Dziwny pulpit

[Gość: W kropce.]

Bedac w necie zresetowal mi sie komputer, po ponownym wlaczeniu pokazal sie
czerwono-czarny pulpit z napisem Danger: spyware oraz linki na strone
smartsecurity. Zniknely wszystkie ikony oprocz kosza.Co robic? Prosze o pomoc.

[Gość: Kolobos]

Wylaczyc active desktop i nie wchodzic na strony porno i inne podejrzane nie
klikac nic w okienkach ktore wyskakuja, wylaczyc w opcjach activex (ten nie
podpisany) zainstalowac spywareblaster i wlaczyc ochrone tak samo w spybot'cie.
Albo zmienic przegladarke na inna niz IE.
Active Desktop wylacza sie tutaj:
Panel Sterowania->Ekran->Pulpit->Dostosuj Pulpit->Siec i odznacz tam wszystkie
zaptaszone opcje.
Oczywiscie wczesniej sie odrobacz, ostatnio cos tutaj chyba tez pisales i juz
znowu to samo? Ja mam Windows juz ze dwa lata ten sam i nigdy nie mialem nic
takiego.

mam to samo

[Gość: ewelina]

Witam, mam ogromna prosbe, mozecie mnie poinstuowac, jak mam teraz oczyscic
komputerek z tego swinstwa, bo u mnie wyskoczylo to samo, a na strony porno nie
wchodzilam ani wogle zadne dziwne strony. Wydaje mi sie, ze dostalam ta
niespodzianke z poczta. Okazalo sie, ze moj brat cos nagrzebal i nie mam
antywirusa zadnego teraz. On sobie pojechal, a ja sie mecze i nie wiem co
zrobic. Pomocy

[Gość: Kolobos]

Sciagnij sobie to:
www.lavasoftusa.com/software/adaware/ <- Ad-Aware
www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster
www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D

Przeskanuj tym wszystkim system i usun to co znajdzie, nastepnie sciagnij:
www.spychecker.com/program/hijackthis.html <- hijackthis
I wklej tutaj log ze skanowania hijackthis.

Opis jak wylaczyc ta tapete masz w moim poprzednim poscie.

[Gość: ewelina]

za kazdym razem jak probuje wejsc na ktoras z podanych stron to wyskakuje mi:
POdczas proby uruchomienia C:\Dokumen~1....ustawienia~1\temp\se.dll,
DlllInstal wystapil blad wyjatku

[Gość: Kolobos]

se.dll to trojan podmieniajacy strone startowa, ciezki do usuniecia.

Sprobuj narazie sciagnac tylko hijackthis:
dknoppix.com/Downloads/HijackThis.exe
I wkleic tutaj log ze skanowania.

[Gość: ewelina]

Oto wynik:

Logfile of HijackThis v1.99.1
Scan saved at 13:28:20, on 2005-03-21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\ntddetect.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0
\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Lbl.exe
C:\WINDOWS\System32\gah95on6.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\EwelB.BRODA-CW7EX99PM\Ustawienia lokalne\Temporary
Internet

Files\Content.IE5\94ILYNZ5\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.the-
exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\EWELB~2.BRO\USTAWI~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ez-
finder.com/?954
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = www.the-
exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\EWELB~2.BRO\USTAWI~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
www.the-exit.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} -
C:\WINDOWS\webdlg32.dll
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pi..to.biz
O1 - Hosts: 127.0.0.3 pi..to.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
O1 - Hosts: 127.0.0.3 sp2fucked.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0

CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1
\SEARCH~2\SEARCH~1.DLL
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} -
C:\WINDOWS\webdlg32.dll
O2 - BHO: (no name) - {31B95932-B246-4F21-95CE-4CE0EF376605} -
C:\WINDOWS\System32\jpmk.dll
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} -
C:\WINDOWS\winsx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton

Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton SystemWorks\Norton

Antivirus\NavShExt.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -
C:\WINDOWS\webdlg32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd
Service\DeskAdServ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\EWELB~2.BRO\USTAWI~1
\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Qcu] C:\WINDOWS\System32\Dbj.exe
O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe
O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna
Polska\wpkontakt\wpkontakt.exe -autostart
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0
\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04
\bin\jusched.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0
\Apache Tomcat

