moge prosic o sprawdzenie?

IP: *.tvgawex.pl 23.06.05, 19:03
Logfile of HijackThis v1.99.1
Scan saved at 19:01:30, on 2005-06-23
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\System32\paytime.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Programy\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Madzia\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
195.95.218.172/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe init32m.exe
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pi..to.biz
O1 - Hosts: 127.0.0.3 pi..to.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
O1 - Hosts: 127.0.0.3 sp2fucked.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.com
O1 - Hosts: 127.0.0.3 iframeprofit.com
O1 - Hosts: 127.0.0.3 www.iframeprofit.com
O1 - Hosts: 127.0.0.3 topsearch10.com
O1 - Hosts: 127.0.0.3 www.topsearch10.com
O1 - Hosts: 127.0.0.3 statscash.biz
O1 - Hosts: 127.0.0.3 www.statscash.biz
O1 - Hosts: 127.0.0.3 vxiframe.biz
O1 - Hosts: 127.0.0.3 www.vxiframe.biz
O1 - Hosts: 127.0.0.3 crazy-toolbar.com
O1 - Hosts: 127.0.0.3 www.crazy-toolbar.com
O1 - Hosts: 127.0.0.3 topcash.biz
O1 - Hosts: 127.0.0.3 www.topcash.biz
O1 - Hosts: 127.0.0.3 loadcash.biz
O1 - Hosts: 127.0.0.3 www.loadcash.biz
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Windows Update System Shell] svhostcs32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINTASKS] taskgmr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01
\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\RunServices: [Windows Update System Shell] svhostcs32.exe
O4 - HKLM\..\RunServices: [WINTASKS] taskgmr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Update System Shell] svhostcs32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WINTASKS] taskgmr.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O21 - SSODL: DEEGBJ0F - {69865BA1-0B3C-7616-6635-6AC16993662D} -
C:\WINDOWS\System32\Nakiikeg.dll
O21 - SSODL: mtklefa - {0AAADBAE-B0BA-44DF-CC87-074016D2C924} -
C:\WINDOWS\System32\wesxye32.dll (file missing)
O21 - SSODL: SvcSys - {F65FBC7F-3E01-4F90-8D9C-7A819A752556} - svcsys.dll
(file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\Syste
    • Gość: Kolobos Re: moge prosic o sprawdzenie? IP: *.warszawa.sdi.tpnet.pl 23.06.05, 19:14
      Znowu brak aktualizacji.. do tego syf spowodowany ich brakiem eh.

      Uzyj tego:
      www.firewallleaktester.com/tools/wwdc.exe zamknij porty
      Przeskanuj tym:
      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
      I usun wszystko co znajdzie.

      Odinstaluj nortona nie mozna miec dwoch antyvirusow!

      W hijackthis kasujesz te wpisy: (tylko te)

