Co to jest- http:/e.rn11.com/a/a122-mftmppu ???

18.03.06, 23:14
Czesto "otwiera" mi sie ta strona,tylko,ze...tam nic nie ma.Ten adres nie
istnieje i nie wie czemu mi to wyskakuje.
Czy to jest jakies cholerstwo???
Plizzzz,pomozcie!
    • Gość: k Re: Co to jest- http:/e.rn11.com/a/a122-mftmppu ? IP: *.warszawa.sdi.tpnet.pl 18.03.06, 23:27
      Wklej log.
      • netty2 Re: Co to jest- http:/e.rn11.com/a/a122-mftmppu ? 18.03.06, 23:45
        hmmm....jak by ci to powiedziec...ja sie na kompie znam tyle,co przecietny 5
        latek na budowie bomby atomowej.:(
        Ale bede chetnie wspolpracowac...co mam robic.
        • Gość: k Re: Co to jest- http:/e.rn11.com/a/a122-mftmppu ? IP: *.warszawa.sdi.tpnet.pl 18.03.06, 23:54
          W przyklejonym poscie masz napisane jak wkleic log, a wiec to, ze sie nie znasz
          na komputerze nie ma tutaj nic do rzeczy.
          • Gość: netty2 Re: Co to jest- http:/e.rn11.com/a/a122-mftmppu ? IP: *.131.102-84.rev.gaoland.net 18.03.06, 23:58
            Ok,I did it ...a przynajmniej mi sie tak wydaje
            Pc mam po angielsku,ale...wam specom to nic nie przeszkadza :)
            Alors,le voila :

            Logfile of HijackThis v1.99.1
            Scan saved at 12:01:32 AM, on 3/19/2006
            Platform: Windows 2000 SP4 (WinNT 5.00.2195)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

