popupy

Gość: abcd Re: popupy IP: *.neoplus.adsl.tpnet.pl 09.02.06, 15:10

Logfile of HijackThis v1.99.1
Scan saved at 15:10:00, on 2006-02-09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\helper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\dc\Pulpit\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137233768810
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137233682497
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\q2860clsefq60.dll
O20 - Winlogon Notify: msctl32.dll - msctl32.dll (file missing)
O21 - SSODL: LmHosts - {66DB3DCE-7267-D265-C351-FAA732783C1B} -
C:\WINDOWS\help\agt0406.hlp
O21 - SSODL: fldrsys - {9360FDDA-5451-4F79-B3EF-48E046622062} - fldrsys.dll
(file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Drzewko
Od najstarszego
Od najnowszego

kolobos Re: popupy 08.02.06, 22:07

Pewnie masz look2me jak wiekszosc.
Wklej na poczatek log z hijackthis.
- Gość: abcd Re: popupy IP: *.neoplus.adsl.tpnet.pl 09.02.06, 15:10
  
  Logfile of HijackThis v1.99.1
  Scan saved at 15:10:00, on 2006-02-09
  Platform: Windows XP (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 (6.00.2600.0000)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\SOUNDMAN.EXE
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Norton AntiVirus\navapsvc.exe
  C:\Program Files\Norton AntiVirus\SAVScan.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\helper.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
  C:\Documents and Settings\dc\Pulpit\HijackThis.exe
  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
  C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
  C:\Program Files\Norton AntiVirus\NavShExt.dll
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
  O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
  Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
  update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137233768810
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
  update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137233682497
  O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\q2860clsefq60.dll
  O20 - Winlogon Notify: msctl32.dll - msctl32.dll (file missing)
  O21 - SSODL: LmHosts - {66DB3DCE-7267-D265-C351-FAA732783C1B} -
  C:\WINDOWS\help\agt0406.hlp
  O21 - SSODL: fldrsys - {9360FDDA-5451-4F79-B3EF-48E046622062} - fldrsys.dll
  (file missing)
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
  C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) -
  Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
  O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
  AntiVirus\SAVScan.exe
  O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
  C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
  - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  - kolobos Re: popupy 09.02.06, 15:35
    
    Masz nie tylko look2me...
    
    W menadzerze zadan zakoncz:
    C:\WINDOWS\helper.exe <- opis usuwania tutaj:
    www.searchengines.pl/phpbb203/index.php?showtopic=31936
    (searchmaid.com / instantsearch.cc)
    Jakby czegos u Ciebie nie bylo to pomin i rob dalej tak jak w opisie.
    
    W hijackthis usun:
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe <- usun plik z dysku
    O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\q2860clsefq60.dll <-
    tutauj masz look2me, usuwanie tym:
    www.simplytech.it/L2MRemover/index_e.htm
    securityresponse.symantec.com/avcenter/FxSpL2Me.exe
    www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/Killme.shtml
    Jezeli to nie pomoze to usun recznie:
    www.searchengines.pl/phpbb203/index.php?
    showtopic=12510&st=30&p=109496&#entry114917
    
    O20 - Winlogon Notify: msctl32.dll - msctl32.dll (file missing) <- opis
    usuwania tego masz tutaj: i386p + msctl32.dll
    www.searchengines.pl/phpbb203/index.php?showtopic=6745&st=15&p=255300&#entry255300
    
    O21 - SSODL: LmHosts - {66DB3DCE-7267-D265-C351-FAA732783C1B} -
    C:\WINDOWS\help\agt0406.hlp <- usun plik
    O21 - SSODL: fldrsys - {9360FDDA-5451-4F79-B3EF-48E046622062} - fldrsys.dll
    (file missing)
    
    Po wszystkim skan:
    ftp://download.hirekmedia.hu/ssfsetup1_0.exe <- zrob update przed skanowaniem,
    po przeskanowaniu odinstaluj.
    download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
    przeskanowaniu odinstaluj.
    Zamknij porty w wwdc:
    www.firewallleaktester.com/tools/wwdc.exe
    I wlej nowy log.

Najnowsze z forum Wirusy, trojany, spyware

Zaloguj się