Bardzo proszę o sprawdzenie loga

[Gość: iv9999]

Logfile of HijackThis v1.99.1
Scan saved at 19:14:06, on 2006-07-16
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Firebird\bin\ibguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\explorer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Firebird\bin\ibserver.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\ishost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\ismon.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\ybylpepl.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\winnt\system32\rlvknlg.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\SmartPopupBlocker\SmartPopupBlockerTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\qqq1\USTAWI~1\Temp\Rar$EX00.093\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HTTP://WWW.GOOGLE.PL/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-
640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program
files\180searchassistant\salmhook.dll (file missing)
O2 - BHO: (no name) - {23555200-A405-310C-4DE1-BA1270271CC8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A8DD1CC3-00C1-F59C-773C-08C6F00C466E} - (no file)
O2 - BHO: (no name) - {AFBBE42D-A4F1-4DD8-7769-6A36488D77FA} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EE99B4AF-F60C-7EF0-A178-E887506F6950} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft
Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32
\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1
\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [udp ndiswin] syemt.exe
O4 - HKLM\..\Run: [Layer Ndis System] winese.exe
O4 - HKLM\..\Run: [Ndis Layer] algwin.exe
O4 - HKLM\..\Run: [USB2 DEVICE] notepab.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] wmedia.exe
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1
\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [gowepu] ifaifa.exe
O4 - HKLM\..\Run: [Allopass] freepass.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINNT\system32\gah95on6.exe
O4 - HKLM\..\Run: [a] a.exe
O4 - HKLM\..\Run: [18rpb4sm] C:\WINNT\system32\18rpb4sm.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINNT\system32\abasa5jrp.exe
O4 - HKLM\..\Run: [Wasdwwsa] C:\WINNT\SYSTEM32\achance.exe
O4 - HKLM\..\Run: [zero] zero.exe
O4 - HKLM\..\Run: [e8m6p7rp] C:\WINNT\system32\e8m6p7rp.exe
O4 - HKLM\..\Run: [juonbi] c:\winnt\system32\juonbi.exe
O4 - HKLM\..\Run: [8lu8bg8t] C:\WINNT\system32\8lu8bg8t.exe
O4 - HKLM\..\Run: [GCpFE3T] C:\WINNT\ybylpepl.exe
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\winnt\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [64f29f35.exe] C:\WINNT\system32\64f29f35.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
\SNDMon.exe /Consumer
O4 - HKLM\..\RunServices: [udp ndiswin] syemt.exe
O4 - HKLM\..\RunServices: [Layer Ndis System] winese.exe
O4 - HKLM\..\RunServices: [Ndis Layer] algwin.exe
O4 - HKLM\..\RunServices: [USB2 DEVICE] notepab.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] wmedia.exe
O4 - HKLM\..\RunServices: [gowepu] ifaifa.exe
O4 - HKLM\..\RunServices: [Allopass] freepass.exe
O4 - HKLM\..\RunServices: [a] a.exe
O4 - HKLM\..\RunServices: [zero] zero.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [64f29f35.exe] C:\Documents and Settings\qqq1\Ustawienia
lokalne\Dane aplikacji\64f29f35.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
5.0\Distillr\AcroTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural
Color\NaturalColorLoad.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
costperformance.org/WFPlayer/tdserver.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
<a href

[Gość: Kolobos]

W menadzerze zadan zakoncz:
C:\WINNT\system32\ishost.exe
C:\WINNT\system32\ismon.exe
C:\WINNT\ybylpepl.exe
C:\winnt\system32\rlvknlg.exe
C:\Program Files\ISTsvc\istsvc.exe

Wymienione pliki usun z dysku oraz katalog ISTsvc.

Uzyj:
securityresponse.symantec.com/avcenter/FxIstbar.exe
W hjt usun:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program
files\180searchassistant\salmhook.dll (file missing)
O2 - BHO: (no name) - {23555200-A405-310C-4DE1-BA1270271CC8} - (no file)
O2 - BHO: (no name) - {A8DD1CC3-00C1-F59C-773C-08C6F00C466E} - (no file)
O2 - BHO: (no name) - {AFBBE42D-A4F1-4DD8-7769-6A36488D77FA} - (no file)
O2 - BHO: (no name) - {EE99B4AF-F60C-7EF0-A178-E887506F6950} - (no file)
O4 - HKLM\..\Run: [udp ndiswin] syemt.exe <- plik usun z dysku.
O4 - HKLM\..\Run: [Layer Ndis System] winese.exe <- i ten
O4 - HKLM\..\Run: [Ndis Layer] algwin.exe <- ten
O4 - HKLM\..\Run: [USB2 DEVICE] notepab.exe <- ten
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] wmedia.exe <- plik usun z
dysku.
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1
\MW1HEL~1.EXE /partner MW1 <- katalog MAGICW~1 usun z dysku.
O4 - HKLM\..\Run: [gowepu] ifaifa.exe <- plik do kasacji.
O4 - HKLM\..\Run: [Allopass] freepass.exe <- i ten
O4 - HKLM\..\Run: [gah95on6] C:\WINNT\system32\gah95on6.exe <- i ten
O4 - HKLM\..\Run: [a] a.exe <- i ten.
O4 - HKLM\..\Run: [18rpb4sm] C:\WINNT\system32\18rpb4sm.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINNT\system32\abasa5jrp.exe
O4 - HKLM\..\Run: [Wasdwwsa] C:\WINNT\SYSTEM32\achance.exe
O4 - HKLM\..\Run: [zero] zero.exe
O4 - HKLM\..\Run: [e8m6p7rp] C:\WINNT\system32\e8m6p7rp.exe
O4 - HKLM\..\Run: [juonbi] c:\winnt\system32\juonbi.exe
O4 - HKLM\..\Run: [8lu8bg8t] C:\WINNT\system32\8lu8bg8t.exe
O4 - HKLM\..\Run: [GCpFE3T] C:\WINNT\ybylpepl.exe
te wszystkie pliki exe do kasacji z dysku.
O4 - HKLM\..\Run: [RelevantKnowledge] c:\winnt\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [64f29f35.exe] C:\WINNT\system32\64f29f35.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [udp ndiswin] syemt.exe
O4 - HKLM\..\RunServices: [Layer Ndis System] winese.exe
O4 - HKLM\..\RunServices: [Ndis Layer] algwin.exe
O4 - HKLM\..\RunServices: [USB2 DEVICE] notepab.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] wmedia.exe
O4 - HKLM\..\RunServices: [gowepu] ifaifa.exe
O4 - HKLM\..\RunServices: [Allopass] freepass.exe
O4 - HKLM\..\RunServices: [a] a.exe
O4 - HKLM\..\RunServices: [zero] zero.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe <- plik usun z dysku.
O4 - HKCU\..\Run: [64f29f35.exe] C:\Documents and Settings\qqq1\Ustawienia
lokalne\Dane aplikacji\64f29f35.exe <- plik usun z dysku.
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINNT\web\related.htm

Doklej reszte od:
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
<a href

Przeskanuj system przy pomocy ewido (znajdziesz na google lub w przyklejonym
poscie), zamiast nortona zainstaluj AntyVir PE.

[Gość: iv9999]

Dziękuję bardzo, doklejam resztę:

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
www.ysbweb.com/ist/softwares/v4.0/ysb_cracks.cab
O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) -
www.slotchbar.com/ist/softwares/v4.0/protect_regular.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX
Control) - www.modgik.lodz.pl/Mapa/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1090773246468
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -
toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1090773220156
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) -
support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware
Scanner) -
download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) -
217.28.152.28/wg_webeye.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software
GmbH)) - www.o2c.de/download/o2cplayer.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
download.energyfactor.com/dialer/it/activex_261_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B989C63-B2B2-445E-87C9-6AAF9FE8170E}:
NameServer = 10.6.1.1,62.233.128.17,213.77.115.28
O17 - HKLM\System\CS1\Services\Tcpip\..\{5B989C63-B2B2-445E-87C9-6AAF9FE8170E}:
NameServer = 10.6.1.1,62.233.128.17,213.77.115.28
O17 - HKLM\System\CS2\Services\Tcpip\..\{5B989C63-B2B2-445E-87C9-6AAF9FE8170E}:
NameServer = 10.6.1.1,62.233.128.17,213.77.115.28
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINNT\system32\winlogon.dll
O20 - Winlogon Notify: winhoo32 - C:\WINNT\SYSTEM32\winhoo32.dll
O23 - Service: aiibc - Unknown owner - \\82.143.135.84\E$\hmlsvc32.exe" -
service (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32
\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: cgpasn - Unknown owner - \\82.143.135.84\E$\a.exe" -service
(file missing)
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -
C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: hexadecimal (HexadecimaRepresentation) - Unknown owner -
C:\WINNT\Edit.exe (file missing)
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner -
C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner -
C:\Program.exe (file missing)
O23 - Service: jaxvh - Unknown owner - \\82.143.135.84\E$\hmlsvc32.exe" -
service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1
\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
C:\WINNT\system32\ZoneLabs\vsmon.exe
---------------
Jak usunąć pliki z dysku? np.
O4 - HKLM\..\Run: [udp ndiswin] syemt.exe ?

[Gość: Kolobos]

Do ksacji w hjt:
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
www.ysbweb.com/ist/softwares/v4.0/ysb_cracks.cab
O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) -
www.slotchbar.com/ist/softwares/v4.0/protect_regular.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
www.xblock.com/download/xclean_micro.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} -
download.energyfactor.com/dialer/it/activex_261_it.exe
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\WINNT\system32\winlogon.dll <- plik usun z dysku.
O20 - Winlogon Notify: winhoo32 - C:\WINNT\SYSTEM32\winhoo32.dll <- i ten.

Uslugi do kasacji:
O23 - Service: aiibc - Unknown owner - \\82.143.135.84\E$\hmlsvc32.exe" -
service (file missing)
O23 - Service: cgpasn - Unknown owner - \\82.143.135.84\E$\a.exe" -service
(file missing)
O23 - Service: hexadecimal (HexadecimaRepresentation) - Unknown owner -
C:\WINNT\Edit.exe (file missing)
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - Unknown owner -
C:\Program.exe (file missing)
O23 - Service: Firebird Server (InterBaseServer) - Unknown owner -
C:\Program.exe (file missing)
O23 - Service: jaxvh - Unknown owner - \\82.143.135.84\E$\hmlsvc32.exe" -
service (file missing)

Opis usuwania uslug masz opisany w przyklejonym poscie.


> Jak usunąć pliki z dysku? np.
> O4 - HKLM\..\Run: [udp ndiswin] syemt.exe ?

Wlaczyc w opcjach folderow pokazywanie plikow ukrytych i chronionych, nastepnie
przejsc do katalogu system32, odszukac dany plik i usunac.


Jak juz to wszystko zrobisz to wklej nowy log.