Dodaj do ulubionych

prosze, sprawdzie loga i poradzcie co zrobic

IP: *.internetdsl.tpnet.pl 31.03.05, 17:20
Logfile of HijackThis v1.99.1
Scan saved at 17:18:54, on 2005-03-31
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0
\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\ntddetect.exe
C:\WINDOWS\System32\Cff.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ttoe.exe
C:\WINDOWS\System32\j?vaw.exe
C:\WINDOWS\System32\dev32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\Toolbar\PIB.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pipa\Ustawienia lokalne\Temporary Internet
Files\Content.IE5\TDFLR17I\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
www.websearch.com/ie.aspx?tb_id=50162
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.gazeta.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
www.websearch.com/ie.aspx?tb_id=50162
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
www.websearch.com/ie.aspx?tb_id=50162
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no
file)
O2 - BHO: (no name) - {1CE21996-8D5C-84DB-7FB6-F32D16A9F8EF} -
C:\WINDOWS\System32\kepouukh.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1
\Toolbar\toolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} -
C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0
\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0
\hpbpsttp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password
Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\Run: [Vgp] C:\WINDOWS\System32\Loo.exe
O4 - HKLM\..\Run: [Dgs] C:\WINDOWS\System32\Cff.exe
O4 - HKLM\..\Run: [Mju] C:\WINDOWS\System32\Ivp.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Qjo] C:\WINDOWS\Emm.exe
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Otb] C:\WINDOWS\System32\Lij.exe
O4 - HKLM\..\Run: [Eqf] C:\WINDOWS\System32\Pcl.exe
O4 - HKLM\..\Run: [Ivn] C:\WINDOWS\System32\Nkh.exe
O4 - HKLM\..\Run: [Aqm] C:\WINDOWS\System32\Lcl.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec
Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - HKCU\..\Run: [Doj] C:\WINDOWS\System32\Qja.exe
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c11.cab
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) -
67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
poczta.wp.pl/4/mailcfg.ocx
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) -
67.15.101.3/g_bin/pl/boards_2_0_0_19.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) -
67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -
iframedollars.biz/tb/loader2.ocx
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) -
67.15.101.3/g_bin/pl/domino_2_0_0_22.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) -
67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) -
67.15.101.3/g_bin/pl/soccer_2_0_0_7.cab
Obserwuj wątek
    • Gość: Kolobos Re: prosze, sprawdzie loga i poradzcie co zrobic IP: *.warszawa.sdi.tpnet.pl 31.03.05, 17:32
      Odinstaluj w dodaj-usun programy to:
      Media Access

      Teraz bedzie trzeba zabic pare rzeczy :-)

      Sciagnij:
      www.downloads.subratam.org/KillBox.zip
      uruchom, zaznacz delete on reboot i wklej do niego sciezki do tych plikow:
      C:\WINDOWS\System32\kepouukh.dll
      C:\WINDOWS\System32\gah95on6.exe
      C:\PROGRA~1Toolbar\toolbar.dll
      C:\WINDOWS\System32\ntddetect.exe
      C:\WINDOWS\System32\Loo.exe
      C:\WINDOWS\System32\Cff.exe
      C:\WINDOWS\System32\Ivp.exe
      C:\PROGRA~1\Toolbar\TBPS.exe
      C:\WINDOWS\Emm.exe
      C:\WINDOWS\System32\Lij.exe
      C:\WINDOWS\System32\Pcl.exe
      C:\WINDOWS\System32\Nkh.exe
      C:\WINDOWS\System32\Lcl.exe
      C:\WINDOWS\System32\Qja.exe

      Po wklejeniu kazdego pliku naciskaj czerwony przycisk z X'em ale wybieraj ze
      nie chcesz zresetowac, dopiero jak dodasz wszystkie to wybierze ze chcesz
      zresetowac :-)


      Nastenie uruchom hijackthis i zaznacz te wpisy:

      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      > www.websearch.com/ie.aspx?tb_id=50162
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
      > www.websearch.com/ie.aspx?tb_id=50162
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
      > res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      > www.websearch.com/ie.aspx?tb_id=50162
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      > res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      > R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
      > file)
      > R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no
      > file)
      > O2 - BHO: (no name) - {1CE21996-8D5C-84DB-7FB6-F32D16A9F8EF} -
      > C:\WINDOWS\System32\kepouukh.dll
      > O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1
      > \Toolbar\toolbar.dll
      > O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
      > O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} -
      > C:\PROGRA~1\Toolbar\toolbar.dll
      > O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
      > O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
      > O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
      > O4 - HKLM\..\Run: [Vgp] C:\WINDOWS\System32\Loo.exe
      > O4 - HKLM\..\Run: [Dgs] C:\WINDOWS\System32\Cff.exe
      > O4 - HKLM\..\Run: [Mju] C:\WINDOWS\System32\Ivp.exe
      > O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
      > O4 - HKLM\..\Run: [Qjo] C:\WINDOWS\Emm.exe
      > O4 - HKLM\..\Run: [Otb] C:\WINDOWS\System32\Lij.exe
      > O4 - HKLM\..\Run: [Eqf] C:\WINDOWS\System32\Pcl.exe
      > O4 - HKLM\..\Run: [Ivn] C:\WINDOWS\System32\Nkh.exe
      > O4 - HKLM\..\Run: [Aqm] C:\WINDOWS\System32\Lcl.exe
      > O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
      > O4 - HKCU\..\Run: [Doj] C:\WINDOWS\System32\Qja.exe
      > O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
      > O15 - Trusted IP range: 213.159.117.202
      > O15 - Trusted IP range: 213.159.117.202 (HKLM)
      > O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
      > static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c11.cab
      > O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -
      > iframedollars.biz/tb/loader2.ocx

      I nacisnij Fix Checked, nastepnie reset i wklej nowy log.
      • Gość: ew Re: prosze, sprawdzie loga i poradzcie co zrobic IP: *.internetdsl.tpnet.pl 31.03.05, 18:20
        wykonalam wszystko, teraz jest tak:

        Logfile of HijackThis v1.99.1
        Scan saved at 18:18:23, on 2005-03-31
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0
        \webapps\Toolbox\StatusClient\StatusClient.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
        C:\WINDOWS\System32\RUNDLL32.EXE
        C:\WINDOWS\Lqe.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\System32\ntddetect.exe
        C:\WINDOWS\System32\ttoe.exe
        C:\WINDOWS\System32\j?vaw.exe
        C:\WINDOWS\System32\dev32.exe
        C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
        C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
        C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
        C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
        C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
        C:\WINDOWS\System32\wuauclt.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Documents and Settings\pipa\Ustawienia lokalne\Temporary Internet
        Files\Content.IE5\TDFLR17I\HijackThis[1].exe

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        www.websearch.com/ie.aspx?tb_id=50162
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
        \SPYBOT~1\SDHelper.dll
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
        Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
        O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
        C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0
        \Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
        O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0
        \hpbpsttp.exe
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
        Shared\ccApp.exe"
        O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password
        Manager\AcctMgr.exe /startup
        O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
        \NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
        \NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [MSConfig]
        C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
        O4 - HKLM\..\Run: [Mkg] C:\WINDOWS\Lqe.exe
        O4 - HKLM\..\Run: [Vqd] C:\WINDOWS\System32\Tnf.exe
        O4 - HKLM\..\Run: [Fbd] C:\WINDOWS\System32\Mls.exe
        O4 - HKLM\..\Run: [Fat] C:\WINDOWS\System32\Qvs.exe
        O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
        O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec
        Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
        O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office10\OSA.EXE
        O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) -
        67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
        O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
        poczta.wp.pl/4/mailcfg.ocx
        O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) -
        67.15.101.3/g_bin/pl/boards_2_0_0_19.cab
        O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) -
        67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
        O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
        a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
        O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) -
        67.15.101.3/g_bin/pl/domino_2_0_0_22.cab
        O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) -
        67.15.101.3/g_bin/pl/words_2_0_0_36.cab
        O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) -
        67.15.101.3/g_bin/pl/soccer_2_0_0_7.cab
        O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
        67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
        O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1
        \Toolbar\toolbar.dll
        O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program
        Files\wpkontakt\url_wpmsg.dll
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
        C:\WINDOWS\System32\dev32.exe
        O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) -
        Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
        Antivirus\navapsvc.exe
        O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
        Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
        O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
        SystemWorks\Norton Antivirus\SAVScan.exe
        O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
        C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
        Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1
        \NORTON~2\SPEEDD~1\NOPDB.EXE

        • kolobos1 Re: prosze, sprawdzie loga i poradzcie co zrobic 31.03.05, 18:42
          Chyba jednak nie wszystko zostalo skasowane bo wszystko wyglada prawie tak samo.

          Sciagnij CWS Shredder:
          cwshredder.net/bin/CWShredder.exe
          Zamknij wszystkie okna przegladarki i przeskanuj system.

          Usun te wpisy w hijackthis:

          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          www.websearch.com/ie.aspx?tb_id=50162

          To najpierw odinstaluj w dodaj usun programy:
          O4 - HKLM\..\Run: [MSConfig]
          C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

          Te pliki usun z dysku killbox'em tak jak wczesniej, a nastepnie zaznacz w
          hijackthis:

          O4 - HKLM\..\Run: [Mkg] C:\WINDOWS\Lqe.exe
          O4 - HKLM\..\Run: [Vqd] C:\WINDOWS\System32\Tnf.exe
          O4 - HKLM\..\Run: [Fbd] C:\WINDOWS\System32\Mls.exe
          O4 - HKLM\..\Run: [Fat] C:\WINDOWS\System32\Qvs.exe
          O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
          O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
          O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
          O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~
          \Toolbar\toolbar.dll
          O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
          C:\WINDOWS\System32\dev32.exe

          I nacisnij Fix Checked, ale najpierw potraktuj killbox'em te pliki, ktore
          wymienilem.

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka