marck2 06.11.04, 10:33 nie roztrzasajmy tematu.. jesli ktos moze pomóc poza formatem to bardzo prosze pozdrawiam Odpowiedz Link Zgłoś Obserwuj wątek Podgląd Opublikuj
marck2 Re: web rebates prosze o realną pomoc 06.11.04, 10:36 marck2 napisał: > nie roztrzasajmy tematu.. jesli ktos moze pomóc poza formatem to bardzo prosze > pozdrawiam Logfile of HijackThis v1.97.7 Scan saved at 10:36:29, on 2004-11-06 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Windows AdTools\WinAdTools.exe C:\Program Files\Web_Rebates\WebRebates0.exe C:\Program Files\Windows AdTools\WinRatchet.exe C:\WINNT\system32\internat.exe C:\PROGRA~1\INTERN~1\iexplore.exe C:\Documents and Settings\Marcos\Dane aplikacji\cten.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\GetRight\getright.exe C:\Program Files\Paltalk\pnetaware.exe C:\Program Files\GetRight\getright.exe C:\Program Files\Web_Rebates\WebRebates1.exe C:\wincmd\WINCMD32.EXE C:\Program Files\SlimBrowser\sbrowser.exe C:\Program Files\Kurier Poczty\thunderbird.exe C:\WINNT\system32\taskmgr.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\Program Files\Tlen.pl\tlen.exe C:\TMP\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/WINNT/homepage.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\homepage.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.aster.pl/aster.pac R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1 \YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5 \DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" - atboottime O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell32.dll /c /set O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe -autostart O4 - HKLM\..\Run: [ist service uninstall] C:\WINNT\system32\services\all.exe /u O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe" O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess O4 - HKCU\..\Run: [Luea] C:\Documents and Settings\Marcos\Dane aplikacji\cten.exe O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe - quiet O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Web Search - C:\WINNT\ex.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo! \Common/ycdict.htm O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Microsoft® JavaScript® Console (HKLM) O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM) O9 - Extra button: Microsoft® JavaScript® Console (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU) O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php? bt=ie&p=7fd1b1487ea24557e81cb1f266ef2780947d11d735d3f73d567bbcc1cd65aeb860d24e26 488494fe11db2684f9909f72dc77fd77a214:2e5848e0a9d3ad577e6a6478c1291781 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall /xscan53.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38123.1656944444 O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Odpowiedz Link Zgłoś
marck2 Re: web rebates prosze o realną pomoc 06.11.04, 10:43 Zrobilem cos śmiesznego, udalo sie zamknac proces i w tej samej sekundzie wywalilem katalog web reabets, :-) czy jak mam zone alarm i go nie wpuszcze teraz, to cos pomoże? Odpowiedz Link Zgłoś
marck2 Re: web rebates prosze o realną pomoc 06.11.04, 17:02 widze ze raczej monolog prowadze... trudno, na razie zainstalowalem 30 dniowy:- ( Spy sweeper, wywalił troche smiecia i tego web reabbets-a też, zobaczymy na jak długo, to chyba najlepszy program jaki znalazłem, ale niestety płatny... Odpowiedz Link Zgłoś
netsec Re: web rebates prosze o realną pomoc 06.11.04, 17:26 Forum to nie jest płatny help desk, nikt tu nie siedzi cały czas. Jeśli chcesz pomocy to nie stawiaj warunków a może ktoś ci pomoże. Wklej nowy log z HiJack. Jeśli chodzi o web rebates to ostatnia plaga. Odpowiedz Link Zgłoś
marck2 Re: web rebates prosze o realną pomoc 06.11.04, 17:52 Nie stawiam zadnych warunków, ale dyskusje zabyt często wychodza poza temat,i taki amator jak ja, czesto sie gubi, nie kazdy tu jest zawodowcem, ja sie znam troche na grafice i mam milion róznych żeczy na kompie, których praktycznie nie da się odtworzyć,programiki,drivery i takie tam, nie moge sobie pozwolić na format C: jak bym miał tylko dooma i goły system to pewnie tak... dlatego prosiłem co mozna zrobić? jaki program może? bo to najłatwiejsze dla laika,zrozumiałem że to nie taki pryszcz ten reabets, i walcze jak potrafie, odpalajac rózne programy,gaszac procesy, poprostu domowym amatorskim systemem. a to mój nowy log Logfile of HijackThis v1.97.7 Scan saved at 17:45:30, on 2004-11-06 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\system32\internat.