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      195.95.218.172/index.php
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      195.95.218.172/index.php
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      195.95.218.172/index.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      195.95.218.172/index.php
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      195.95.218.172/index.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      195.95.218.172/index.php
      F2 - REG:system.ini: Shell=Explorer.exe init32m.exe
      O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
      O1 - Hosts: 127.0.0.3 x.full-tgp.net
      O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
      O1 - Hosts: 127.0.0.3 autoescrowpay.com
      O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
      O1 - Hosts: 127.0.0.3 www.awmdabest.com
      O1 - Hosts: 127.0.0.3 www.sexfiles.nu
      O1 - Hosts: 127.0.0.3 awmdabest.com
      O1 - Hosts: 127.0.0.3 sexfiles.nu
      O1 - Hosts: 127.0.0.3 allforadult.com
      O1 - Hosts: 127.0.0.3 www.allforadult.com
      O1 - Hosts: 127.0.0.3 www.iframe.biz
      O1 - Hosts: 127.0.0.3 iframe.biz
      O1 - Hosts: 127.0.0.3 www.newiframe.biz
      O1 - Hosts: 127.0.0.3 newiframe.biz
      O1 - Hosts: 127.0.0.3 www.vesbiz.biz
      O1 - Hosts: 127.0.0.3 vesbiz.biz
      O1 - Hosts: 127.0.0.3 www.pi..to.biz
      O1 - Hosts: 127.0.0.3 pi..to.biz
      O1 - Hosts: 127.0.0.3 www.aaasexypics.com
      O1 - Hosts: 127.0.0.3 aaasexypics.com
      O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
      O1 - Hosts: 127.0.0.3 virgin-tgp.net
      O1 - Hosts: 127.0.0.3 www.awmcash.biz
      O1 - Hosts: 127.0.0.3 awmcash.biz
      O1 - Hosts: 127.0.0.3 buldog-stats.com
      O1 - Hosts: 127.0.0.3 www.buldog-stats.com
      O1 - Hosts: 127.0.0.3 fregat.drocherway.com
      O1 - Hosts: 127.0.0.3 slutmania.biz
      O1 - Hosts: 127.0.0.3 www.slutmania.biz
      O1 - Hosts: 127.0.0.3 toolbarpartner.com
      O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
      O1 - Hosts: 127.0.0.3 www.megapornix.com
      O1 - Hosts: 127.0.0.3 megapornix.com
      O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
      O1 - Hosts: 127.0.0.3 sp2fucked.biz
      O1 - Hosts: 127.0.0.3 greg-tut.com
      O1 - Hosts: 127.0.0.3 www.greg-tut.com
      O1 - Hosts: 127.0.0.3 nylonsexy.com
      O1 - Hosts: 127.0.0.3 www.nylonsexy.com
      O1 - Hosts: 127.0.0.3 vparivalka.com
      O1 - Hosts: 127.0.0.3 www.vparivalka.com
      O1 - Hosts: 127.0.0.3 iframeprofit.com
      O1 - Hosts: 127.0.0.3 www.iframeprofit.com
      O1 - Hosts: 127.0.0.3 topsearch10.com
      O1 - Hosts: 127.0.0.3 www.topsearch10.com
      O1 - Hosts: 127.0.0.3 statscash.biz
      O1 - Hosts: 127.0.0.3 www.statscash.biz
      O1 - Hosts: 127.0.0.3 vxiframe.biz
      O1 - Hosts: 127.0.0.3 www.vxiframe.biz
      O1 - Hosts: 127.0.0.3 crazy-toolbar.com
      O1 - Hosts: 127.0.0.3 www.crazy-toolbar.com
      O1 - Hosts: 127.0.0.3 topcash.biz
      O1 - Hosts: 127.0.0.3 www.topcash.biz
      O1 - Hosts: 127.0.0.3 loadcash.biz
      O1 - Hosts: 127.0.0.3 www.loadcash.biz
      O4 - HKLM\..\Run: [Windows Update System Shell] svhostcs32.exe
      O4 - HKLM\..\Run: [WINTASKS] taskgmr.exe
      O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
      O4 - HKLM\..\RunServices: [Windows Update System Shell] svhostcs32.exe
      O4 - HKLM\..\RunServices: [WINTASKS] taskgmr.exe
      O4 - HKCU\..\Run: [Windows Update System Shell] svhostcs32.exe
      O4 - HKCU\..\Run: [WINTASKS] taskgmr.exe
      O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
      O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
      O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O21 - SSODL: DEEGBJ0F - {69865BA1-0B3C-7616-6635-6AC16993662D} -
      C:\WINDOWS\System32\Nakiikeg.dll
      O21 - SSODL: mtklefa - {0AAADBAE-B0BA-44DF-CC87-074016D2C924} -
      C:\WINDOWS\System32\wesxye32.dll (file missing)
      O21 - SSODL: SvcSys - {F65FBC7F-3E01-4F90-8D9C-7A819A752556} - svcsys.dll
      (file missing)

      Nastepnie po resecie usuwasz z dysku:

      C:\WINDOWS\System32\init32m.exe
      C:\WINDOWS\System32\svhostcs32.exe
      C:\WINDOWS\System32\taskgmr.exe
      C:\winstall.exe
      C:\WINDOWS\System32\paytime.exe
      C:\WINDOWS\System32\win32.exe
      C:\WINDOWS\System32\Nakiikeg.dll