            Running processes:
            C:\WINNT\System32\smss.exe
            C:\WINNT\system32\winlogon.exe
            C:\WINNT\system32\services.exe
            C:\WINNT\system32\lsass.exe
            C:\WINNT\system32\svchost.exe
            C:\WINNT\System32\svchost.exe
            C:\WINNT\system32\spoolsv.exe
            C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
            C:\Program Files\Eset\nod32krn.exe
            C:\WINNT\System32\nvsvc32.exe
            C:\WINNT\system32\oodag.exe
            C:\WINNT\system32\regsvc.exe
            C:\WINNT\system32\MSTask.exe
            C:\WINNT\system32\slserv.exe
            C:\WINNT\System32\WBEM\WinMgmt.exe
            C:\Program Files\Common Files\WinTools\WToolsS.exe
            C:\WINNT\System32\mspmspsv.exe
            C:\WINNT\system32\svchost.exe
            C:\WINNT\System32\msdtc.exe
            C:\WINNT\system32\svchost.exe
            C:\WINNT\Explorer.EXE
            C:\Program Files\QKeys\QKeys.EXE
            C:\Program Files\QuickTime\qttask.exe
            C:\Program Files\webHancer\Programs\whSurvey.exe
            C:\Program Files\Logitech\MouseWare\system\em_exec.exe
            C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
            C:\Program Files\Eset\nod32kui.exe
            C:\WINNT\system32\AVWLPSTA.EXE
            C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
            C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
            C:\Program Files\Skype\Phone\Skype.exe
            C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
            C:\Program Files\Nokia\PC Suite pour Nokia 7650\connmngmntbox.exe
            C:\Program Files\Nokia\PC Suite pour Nokia 7650\ectaskscheduler.exe
            C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
            C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
            C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
            C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
            C:\Program Files\MSN Messenger\msnmsgr.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Documents and Settings\abdel\Desktop\Hijack This\hijackthis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            fr.news.yahoo.com/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
            fr.yahoo.com
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
            fr.yahoo.com
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
            Settings,ProxyOverride = ;localhost;<local>
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
            O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
            O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1
            \COMMON~1\WinTools\WToolsB.dll
            O2 - BHO: IEFriendly Class - {A5483501-070C-41DD-AF44-9BD8864B3015} -
            C:\Program Files\Httper\httper.dll
            O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} -
            C:\Program Files\webHancer\programs\whiehlpr.dll
            O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-
            00A0C9082467} - C:\WINNT\System32\msdxm.ocx
            O3 - Toolbar: Zipclix - {319A68DB-06D0-46DA-9F93-A810D5A70836} - C:\Program
            Files\Zipclix\zipclix.dll
            O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [QKeys] C:\Program Files\QKeys\QKeys.EXE
            O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
            atboottime
            O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program
            Files\webHancer\Programs\whSurvey.exe"
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04
            \bin\jusched.exe
            O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
            O4 - HKLM\..\Run: [AVWLPSTA.EXE] AVWLPSTA.EXE
            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
            Messenger\MsnMsgr.Exe" /background
            O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!
            \Messenger\ypager.exe" -quiet
            O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
            O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006
            \MemOptimizer.exe" autostart
            O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
            88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            O4 - HKCU\..\Run: [Skype] "C:\Program
            Files\Skype\Phone\Skype.exe" /nosplash /minimized
            O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
            O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
            Files\Adobe\Calibration\Adobe Gamma Loader.exe
            O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA
            Master 4.2\CM_camera.exe
            O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
            Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office10\OSA.EXE
            O4 - Global Startup: PCSuiteForNokia7650 Detect.lnk = C:\Program Files\Nokia\PC
            Suite pour Nokia 7650\connmngmntbox.exe
            O4 - Global Startup: PCSuiteForNokia7650 TS.lnk = C:\Program Files\Nokia\PC
            Suite pour Nokia 7650\ectaskscheduler.exe
            O8 - Extra context menu item: &Search -
            kl.bar.need2find.com/KL/menusearch.html?p=KL
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
            \MICROS~2\Office10\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
            00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
            C:\WINNT\web\related.htm
            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
            00aa003c157a} - C:\WINNT\web\related.htm
            O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
            O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
            ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
            O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
            C:\Program Files\Yahoo!\Common\yinsthelper.dll
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
            update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125394507046
            O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software
            GmbH)) - www.o2c.de/download/o2cplayer.cab
            O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
            download.spyspotter.com/spyspotter/spsp29953.01noopt/spyspottercabinstall.cab
            O17 - HKLM\System\CCS\Services\Tcpip\..\{F0CD825C-FE26-4715-85E7-DC80530A944C}:
            NameServer = 172.19.0.254,193.49.144.1
            O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = uang,univ-
            angers.fr
            O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = uang,univ-
            angers.fr
            O1
            • Gość: k Re: Co to jest- http:/e.rn11.com/a/a122-mftmppu ? IP: *.warszawa.sdi.tpnet.pl 19.03.06, 00:40
              Doklej brakujaca czesc log'a, ze wzgledu na limit postow nie zmiescil sie caly.
            • barracuda7110 Re: Co to jest- http:/e.rn11.com/a/a122-mftmppu ? 19.03.06, 00:42
              Zakończ proces w menadzerze zadań*, skasuj plik z dysku i wywal wpis w hijackthis
              > C:\Program Files\webHancer\Programs\whSurvey.exe
              > O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program
              > Files\webHancer\Programs\whSurvey.exe"

              > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
              > C:\WINNT\web\related.htm
              > O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
              > 00aa003c157a} - C:\WINNT\web\related.htm