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\GetRight\getright.exe C:\Program Files\GetRight\getright.exe C:\WINNT\system32\taskmgr.exe C:\Program Files\Kurier Poczty\thunderbird.exe C:\wincmd\WINCMD32.EXE C:\Program Files\BitComet\BitComet.exe C:\Program Files\SlimBrowser\sbrowser.exe C:\WINNT\explorer.exe C:\Program Files\Windows AdTools\WinAdTools.exe C:\Program Files\Windows AdTools\WinRatchet.exe C:\Program Files\Tlen.pl\tlen.exe C:\TMP\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/WINNT/homepage.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/WINNT/homepage.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.aster.pl/aster.pac R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1 \YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5 \DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" - atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe -autostart O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe - quiet O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Microsoft® JavaScript® Console (HKLM) O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM) O9 - Extra button: Microsoft® JavaScript® Console (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38123.1656944444 O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - 67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Pozdrawiam Odpowiedz Link Zgłoś
netsec Re: web rebates prosze o realną pomoc 06.11.04, 18:05 Ok rozumiem, ale niestety Twój problem wróci: 1. Wklej nowy log ale wykonany najnowszą wersją HiJack, ona pokazuje wiecej: forum.gazeta.pl/forum/72,2.html?f=23618&w=16131117&wv.x=1&a=17082886 2. W kolejnym poście wklej log z tego: Uruchom ponownie HiJackThis przejdź do Config później do Misc Tools i kliknij Generate StartupList log. Program zapyta czy wygenerować listę, potwierdź a zawartość listy wklej na forum. Odpowiedz Link Zgłoś
marck2 Re: web rebates prosze o realną pomoc 06.11.04, 18:23 netsec napisał: > Ok rozumiem, ale niestety Twój problem wróci: > 1. Wklej nowy log ale wykonany najnowszą wersją HiJack, ona pokazuje wiecej: > forum.gazeta.pl/forum/72,2.html?f=23618&w=16131117&wv.x=1&a=17082886 Logfile of HijackThis v1.98.2 Scan saved at 18:23:55, on 2004-11-06 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\system32\internat.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\GetRight\getright.exe C:\Program Files\GetRight\getright.exe C:\WINNT\system32\taskmgr.exe C:\Program Files\Kurier Poczty\thunderbird.exe C:\wincmd\WINCMD32.EXE C:\Program Files\BitComet\BitComet.exe C:\Program Files\SlimBrowser\sbrowser.exe C:\WINNT\explorer.exe C:\Program Files\Windows AdTools\WinAdTools.exe C:\Program Files\Windows AdTools\WinRatchet.exe C:\Program Files\Tlen.pl\tlen.exe C:\DOCUME~1\MARCOS\USTAWI~1\TEMP\$wc\HIJACK~1.EXE C:\TMP\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/WINNT/homepage.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/WINNT/homepage.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.your-search.info/search.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.aster.pl/aster.pac R3 - Default URLSearchHook is missing F1 - win.ini: run=fntldr.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5 \DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" - atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe -autostart O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe - quiet O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55- 00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Microsoft® JavaScript® Console - {FD3BFB69-3053-4ABC-9AD5- D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX O9 - Extra 'Tools' menuitem: JavaScript Console - {FD3BFB69-3053-4ABC-9AD5- D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX O9 - Extra button: Microsoft® JavaScript® Console - {FD3BFB69-3053-4ABC-9AD5- D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {FD3BFB69-3053-4ABC-9AD5- D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX (HKCU) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - 67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll O20 - AppInit_DLLs: c:\winnt\system32\sqlehje.dll Odpowiedz Link Zgłoś
