Gość: p IP: *.pro.lama.net.pl 07.12.05, 21:56 gdy wlaczam komp zatrzymuje mi sie na ekranie"trwa uruchamianie systemu windows' i sie nie uruchamia :( Odpowiedz Link Zgłoś czytaj wygodnie posty
Gość: k Re: co mam robic? IP: *.warszawa.sdi.tpnet.pl 07.12.05, 22:09 a co sie dzieje w trybie awaryjnym? Odpowiedz Link Zgłoś
Gość: p Re: co mam robic? IP: *.pro.lama.net.pl 07.12.05, 22:17 a tego nie sprawdzalam...sprawdze i napisze Odpowiedz Link Zgłoś
Gość: p Re: co mam robic? IP: *.pro.lama.net.pl 07.12.05, 22:32 w trybie awaryjnym sie wlacza,ale antywirus,arcavir,nie chce dzialac...i nie wiem co mam robic w tym trybie awaryjnym...:( Odpowiedz Link Zgłoś
Gość: k Re: co mam robic? IP: *.warszawa.sdi.tpnet.pl 07.12.05, 22:38 Sciagnij i uzyj hijackthis, a log wklej na forum to zobaczymy co tam jest napsute. Sprobuj tez przeskanowac tym: www.free-av.com/ download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po przeskanowaniu odinstaluj. Odpowiedz Link Zgłoś
Gość: p Re: co mam robic? IP: *.pro.lama.net.pl 07.12.05, 23:49 Logfile of HijackThis v1.99.1 Scan saved at 23:48:36, on 2005-12-07 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpcc.exe D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpm.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Mixer.exe D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe D:\Program Files\Winamp\winampa.exe D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpcc.exe D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe D:\Program Files\WebRebates4\webrebates.exe D:\WINDOWS\System32\ctfmon.exe D:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu\gg.exe D:\WINDOWS\System32\aksha.exe D:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe D:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe D:\Program Files\WebRebates4\w11150.exe D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\WINDOWS\explorer.exe D:\Program Files\Internet Explorer\IEXPLORE.EXE D:\WINDOWS\System32\wuauclt.exe D:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\WinRAR\WinRAR.exe D:\DOCUME~1\paulina\USTAWI~1\Temp\Rar$EX00.734\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 195.95.218.172/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 195.95.218.172/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1 \SEARCH~1\SEARCH~2.DLL (file missing) O2 - BHO: Peer2Mail Toolbar Helper - {4FB971C4-99FB-480d-BA3F-55B8263010FB} - D:\Program Files\Peer2Mail Toolbar\v2.0.0.0\Peer2Mail_Toolbar.dll O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - D:\WINDOWS\pxwma.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02- 90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: Peer2Mail Toolbar - {43F2A7F9-06F6-48a5-B0DC-8530BF29CE66} - D:\Program Files\Peer2Mail Toolbar\v2.0.0.0\Peer2Mail_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [Windows Update] D:\WINDOWS\System32\hvidufd.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett- Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [salm] d:\temp\salm.exe O4 - HKLM\..\Run: [AVPCC] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpcc.exe" /wait O4 - HKLM\..\Run: [Media Access] D:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04 \bin\jusched.exe O4 - HKLM\..\Run: [SysMemory manager] d:\windows\system32\mdms.exe O4 - HKLM\..\Run: [PayTime] D:\WINDOWS\System32\paytime.exe O4 - HKLM\..\Run: [xidoj] D:\WINDOWS\xidoj.exe O4 - HKLM\..\Run: [d818fok9] D:\WINDOWS\System32\d818fok9.exe O4 - HKLM\..\Run: [webrebates] "D:\Program Files\WebRebates4\webrebates.exe" O4 - HKLM\..\Run: [Windows Security Service] aksha.exe O4 - HKLM\..\RunServices: [Windows Security Service] aksha.exe O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Shell] "D:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [PayTime] D:\WINDOWS\System32\paytime.exe O4 - HKCU\..\Run: [SNInstall] D:\WINDOWS\tool2.exe O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe O4 - HKCU\..\Run: [Windows Security Service] aksha.exe O4 - HKCU\..