please,może ktos sprawdzić

[Gość: esscort]

Logfile of HijackThis v1.98.2
Scan saved at 16:51:37, on 2004-11-12
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\System32\msdev.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchostupd.exe
C:\Program Files\Win Comm\WinComm.exe
C:\WINDOWS\System32\hpqsqeny.exe
C:\Program Files\Win Comm\WinLock.exe
C:\WINDOWS\System32\spoolsvs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Juliusz\Pulpit\niezbednik\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.pajacyk.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} -
C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} -
C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog
Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog
Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active
Monitor\imontray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] SP2.exe
O4 - HKLM\..\Run: [Windows Update Services] svchostupd.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [winguard] wingrd32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\fsggly.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [CRC Value Verifier] crsss64.exe
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
O4 - HKLM\..\Run: [vihebaz] C:\WINDOWS\vihebaz.exe
O4 - HKLM\..\Run: [NetHost16] nethost16.exe
O4 - HKLM\..\Run: [esxwwbdplatto] C:\WINDOWS\System32\hpqsqeny.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winfyn32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [msdev] msdev.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] spoolsvs.exe
O4 - HKLM\..\RunServices: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\RunServices: [Windows Update Services] svchostupd.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [winguard] wingrd32.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [CRC Value Verifier] crsss64.exe
O4 - HKLM\..\RunServices: [NetHost16] nethost16.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunServices: [msdev] msdev.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdate] spoolsvs.exe
O4 - HKLM\..\RunOnce: [msdev] msdev.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search &
Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] SP2.exe
O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU\..\Run: [winguard] wingrd32.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [msdev] msdev.exe
O4 - HKCU\..\Run: [Microsoft WinUpdate] spoolsvs.exe
O4 - HKCU\..\RunOnce: [msdev] msdev.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} -
C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Webmail - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -
webmail.neostrada.pl (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: v3cab - searchmiracle.com/cab/v3cab.cab
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) -
www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
www.errorguard.com/installation/Install.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -
www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
file://C:\TempEI4\EI40_\msxml4.cab

[netsec]

Uruchom system w trybie awaryjnym z wyłączonym przywracaniem systemu.
Włącz zaporę internetową.
Zaznacz w HiJack i usuń(fixchecked) te pozycje:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
searchmiracle.com/sp.php
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} -
C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} -
C:\WINDOWS\EliteToolBar\EliteToolBar version 53.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] SP2.exe
O4 - HKLM\..\Run: [Windows Update Services] svchostupd.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\Run: [winguard] wingrd32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\fsggly.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [CRC Value Verifier] crsss64.exe
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
O4 - HKLM\..\Run: [vihebaz] C:\WINDOWS\vihebaz.exe
O4 - HKLM\..\Run: [NetHost16] nethost16.exe
O4 - HKLM\..\Run: [esxwwbdplatto] C:\WINDOWS\System32\hpqsqeny.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winfyn32.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\Run: [msdev] msdev.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] spoolsvs.exe
O4 - HKLM\..\RunServices: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\RunServices: [Windows Update Services] svchostupd.exe
O4 - HKLM\..\RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKLM\..\RunServices: [winguard] wingrd32.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [CRC Value Verifier] crsss64.exe
O4 - HKLM\..\RunServices: [NetHost16] nethost16.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] svchosting.exe
O4 - HKLM\..\RunServices: [msdev] msdev.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdate] spoolsvs.exe
O4 - HKLM\..\RunOnce: [msdev] msdev.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] SP2.exe
O4 - HKCU\..\Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 - HKCU\..\Run: [winguard] wingrd32.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] svchosting.exe
O4 - HKCU\..\Run: [msdev] msdev.exe
O4 - HKCU\..\Run: [Microsoft WinUpdate] spoolsvs.exe
O4 - HKCU\..\RunOnce: [msdev] msdev.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} -
C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Webmail - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -
webmail.neostrada.pl (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: v3cab - searchmiracle.com/cab/v3cab.cab
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) -
www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
www.errorguard.com/installation/Install.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -
www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
file://C:\TempEI4\EI40_\msxml4.cab
Po tym uruchom komputer w normalny sposób.

Odinstaluj nieznane pozycje w dodaj/usuń programy.

Zaktualizuj Norton aktualizacją offline:
definitions.symantec.com/defs/20041111-007-i32.exe
i przeskanuj cały system.

Wklej startuplist, uruchom ponownie HiJackThis przejdź do Config później do Misc
Tools i kliknij Generate StartupList log.
Program zapyta czy wygenerować listę, potwierdź a zawartość listy wklej na forum.