marck2 Re: web rebates prosze o realną pomoc 06.11.04, 18:27 marck2 napisał: ) netsec napisał: ) ) ) Ok rozumiem, ale niestety Twój problem wróci: ) ) 1. Wklej nowy log ale wykonany najnowszą wersją HiJack, ona pokazuje wiec ) ej: ) ) (a href="https://forum.gazeta.pl/forum/72,2.html? f=23618&w=16131117&wv.x=1&a=17082886" target="_blank")forum.gazeta.pl/forum/72,2.html? f=23618&w=16131117&wv.x=1&a=17082886(/a) ) ) ) Logfile of HijackThis v1.98.2 ) Scan saved at 18:23:55, on 2004-11-06 ) Platform: Windows 2000 SP4 (WinNT 5.00.2195) ) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) ) ) Running processes: ) C:\WINNT\System32\smss.exe ) C:\WINNT\system32\csrss.exe ) C:\WINNT\system32\winlogon.exe ) C:\WINNT\system32\services.exe ) C:\WINNT\system32\lsass.exe ) C:\WINNT\system32\svchost.exe ) C:\WINNT\system32\spoolsv.exe ) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe ) C:\Program Files\Alwil Software\Avast4\ashServ.exe ) C:\WINNT\system32\drivers\CDAC11BA.EXE ) C:\WINNT\System32\svchost.exe ) C:\WINNT\System32\nvsvc32.exe ) C:\WINNT\system32\regsvc.exe ) C:\WINNT\system32\MSTask.exe ) C:\WINNT\system32\stisvc.exe ) C:\WINNT\system32\ZONELABS\vsmon.exe ) C:\WINNT\System32\WBEM\WinMgmt.exe ) C:\WINNT\System32\mspmspsv.exe ) C:\WINNT\system32\svchost.exe ) C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe ) C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe ) C:\Program Files\Winamp\winampa.exe ) C:\Program Files\QuickTime\qttask.exe ) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ) C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe ) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ) C:\WINNT\system32\internat.exe ) C:\Program Files\Gadu-Gadu\gg.exe ) C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe ) C:\Program Files\GetRight\getright.exe ) C:\Program Files\GetRight\getright.exe ) C:\WINNT\system32\taskmgr.exe ) C:\Program Files\Kurier Poczty\thunderbird.exe ) C:\wincmd\WINCMD32.EXE ) C:\Program Files\BitComet\BitComet.exe ) C:\Program Files\SlimBrowser\sbrowser.exe ) C:\WINNT\explorer.exe ) C:\Program Files\Windows AdTools\WinAdTools.exe ) C:\Program Files\Windows AdTools\WinRatchet.exe ) C:\Program Files\Tlen.pl\tlen.exe ) C:\DOCUME~1\MARCOS\USTAWI~1\TEMP\$wc\HIJACK~1.EXE ) C:\TMP\HijackThis.exe ) ) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ) about:blank ) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ) (a href="file:///C:/WINNT/homepage.htm" target="_blank")file:///C:/WINNT/homepage.htm(/a) ) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ) about:blank ) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ) about:blank ) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ) (a href="file:///C:/WINNT/homepage.htm" target="_blank")file:///C:/WINNT/homepage.htm(/a) ) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = ) (a href="http://www.your-search.info/search.html" target="_blank")www.your- search.info/search.html(/a) ) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet ) Settings,AutoConfigURL = (a href="http://www.aster.pl/aster.pac" target="_blank")www.aster.pl/aster.pac(/a) ) R3 - Default URLSearchHook is missing ) F1 - win.ini: run=fntldr.exe ) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - ) C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll ) O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program ) Files\GetRight\xx2gr.dll ) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - ) C:\WINNT\System32\msdxm.ocx ) O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - ) C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll ) O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon ) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize ) O4 - HKLM\..\Run: [nwiz] nwiz.exe /install ) O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec ) Shared\CreateCD\CreateCD50.exe" -r ) O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5 ) \DirectCD\DirectCD.exe" ) O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe ) O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" - ) atboottime ) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ) O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe ) O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna ) Polska\wpkontakt\wpkontakt.exe -autostart ) O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone ) Labs\ZoneAlarm\zlclient.exe" ) O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows ) AdTools\WinAdTools.exe ) O4 - HKCU\..