Bardzo proszę o sprawdzenie Hijack

IP: *.autocom.pl 09.05.05, 20:02
Logfile of HijackThis v1.99.1
Scan saved at 19:56:44, on 2005-05-09
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\temp\salm.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\gah95on6.exe
C:\Program Files\Xlbdkt\Luyd.exe
C:\WINDOWS\system32\urlmps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\umpfg32.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\WinRAR\WinRAR.exe
E:\log\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.gazeta.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINDOWS\nem220.dll
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program
Files\CxtPls\plg0\cxtpls.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program
Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-
A37C9A5676A7} - C:\Program Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-
3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01
\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP
Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32
\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [inopqpqb] C:\WINDOWS\inopqpqb.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKLM\..\Run: [Mcyyi] C:\Program Files\Xlbdkt\Luyd.exe
O4 - HKLM\..\Run: [3smT3sS] urlmps.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IB53RiemW] umpfg32.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry
Cleaner\RegClean.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/CDT/ie/bridge-c18.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
www.errorguard.com/installation/Install.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
static.topconverting.com/activex/website.ocx
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) -
www.180searchassistant.com/180saax.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Comm
    • Gość: Kolobos Re: Bardzo proszę o sprawdzenie Hijack IP: *.icm.edu.pl / *.icm.edu.pl 09.05.05, 20:27
      W hijackthis zaznacz to:

      R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
      file)
      O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
      C:\WINDOWS\nem220.dll
      O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program
      Files\CxtPls\plg0\cxtpls.dll
      O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
      Files\MyWay\myBar\1.bin\MYBAR.DLL
      O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
      C:\WINDOWS\system32\msbe.dll
      O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
      C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
      O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-
      3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
      O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
      O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
      O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
      Optimizer\optimize.exe"
      O4 - HKLM\..\Run: [inopqpqb] C:\WINDOWS\inopqpqb.exe
      O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
      Network\bin\bargains.exe
      O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
      O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
      O4 - HKLM\..\Run: [Mcyyi] C:\Program Files\Xlbdkt\Luyd.exe
      O4 - HKLM\..\Run: [3smT3sS] urlmps.exe
      O4 - HKCU\..\Run: [IB53RiemW] umpfg32.exe
      O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
      static.windupdates.com/cab/CDT/ie/bridge-c18.cab
      O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
      www.errorguard.com/installation/Install.cab
      O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
      static.topconverting.com/activex/website.ocx
      O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) -
      www.180searchassistant.com/180saax.cab

      I Fix Checked, nastepnie sciagnij:
      www.downloads.subratam.org/KillBox.zip
      Rozpakuj, zaznacz Delete file on reboot wklej sciezke do plikow po jednym z
      tych, ktore podalem z hijackthis (te exe i dll) i naciskaj czerwony przycisk
      ale nie resetuj, tak zrob ze wszystkimi, ktore podalem.

      Po wszystkim reset i wklej nowy log z hijackthis.
      • Gość: Żaba Re: Bardzo proszę o sprawdzenie Hijack IP: *.autocom.pl 09.05.05, 21:35
        Wszystko zrobiłam , a to nowy Hijack:

        Logfile of HijackThis v1.99.1
        Scan saved at 21:33:12, on 2005-05-09
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        D:\Program Files\Norton Internet Security\ISSVC.exe
        C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
        C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
        C:\Program Files\Media Access\MediaAccK.exe
        C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Media Access\MediaAccess.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\WINDOWS\system32\wuauclt.exe
        E:\log\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.gazeta.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
        C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program
        Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
        O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-
        A37C9A5676A7} - C:\Program Files\Common Files\Symantec
        Shared\AdBlocking\NISShExt.dll
        O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
        D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
        Shared\ccApp.exe"
        O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01
        \bin\jusched.exe
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP
        Software Update\HPWuSchd.exe
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32
        \spool\drivers\w32x86\3\hpztsb08.exe
        O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
        Imaging\bin\hpotdd01.exe
        O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
        O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [Skype] "C:\Program
        Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry
        Cleaner\RegClean.exe"
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
        O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
        C:\Program Files\IrfanView\Ebay\Ebay.htm
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
        www.bph.pl/pi/components/SignActivX.cab
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: hpdj - HP - C:\Profiles\Boss\USTAWI~1\Temp\hpdj.exe
        O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Program Files\Norton
        Internet Security\ISSVC.exe
        O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
        Corporation - D:\Program Files\Norton Internet Security\Norton
        AntiVirus\navapsvc.exe
        O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton
        Internet Security\Norton AntiVirus\SAVScan.exe
        O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
        C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
        Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
        Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
        Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

        • Gość: Kolobos Re: Bardzo proszę o sprawdzenie Hijack IP: *.icm.edu.pl / *.icm.edu.pl 09.05.05, 21:57
          Odinstaluj jeszcze ErrorGuard oraz Media Access

          W hijackthis to:
          O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
          O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
          O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