4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [Sme] C:\WINDOWS\Kvh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboot

[Gość: Kolobos]

Nie zmiescil sie caly log, doklej reszte od linijki:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboot

[Gość: ewelina]

Dziekuje za poswiecony czas



O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\System32\nuzzobjh.exe
O4 - HKLM\..\Run: [Jrv] C:\WINDOWS\System32\Mbg.exe
O4 - HKLM\..\Run: [Jnr] C:\WINDOWS\Gnc.exe
O4 - HKLM\..\Run: [Jbe] C:\WINDOWS\Oqo.exe
O4 - HKLM\..\Run: [ibecdbv8] C:\WINDOWS\System32\ibecdbv8.exe
O4 - HKLM\..\Run: [Hts] C:\WINDOWS\Vgj.exe
O4 - HKLM\..\Run: [Hpu] C:\WINDOWS\System32\Lbl.exe
O4 - HKLM\..\Run: [Gig] C:\WINDOWS\System32\Qiq.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Fdk] C:\WINDOWS\System32\Sue.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password
Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Dft] C:\WINDOWS\Iet.exe
O4 - HKLM\..\Run: [Bbk] C:\WINDOWS\System32\Lvk.exe
O4 - HKLM\..\Run: [Oef] C:\WINDOWS\Pfp.exe
O4 - HKLM\..\Run: [San] C:\WINDOWS\Kgn.exe
O4 - HKLM\..\Run: [Sqo] C:\WINDOWS\System32\Pit.exe
O4 - HKLM\..\Run: [Dhm] C:\WINDOWS\Hsr.exe
O4 - HKLM\..\Run: [Lcn] C:\WINDOWS\Fag.exe
O4 - HKLM\..\Run: [Pup] C:\WINDOWS\Spj.exe
O4 - HKLM\..\Run: [Qjb] C:\WINDOWS\Qke.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [key] C:\WINDOWS\System32\winxp.exe
O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Sme] C:\WINDOWS\Kvh.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [Fdk] C:\WINDOWS\System32\Sue.exe
O4 - HKCU\..\Run: [Gig] C:\WINDOWS\System32\Qiq.exe
O4 - HKCU\..\Run: [Qcu] C:\WINDOWS\System32\Dbj.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Dft] C:\WINDOWS\Iet.exe
O4 - HKCU\..\Run: [Bbk] C:\WINDOWS\System32\Lvk.exe
O4 - HKCU\..\Run: [San] C:\WINDOWS\Kgn.exe
O4 - HKCU\..\Run: [Sqo] C:\WINDOWS\System32\Pit.exe
O4 - HKCU\..\Run: [Hpu] C:\WINDOWS\System32\Lbl.exe
O4 - HKCU\..\Run: [Dhm] C:\WINDOWS\Hsr.exe
O4 - HKCU\..\Run: [Lcn] C:\WINDOWS\Fag.exe
O4 - HKCU\..\Run: [Pup] C:\WINDOWS\Spj.exe
O4 - HKCU\..\Run: [Qjb] C:\WINDOWS\Qke.exe
O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - javascript:
{document.location='neosexvideo.com/webmasters/df060/access.htm';}
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/CDTInc/ie/bridge-c282.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
67.15.101.3/g_bin/pl/cards_2_0_0_58.cab
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) -
67.15.101.3/g_bin/pl/slots90_2_0_0_21.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) -
67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) -
67.15.101.3/g_bin/pl/domino_2_0_0_22.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire
Marbies&Diamonds) - 67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GameDesire Chess) -
67.15.101.3/g_bin/pl/chess_2_0_0_15.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program
Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
O18 - Filter: text/html - {282E8050-45A0-4E61-BC1D-2E1A6B060118} -
C:\WINDOWS\System32\jpmk.dll
O18 - Filter: text/plain - {282E8050-45A0-4E61-BC1D-2E1A6B060118} -
C:\WINDOWS\System32\jpmk.dll
O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32\draw32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) -
Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton

[Gość: Kolobos]

