Gość: pawel
IP: 62.111.145.*
11.03.05, 19:18
Witam co jakis czas wyskakuje mi taka srona www.jimbutt.com/stuffs/
Jak to usunac spybot i ad-adaware nie daje rady tak samo jak CWShredder
wykazuje czysty sytem ale cos nadal w nim siedz
prosze o sugestie
Logfile of HijackThis v1.99.1
Scan saved at 19:17:24, on 2005-03-11
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\taskmgr.exe
C:\WINNT\ips.exe
C:\Program Files\SiS630_V1.01\utility\khooker.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.jimbutt.com/stuffs/
R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} -
C:\WINNT\System32\SEARCH~1.DLL
O1 - Hosts: 60.50.170.0
O2 - BHO: BL Class - {28F65FCB-D130-11D8-BA48-8BE0C49AF370} -
C:\WINNT\System32\popup_bl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [khooker] C:\Program Files\SiS630_V1.01\utility\khooker.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O17 -
HKLM\System\CCS\Services\Tcpip\..\{05836C4A-CF82-43D4-B09F-BF9648594BBC}:
NameServer = 62.111.150.134,62.111.150.154
O17 -
HKLM\System\CS2\Services\Tcpip\..\{05836C4A-CF82-43D4-B09F-BF9648594BBC}:
NameServer = 62.111.150.134,62.111.150.154
O17 -
HKLM\System\CS3\Services\Tcpip\..\{05836C4A-CF82-43D4-B09F-BF9648594BBC}:
NameServer = 62.111.150.134,62.111.150.154
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation -
C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec
Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe