06.11.04, 13:57
      StartupList report, 2004-11-06, 13:55:35
      StartupList version: 1.52.2
      Started from : C:\RADEK\hj\HijackThis.EXE
      Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      * Using default options
      ==================================================

      Running processes:

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\WINDOWS\system32\crypserv.exe
      C:\WINDOWS\system32\drivers\KodakCCS.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
      C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
      C:\Program Files\DU Meter\DUMeter.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
      C:\WINDOWS\System32\ScsiAccess.EXE
      C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\RADEK\hj\HijackThis.exe

      --------------------------------------------------

      Listing of startup folders:

      Shell folders Common Startup:
      [C:\Documents and Settings\All Users\Menu Start\Programy\Autostart]
      Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe
      Gamma Loader.exe

      --------------------------------------------------

      Checking Windows NT UserInit:

      [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      UserInit = C:\WINDOWS\system32\userinit.exe,

      --------------------------------------------------

      Autorun entries from Registry:
      HKLM\Software\Microsoft\Windows\CurrentVersion\Run

      DU Meter = C:\Program Files\DU Meter\DUMeter.exe
      NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      AcctMgr = C:\Program Files\Norton SystemWorks\Password
      Manager\AcctMgr.exe /startup

      --------------------------------------------------

      Autorun entries from Registry:
      HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

      (Default) =

      --------------------------------------------------

      Autorun entries from Registry:
      HKCU\Software\Microsoft\Windows\CurrentVersion\Run

      ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
      Gadu-Gadu = "C:\Program Files\Gadu-Gadu\Powergg.exe" /tray

      --------------------------------------------------

      Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

      Shell=*INI section not found*
      SCRNSAVE.EXE=*INI section not found*
      drivers=*INI section not found*

      Shell & screensaver key from Registry:

      Shell=Explorer.exe
      SCRNSAVE.EXE=
      drivers=*Registry value not found*

      Policies Shell key:

      HKCU\..\Policies: Shell=*Registry key not found*
      HKLM\..\Policies: Shell=*Registry value not found*

      --------------------------------------------------


      Enumerating Browser Helper Objects:

      (no name) - C:\WINDOWS\multimpp.dll (file missing) - {002EB272-2590-4693-B166-
      FBD5D9B6FEA6}
      (no name) - C:\Program Files\Adobe\Acrobat 6.0
      CE\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
      (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-
      206D7942484F}
      NAV Helper - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll -
      {BDF3E430-B101-42AD-A544-FADC6B084872}

      --------------------------------------------------

      Enumerating Task Scheduler jobs:

      ACD2A92691855B46.job
      ACFB51069194C372.job
      Funkcja One Button Checkup pakietu Norton SystemWorks.job
      Norton AntiVirus - Skanuj komputer.job
      Symantec Drmc.job
      Symantec NetDetect.job
      WebReg 20041102221210.job

      --------------------------------------------------

      Enumerating ShellServiceObjectDelayLoad items:

      PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
      CDBurn: C:\WINDOWS\system32\SHELL32.dll
      WebCheck: C:\WINDOWS\$NtServicePackUninstall$\webcheck.dll
      SysTray: C:\WINDOWS\System32\stobject.dll

      --------------------------------------------------
      End of report, 5 234 bytes
      Report generated in 0,141 seconds

      Command line options:
      /verbose - to add additional info on each section
      /complete - to include empty sections and unsuspicious data
      /full - to include several rarely-important sections
      /force9x - to include Win9x-only startups even if running on WinNT
      /forcent - to include WinNT-only startups even if running on Win9x
      /forceall - to include all Win9x and WinNT startups, regardless of platform
      /history - to list version history only

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka