Pomocy !

IP: *.chello.pl 08.05.05, 22:30
Szukajac czegos tam ,zainstalowala mi sie strona z naglowkiem CLICK ME ...Za
nic w swiecie nie moge usunac jej z dodaj usun programy jak i z pulpitu,non
stop wraca,probowalem adaware(znalazl 200 szpiegow-co dzien widzial ok 5ciu
max) mks vir znalazl 50 wirow z ktorych nie mogl usunac ok 5ciu,a kasperski
tez nie pomogl bo pokazal plik do ktorego ponoc nie mam dostepu,przywracanie
systemu tez nic nie daje bo jak widnieje komunikat nie zostalo ono za kazdym
razem przeprowadzone pomyslnie..
Czy pozostaje mi tylko juz format komputera ??
    • Gość: Kolobos Re: Pomocy ! IP: *.warszawa.sdi.tpnet.pl 08.05.05, 22:38
      Usuniecie tego to żaden problem.
      Wklej na forum wyniki skanowania z hijackthis:
      www.spychecker.com/program/hijackthis.html


      Ps. Formatuje sie dysk, a nie komputer.
      • Gość: załamany Re: Pomocy ! IP: *.chello.pl 08.05.05, 22:42
        Logfile of HijackThis v1.99.0
        Scan saved at 21:44:25, on 2005-05-08
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
        C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
        C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Program Files\WinRAR\WinRAR.exe
        C:\DOCUME~1\PIETRO~1.PIE\USTAWI~1\Temp\Rar$EX00.156\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.onet.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        R3 - Default URLSearchHook is missing
        F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
        O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital
        Imaging\\Unload\hpqcmon.exe
        O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
        Packard\HP Share-to-Web\hpgs2wnd.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
        Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32
        \spool\drivers\w32x86\3\hpztsb05.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
        \NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
        \NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [firlnin] C:\Documents and Settings\pietro.PIETRO\Ustawienia
        lokalne\Temporary Internet Files\Content.IE5\PR3N5DSE\delf061225[1].exe
        O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\poland.exe -N
        O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
        O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
        O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
        O4 - HKLM\..\Run: [fcizpn] c:\windows\system32\wnutjt.exe
        O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitejke32.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Skype] "C:\Program
        Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1
        \NTXcontext.htm
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
        D:\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} -
        C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
        O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) -
        www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
        O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
        www.cult3d.com/download/cult.cab
        O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
        poczta.wp.pl/autoryzacja/mailcfg.ocx
        O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
        Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
        O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
        80.51.123.131/activex/AxisCamControl.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
        www.pandasoftware.es/activescan/as/asinst.cab
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
        C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: System Startup Service - Unknown - C:\WINDOWS\svcproc.exe (file
        missing)

        Logfile of HijackThis v1.99.1
        Scan saved at 22:42:04, on 2005-05-08
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
        C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
        C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\WinRAR\WinRAR.exe
        C:\DOCUME~1\PIETRO~1.PIE\USTAWI~1\Temp\Rar$EX00.890\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.onet.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        R3 - Default URLSearchHook is missing
        F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
        O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital
        Imaging\\Unload\hpqcmon.exe
        O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
        Packard\HP Share-to-Web\hpgs2wnd.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
        Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32
        \spool\drivers\w32x86\3\hpztsb05.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
        \NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
        \NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [firlnin] C:\Documents and Settings\pietro.PIETRO\Ustawienia
        lokalne\Temporary Internet Files\Content.IE5\PR3N5DSE\delf061225[1].exe
        O4 - HKLM\..\Run: [HELPER] C:
        • Gość: Kolobos Re: Pomocy ! IP: *.icm.edu.pl / *.icm.edu.pl 09.05.05, 17:27
          Sciagasz:
          www.downloads.subratam.org/KillBox.zip
          Uruchamiasz windows w trybie awaryjnym (F5 lub F8 przy starcie systemu)

          W hijackthis usuwasz te wpisy:

          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          R3 - Default URLSearchHook is missing
          F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
          O4 - HKLM\..\Run: [firlnin] C:\Documents and Settings\pietro.PIETRO\Ustawienia
          lokalne\Temporary Internet Files\Content.IE5\PR3N5DSE\delf061225[1].exe
          O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\poland.exe -N
          O4 - HKLM\..\Run: [Uninstall_WinTools] C:\WINDOWS\Temp\WTuninst.exe /remove
          O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
          O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exe
          O4 - HKLM\..\Run: [fcizpn] c:\windows\system32\wnutjt.exe
          O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitejke32.exe
          O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1
          \NTXcontext.htm
          O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} -
          C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)
          O23 - Service: System Startup Service - Unknown - C:\WINDOWS\svcproc.exe (file
          missing)

          I Fix Checked, nastenie uruchom killbox zaznacz Delete file on reboot wklej
          sciezke do pliku (sam/a nie szukaj tylko wklejaj gotowa) i naciskaj czerwony
          przycisk ale na pytanie o reset odpowiadaj nie i tak zrob z tymi plikami:

          C:\windows\system32\elitejke32.exe
          c:\windows\system32\wnutjt.exe
          C:\WINDOWS\Nail.exe
          C:\Documents and Settings\pietro.PIETRO\Ustawienia
          lokalne\Temporary Internet Files\Content.IE5\PR3N5DSE\delf061225[1].exe
          C:\WINDOWS\system32\poland.exe
          C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
          C:\WINDOWS\system32\picsvr\picsvr.exe

          Nastepnie reset i wklej nowy log z hijackthis.
          • Gość: p Re: Pomocy ! IP: *.chello.pl 09.05.05, 17:36
            Czy hijack uruchamiam podczas trybu awaryjnego ??
            I co zrobic z funkcja przywracania systemu ?
            • Gość: Kolobos Re: Pomocy ! IP: *.icm.edu.pl / *.icm.edu.pl 09.05.05, 17:41
              Wszystko robisz w trybie awaryjnym, a z przywracaniem nic nie rob.
      • Gość: Do kolobos Re: Pomocy ! IP: *.chello.pl 09.05.05, 17:03
        Mozesz zajrzec na moj log ??
        • Gość: p Re: Pomocy ! IP: *.chello.pl 09.05.05, 18:03
          Logfile of HijackThis v1.99.0
          Scan saved at 18:01:55, on 2005-05-09
          Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\SYSTEM32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.exe
          C:\WINDOWS\system32\nvsvc32.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
          C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
          C:\Program Files\Common Files\Real\Update_OB\realsched.exe
          C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
          C:\WINDOWS\SOUNDMAN.EXE
          C:\Program Files\Winamp\winampa.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Skype\Phone\Skype.exe
          C:\Program Files\Gadu-Gadu\gg.exe
          C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
          C:\WINDOWS\system32\wscntfy.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\WinRAR\WinRAR.exe
          C:\DOCUME~1\PIETRO~1.PIE\USTAWI~1\Temp\Rar$EX00.126\HijackThis.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.onet.pl/
          F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
          O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital
          Imaging\\Unload\hpqcmon.exe
          O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
          Packard\HP Share-to-Web\hpgs2wnd.exe
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
          Files\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32
          \spool\drivers\w32x86\3\hpztsb05.exe
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
          \NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
          \NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
          O4 - HKLM\..\Run: [firlnin] C:\Documents and Settings\pietro.PIETRO\Ustawienia
          lokalne\Temporary Internet Files\Content.IE5\PR3N5DSE\delf061225[1].exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [Skype] "C:\Program
          Files\Skype\Phone\Skype.exe" /nosplash /minimized
          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
          O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
          res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
          D:\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
          C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
          00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) -
          www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
          O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
          www.cult3d.com/download/cult.cab
          O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
          poczta.wp.pl/autoryzacja/mailcfg.ocx
          O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
          Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
          O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
          80.51.123.131/activex/AxisCamControl.cab
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
          www.pandasoftware.es/activescan/as/asinst.cab
          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
          skaner.mks.com.pl/SkanerOnline.cab
          O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
          C:\WINDOWS\system32\nvsvc32.exe
          O23 - Service: System Startup Service - Unknown - C:\WINDOWS\svcproc.exe (file
          missing)

