Trooojaaanyyyy .... :/

28.03.05, 16:14
hmm "maly" problem ... Trojan.Downloader.Dyfuca.Gen.36602.MX <--ten i nie
tylko ten trojan nie daja mi po prostu zyc...nie mam pojecia jak mam sie go
pozbyc.. :/
wklejam jeszcze swoj log... MOGLBY KTOS GO ODCZYTAC? Z gory thx wszystkim
pomocnym :D

Logfile of HijackThis v1.99.1
Scan saved at 16:13:59, on 2005-03-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\crypserv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\tlntsvr.exe
D:\WINDOWS\system32\winlogin.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
D:\Program Files\CloneCD\CloneCDTray.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
D:\Program Files\Common Files\CMEII\CMESys.exe
D:\WINDOWS\system32\qttask.exe
E:\Daemon\daemon.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Media Access\MediaAccK.exe
D:\temp\salm.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
D:\Program Files\Internet Optimizer\optimize.exe
D:\Program Files\Media Access\MediaAccess.exe
D:\WINDOWS\System32\gah95on6.exe
D:\Program Files\Messenger\msmsgs.exe
E:\steam\steam.exe
D:\Program Files\Logitech\Desktop Messenger\8876480
\Program\LogitechDesktopMessenger.exe
D:\Program Files\Date Manager\DateManager.exe
D:\program files\internet explorer\iexplore.exe
c:\Program Files\Tiyzu\Psin.exe
D:\program files\internet explorer\iexplore.exe
D:\program files\internet explorer\iexplore.exe
D:\program files\internet explorer\iexplore.exe
D:\WINDOWS\explorer.exe
E:\Programy\Gadu-Gadu\gg.exe
D:\program files\internet explorer\iexplore.exe
D:\Documents and Settings\lukas.LUKAS-FWYBCO79W\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
searchcentral.cc/search.php?v=4&aff=3080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
searchcentral.cc/index.php?v=4&aff=3080
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
D:\WINDOWS\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -
D:\WINDOWS\SrchPlug.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-
Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPHUPD05] D:\Program Files\Hewlett-Packard\{45B6180B-DCAB-
4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [d68bcc96597e20120d6cf06e44357484] D:\Program
Files\Internet Explorer\d68bcc96597e20120d6cf06e44357484.exe
O4 - HKLM\..\Run: [CamMonitor] D:\Program Files\Hewlett-Packard\Digital
Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program
Files\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP
Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [CMESys] "D:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SysMon] D:\windows\system32\mswkeie32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] D:\WINDOWS\system32\qttask.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Daemon\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BO1HelperStartUp] D:\PROGRA~1\Butterfly Oasis
Screensaver\BO1Helper.exe /partner BO1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] ""
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01
\bin\jusched.exe
O4 - HKLM\..\Run: [CMS16 CDROM FixLoader] CMSFIXLD.EXE
O4 - HKLM\..\Run: [Media Access] D:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [salm] d:\temp\salm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [lczgz] D:\WINDOWS\lczgz.exe
O4 - HKLM\..\Run: [gah95on6] D:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Ykshe] c:\Program Files\Tiyzu\Psin.exe
O4 - HKLM\..\RunServices: [CMD] cmd32.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "e:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480
\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Date Manager.lnk = D:\Program Files\Date
Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C60
    • neder Re: Trooojaaanyyyy .... :/ 28.03.05, 16:16
      nie zmieścił się cały log (chyba)
    • lipolipo Re: Trooojaaanyyyy .... :/ 28.03.05, 16:17
      no prawda... :)

      O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
      Office\Office\OSA9.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
      00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      D:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - D:\WINDOWS\web\related.htm
      O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: komentator - sport.onet.pl/komentator.cab
      O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
      static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c293.cab
      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
      ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
      O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -
      O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
      67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{D958298D-C02F-4B5C-AE0A-56B801380FC0}:
      NameServer = 195.117.215.2,212.51.192.2
      O18 - Protocol: bw+0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
      D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-
      8876480.dll
      O18 - Protocol: bwg0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
      Files\Logitech\Desktop Messenger\8876480\Program\BW
      • neder o kur.../bt. 28.03.05, 16:18

      • lipolipo Re: Trooojaaanyyyy .... :/ 28.03.05, 16:19
        i jeszcze jedna czesc...

        O18 - Protocol: bwg0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwh0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwh0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwi0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwi0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwj0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwj0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwk0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwk0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwl0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwl0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwm0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwm0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwn0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwn0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwo0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwo0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwp0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwp0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwq0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwq0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwr0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwr0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bws0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bws0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwt0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwt0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwu0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwu0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwv0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwv0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bww0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bww0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwx0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwx0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwy0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwy0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwz0 - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwz0s - {885E868F-C1E2-491A-868A-E4FE21449A5B} - D:\Program
        Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: offline-8876480 - {885E868F-C1E2-491A-868A-E4FE21449A5B} -
        D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-
        8876480.dll
        O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
        D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
        D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
        D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINDOWS\SYSTEM32
        \crypserv.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        D:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
        O23 - Service: Power Manager (PowerManager) - Unknown owner -
        D:\WINDOWS\svchost.exe (file missing)
        O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - D:\PROGRA~1
        \COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
        Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program
        Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: StyleXPService - Unknown owner - D:\Program
        Files\TGTSoft\StyleXP\StyleXPService.exe
        O23 - Service: Windows Ethernet (winlog) - Cat Soft - D:\WINDOWS\system32
        \winlogin.exe

        • lipolipo Re: Trooojaaanyyyy .... :/ 28.03.05, 16:20
          juz wszystko... nareszcie..
      • neder poza tym... 28.03.05, 16:19
        nadal coś ucięło...
    • neder Re: Trooojaaanyyyy .... :/ 28.03.05, 16:58
      Twój "mały" problem sprawia, że mieni mi sie w oczach...:)


      Start w awaryjny.

      Poprzez dodaj/usun programy usuń Logitech

      Do usunięcia ręcznie również - CMEII- > D:\Program Files\Common
      Files\CMEII\CMESys.exe

      Także poprzez dodaj/usuń - usuwasz searchBar i SearchAssistant

      do usunięcia w HijackThis

      > R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
      > R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
      > R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
      > R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > about:blank
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      >
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      > searchcentral.cc/search.php?v=4&aff=3080
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      > searchcentral.cc/index.php?v=4&aff=3080
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      > R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
      > file)
      > O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
      > D:\WINDOWS\nem220.dll (file missing)
      > O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
      > O4 - HKLM\..\Run: [d68bcc96597e20120d6cf06e44357484] D:\Program
      > Files\Internet Explorer\d68bcc96597e20120d6cf06e44357484.exe
      > O4 - HKLM\..\Run: [CMESys] "D:\Program Files\Common Files\CMEII\CMESys.exe"
      > O4 - HKLM\..\Run: [CMS16 CDROM FixLoader] CMSFIXLD.EXE
      > O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      > O4 - HKLM\..\Run: [SysMon] D:\windows\system32\mswkeie32.exe
      > O4 - HKLM\..\Run: [salm] d:\temp\salm.exe
      > O4 - HKLM\..\Run: [lczgz] D:\WINDOWS\lczgz.exe
      > O4 - HKLM\..\Run: [gah95on6] D:\WINDOWS\System32\gah95on6.exe
      > O4 - HKLM\..\Run: [Ykshe] c:\Program Files\Tiyzu\Psin.exe
      > O4 - HKLM\..\RunServices: [CMD] cmd32.exe
      > O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480
      > \Program\LogitechDesktopMessenger.exe

      + wszystkie 018 (wszystkie z tego co widzę są od Logitecha)


      kilka z autostartu, które sa zbędne (sejcja 04) - przyjżyj sie im i usun te,
      których nie chcesz uruchamiac wraz ze satrtem systemu - ja bym usunła wszystkie
      podane niżej:)
      > O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-
      > Packard\HP Share-to-Web\hpgs2wnd.exe
      > O4 - HKLM\..\Run: [HPHUPD05] D:\Program Files\Hewlett-Packard\{45B6180B-DCAB-
      > 4093-8EE8-6164457517F0}\hphupd05.exe
      > O4 - HKLM\..\Run: [HP Component Manager] "D:\Program
      > Files\HP\hpcoretech\hpcmpmgr.exe"
      > O4 - HKLM\..\Run: [CamMonitor] D:\Program Files\Hewlett-Packard\Digital
      > Imaging\\Unload\hpqcmon.exe
      > O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program
      > Files\CloneCD\ElbyCheck.exe" /L ElbyCDFL
      > O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\CloneCD\CloneCDTray.exe"
      > O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\Hewlett-Packard\HP
      > Software Update\HPWuSchd2.exe"
      > O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch
      > Jukebox\mmtask.exe


      Przyznaję się szczerze i bez bicia, że nie sprawdziłam dalszych dwóch części
      (ale wększość to 018, których masz się pozbyć), w pierwszej nie przyjrzałam
      się running processes bo naprawdę mi sie mieni w oczach:)Zrestartuj komputer,
      zrób nowego logfa i wklej go to może będzie jaśniej i łatwiej.
      • lipolipo Re: Trooojaaanyyyy .... :/ 28.03.05, 17:08
        ja sie nie znam ale zawsze zapytac nie zaszkodzi...
        czy po usunieciu tego Logitecha mysz itp beda pracowac normalnie ? (tzn mx510)
        bo wydaje mi sie ze te sterowniki logitecha niby chronia przed roznymi rodajami
        chorób czy skażen jakie wywołują mysze optyczne (czy cos w tym stylu)
        • neder Re: Trooojaaanyyyy .... :/ 28.03.05, 18:03
          usuń Desktop Messengera - to spyware Logitecha (nie samego Logitecha), jak sie
          boisz, że coś Ci padnie to i na to jest rada- możesz użyć backupu w hijackThis
          (pod warunkiem że masz go w osobnym folderze bo wtedy tworzy takie właśnie
          backupy).

          Co do Twojego pytania o wchodzenie w awaryjny i restart to nie znam odpowiedzi -
          musisz poczekać na odpowiedź kogoś innego.

          PS. na serio usuń DesktopMessengera:)
      • lipolipo Re: Trooojaaanyyyy .... :/ 28.03.05, 18:05
        teraz wyglada tak..

        Logfile of HijackThis v1.99.1
        Scan saved at 18:05:14, on 2005-03-28
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        D:\WINDOWS\System32\smss.exe
        D:\WINDOWS\system32\winlogon.exe
        D:\WINDOWS\system32\services.exe
        D:\WINDOWS\system32\lsass.exe
        D:\WINDOWS\system32\svchost.exe
        D:\WINDOWS\System32\svchost.exe
        D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
        D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        D:\WINDOWS\Explorer.EXE
        D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        D:\WINDOWS\system32\spoolsv.exe
        D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
        D:\WINDOWS\system32\qttask.exe
        E:\Daemon\daemon.exe
        D:\WINDOWS\System32\RUNDLL32.EXE
        D:\Program Files\Logitech\MouseWare\system\em_exec.exe
        D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
        D:\WINDOWS\system32\crypserv.exe
        D:\WINDOWS\System32\nvsvc32.exe
        D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
        D:\Program Files\Internet Optimizer\optimize.exe
        D:\WINDOWS\System32\svchost.exe
        D:\Program Files\Messenger\msmsgs.exe
        D:\WINDOWS\System32\tlntsvr.exe
        E:\steam\steam.exe
        E:\Programy\Gadu-Gadu\gg.exe
        D:\WINDOWS\system32\winlogin.exe
        D:\Program Files\Date Manager\DateManager.exe
        D:\WINDOWS\System32\wuauclt.exe
        D:\WINDOWS\system32\rundll32.exe
        D:\Documents and Settings\lukas.LUKAS-FWYBCO79W\Pulpit\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.onet.pl/
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        D:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -
        D:\WINDOWS\SrchPlug.dll
        O4 - HKLM\..\Run: [SoundMan] soundman.exe
        O4 - HKLM\..\Run: [d68bcc96597e20120d6cf06e44357484] D:\Program Files\Internet
        Explorer\d68bcc96597e20120d6cf06e44357484.exe
        O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
        O4 - HKLM\..\Run: [QuickTime Task] D:\WINDOWS\system32\qttask.exe
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Daemon\daemon.exe" -lang 1033
        O4 - HKLM\..\Run: [BO1HelperStartUp] D:\PROGRA~1\Butterfly Oasis
        Screensaver\BO1Helper.exe /partner BO1
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32
        \NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32
        \NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [ccApp] ""
        O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec
        Shared\Security Center\UsrPrmpt.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01
        \bin\jusched.exe
        O4 - HKLM\..\Run: [Media Access] D:\Program Files\Media Access\MediaAccK.exe
        O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet
        Optimizer\optimize.exe"
        O4 - HKLM\..\Run: [bktmvqx] D:\WINDOWS\bktmvqx.exe
        O4 - HKLM\..\Run: [SysMon] D:\windows\system32\mswkeie32.exe
        O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Steam] "e:\steam\steam.exe" -silent
        O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Programy\Gadu-Gadu\gg.exe" /tray
        O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common
        Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Global Startup: Date Manager.lnk = D:\Program Files\Date
        Manager\DateManager.exe
        O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
        O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        D:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - D:\WINDOWS\web\related.htm
        O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
        static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c293.cab
        O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
        ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
        O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -
        O17 - HKLM\System\CCS\Services\Tcpip\..\{D958298D-C02F-4B5C-AE0A-56B801380FC0}:
        NameServer = 195.117.215.2,212.51.192.2
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
        D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
        D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
        D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINDOWS\SYSTEM32
        \crypserv.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        D:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
        O23 - Service: Power Manager (PowerManager) - Unknown owner -
        D:\WINDOWS\svchost.exe (file missing)
        O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - D:\PROGRA~1
        \COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
        Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program
        Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: StyleXPService - Unknown owner - D:\Program
        Files\TGTSoft\StyleXP\StyleXPService.exe
        O23 - Service: Windows Ethernet (winlog) - Cat Soft - D:\WINDOWS\system32
        \winlogin.exe
        • neder Re: Trooojaaanyyyy .... :/ 28.03.05, 18:49
          No, już troche lepiej:)

          oczywiście wchodzisz w awaryjny- musisz ręcznie usunąć
          > D:\WINDOWS\system32\winlogin.exe
          > D:\Program Files\Common Files\GMT\GMT.exe
          > D:\Program Files\Internet Explorer\d68bcc96597e20120d6cf06e44357484.exe

          Używasz tego?
          > E:\steam\steam.exe -> tu masz opis
          www.auditmypc.com/process/steam.asp -> jak niepotrzebne to też usuwasz

          w HijackThis usuwasz (części juz mam nadzieję nie będzie)

          > O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
          > O3 - Toolbar: Crack Find Search - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -
          > D:\WINDOWS\SrchPlug.dll -> znasz to? nie - usuwasz
          > O4 - HKLM\..\Run: [bktmvqx] D:\WINDOWS\bktmvqx.exe - > to też jakiś syf -
          usuń ten exe ręcznie
          > O4 - HKLM\..\Run: [SysMon] D:\windows\system32\mswkeie32.exe -> jak wyżej
          > O4 - Global Startup: GStartup.lnk = D:\Program Files\Common Files\GMT\GMT.exe
          > O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -
          > O23 - Service: Windows Ethernet (winlog) - Cat Soft - D:\WINDOWS\system32
          > \winlogin.exe

          niepotrzebne
          > O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
          > Office\Office\OSA9.EXE
          > O4 - HKLM\..\Run: [Media Access] D:\Program Files\Media Access\MediaAccK.exe
          > O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

          Restart - i nowy log

          Następna sprawa - masz niezaktualizowany system- jeśli masz oryginalny to
          www.windowsupdate.com
          i z gołym systemem warto by było pamiętać o jakimś firewallu...
          forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=15680234 -> konieczne
          • Gość: lipolipo Re: Trooojaaanyyyy .... :/ IP: *.tvsat364.lodz.pl 28.03.05, 19:15
            taaa steam uzywam...to jest counter strike... :)
            problem w tym ze teraz juz nie moge wejsc w tryb awaryjny ...
            wiem ze jest mozliwosc usuwania plikow nie w trybie awaryjnym ale trzeba cos w
            rejestrze zrobic ...ale nei wiem co :/
            • neder Re: Trooojaaanyyyy .... :/ 28.03.05, 19:19
              w awaryjny możesz też wejść poprzez Start> uruchom> msconfig> BOOT.ini >
              zaznaczasz SAFEBOOT (potem żeby uruchomić komputer w normalnym trybie musisz to
              odznaczyć)
    • lipolipo Re: Trooojaaanyyyy .... :/ 28.03.05, 17:20
      aha i jeszcze jedno...wazne...
      teraz (jeszcze kilka dni temu bylo ok) za kazdym razem gdy wlaczam tryb
      awaryjny to w momencie gdy wybieram konto (win xp - mam 2 konta na tym win) to
      automatycznie jest res kompa... (niezaleznie od tego czy wybieram tryb awartjny
      z obsluga sieci czy bez)
      yyy.... i co z tym moge zrobic ?
    • lipolipo Re: Trooojaaanyyyy .... :/ 28.03.05, 21:02
      loooog .. :)

      Logfile of HijackThis v1.99.1
      Scan saved at 21:00:06, on 2005-03-28
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      D:\WINDOWS\System32\smss.exe
      D:\WINDOWS\system32\winlogon.exe
      D:\WINDOWS\system32\services.exe
      D:\WINDOWS\system32\lsass.exe
      D:\WINDOWS\system32\svchost.exe
      D:\WINDOWS\System32\svchost.exe
      D:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
      D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      D:\WINDOWS\system32\spoolsv.exe
      D:\WINDOWS\system32\crypserv.exe
      D:\WINDOWS\System32\nvsvc32.exe
      D:\WINDOWS\System32\svchost.exe
      D:\WINDOWS\System32\tlntsvr.exe
      D:\WINDOWS\Explorer.EXE
      D:\WINDOWS\system32\qttask.exe
      E:\Daemon\daemon.exe
      D:\WINDOWS\System32\RUNDLL32.EXE
      D:\Program Files\Logitech\MouseWare\system\em_exec.exe
      D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
      D:\Program Files\Internet Optimizer\optimize.exe
      E:\steam\steam.exe
      E:\Programy\Gadu-Gadu\gg.exe
      D:\Program Files\Date Manager\DateManager.exe
      D:\WINDOWS\System32\wuauclt.exe
      D:\Documents and Settings\lukas.LUKAS-FWYBCO79W\Pulpit\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.onet.pl/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
      Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      D:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [SoundMan] soundman.exe
      O4 - HKLM\..\Run: [d68bcc96597e20120d6cf06e44357484] D:\Program Files\Internet
      Explorer\d68bcc96597e20120d6cf06e44357484.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [QuickTime Task] D:\WINDOWS\system32\qttask.exe
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Daemon\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [BO1HelperStartUp] D:\PROGRA~1\Butterfly Oasis
      Screensaver\BO1Helper.exe /partner BO1
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32
      \NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32
      \NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [ccApp] ""
      O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec
      Shared\Security Center\UsrPrmpt.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01
      \bin\jusched.exe
      O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet
      Optimizer\optimize.exe"
      O4 - HKLM\..\Run: [MSConfig]
      D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKLM\..\Run: [SysMon] D:\windows\system32\mswkeie32.exe
      O4 - HKCU\..\Run: [Steam] "e:\steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Programy\Gadu-Gadu\gg.exe" /tray
      O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common
      Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Date Manager.lnk = D:\Program Files\Date
      Manager\DateManager.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
      00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      D:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - D:\WINDOWS\web\related.htm
      O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
      static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c293.cab
      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
      ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{D958298D-C02F-4B5C-AE0A-56B801380FC0}:
      NameServer = 195.117.215.2,212.51.192.2
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
      D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
      D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
      D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Crypkey License - Kenonic Controls Ltd. - D:\WINDOWS\SYSTEM32
      \crypserv.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
      D:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
      O23 - Service: Power Manager (PowerManager) - Unknown owner -
      D:\WINDOWS\svchost.exe (file missing)
      O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - D:\PROGRA~1
      \COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
      Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program
      Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: StyleXPService - Unknown owner - D:\Program
      Files\TGTSoft\StyleXP\StyleXPService.exe
      O23 - Service: Windows Ethernet (winlog) - Unknown owner - D:\WINDOWS\system32
      \winlogin.exe (file missing)
      • neder Re: Trooojaaanyyyy .... :/ 28.03.05, 22:05
        zostało cały czas
        > D:\Program Files\Internet Explorer\d68bcc96597e20120d6cf06e44357484.exe
        > D:\windows\system32\mswkeie32.exe
        nie usuwałeś, czy wróciło?


        no i ten wpis w logu
        > O23 - Service: Windows Ethernet (winlog) - Unknown owner - D:\WINDOWS\system32
        > \winlogin.exe (file missing)
    • neder Re: Trooojaaanyyyy .... :/ 28.03.05, 22:08
      aaa i zapomniałam - przeskanuj CWShreddrem
      www.spychecker.com/program/coolwebshredder.html
      1. Ściągnij , zainstaluj , uruchom .
      2. Kliknij "Fix"
      3. Program spyta czy masz zamknięte przeglądarki , kliknij ok.
      4. Na ewentualne następne pytania zawsze ok.
      5. Jeżeli nie masz aktualnej wersji przed "Fix" kliknij "Check for
      update"
      6. Kliknij "Download and open the update"
      7. Uruchom ściągniętą wersję.
      8. Dalej punkty 2,3,4
    • lipolipo Re: Trooojaaanyyyy .... :/ 28.03.05, 23:20
      a wiec tak..
      ten winlogin (file missing) wraca... :/
      a juz przeskanowalem tamtyk programem i tez jakies dziwne rzeczy powyskakiwaly
      ( w raporcie)
Pełna wersja