Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    prośba o sprawdzenie loga

    12.07.05, 16:56
    Logfile of HijackThis v1.99.1
    Scan saved at 16:50:54, on 2005-07-12
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Win9x.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\WINDOWS\System32\dblmxpy32.exe
    C:\WINDOWS\System32\MSNSRV32.exe
    C:\WINDOWS\System32\Sygate32.exe
    C:\WINDOWS\System32\MSNGRx.exe
    C:\WINDOWS\System32\Sycmd.exe
    C:\WINDOWS\System32\rtsal.exe
    C:\WINDOWS\System32\cccApp.exe
    C:\WINDOWS\System32\MSNsgr32i.exe
    C:\WINDOWS\System32\winmsm.exe
    C:\WINDOWS\System32\MSN32x.EXE
    C:\WINDOWS\System32\MSN32z.EXE
    C:\WINDOWS\SYSCFG16.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Winamp\winamp.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
    C:\Documents and Settings\korbut\Pulpit\hijackthits\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.pajacyk.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
    Files\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program
    Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} -
    Obserwuj wątek
      • Gość: Kolobos Re: prośba o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 12.07.05, 17:15
        eh.

        download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
        skan i usuwanie wszystkieg.

        www.firewallleaktester.com/tools/wwdc.exe
        zamknij porty.

        I na koniec wklej CALY log, a nie tylko kwalek...
      • lakoniaa Re: prośba o sprawdzenie loga 12.07.05, 17:39
        sorki, poniżej wklejam całość...
        p.s. Az tak źle,że wzdychasz...?

        **********

        Logfile of HijackThis v1.99.1
        Scan saved at 16:50:54, on 2005-07-12
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
        C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\Win9x.exe
        C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
        C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
        C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
        C:\WINDOWS\System32\dblmxpy32.exe
        C:\WINDOWS\System32\MSNSRV32.exe
        C:\WINDOWS\System32\Sygate32.exe
        C:\WINDOWS\System32\MSNGRx.exe
        C:\WINDOWS\System32\Sycmd.exe
        C:\WINDOWS\System32\rtsal.exe
        C:\WINDOWS\System32\cccApp.exe
        C:\WINDOWS\System32\MSNsgr32i.exe
        C:\WINDOWS\System32\winmsm.exe
        C:\WINDOWS\System32\MSN32x.EXE
        C:\WINDOWS\System32\MSN32z.EXE
        C:\WINDOWS\SYSCFG16.EXE
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Winamp\winamp.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
        C:\Documents and Settings\korbut\Pulpit\hijackthits\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.pajacyk.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
        Files\MyWay\myBar\1.bin\MYBAR.DLL
        O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program
        Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
        c:\program files\google\googletoolbar2.dll
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
        Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
        O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} -
        C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
        O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
        C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
        O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
        C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
        O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
        C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
        files\google\googletoolbar2.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
        atboottime
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04
        \bin\jusched.exe
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
        Shared\ccApp.exe"
        O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
        Security\UrlLstCk.exe
        O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
        O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
        Files\HP\hpcoretech\hpcmpmgr.exe"
        O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP
        Software Update\HPWuSchd2.exe"
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
        \spool\drivers\w32x86\3\hpztsb10.exe
        O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
        Shared\Security Center\UsrPrmpt.exe
        O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\niuewvi.exe
        O4 - HKLM\..\Run: [Network Host Service] dblmxpy32.exe
        O4 - HKLM\..\Run: [Sygate Personal Firewall] MSNSRV32.exe
        O4 - HKLM\..\Run: [Cydoor] CD_Load.exe
        O4 - HKLM\..\Run: [Sygate32 Firewall] Sygate32.exe
        O4 - HKLM\..\Run: [Media X Services] MSNGRx.exe
        O4 - HKLM\..\Run: [Sycmd Personal Firewall] Sycmd.exe
        O4 - HKLM\..\Run: [plug compres] rtsal.exe
        O4 - HKLM\..\Run: [Common File] cccApp.exe
        O4 - HKLM\..\Run: [MSNsgr Service] MSNsgr32i.exe
        O4 - HKLM\..\Run: [Microsoft Security Management] winmsm.exe
        O4 - HKLM\..\Run: [MSN32 X Service] MSN32x.EXE
        O4 - HKLM\..\Run: [MSN32 Z Services] MSN32z.EXE
        O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE
        O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE
        O4 - HKLM\..\Run: [Windows Network Controller] Win9x.exe
        O4 - HKLM\..\Run: [Media service] notpad.exe
        O4 - HKLM\..\RunServices: [Network Host Service] dblmxpy32.exe
        O4 - HKLM\..\RunServices: [Sygate Personal Firewall] MSNSRV32.exe
        O4 - HKLM\..\RunServices: [Sygate32 Firewall] Sygate32.exe
        O4 - HKLM\..\RunServices: [Media X Services] MSNGRx.exe
        O4 - HKLM\..\RunServices: [Sycmd Personal Firewall] Sycmd.exe
        O4 - HKLM\..\RunServices: [plug compres] rtsal.exe
        O4 - HKLM\..\RunServices: [Common File] cccApp.exe
        O4 - HKLM\..\RunServices: [MSNsgr Service] MSNsgr32i.exe
        O4 - HKLM\..\RunServices: [Microsoft Security Management] winmsm.exe
        O4 - HKLM\..\RunServices: [MSN32 X Service] MSN32x.EXE
        O4 - HKLM\..\RunServices: [MSN32 Z Services] MSN32z.EXE
        O4 - HKLM\..\RunServices: [Windows Network Controller] Win9x.exe
        O4 - HKLM\..\RunServices: [Media service] notpad.exe
        O4 - HKLM\..\RunOnce: [Windows Network Controller] Win9x.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
        O4 - HKCU\..\Run: [Sygate Personal Firewall] MSNSRV32.exe
        O4 - HKCU\..\Run: [Sygate32 Firewall] Sygate32.exe
        O4 - HKCU\..\Run: [Sycmd Personal Firewall] Sycmd.exe
        O4 - HKCU\..\Run: [Skype] "C:\Program
        Files\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKCU\..\Run: [Windows Network Controller] Win9x.exe
        O4 - HKCU\..\RunOnce: [Windows Network Controller] Win9x.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O8 - Extra context menu item: &Google Search - res://c:\program
        files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program
        files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
        files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: Similar Pages - res://c:\program
        files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program
        files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
        O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
        www.bph.pl/pi/components/SignActivX.cab
        O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-
        4CBF72FAED87} - C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
        O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} -
        • Gość: Kolobos Re: prośba o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 12.07.05, 17:51
          Mialas przeskanowac tym co podalem i dopiero wkleic, wolisz zebym mial wiecej
          sprawdzania?
          Nie masz aktualizacji do systemu dlatego wzdycham.
          Brak aktualizacji = syf co doskonale u Ciebie widac, nie wiem jak mozesz sie
          logowac z takiego zarobaczonego komputera do konta w banku...