\Run: [internat.exe] internat.exe ) O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray ) O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN ) Messenger\MsnMsgr.Exe" /background ) O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo! \Messenger\ypager.exe - ) quiet ) O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy ) Sweeper\SpySweeper.exe" /0 ) O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common ) Files\Adobe\Calibration\Adobe Gamma Loader.exe ) O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common ) Files\Adobe\Calibration\Adobe Gamma Loader.exe ) O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft ) Office\Office\OSA9.EXE ) O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program ) Files\GetRight\getright.exe ) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - ) C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll ) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55- ) 00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll ) O9 - Extra button: Microsoft® JavaScript® Console - {FD3BFB69-3053-4ABC ) -9AD5- ) D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX ) O9 - Extra 'Tools' menuitem: JavaScript Console - {FD3BFB69-3053-4ABC-9AD5- ) D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX ) O9 - Extra button: Microsoft® JavaScript® Console - {FD3BFB69-3053-4ABC ) -9AD5- ) D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX (HKCU) ) O9 - Extra 'Tools' menuitem: JavaScript Console - {FD3BFB69-3053-4ABC-9AD5- ) D88ECCCEF09B} - C:\WINNT\System32\COMDLG32.OCX (HKCU) ) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - ) (a href="http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/hou secall/xscan53.cab" target="_blank")a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/ housecall/xscan53.cab(/a) ) O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - ) (a href="http://67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab" target="_blank")67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab(/a) ) O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - ) (a href="http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete. cab" target="_blank")us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomple te.cab(/a) ) O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program ) Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll ) O20 - AppInit_DLLs: c:\winnt\system32\sqlehje.dll ) A to drugi... StartupList report, 2004-11-06, 18:26:45 StartupList version: 1.52.2 Started from : C:\TMP\HijackThis.EXE Detected: Windows 2000 SP4 (WinNT 5.00.2195) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\l Odpowiedz Link Zgłoś
netsec Re: Startuplis nie wszedł :( 06.11.04, 18:40 Wklej raz jeszcze listę startuplist. Odpowiedz Link Zgłoś
marck2 Re: Startuplis nie wszedł :( 06.11.04, 19:05 StartupList report, 2004-11-06, 19:06:36 StartupList version: 1.52.2 Started from : C:\TMP\HijackThis.EXE Detected: Windows 2000 SP4 (WinNT 5.00.2195) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\system32\drivers\CDAC11BA.EXE C:\WINNT\System32\svchost.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZONELABS\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\system32\internat.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\GetRight\getright.exe C:\Program Files\GetRight\getright.exe C:\WINNT\system32\taskmgr.exe C:\Program Files\Kurier Poczty\thunderbird.exe C:\wincmd\WINCMD32.EXE C:\Program Files\BitComet\BitComet.exe C:\Program Files\SlimBrowser\sbrowser.exe C:\WINNT\explorer.exe C:\Program Files\Windows AdTools\WinAdTools.exe C:\Program Files\Windows AdTools\WinRatchet.exe C:\Program Files\Tlen.pl\tlen.exe C:\DOCUME~1\MARCOS\USTAWI~1\TEMP\$wc\HIJACK~1.EXE C:\TMP\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Start\Programy\Autostart] Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINNT\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synchronization Manager = mobsync.exe /logon NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize nwiz = nwiz.exe /install CreateCD50 = "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r AdaptecDirectCD = "C:\Program Files\Adaptec\Easy CD Creator 5 \DirectCD\DirectCD.exe" NeroCheck = C:\WINNT\System32\NeroCheck.exe WinampAgent = C:\Program Files\Winamp\winampa.exe QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ashMaiSv = C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe wpkontakt = C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe -autostart Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" Windows AdTools = C:\Program Files\Windows AdTools\WinAdTools.