      Przeskanuj tez system tym:
      housecall.trendmicro.com/housecall/start_corp.asp
      www.windowsecurity.com/trojanscan/
      www.pandasoftware.com/activescan/pol/activescan_principal.htm
      I sprobuj zainstalowac aktualizacje o ile nie masz pirackiego windowsa ze zlym
      kodem:
      www.windowsupdate.com
      • Gość: megg Re: moge prosic o sprawdzenie? IP: *.tvgawex.pl 23.06.05, 20:01
        ale wlasnie jest problem ze ja nie mam tego C:\WINDOWS\System32\init32m.exe i
        C:\WINDOWS\System32\svhostcs32.exe i C:\winstall.exe. mam pytanie czy to
        win32.exe to to samo co win.exe bo win32.exe tez nie mam. Mam win.exe win32k ,
        win32spl.dll ??
        • Gość: megg Re: moge prosic o sprawdzenie? IP: *.tvgawex.pl 23.06.05, 20:07
          winstall.exe mam :] pomylka
          • Gość: megg Re: moge prosic o sprawdzenie? IP: *.tvgawex.pl 23.06.05, 20:13
            mam svchost.exe a nie svchost32.exe a jak chce to usunac to mi sie pokazuje
            komunikat odmowa dostepu :(
            • Gość: Kolobos Re: moge prosic o sprawdzenie? IP: *.warszawa.sdi.tpnet.pl 23.06.05, 21:51
              GRRRRR! Nie kasuj niczego czego nie napisalem! svchost.exe to plik systemowy,
              usuniesz go to juz nie uruchomisz windowsa!
              Nie poto Ci pisze co masz skasowac zebys sama kasowala pliki, ktorych nie
              podalem.
              Jak jakiegos pliku nie ma to go pomin, wklej nowy log o ile jeszcze Ci system
              dziala, jak nie to mozesz przywrocic svchost z plyty instalacyjnej XP.
              • Gość: megg Re: moge prosic o sprawdzenie? IP: *.tvgawex.pl 24.06.05, 17:19
                spokojnie zlosc pieknosci szkodzi, przeciez nic nie usunelam :/
                • Gość: megg Re: moge prosic o sprawdzenie? IP: *.tvgawex.pl 24.06.05, 17:20
                  a teraz dobrze??..
                  Logfile of HijackThis v1.99.1
                  Scan saved at 17:19:53, on 2005-06-24
                  Platform: Windows XP (WinNT 5.01.2600)
                  MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\SOUNDMAN.EXE
                  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
                  C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
                  C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                  C:\WINDOWS\System32\ctfmon.exe
                  C:\Program Files\Tlen.pl\tlen.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\Program Files\Winamp\winampa.exe
                  C:\Program Files\AVPersonal\AVGNT.EXE
                  C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                  C:\Program Files\AVPersonal\AVGUARD.EXE
                  C:\Program Files\AVPersonal\AVWUPSRV.EXE
                  C:\WINDOWS\System32\nvsvc32.exe
                  C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
                  D:\Programy\Gadu-Gadu\gg.exe
                  C:\Program Files\Winamp\winamp.exe
                  C:\WINDOWS\System32\wuauclt.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Documents and Settings\Madzia\Pulpit\hijackthis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                  www.onet.pl/
                  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                  C:\WINDOWS\System32\msdxm.ocx
                  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
                  \NvCpl.dll,NvStartup
                  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01
                  \bin\jusched.exe
                  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                  O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
                  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
                  Shared\ccApp.exe"
                  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
                  O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                  AntiSpyware\gcasServ.exe"
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                  O4 - HKCU\..\Run: [Windows Update System Shell] svhostcs32.exe
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                  O4 - HKCU\..\Run: [WINTASKS] taskgmr.exe
                  O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
                  O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                  Office\Office\OSA9.EXE
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
                  C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
                  00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
                  O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
                  C:\Program Files\AVPersonal\AVGUARD.EXE
                  O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
                  C:\Program Files\AVPersonal\AVWUPSRV.EXE
                  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
                  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
                  O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
                  C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
                  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
                  C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
                  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
                  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
                  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                  C:\WINDOWS\System32\nvsvc32.exe
                  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
                  Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
                  O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
                  Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

                  • Gość: megg Re: moge prosic o sprawdzenie? IP: *.tvgawex.pl 24.06.05, 17:24
                    ale na tapecie ciagle mam SYSTEM STOPPED...
                    • Gość: Kolobos Re: moge prosic o sprawdzenie? IP: *.warszawa.sdi.tpnet.pl 24.06.05, 19:08
                      Nie jest ok, napisalem Ci co masz usunac, a dalej widze wpisy w hijackthis,
                      ktore mialas usunac, chyba przed napisaniem mozesz sprawdzic dwa razy czy juz
                      wszystko? Tak samo przed wyslaniem postu, zeby nie pisac trzech na raz.
                      Tapete sobie wylacz, zobacz tez tutaj:
                      www.searchengines.pl/phpbb203/index.php?showtopic=31936
                      I nie wklejaj loga jak nie skasowalas wszystkiego bo to sie mija z celem, nie
                      bede Ci pisal tego samego pare razy.
                      • Gość: megg Re: moge prosic o sprawdzenie? IP: *.tvgawex.pl 24.06.05, 19:42
                        to nie wiem niby co bo wszystko co napisales to usunelam!!
                        • Gość: Kolobos Re: moge prosic o sprawdzenie? IP: *.warszawa.sdi.tpnet.pl 24.06.05, 19:45
                          W takim razie co to jest:
                          O4 - HKCU\..\Run: [Windows Update System Shell] svhostcs32.exe
                          ?
Pełna wersja