          Killboxem to:
          C:\Program Files\Media Access\MediaAccK.exe

          Po resecie usun caly katalog:
          C:\Program Files\Media Access\

          I wklej nowy log z hijackthis.
          • Gość: Żaba Re: Bardzo proszę o sprawdzenie Hijack IP: *.autocom.pl 09.05.05, 22:16
            I nowy Hijack:
            Logfile of HijackThis v1.99.1
            Scan saved at 22:14:56, on 2005-05-09
            Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
            C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            D:\Program Files\Norton Internet Security\ISSVC.exe
            C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
            C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
            C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
            C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
            C:\Program Files\Winamp\winampa.exe
            C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
            C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
            C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
            C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
            E:\log\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.gazeta.pl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
            O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
            C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
            O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program
            Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
            O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-
            A37C9A5676A7} - C:\Program Files\Common Files\Symantec
            Shared\AdBlocking\NISShExt.dll
            O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
            D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
            Shared\ccApp.exe"
            O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
            O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
            O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01
            \bin\jusched.exe
            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP
            Software Update\HPWuSchd.exe
            O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32
            \spool\drivers\w32x86\3\hpztsb08.exe
            O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
            Imaging\bin\hpotdd01.exe
            O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            O4 - HKCU\..\Run: [Skype] "C:\Program
            Files\Skype\Phone\Skype.exe" /nosplash /minimized
            O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry
            Cleaner\RegClean.exe"
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office10\OSA.EXE
            O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
            res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
            00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
            O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
            C:\Program Files\IrfanView\Ebay\Ebay.htm
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
            C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
            00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
            O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
            www.bph.pl/pi/components/SignActivX.cab
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
            C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
            C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
            O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
            C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
            C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            O23 - Service: hpdj - HP - C:\Profiles\Boss\USTAWI~1\Temp\hpdj.exe
            O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Program Files\Norton
            Internet Security\ISSVC.exe
            O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
            Corporation - D:\Program Files\Norton Internet Security\Norton
            AntiVirus\navapsvc.exe
            O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton
            Internet Security\Norton AntiVirus\SAVScan.exe
            O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
            C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
            O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
            Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
            O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
            Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
            O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
            Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
            • Gość: Kolobos Re: Bardzo proszę o sprawdzenie Hijack IP: *.icm.edu.pl / *.icm.edu.pl 10.05.05, 00:09
              Po co wklejasz skoro dalej jest:
              O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
              Jak juz usuniesz to mozesz wklejac, a tak nie ma sensu.

              Wpis w hijackthis, a plik killbox'em nastepnie kasacja katalogu po resecie
              przeciez napisalem.
              • Gość: Żaba Re: Bardzo proszę o sprawdzenie Hijack IP: *.autocom.pl 10.05.05, 21:16
                Przepraszam, dopiero zauważyłam to jak już wysłałam i dzięki za cierpliwość.
                A to nowy Hijack:

                Logfile of HijackThis v1.99.1
                Scan saved at 21:03:56, on 2005-05-10
                Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\Explorer.EXE
                C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                D:\Program Files\Norton Internet Security\ISSVC.exe
                C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
                C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                C:\Program Files\Winamp\winampa.exe
                C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
                C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
                C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
                C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\Messenger\msmsgs.exe
                C:\Program Files\Gadu-Gadu\gg.exe
                E:\log\HijackThis.exe
                C:\WINDOWS\system32\wuauclt.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                www.gazeta.pl/
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
                O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
                C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program
                Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-
                A37C9A5676A7} - C:\Program Files\Common Files\Symantec
                Shared\AdBlocking\NISShExt.dll
                O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
                D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
                Shared\ccApp.exe"
                O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
                O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01
                \bin\jusched.exe
                O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP
                Software Update\HPWuSchd.exe
                O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32
                \spool\drivers\w32x86\3\hpztsb08.exe
                O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
                Imaging\bin\hpotdd01.exe
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                O4 - HKCU\..\Run: [Skype] "C:\Program
                Files\Skype\Phone\Skype.exe" /nosplash /minimized
                O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry
                Cleaner\RegClean.exe"
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                Office\Office10\OSA.EXE
                O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
                C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
                00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
                O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
                C:\Program Files\IrfanView\Ebay\Ebay.htm
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
                00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
                www.bph.pl/pi/components/SignActivX.cab
                O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
                C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
                C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
                C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
                C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                O23 - Service: hpdj - HP - C:\Profiles\Boss\USTAWI~1\Temp\hpdj.exe
                O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Program Files\Norton
                Internet Security\ISSVC.exe
                O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
                Corporation - D:\Program Files\Norton Internet Security\Norton
                AntiVirus\navapsvc.exe
                O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton
                Internet Security\Norton AntiVirus\SAVScan.exe
                O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
                C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
                O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
                Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
                Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
                O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
                Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                • Gość: Kolobos Re: Bardzo proszę o sprawdzenie Hijack IP: *.warszawa.sdi.tpnet.pl 10.05.05, 22:28
                  Wyglada ok :-)
                  • Gość: Żaba Re: Bardzo proszę o sprawdzenie Hijack IP: *.autocom.pl 10.05.05, 22:48
                    Dziękuje za pomoc !!!
Pełna wersja