              * najpierw zobacz czy nie da się tego odinstalować w dodaj/usuń programy

              W przyklejonym wątku masz linki do stron z alternatywnymi przeglądarkami.
              Ściągnij, zainstaluj i wybierz tą, która Ci się bardziej spodoba :). Internet
              explorer to badziew.
              • Gość: netty2 Re: Co to jest- http:/e.rn11.com/a/a122-mftmppu ? IP: *.131.102-84.rev.gaoland.net 19.03.06, 10:54
                Ja wam ufam spece komputerowi,ale...czy ja mam na 100 % to usuwac i czy to mi
                do czegos sluzylo?
                Dzieki za odp,pa
            • Gość: netty2 Re: Co to jest- http:/e.rn11.com/a/a122-mftmppu ? IP: *.131.102-84.rev.gaoland.net 19.03.06, 10:49
              O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
              O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
              O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1
              \SYSTEM~1\autocomp.exe (file missing)
              O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS
              Software Corp. - C:\WINNT\System32\dmadmin.exe
              O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON
              CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
              O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program
              Files\Eset\nod32krn.exe
              O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
              C:\WINNT\System32\nvsvc32.exe
              O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
              O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
              O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner -
              C:\Program Files\Common Files\WinTools\WToolsS.exe

              • Gość: k Re: Co to jest- http:/e.rn11.com/a/a122-mftmppu ? IP: *.warszawa.sdi.tpnet.pl 19.03.06, 12:07
                Do usuniecia jeszcze:
                O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
                O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll <- plik usun.
                Uslugi do kasacji:
                O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1
                \SYSTEM~1\autocomp.exe (file missing)
                O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner -
                C:\Program Files\Common Files\WinTools\WToolsS.exe <- katalog wintools usuwasz.

                Start->Uruchom->sc stop Autocomplete
                sc delete Autocomplete
                sc stop WinToolsSvc
                sc delete WinToolsSvc

                Jak juz to wszystko zrobisz + skan tym co w przyklejonym poscie to wklej nowy
                log zobaczymy co zostalo.
                • netty2 Re: Co to jest- http:/e.rn11.com/a/a122-mftmppu ? 19.03.06, 12:33
                  >
                  > Start->Uruchom->sc stop Autocomplete
                  > sc delete Autocomplete
                  > sc stop WinToolsSvc
                  > sc delete WinToolsSvc