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run internat.exe = internat.exe Gadu-Gadu = "C:\Program Files\Gadu-Gadu\gg.exe" /tray MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background Yahoo! Pager = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 -------------------------------------------------- Load/Run keys from C:\WINNT\WIN.INI: load= run=fntldr.exe Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=c:\winnt\system32 \sqlehje.dll -------------------------------------------------- Shell & screensaver key from C:\WINNT\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINNT\system32\ssstars.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670} (no name) - C:\Program Files\GetRight\xx2gr.dll - {31FF080D-12A3-439A-A2EF- 4BA95A3148E8} -------------------------------------------------- Enumerating Download Program Files: [HouseCall Control] InProcServer32 = C:\WINNT\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall /xscan53.cab [Update Class] InProcServer32 = C:\WINNT\System32\iuctl.dll CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB? 38123.1656944444 [GameDesire Slots 70th] InProcServer32 = C:\WINNT\Downloaded Program Files\Slots70.dll CODEBASE = http://67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab [YAddBook Class] InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yaddbook.dll CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab [Shockwave Flash Object] InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll WebCheck: C:\WINNT\System32\webcheck.dll SysTray: stobject.dll -------------------------------------------------- End of report, 7 772 bytes Report generated in 0,090 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Odpowiedz Link Zgłoś
netsec Re: HiJack log 06.11.04, 18:47 Uruchom komputer w trybie awaryjnym Tutaj masz opis jak to wykonać: support.microsoft.com/default.aspx?scid=kb;PL;202485 Uwaga! Przy starcie do awaryjnego dostaniesz pytanie o wybór konta. NIE wybieraj konta Administratora tylko swoje własne imienne, bo na tym profilu jest syf. Po uruchomieniu komputera w trybie awaryjnym, nie otwieraj Internet Explorera. Po uruchomienie systemu w trybie awaryjnym uruchom HiJackThis. Wykonaj SCAN i zaznacz dokładnie te pozycje: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/WINNT/homepage.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/WINNT/homepage.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.your-search.info/search.html R3 - Default URLSearchHook is missing F1 - win.ini: run=fntldr.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe - quiet 00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - 67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O20 - AppInit_DLLs: c:\winnt\system32\sqlehje.dll Po zaznaczeniu wykonaj FIX CHECKED i potwierdź TAK/OK. W Panel Sterowania => Opcje Internetowe usuń Tymczasowe pliki Internetowe (Wszystkie) i Cooki. Odinstaluj w Panelu sterowania Dodaj/Usuń programy wszystkie programy, co do których nie masz pewności, że Ci są potrzebne. Upewnij się, że opcja Pokaż wszystkie pliki w Eksploratorze Windows jest włączona. a. Kliknij przycisk Start, kliknij polecenie Mój komputer, kliknij menu Narzędzia, a następnie kliknij polecenie Opcje folderów. Kliknij kartę Widok. b. W sekcji Ustawienia zaawansowane kliknij pozycję Pokaż ukryte pliki i foldery. c. W sekcji Ustawienia zaawansowane kliknij, aby wyczyścić pole wyboru Ukryj chronione pliki systemu operacyjnego (zalecane). Następnie skasuj folder C:\Program Files\Windows AdTools\ Przejdź do menu start wybierz Uruchom i wpisz : regsvr32 /u C:\WINDOWS\Downloaded Program Files\WinAdToolsX.dll kliknij OK Otwórz Mój Komputer wpisz w pasku adresu %TEMP%. Przejdziesz do folderu TEMP. Skasuj w nim wszystkie pliki które uda się skasować. Uruchom komputer w normalnym trybie i wklej nowy log z startuplist. Odpowiedz Link Zgłoś
marck2 Re: HiJack log 06.11.04, 19:22 Ja bym zostawił sobie yahoo i MSN, czy po tych zabiegach je utrace? Odpowiedz Link Zgłoś
marck2 Re: HiJack log 06.11.04, 20:11 Dzieki, troche uporzadkowałem, szczególnie ten dziwny katalog wintools w awaryjnym oczywiscie nie był widoczny ale HiJack-kiem go potraktowałem i teraz jest spokój, yahoo i msn zostawiam, wiem że jest prawdopodobieństwo ze tamtedy coś włazi... Odpowiedz Link Zgłoś