[Gość: esscort]

dzięki za pomoc. A oto startuplist

StartupList report, 2004-11-16, 18:14:03
StartupList version: 1.52.2
Started from : C:\Documents and
Settings\Juliusz\Pulpit\niezbednik\HijackThis.EXE
Detected: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\avscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Juliusz\Pulpit\niezbednik\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMAXPnP = C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
SoundMAX = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
IMONTRAY = C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
Wlan Driver = avscan.exe
SSC_UserPrompt = C:\Program Files\Common Files\Symantec Shared\Security
Center\UsrPrmpt.exe
Windows AdControl = C:\Program Files\Windows AdControl\WinAdCtl.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

Wlan Driver = avscan.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Wlan Driver = avscan.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
Wlan Driver = avscan.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

Wlan Driver = avscan.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[MainControl Class]
InProcServer32 = C:\WINDOWS\System32\SkanerOnline.dll
CODEBASE = skaner.mks.com.pl/SkanerOnline.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 6 046 bytes
Report generated in 0,015 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[netsec]

Odisntaluj w dodaj/usuń programy Neo Technology Search Engine i Windows AdTools
Ogólnie zaktualizuj system o wszystkie krytyczne poprawki i będzie ok.

[Gość: esscort]

W dodaj/usuń programy ani Neo Technology Search Engine ani Windows AdTool sie
nie pojawia. Komputer uruchamia się 10 minut. W dodatku niżej piecyg gazowy
smieje się ze mnie :( Pomóz mi to jakoś posprzątać

[netsec]

Wklej raz jeszcze aktualny log z HiJack po usunięciu pozycji które wskazałem
wcześniej.

[Gość: esscort]

Rozkaz, oto on:

can saved at 17:39:02, on 2004-11-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\avscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Juliusz\Pulpit\niezbednik\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.pajacyk.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog
Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog
Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active
Monitor\imontray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Wlan Driver] avscan.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows
AdControl\WinAdCtl.exe
O4 - HKLM\..\RunServices: [Wlan Driver] avscan.exe
O4 - HKLM\..\RunOnce: [Wlan Driver] avscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Wlan Driver] avscan.exe
O4 - HKCU\..\RunOnce: [Wlan Driver] avscan.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEE34AC7-1FF5-4A7E-8F30-EC078C50E055}:
NameServer = 194.204.152.34 217.98.63.164

[netsec]

Odinstaluj w dodaj usuń/programy wszystko czego nie znasz, szczególnie Windows
AdControl itp.

[Gość: esscort]

OK, ale w moim dodaj/usuń programy czegoś takiego jak Windows AdControl nie ma.
Można to jakoś inaczej wywalić? Poza tym co zrobić, żeby komputer się szybciej
uruchamiał, bo teraz to mogę sobie pójść na spacer zanim się uruchomi. Cholera,
chyba naprawdę szlag mnie trafi.
A w ogóloe to dzięki za zainteresowanie

[netsec]

Usuń w Hijack w trybie awaryjnym te pozycje.

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Wlan Driver] avscan.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows
AdControl\WinAdCtl.exe
O4 - HKLM\..\RunServices: [Wlan Driver] avscan.exe
O4 - HKLM\..\RunOnce: [Wlan Driver] avscan.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Wlan Driver] avscan.exe
O4 - HKCU\..\RunOnce: [Wlan Driver] avscan.exe

Wyłącz w opcje folderów wyszukiwanie folderów sieciowych.

[Gość: esscort]

Netsec, nie wiem, czy piłeś/pijesz mleko, ale jesteś WIELKI! Przed chwilą
wysłalem wniosek o Nagrodę Nobla dla Ciebie. Piecyk tylko straszył, więc dla
niego wystąpiłem tylko o nagrodę premiera.
Dziękuję, pozdrawiam

[netsec]

spox ;) usuń ten plik raz na zawsze => avscan.exe

Kurcze, ale śmietnik!!! :-] /bt.

[Gość: piecyk gazowy]

[Gość: esscort]

Poważnie? Nie domyslasz się, jak to posprzątać?

[Gość: piecyk gazowy]

Przecież Netsec dał ci solution! ;-)

Muszę przyznać, że czegoś takiego jeszcze nie widziałem. Mnie też zdarzy się
czasem coś złapać, ale nie aż tyle. ;-)

Pozdrawiam.

[netsec]

Piecyk chyba nie masz na myśli ostatniego loga ;)
Teraz wszystko wygląda znacznie lepiej, chyba że chcesz faceta do zwału
doprowadzić ..

[Gość: piecyk gazowy]

Nie, nie! Mówiłem o tym:
forum.gazeta.pl/forum/72,2.html?f=430&w=17585826&a=17593734

:-)

[netsec]

Facet o mało nie zszedł ;)