Chyba dalej sie sam koniec nie zmiescil ;-)
Ale to nic narazie zaczniemy wywlac to co jest, a troche sie tego nazbieralo.
Uruchom hijackthis, wybierz tylko skanowanie i zaznacz te wpisy:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.the-
exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
www.the-exit.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\EWELB~2.BRO\USTAWI~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ez-
finder.com/?954
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = www.the-
exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\EWELB~2.BRO\USTAWI~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
www.the-exit.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
www.the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} -
C:\WINDOWS\webdlg32.dll
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pi..to.biz
O1 - Hosts: 127.0.0.3 pi..to.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
O1 - Hosts: 127.0.0.3 sp2fucked.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.com
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} -
C:\WINDOWS\webdlg32.dll
O2 - BHO: (no name) - {31B95932-B246-4F21-95CE-4CE0EF376605} -
C:\WINDOWS\System32\jpmk.dll
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} -
C:\WINDOWS\winsx.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} -
C:\WINDOWS\webdlg32.dll
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd
Service\DeskAdServ.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\EWELB~2.BRO\USTAWI~1
\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [Qcu] C:\WINDOWS\System32\Dbj.exe
O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe
O4 - HKLM\..\Run: [Sme] C:\WINDOWS\Kvh.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [JVM0.14] C:\WINDOWS\System32\nuzzobjh.exe
O4 - HKLM\..\Run: [Jrv] C:\WINDOWS\System32\Mbg.exe
O4 - HKLM\..\Run: [Jnr] C:\WINDOWS\Gnc.exe
O4 - HKLM\..\Run: [Jbe] C:\WINDOWS\Oqo.exe
O4 - HKLM\..\Run: [ibecdbv8] C:\WINDOWS\System32\ibecdbv8.exe
O4 - HKLM\..\Run: [Hts] C:\WINDOWS\Vgj.exe
O4 - HKLM\..\Run: [Hpu] C:\WINDOWS\System32\Lbl.exe
O4 - HKLM\..\Run: [Gig] C:\WINDOWS\System32\Qiq.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Fdk] C:\WINDOWS\System32\Sue.exe
O4 - HKLM\..\Run: [Dft] C:\WINDOWS\Iet.exe
O4 - HKLM\..\Run: [Bbk] C:\WINDOWS\System32\Lvk.exe
O4 - HKLM\..\Run: [Oef] C:\WINDOWS\Pfp.exe
O4 - HKLM\..\Run: [San] C:\WINDOWS\Kgn.exe
O4 - HKLM\..\Run: [Sqo] C:\WINDOWS\System32\Pit.exe
O4 - HKLM\..\Run: [Dhm] C:\WINDOWS\Hsr.exe
O4 - HKLM\..\Run: [Lcn] C:\WINDOWS\Fag.exe
O4 - HKLM\..\Run: [Pup] C:\WINDOWS\Spj.exe
O4 - HKLM\..\Run: [Qjb] C:\WINDOWS\Qke.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [key] C:\WINDOWS\System32\winxp.exe
O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Sme] C:\WINDOWS\Kvh.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [Fdk] C:\WINDOWS\System32\Sue.exe
O4 - HKCU\..\Run: [Gig] C:\WINDOWS\System32\Qiq.exe
O4 - HKCU\..\Run: [Qcu] C:\WINDOWS\System32\Dbj.exe
O4 - HKCU\..\Run: [Dft] C:\WINDOWS\Iet.exe
O4 - HKCU\..\Run: [Bbk] C:\WINDOWS\System32\Lvk.exe
O4 - HKCU\..\Run: [San] C:\WINDOWS\Kgn.exe
O4 - HKCU\..\Run: [Sqo] C:\WINDOWS\System32\Pit.exe
O4 - HKCU\..\Run: [Hpu] C:\WINDOWS\System32\Lbl.exe
O4 - HKCU\..\Run: [Dhm] C:\WINDOWS\Hsr.exe
O4 - HKCU\..\Run: [Lcn] C:\WINDOWS\Fag.exe
O4 - HKCU\..\Run: [Pup] C:\WINDOWS\Spj.exe
O4 - HKCU\..\Run: [Qjb] C:\WINDOWS\Qke.exe
O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - javascript:
{document.location='neosexvideo.com/webmasters/df060/access.htm';}
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone:

[Gość: Kolobos]

ciag dalszy... ;-)

O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/CDTInc/ie/bridge-c282.cab
O18 - Filter: text/html - {282E8050-45A0-4E61-BC1D-2E1A6B060118} -
C:\WINDOWS\System32\jpmk.dll
O18 - Filter: text/plain - {282E8050-45A0-4E61-BC1D-2E1A6B060118} -
C:\WINDOWS\System32\jpmk.dll
O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32\draw32.dll

I nacisnij Fix Checked, nastepnie uruchom ponownie komputer i wklej nowy log z
hijackthis.

[Gość: ewelina]

ojoj, te wszystkie skoobydoo i inne xxx to tak za ciekawie nie wygladaly. teraz
jest tak:


Logfile of HijackThis v1.99.1
Scan saved at 14:31:11, on 2005-03-21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0
\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\System32\Mtt.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Documents and Settings\EwelB.BRODA-CW7EX99PM\Ustawienia lokalne\Temporary
Internet Files\Content.IE5\GJY3IBC5\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\EWELB~2.BRO\USTAWI~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\EWELB~2.BRO\USTAWI~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1
\SEARCH~2\SEARCH~1.DLL
O2 - BHO: (no name) - {31B95932-B246-4F21-95CE-4CE0EF376605} -
C:\WINDOWS\System32\jpmk.dll
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} -
C:\WINDOWS\winsx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna
Polska\wpkontakt\wpkontakt.exe -autostart
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0
\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04
\bin\jusched.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0
\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password
Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Bht] C:\WINDOWS\System32\Mtt.exe
O4 - HKLM\..\Run: [Fgl] C:\WINDOWS\System32\Isj.exe
O4 - HKLM\..\Run: [Evp] C:\WINDOWS\System32\Kec.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd
Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Ddk] C:\WINDOWS\System32\Cmc.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\EWELB~2.BRO\USTAWI~1
\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Bht] C:\WINDOWS\System32\Mtt.exe
O4 - HKCU\..\Run: [Fgl] C:\WINDOWS\System32\Isj.exe
O4 - HKCU\..\Run: [Evp] C:\WINDOWS\System32\Kec.exe
O4 - HKCU\..\Run: [Ddk] C:\WINDOWS\System32\Cmc.exe
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
67.15.101.3/g_bin/pl/cards_2_0_0_58.cab
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) -
67.15.101.3/g_bin/pl/slots90_2_0_0_21.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) -
67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) -
67.15.101.3/g_bin/pl/domino_2_0_0_22.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire
Marbies&Diamonds) - 67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GameDesire Chess) -
67.15.101.3/g_bin/pl/chess_2_0_0_15.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program
Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
O18 - Filter: text/html - {B4067A58-9137-4FEC-842E-F74E476983CF} -
C:\WINDOWS\System32\jpmk.dll
O18 - Filter: text/plain - {B4067A58-9137-4FEC-842E-F74E476983CF} -
C:\WINDOWS\System32\jpmk.dll
O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32\draw32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) -
Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service:

[Gość: Kolobos]

Znowu koniec loga sie nie zmiescil :-)
I z tego co widze to jeszcze duzo smieci zostalo, w tym se.dll ale wszystko da
sie usunac (predzej czy pozniej ;-))

[Gość: ewelina]

no, tak, :( dla mnie to jak walka z wiatrakami

chcialabym wiedziec chociaz 1/10 tego co ty

[Gość: ewellina]

Logfile of HijackThis v1.99.1
Scan saved at 14:59:08, on 2005-03-21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0
\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\System32\Isj.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Documents and Settings\EwelB.BRODA-CW7EX99PM\Ustawienia lokalne\Temporary
Internet Files\Content.IE5\0D6R09AN\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\EWELB~2.BRO\USTAWI~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\EWELB~2.BRO\USTAWI~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1
\SEARCH~2\SEARCH~1.DLL
O2 - BHO: (no name) - {31B95932-B246-4F21-95CE-4CE0EF376605} -
C:\WINDOWS\System32\jpmk.dll
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} -
C:\WINDOWS\winsx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna
Polska\wpkontakt\wpkontakt.exe -autostart
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0
\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04
\bin\jusched.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0
\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password
Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Bht] C:\WINDOWS\System32\Mtt.exe
O4 - HKLM\..\Run: [Fgl] C:\WINDOWS\System32\Isj.exe
O4 - HKLM\..\Run: [Evp] C:\WINDOWS\System32\Kec.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd
Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Ddk] C:\WINDOWS\System32\Cmc.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\EWELB~2.BRO\USTAWI~1
\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [Sql] C:\WINDOWS\System32\Fjg.exe
O4 - HKLM\..\Run: [Iqn] C:\WINDOWS\System32\Eto.exe
O4 - HKLM\..\Run: [Elt] C:\WINDOWS\Tim.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Bht] C:\WINDOWS\System32\Mtt.exe
O4 - HKCU\..\Run: [Fgl] C:\WINDOWS\System32\Isj.exe
O4 - HKCU\..\Run: [Evp] C:\WINDOWS\System32\Kec.exe
O4 - HKCU\..\Run: [Ddk] C:\WINDOWS\System32\Cmc.exe
O4 - HKCU\..\Run: [Sql] C:\WINDOWS\System32\Fjg.exe
O4 - HKCU\..\Run: [Iqn] C:\WINDOWS\System32\Eto.exe
O4 - HKCU\..\Run: [Elt] C:\WINDOWS\Tim.exe
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
67.15.101.3/g_bin/pl/cards_2_0_0_58.cab
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) -
67.15.101.3/g_bin/pl/slots90_2_0_0_21.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) -
67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) -
67.15.101.3/g_bin/pl/domino_2_0_0_22.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire
Marbies&Diamonds) - 67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GameDesire Chess) -
67.15.101.3/g_bin/pl/chess_2_0_0_15.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program
Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
O18 - Filter: text/html - {B4067A58-9137-4FEC-842E-F74E476983CF} -
C:\WINDOWS\System32\jpmk.dll
O18 - Filter: text/plain - {B4067A58-9137-4FEC-842E-F74E476983CF} -
C:\WINDOWS\System32\jpmk.dll
O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32\draw32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) -
Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
Antivirus\navapsvc.exe

[Gość: Kolobos]

Sciagnij to:
www.derbilk.de/SpSeHjfix_Beta7.zip <- rozpakuj i uzyj, to powinno
zalatwic se.dll

Nastepnie jak juz sie zresetuje i uruchomi ponownie to usun te wpisy:

> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> res://C:\DOCUME~1\EWELB~2.BRO\USTAWI~1\Temp\se.dll/sp.html
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
> res://C:\DOCUME~1\EWELB~2.BRO\USTAWI~1\Temp\se.dll/sp.html
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
> R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> about:blank
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> about:blank
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
> O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1
> \SEARCH~2\SEARCH~1.DLL
> O2 - BHO: (no name) - {31B95932-B246-4F21-95CE-4CE0EF376605} -
> C:\WINDOWS\System32\jpmk.dll
> O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} -
C:\WINDOWS\winsx.dll
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04
> \bin\jusched.exe
> O4 - HKLM\..\Run: [Bht] C:\WINDOWS\System32\Mtt.exe
> O4 - HKLM\..\Run: [Fgl] C:\WINDOWS\System32\Isj.exe
> O4 - HKLM\..\Run: [Evp] C:\WINDOWS\System32\Kec.exe
> O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd
> Service\DeskAdServ.exe
> O4 - HKLM\..\Run: [Ddk] C:\WINDOWS\System32\Cmc.exe
> O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\EWELB~2.BRO\USTAWI~1
> \Temp\se.dll,DllInstall
> O4 - HKLM\..\Run: [Sql] C:\WINDOWS\System32\Fjg.exe
> O4 - HKLM\..\Run: [Iqn] C:\WINDOWS\System32\Eto.exe
> O4 - HKLM\..\Run: [Elt] C:\WINDOWS\Tim.exe
> O4 - HKCU\..\Run: [Bht] C:\WINDOWS\System32\Mtt.exe
> O4 - HKCU\..\Run: [Fgl] C:\WINDOWS\System32\Isj.exe
> O4 - HKCU\..\Run: [Evp] C:\WINDOWS\System32\Kec.exe
> O4 - HKCU\..\Run: [Ddk] C:\WINDOWS\System32\Cmc.exe
> O4 - HKCU\..\Run: [Sql] C:\WINDOWS\System32\Fjg.exe
> O4 - HKCU\..\Run: [Iqn] C:\WINDOWS\System32\Eto.exe
> O4 - HKCU\..\Run: [Elt] C:\WINDOWS\Tim.exe
> O18 - Filter: text/html - {B4067A58-9137-4FEC-842E-F74E476983CF} -
> C:\WINDOWS\System32\jpmk.dll
> O18 - Filter: text/plain - {B4067A58-9137-4FEC-842E-F74E476983CF} -
> C:\WINDOWS\System32\jpmk.dll

I Fix Checked, nastepnie znowu reset i wklej nowy log, zobaczymy ile zostanie.

[Gość: ewelina]

teraz jets tak: przestal mi sie pojawiac komunikat RUNDLL



Logfile of HijackThis v1.99.1
Scan saved at 15:39:16, on 2005-03-21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0
\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\Uqt.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Documents and Settings\EwelB.BRODA-CW7EX99PM\Ustawienia lokalne\Temporary
Internet Files\Content.IE5\S23V1F1G\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna
Polska\wpkontakt\wpkontakt.exe -autostart
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0
\hpbpsttp.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0
\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password
Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Lup] C:\WINDOWS\Uqt.exe
O4 - HKLM\..\Run: [Pbr] C:\WINDOWS\Fca.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd
Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Bqf] C:\WINDOWS\Qnh.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Lup] C:\WINDOWS\Uqt.exe
O4 - HKCU\..\Run: [Pbr] C:\WINDOWS\Fca.exe
O4 - HKCU\..\Run: [Bqf] C:\WINDOWS\Qnh.exe
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
67.15.101.3/g_bin/pl/cards_2_0_0_58.cab
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) -
67.15.101.3/g_bin/pl/slots90_2_0_0_21.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) -
67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) -
67.15.101.3/g_bin/pl/domino_2_0_0_22.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire
Marbies&Diamonds) - 67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GameDesire Chess) -
67.15.101.3/g_bin/pl/chess_2_0_0_15.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program
Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32\draw32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) -
Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1
\NORTON~2\SPEEDD~1\NOPDB.EXE

[Gość: ewelina]

musze dodac, ze prawy przycisk myszy nie dziala :(

[Gość: Kolobos]

Co do prawego przycisku to sprobuj tak go wlaczyc:
Start->Uruchom->gpedit.msc->Konfiguracja uzytkownika->Szablony administracyjne-
>Skladniki systemu windows->Explorator Windows i tam odszukaj Wylacz domyslne
menu kontekstowe Exploratora Windows, wejdz we wlasciwosci i ustaw na wylaczone.

Sprobuj tez naprawic pliki systemowe, chciaz to chyba gdzies w rejestrze jest
namieszane, ale zobacz tak:
Start->Uruchom-> sfc /scannow
Potrzebna jest plyta instalacyjna do tego.

Jak narazie nie wiem jak to naprawic, wiem ze dzieje sie tak przez jakiegos
trojana, pewnie tego od podmienionej tapety bo juz duzo osob ma ten sam
problem :(

A co do logu to zostalo to:
O4 - HKLM\..\Run: [Lup] C:\WINDOWS\Uqt.exe
O4 - HKLM\..\Run: [Pbr] C:\WINDOWS\Fca.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd
O4 - HKLM\..\Run: [Bqf] C:\WINDOWS\Qnh.exe
O4 - HKCU\..\Run: [Lup] C:\WINDOWS\Uqt.exe
O4 - HKCU\..\Run: [Pbr] C:\WINDOWS\Fca.exe
O4 - HKCU\..\Run: [Bqf] C:\WINDOWS\Qnh.exe
O20 - Winlogon Notify: draw32 - C:\WINDOWS\SYSTEM32\draw32.dll

Musisz sciagnac killbox:
www.downloads.subratam.org/KillBox.zip
I nim po kolei wybrac te wszystkie pliki i zaznaczyc remove on reboot.