          Do kasacji w hijackthis:

          O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
          Files\MyWay\myBar\1.bin\MYBAR.DLL
          O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} -
          C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
          O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
          C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
          O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\niuewvi.exe
          O4 - HKLM\..\Run: [Network Host Service] dblmxpy32.exe
          O4 - HKLM\..\Run: [Sygate Personal Firewall] MSNSRV32.exe
          O4 - HKLM\..\Run: [Cydoor] CD_Load.exe
          O4 - HKLM\..\Run: [Sygate32 Firewall] Sygate32.exe
          O4 - HKLM\..\Run: [Media X Services] MSNGRx.exe
          O4 - HKLM\..\Run: [Sycmd Personal Firewall] Sycmd.exe
          O4 - HKLM\..\Run: [plug compres] rtsal.exe
          O4 - HKLM\..\Run: [Common File] cccApp.exe
          O4 - HKLM\..\Run: [MSNsgr Service] MSNsgr32i.exe
          O4 - HKLM\..\Run: [Microsoft Security Management] winmsm.exe
          O4 - HKLM\..\Run: [MSN32 X Service] MSN32x.EXE
          O4 - HKLM\..\Run: [MSN32 Z Services] MSN32z.EXE
          O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE
          O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE
          O4 - HKLM\..\Run: [Windows Network Controller] Win9x.exe
          O4 - HKLM\..\Run: [Media service] notpad.exe
          O4 - HKLM\..\RunServices: [Network Host Service] dblmxpy32.exe
          O4 - HKLM\..\RunServices: [Sygate Personal Firewall] MSNSRV32.exe
          O4 - HKLM\..\RunServices: [Sygate32 Firewall] Sygate32.exe
          O4 - HKLM\..\RunServices: [Media X Services] MSNGRx.exe
          O4 - HKLM\..\RunServices: [Sycmd Personal Firewall] Sycmd.exe
          O4 - HKLM\..\RunServices: [plug compres] rtsal.exe
          O4 - HKLM\..\RunServices: [Common File] cccApp.exe
          O4 - HKLM\..\RunServices: [MSNsgr Service] MSNsgr32i.exe
          O4 - HKLM\..\RunServices: [Microsoft Security Management] winmsm.exe
          O4 - HKLM\..\RunServices: [MSN32 X Service] MSN32x.EXE
          O4 - HKLM\..\RunServices: [MSN32 Z Services] MSN32z.EXE
          O4 - HKLM\..\RunServices: [Windows Network Controller] Win9x.exe
          O4 - HKLM\..\RunServices: [Media service] notpad.exe
          O4 - HKLM\..\RunOnce: [Windows Network Controller] Win9x.exe
          O4 - HKCU\..\Run: [Sygate Personal Firewall] MSNSRV32.exe
          O4 - HKCU\..\Run: [Sygate32 Firewall] Sygate32.exe
          O4 - HKCU\..\Run: [Sycmd Personal Firewall] Sycmd.exe
          O4 - HKCU\..\Run: [Windows Network Controller] Win9x.exe
          O4 - HKCU\..\RunOnce: [Windows Network Controller] Win9x.exe
          O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-
          4CBF72FAED87} - C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
          O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} -