          • Gość: Kolobos Re: Pomocy ! IP: *.icm.edu.pl / *.icm.edu.pl 09.05.05, 18:11
            Znowu tryb awaryjny, w hijackthis to:
            F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
            O4 - HKLM\..\Run: [firlnin] C:\Documents and Settings\pietro.PIETRO\Ustawienia
            lokalne\Temporary Internet Files\Content.IE5\PR3N5DSE\delf061225[1].exe
            O23 - Service: System Startup Service - Unknown - C:\WINDOWS\svcproc.exe (file
            missing)

            I Fix Checked.

            Killboxem to:
            C:\WINDOWS\Nail.exe

            To jest jedna linijka, tylko sie zlamala:
            C:\Documents and Settings\pietro.PIETRO\Ustawienia
            lokalne\Temporary Internet Files\Content.IE5\PR3N5DSE\delf061225[1].exe

            A nastepnie w killboxie w tools wybierz tez delete temp files.

            Wklej tez log z:
            www.silentrunners.org/Silent%20Runners.vbs
            tez zrobiony w trybie awaryjnym.
    • Gość: p Re: Pomocy ! IP: *.chello.pl 09.05.05, 18:32
      Logfile of HijackThis v1.99.0
      Scan saved at 18:31:02, on 2005-05-09
      Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\SYSTEM32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\WinRAR\WinRAR.exe
      C:\DOCUME~1\PIETRO~1.PIE\USTAWI~1\Temp\Rar$EX00.687\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.onet.pl/
      O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital
      Imaging\\Unload\hpqcmon.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
      Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
      Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32
      \spool\drivers\w32x86\3\hpztsb05.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
      \NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32
      \NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program
      Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
      D:\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
      00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) -
      www.smilecam.com/home/ezwebcam/eng5/common/AXWebMonProj1.cab
      O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
      www.cult3d.com/download/cult.cab
      O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
      poczta.wp.pl/autoryzacja/mailcfg.ocx
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
      Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
      80.51.123.131/activex/AxisCamControl.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
      www.pandasoftware.es/activescan/as/asinst.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
      C:\WINDOWS\system32\nvsvc32.exe

      Nie denerwuj sie jesli cos zrobilem nie tak !!"Silent Runners.vbs", revision
      36, www.silentrunners.org/
      Operating System: Windows XP SP2
      Output limited to non-default values, except where indicated by "{++}"


      Startup items buried in registry:
      ---------------------------------

      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
      "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
      "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
      "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized"
      ["Skype Technologies S.A."]
      "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]

      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
      "CamMonitor" = "C:\Program Files\Hewlett-Packard\Digital
      Imaging\\Unload\hpqcmon.exe" [empty string]
      "Share-to-Web Namespace Daemon" = "C:\Program Files\Hewlett-Packard\HP Share-to-
      Web\hpgs2wnd.exe" ["Hewlett-Packard"]
      "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -
      osboot" ["RealNetworks, Inc."]
      "HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3
      \hpztsb05.exe" ["HP"]
      "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
      "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
      "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
      "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
      [MS]
      "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
      "firlnin" = "C:\Documents and Settings\pietro.PIETRO\Ustawienia
      lokalne\Temporary Internet Files\Content.IE5\PR3N5DSE\delf061225[1].exe" [file
      not found]

      HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
      "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
      wyświetlania"
      -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
      "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
      -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll"
      ["Hilgraeve, Inc."]
      "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
      -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
      [null data]
      "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
      -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne
      Player\rpshell.dll" ["RealNetworks, Inc."]
      "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
      -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
      "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
      -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
      "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
      -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll"
      ["NVIDIA Corporation"]
      "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
      -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll"
      ["NVIDIA Corporation"]
      "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
      -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll"
      ["NVIDIA Corporation"]
      "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
      -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshel
      • Gość: Kolobos Re: Pomocy ! IP: *.icm.edu.pl / *.icm.edu.pl 09.05.05, 18:47
        Wyglada juz ok.
Pełna wersja