                  Tzn...?
                • netty2 Re: Co to jest- http:/e.rn11.com/a/a122-mftmppu ? 19.03.06, 12:34
                  Logfile of HijackThis v1.99.1
                  Scan saved at 12:39:51 PM, on 3/19/2006
                  Platform: Windows 2000 SP4 (WinNT 5.00.2195)
                  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                  Running processes:
                  C:\WINNT\System32\smss.exe
                  C:\WINNT\system32\winlogon.exe
                  C:\WINNT\system32\services.exe
                  C:\WINNT\system32\lsass.exe
                  C:\WINNT\system32\svchost.exe
                  C:\WINNT\System32\svchost.exe
                  C:\WINNT\system32\spoolsv.exe
                  C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
                  C:\Program Files\Eset\nod32krn.exe
                  C:\WINNT\System32\nvsvc32.exe
                  C:\WINNT\system32\oodag.exe
                  C:\WINNT\system32\regsvc.exe
                  C:\WINNT\system32\MSTask.exe
                  C:\WINNT\system32\slserv.exe
                  C:\WINNT\System32\WBEM\WinMgmt.exe
                  C:\Program Files\Common Files\WinTools\WToolsS.exe
                  C:\WINNT\System32\mspmspsv.exe
                  C:\WINNT\system32\svchost.exe
                  C:\WINNT\System32\msdtc.exe
                  C:\WINNT\system32\svchost.exe
                  C:\WINNT\Explorer.EXE
                  C:\Program Files\QKeys\QKeys.EXE
                  C:\Program Files\QuickTime\qttask.exe
                  C:\Program Files\Logitech\MouseWare\system\em_exec.exe
                  C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
                  C:\Program Files\Eset\nod32kui.exe
                  C:\WINNT\system32\AVWLPSTA.EXE
                  C:\Program Files\MSN Messenger\MsnMsgr.Exe
                  C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
                  C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
                  C:\Program Files\Gadu-Gadu\gg.exe
                  C:\Program Files\Skype\Phone\Skype.exe
                  C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
                  C:\Program Files\Nokia\PC Suite pour Nokia 7650\connmngmntbox.exe
                  C:\Program Files\Nokia\PC Suite pour Nokia 7650\ectaskscheduler.exe
                  C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
                  C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
                  C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
                  C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Documents and Settings\abdel\Desktop\Hijack This\hijackthis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                  fr.news.yahoo.com/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                  fr.yahoo.com
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                  fr.yahoo.com
                  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
                  Settings,ProxyOverride = ;localhost;<local>
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                  C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                  O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
                  O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1
                  \COMMON~1\WinTools\WToolsB.dll
                  O2 - BHO: IEFriendly Class - {A5483501-070C-41DD-AF44-9BD8864B3015} -
                  C:\Program Files\Httper\httper.dll
                  O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} -
                  C:\Program Files\webHancer\programs\whiehlpr.dll
                  O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-
                  00A0C9082467} - C:\WINNT\System32\msdxm.ocx
                  O3 - Toolbar: Zipclix - {319A68DB-06D0-46DA-9F93-A810D5A70836} - C:\Program
                  Files\Zipclix\zipclix.dll
                  O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
                  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
                  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                  O4 - HKLM\..\Run: [QKeys] C:\Program Files\QKeys\QKeys.EXE
                  O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
                  atboottime
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04
                  \bin\jusched.exe
                  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [AVWLPSTA.EXE] AVWLPSTA.EXE
                  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
                  Messenger\MsnMsgr.Exe" /background
                  O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!
                  \Messenger\ypager.exe" -quiet
                  O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
                  O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006
                  \MemOptimizer.exe" autostart
                  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
                  88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
                  O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                  O4 - HKCU\..\Run: [Skype] "C:\Program
                  Files\Skype\Phone\Skype.exe" /nosplash /minimized
                  O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
                  O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
                  Files\Adobe\Calibration\Adobe Gamma Loader.exe
                  O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA
                  Master 4.2\CM_camera.exe
                  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
                  Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
                  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                  Office\Office10\OSA.EXE
                  O4 - Global Startup: PCSuiteForNokia7650 Detect.lnk = C:\Program Files\Nokia\PC
                  Suite pour Nokia 7650\connmngmntbox.exe
                  O4 - Global Startup: PCSuiteForNokia7650 TS.lnk = C:\Program Files\Nokia\PC
                  Suite pour Nokia 7650\ectaskscheduler.exe
                  O8 - Extra context menu item: &Search -
                  kl.bar.need2find.com/KL/menusearch.html?p=KL
                  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
                  \MICROS~2\Office10\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
                  C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
                  00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
                  O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
                  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                  O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
                  ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
                  O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
                  C:\Program Files\Yahoo!\Common\yinsthelper.dll
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
                  update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125394507046
                  O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software
                  GmbH)) - www.o2c.de/download/o2cplayer.cab
                  O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
                  download.spyspotter.com/spyspotter/spsp29953.01noopt/spyspottercabinstall.cab
                  O17 - HKLM\System\CCS\Services\Tcpip\..\{F0CD825C-FE26-4715-85E7-DC80530A944C}:
                  NameServer = 172.19.0.254,193.49.144.1
                  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = uang,univ-
                  angers.fr
                  O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = uang,univ-
                  angers.fr
                  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = uang,univ-
                  angers.fr
                  O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1
                  \SYSTEM~1\autocomp.exe (file missing)
                  O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS
                  Software Corp. - C:\WINNT\System32\dmadmin.exe
                  O23 - Service: EPSON Printer Status
                  • Gość: k Re: Co to jest- http:/e.rn11.com/a/a122-mftmppu ? IP: *.warszawa.sdi.tpnet.pl 19.03.06, 13:05
                    tzn dokladnie to co napisalem, wpisujesz w uruchom sc stop costam, nastepnie sc
                    delete itd.

                    Odinstaluj:
                    Logitech Desktop Messenger

                    W hijackthis usun:
                    O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
                    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1
                    \COMMON~1\WinTools\WToolsB.dll
                    O2 - BHO: IEFriendly Class - {A5483501-070C-41DD-AF44-9BD8864B3015} -
                    C:\Program Files\Httper\httper.dll <- usun katalog httper
                    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} -
                    C:\Program Files\webHancer\programs\whiehlpr.dll <- usun katalog webHancer
                    O3 - Toolbar: Zipclix - {319A68DB-06D0-46DA-9F93-A810D5A70836} - C:\Program
                    Files\Zipclix\zipclix.dll <- usun katalog Zipclix
                    O8 - Extra context menu item: &Search -
                    kl.bar.need2find.com/KL/menusearch.html?p=KL
                    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
                    \MICROS~2\Office10\EXCEL.EXE/3000
                    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
                    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
                    ak.imgfarm.com/images/nocache/funwebproducts/ei-
                    2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
                    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
                    C:\Program Files\Yahoo!\Common\yinsthelper.dll
                    O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software
                    GmbH)) - www.o2c.de/download/o2cplayer.cab
                    O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
                    download.spyspotter.com/spyspotter/spsp29953.01noopt/spyspottercabinstall.cab
                    Jak juz pisalem wczesniej, usluga do kasacji tak jak napisalem i ta druga ktora
                    wymienilem tez:
                    O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1
                    \SYSTEM~1\autocomp.exe (file missing)

                    Jak juz to zrobisz to wklej nowy log.
                    • Gość: netty Re: Co to jest- http:/e.rn11.com/a/a122-mftmppu ? IP: *.131.102-84.rev.gaoland.net 19.03.06, 14:39
                      Chlopaki ja was podziwiam !!!!!!!!!!