          Te wszystkie pliki exe zamykasz w menadzerze zadan i usuwasz z dysku powinny
          byc w C:\Windows\system32\ (pliki ukryte wiec wlacz pokazywanie)

          Jak juz to wszystko zrobisz to wklej nowy log, caly...
          • lakoniaa Re: prośba o sprawdzenie loga 13.07.05, 11:57
            to jest nowy log...
            Logfile of HijackThis v1.99.1
            Scan saved at 11:54:05, on 2005-07-13
            Platform: Windows XP (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 (6.00.2600.0000)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
            C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
            C:\WINDOWS\System32\Win9x.exe
            C:\Program Files\QuickTime\qttask.exe
            C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
            C:\Program Files\Common Files\Symantec Shared\ccApp.exe
            C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
            C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
            C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
            C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
            C:\WINDOWS\System32\wuauclt.exe
            C:\Program Files\Winamp\winamp.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Documents and Settings\korbut\Pulpit\hijackthits\HijackThis.exe
            C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC10.exe
            C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW10.exe
            C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW10.exe
            C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTW10.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.pajacyk.pl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program
            Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
            c:\program files\google\googletoolbar2.dll
            O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
            Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
            O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
            C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
            O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
            C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
            files\google\googletoolbar2.dll
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
            atboottime
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04
            \bin\jusched.exe
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
            Shared\ccApp.exe"
            O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
            Security\UrlLstCk.exe
            O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
            O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
            Files\HP\hpcoretech\hpcmpmgr.exe"
            O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP
            Software Update\HPWuSchd2.exe"
            O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
            \spool\drivers\w32x86\3\hpztsb10.exe
            O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
            Shared\Security Center\UsrPrmpt.exe
            O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
            AntiSpyware\gcasServ.exe"
            O4 - HKLM\..\Run: [Sygate Personal Firewall] MSNSRV32.exe
            O4 - HKLM\..\Run: [Sygate32 Firewall] Sygate32.exe
            O4 - HKLM\..\Run: [Sycmd Personal Firewall] Sycmd.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
            O4 - HKCU\..\Run: [Skype] "C:\Program
            Files\Skype\Phone\Skype.exe" /nosplash /minimized
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office\OSA9.EXE
            O8 - Extra context menu item: &Google Search - res://c:\program
            files\google\GoogleToolbar2.dll/cmsearch.html
            O8 - Extra context menu item: Backward Links - res://c:\program
            files\google\GoogleToolbar2.dll/cmbacklinks.html
            O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
            files\google\GoogleToolbar2.dll/cmcache.html
            O8 - Extra context menu item: Similar Pages - res://c:\program
            files\google\GoogleToolbar2.dll/cmsimilar.html
            O8 - Extra context menu item: Translate into English - res://c:\program
            files\google\GoogleToolbar2.dll/cmtrans.html
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
            00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
            O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
            www.bph.pl/pi/components/SignActivX.cab
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
            C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
            C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
            O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
            C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
            C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
            O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) -
            Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
            AntiVirus\navapsvc.exe
            O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
            Internet Security\Norton AntiVirus\SAVScan.exe
            O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
            C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
            O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
            Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
            O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
            Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

            **********

            p.s. pliki z rozszerzeniem exe wylączyłam w menadżerze zadań, ale nie mogłam
            ich znaleźć w katalogu, który podałeś.
            Aktualizację zrobiłam wczoraj w nocy - nie wiedziałam, ze to wogóle jest
            potrzebne...(nie jestem specem od kompów...)

            zaraz zrobię skana antyspawerem. Tez mam potem wkleić raport?

            pozdrawiam i dzięki za pomoc
            • Gość: Kolobos Re: prośba o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 13.07.05, 12:29
              Pliki napewno sa tam gdzie podalem albo w C:\Windows wiec uruchom sobie Start-
              >Uruchom->cmd i wpisuj:
              del C:\Windows\system32\nazwapliku.exe
              itd, zreszta napisalem, ze sa ukryte.
              Aktualizacji dalej nie masz bo masz piracki windows i nie mozesz zainstalowac,
              a skanowac antyspywarem mialas zanim wkleisz nowego loga i żadnego raportu nie
              wklejaj...

              Do usuniecia tak jak wczesniej:

              O4 - HKLM\..\Run: [Sygate Personal Firewall] MSNSRV32.exe
              O4 - HKLM\..\Run: [Sygate32 Firewall] Sygate32.exe
              O4 - HKLM\..\Run: [Sycmd Personal Firewall] Sycmd.exe

              I masz usunac te wszystkie pliki, ktore sam tam gdzie podalem wiec nie pisz, ze
              nie ma!

              + jeszcze ten:
              C:\WINDOWS\System32\Win9x.exe

              I po co ja to wszystko pisze? Napisalem, zebys przeskanowala, nie zrobilas
              tego, napisalem zebys usunela nie zrobilas tego, nawet nie usunelas wszystkiego
              co podalem w hijackthis, jaki sens ma dalasza pomoc?
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.