Bardzo poproszę o sprawdzenie loga

Dla specjalistów Bezpieczeństwo
#1

Logfile of HijackThis v1.99.1

Scan saved at 00:54:27, on 2005-02-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\sstray.exe

C:\WINDOWS\system32\TCAUDIAG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\x\USTAWI~1\Temp\Rar$EX00.375\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.11.1:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: HyperSearchHook - {0B208658-39C8-4A74-87CB-9729A91A3F19} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FB2D2C30-A452-0D13-DADE-ECF7A52D0E84} - C:\DOCUME~1\x\DANEAP~1\BASHBI~1\Chin Browse.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM…\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM…\Run: [TCASUTIEXE] TCAUDIAG.exe -on

O4 - HKLM…\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM…\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\Winampa.exe”

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM…\Run: [HoleFindFirstEq] C:\Documents and Settings\All Users\Dane aplikacji\okay 64 hole find\STYLE ROAD.exe

O4 - HKLM…\RunServices: [TrojanShield Protector] C:\Program Files\TrojanShield\Port.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [WmaTray] C:\DOCUME~1\x\DANEAP~1\64ACTI~1\SURF TWO.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip…{FBB0628F-E6B7-4E8D-8B3E-960E188CE72F}: NameServer = 62.233.233.10,194.204.159.1

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#2

Do usunięcia w trybie awaryjnym:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll (file missing)

O2 - BHO: (no name) - {FB2D2C30-A452-0D13-DADE-ECF7A52D0E84} - C:\DOCUME~1\x\DANEAP~1\BASHBI~1\Chin Browse.exe

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM…\Run: [HoleFindFirstEq] C:\Documents and Settings\All Users\Dane aplikacji\okay 64 hole find\STYLE ROAD.exe

O4 - HKCU…\Run: [WmaTray] C:\DOCUME~1\x\DANEAP~1\64ACTI~1\SURF TWO.exe

O4 - HKCU…\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

Te wpisy usuwasz programem LSPFix

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

#3

dzieki

aby nic nie spieprzyć rozumiem że:

uruchamiam kompa w trybie awaryjnym => odpalam hijack=> ptaszkuje te wpisy=> klikam fix

ponownie uruchamiam komp w trybie awaryjnym=> odpalam LSPfix=>usuwam pozostałe pliki=>restart i już?

#4

Tak bardzo dobrze rozumiesz :slight_smile:

Jak wszystko już zrobisz to wklej loga jeszcze raz.

#5

dodatkowo mozesz wywalic messengera jesli nie uzywasz

http://forum.dobreprogramy.pl/viewtopic.php?t=14250

#6

witam

jak napisąłem tak zrobiłem, tylko w Lspfix nie pojawiły sie takie wpisy jak zapodałeś skasowałem tylko jeden który w nazwie miał to samo co wywalałem HJ

oto logi:

Logfile of HijackThis v1.99.1

Scan saved at 09:52:50, on 2005-02-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\sstray.exe

C:\WINDOWS\system32\TCAUDIAG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\x\USTAWI~1\Temp\Rar$EX00.843\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.11.1:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: HyperSearchHook - {0B208658-39C8-4A74-87CB-9729A91A3F19} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM…\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM…\Run: [TCASUTIEXE] TCAUDIAG.exe -on

O4 - HKLM…\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM…\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\Winampa.exe”

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM…\RunServices: [TrojanShield Protector] C:\Program Files\TrojanShield\Port.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip…{FBB0628F-E6B7-4E8D-8B3E-960E188CE72F}: NameServer = 62.233.233.10,194.204.159.1

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Jesli jest OK poprosze o info

Jęsli nie jest Ok również poproszę o info i podpowiedź jak sobie poradzić

#7

możesz ale nie musisz skasować:

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

#8

ok wywale

pytanie czy poza tym OK pozostało bez odpowiedzi :wink: rozumiem więc ze jest ok :slight_smile:

mam jeszcze jeden problem:

w czasie instalacji Kazza Lite++ ( wiem wiem syf to jest ale czasem musze cos szybo miec ) wszystko ok jest tylko na końcu wywa;a komunikat błędu taki:

Appname:kazza.kpp

AppVer:0.0.0.0

NodName:hyperbarss3.dll

ModVer.1.0.1.1

Offset:00001141

czy moge jeszcze poprosić o pomoc w tej sprawie?

#9

Witam,

R3 - URLSearchHook: HyperSearchHook - {0B208658-39C8-4A74-87CB-9729A91A3F19} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll

Dodam tylko od siebie, że np. TUTAJ zalecane jest wywalenie tej linijki.

Do tego to won:

C:\Program Files\Common Files\Hyperbar

Katalog może być ukryty.

Może spróbuj to wykonać.

PS Nie zakładaj dublujących się topiców.

http://forum.dobreprogramy.pl/viewtopic.php?t=20143

#10

dzieki

tu z rozpędu napisałem i po chwili zrozumiałem że nie ten wątek

sorka

i jeszcze raz dzięki

#11

Możesz wyłączyć CTFMON.EXE: Panel sterowania => Opcje regionalne=> Języki => Szczegóły => Zaawansowane => zaznaczasz wyłącz zaawansowane usługi tekstowe

Start=>Uruchom=>Wpisz polecenie msconfig=>Zakładka Uruchamianie i odchacz:

winamp

NeroCheck