                      Logfile of HijackThis v1.99.1
                      Scan saved at 2:44:03 PM, on 3/19/2006
                      Platform: Windows 2000 SP4 (WinNT 5.00.2195)
                      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                      Running processes:
                      C:\WINNT\System32\smss.exe
                      C:\WINNT\system32\winlogon.exe
                      C:\WINNT\system32\services.exe
                      C:\WINNT\system32\lsass.exe
                      C:\WINNT\system32\svchost.exe
                      C:\WINNT\System32\svchost.exe
                      C:\WINNT\system32\spoolsv.exe
                      C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
                      C:\Program Files\Eset\nod32krn.exe
                      C:\WINNT\System32\nvsvc32.exe
                      C:\WINNT\system32\oodag.exe
                      C:\WINNT\system32\regsvc.exe
                      C:\WINNT\system32\MSTask.exe
                      C:\WINNT\system32\slserv.exe
                      C:\WINNT\System32\WBEM\WinMgmt.exe
                      C:\Program Files\Common Files\WinTools\WToolsS.exe
                      C:\WINNT\System32\mspmspsv.exe
                      C:\WINNT\system32\svchost.exe
                      C:\WINNT\System32\msdtc.exe
                      C:\WINNT\system32\svchost.exe
                      C:\WINNT\Explorer.EXE
                      C:\Program Files\QKeys\QKeys.EXE
                      C:\Program Files\QuickTime\qttask.exe
                      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
                      C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
                      C:\Program Files\Eset\nod32kui.exe
                      C:\WINNT\system32\AVWLPSTA.EXE
                      C:\Program Files\MSN Messenger\MsnMsgr.Exe
                      C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
                      C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
                      C:\Program Files\Gadu-Gadu\gg.exe
                      C:\Program Files\Skype\Phone\Skype.exe
                      C:\Program Files\OLYMPUS\CAMEDIA Master 4.2\CM_camera.exe
                      C:\Program Files\Nokia\PC Suite pour Nokia 7650\connmngmntbox.exe
                      C:\Program Files\Nokia\PC Suite pour Nokia 7650\ectaskscheduler.exe
                      C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
                      C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
                      C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
                      C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
                      C:\Program Files\Internet Explorer\iexplore.exe
                      C:\Program Files\Internet Explorer\iexplore.exe
                      C:\Documents and Settings\abdel\Desktop\Hijack This\hijackthis.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                      fr.news.yahoo.com/
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                      fr.yahoo.com
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                      fr.yahoo.com
                      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
                      Settings,ProxyOverride = ;localhost;<local>
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
                      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                      C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                      O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-
                      00A0C9082467} - C:\WINNT\System32\msdxm.ocx
                      O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
                      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
                      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                      O4 - HKLM\..\Run: [QKeys] C:\Program Files\QKeys\QKeys.EXE
                      O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
                      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
                      atboottime
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04
                      \bin\jusched.exe
                      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
                      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
                      O4 - HKLM\..\Run: [AVWLPSTA.EXE] AVWLPSTA.EXE
                      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
                      Messenger\MsnMsgr.Exe" /background
                      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!
                      \Messenger\ypager.exe" -quiet
                      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
                      O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006
                      \MemOptimizer.exe" autostart
                      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
                      88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
                      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                      O4 - HKCU\..\Run: [Skype] "C:\Program
                      Files\Skype\Phone\Skype.exe" /nosplash /minimized
                      O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
                      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
                      Files\Adobe\Calibration\Adobe Gamma Loader.exe
                      O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA
                      Master 4.2\CM_camera.exe
                      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
                      Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
                      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                      Office\Office10\OSA.EXE
                      O4 - Global Startup: PCSuiteForNokia7650 Detect.lnk = C:\Program Files\Nokia\PC
                      Suite pour Nokia 7650\connmngmntbox.exe
                      O4 - Global Startup: PCSuiteForNokia7650 TS.lnk = C:\Program Files\Nokia\PC
                      Suite pour Nokia 7650\ectaskscheduler.exe
                      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
                      C:\Program Files\Yahoo!\Common\yinsthelper.dll
                      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
                      update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125394507046
                      O17 - HKLM\System\CCS\Services\Tcpip\..\{F0CD825C-FE26-4715-85E7-DC80530A944C}:
                      NameServer = 172.19.0.254,193.49.144.1
                      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = uang,univ-
                      angers.fr
                      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = uang,univ-
                      angers.fr
                      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = uang,univ-
                      angers.fr
                      O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1
                      \SYSTEM~1\autocomp.exe (file missing)
                      O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS
                      Software Corp. - C:\WINNT\System32\dmadmin.exe
                      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON
                      CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
                      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program
                      Files\Eset\nod32krn.exe
                      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
                      C:\WINNT\System32\nvsvc32.exe
                      O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
                      O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
                      O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner -
                      C:\Program Files\Common Files\WinTools\WToolsS.exe

                      • Gość: k Re: Co to jest- http:/e.rn11.com/a/a122-mftmppu ? IP: *.warszawa.sdi.tpnet.pl 19.03.06, 15:04
                        Logitech Desktop Messenger odinstaluj, watpie zebys go uzywal ale jezeli
                        faktycznie go uzywasz to zostaw ;-)

                        Zostaly juz tylko te uslugi:
                        O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1
                        \SYSTEM~1\autocomp.exe (file missing)
                        O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner -
                        C:\Program Files\Common Files\WinTools\WToolsS.exe

                        Nie zobaczylem, ze masz w2k, a wiec nie masz sc wiec usun je tak:
                        Hijackthis -> Open Misc tools -> Delete nt service i wpisz tam:
                        Autocomplete
                        i ok, nastepnie to samo z:
                        Wintoolssvc
                        Jak juz to zrobisz to usuwasz katalog C:\Program Files\Common Files\WinTools\ z
                        dysku.

                        Na koniec skanujesz systm tymi programami:
                        forum.gazeta.pl/forum/72,2.html?f=430&w=38051058&a=38492825
                        To wszystko.
Pełna wersja