\RunServices: [Windows Security Service] aksha.exe O4 - Startup: Skrót do gg.lnk = C:\Program Files\Gadu-Gadu\gg.exe O4 - Global Startup: Media Card Companion Monitor.lnk = D:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar3.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar3.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar3.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar3.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar3.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar3.dll/cmtrans.html O8 - Extra context menu item: Web Rebates. - file://D:\Program Files\WebRebates4 \websrebates\webtrebates\toprC0.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b- 00aa003c157a} - D:\WINDOWS\web\related.htm O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms- its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge- c18.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - www.bph.pl/pi/components/SignActivX.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - bok.plusgsm.pl/rnt/rnl/java/RntX.cab O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\ArcaScan.exe O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpcc.exe" /service (file missing) O23 - Servic Odpowiedz Link Zgłoś
Gość: k Re: co mam robic? IP: *.warszawa.sdi.tpnet.pl 08.12.05, 09:52 no tak piracki system bez aktualizacji i tona syfu do tego uzywasz IE, moje gratulacje... Odinstaluj wszystkie antyvirusy i zostaw tylko jeden! Zmien przegladarke na Opere. Zamknij porty tym: www.firewallleaktester.com/tools/wwdc.exe Zakoncz procesy: D:\Program Files\WebRebates4\webrebates.exe D:\WINDOWS\System32\aksha.exe D:\Program Files\WebRebates4\w11150.exe W hijackthis usun: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 195.95.218.172/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 195.95.218.172/index.php O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - D:\PROGRA~1 \SEARCH~1\SEARCH~2.DLL (file missing) O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - D:\WINDOWS\pxwma.dll <- usun plik O4 - HKLM\..\Run: [Windows Update] D:\WINDOWS\System32\hvidufd.exe <- usun plik O4 - HKLM\..\Run: [salm] d:\temp\salm.exe <- usun katalog temp O4 - HKLM\..\Run: [Media Access] D:\Program Files\Media Access\MediaAccK.exe <- odinstaluj i usun katalog Media Access O4 - HKLM\..\Run: [SysMemory manager] d:\windows\system32\mdms.exe <- opis usuwania tutaj: www.searchengines.pl/phpbb203/index.php? showtopic=12510&pid=188758&mode=threaded&show=&st=30entry188758 O4 - HKLM\..\Run: [PayTime] D:\WINDOWS\System32\paytime.exe <- usun plik O4 - HKLM\..\Run: [xidoj] D:\WINDOWS\xidoj.exe <- usun plik O4 - HKLM\..\Run: [d818fok9] D:\WINDOWS\System32\d818fok9.exe <- usun plik O4 - HKLM\..\Run: [webrebates] "D:\Program Files\WebRebates4\webrebates.exe" <- odinstaluj i usun katalog WebRebates4 O4 - HKLM\..\Run: [Windows Security Service] aksha.exe <- usun plik O4 - HKLM\..\RunServices: [Windows Security Service] aksha.exe O4 - HKCU\..\Run: [Shell] "D:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" <- usun plik O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe <- usun plik O4 - HKCU\..\Run: [PayTime] D:\WINDOWS\System32\paytime.exe O4 - HKCU\..\Run: [SNInstall] D:\WINDOWS\tool2.exe <- usun plik O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe <- odinstaluj i usun katalog SpySheriff O4 - HKCU\..\Run: [Windows Security Service] aksha.exe O4 - HKCU\..\RunServices: [Windows Security Service] aksha.exe O8 - Extra context menu item: Web Rebates. - file://D:\Program Files\WebRebates4 \websrebates\webtrebates\toprC0.htm O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms- its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge- c18.cab O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab Naprawa tapety: www.searchengines.pl/phpbb203/index.php?showtopic=31936 I skan ewido: download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po przeskanowaniu odinstaluj. Po wszystkim wklej nowy log. Odpowiedz Link Zgłoś