Log do sprawdzenia


(Zemli33) #1

Logfile of HijackThis v1.99.1

Scan saved at 18:49:01, on 2005-06-05

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\CMEII\CMESys.exe

C:\Program Files\Media Access\MediaAccK.exe

C:\Program Files\ISTsvc\istsvc.exe

C:\WINDOWS\ossro.exe

C:\Program Files\Media Access\MediaAccess.exe

C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe

C:\WINDOWS\system32\ieujrss7.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\GMT\GMT.exe

C:\Program Files\Virtual CD v4\System\VCDTray.exe

D:\Programy\Norton antywir\Norton AntiVirus\navapsvc.exe

D:\Programy\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

D:\Programy\SPEEDD~1\nopdb.exe

C:\Program Files\Virtual CD v4\System\vcdsecs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\wojtek\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programy\Norton antywir\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programy\Norton antywir\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM..\Run: [RodG] C:\WINDOWS\ossro.exe

O4 - HKLM..\Run: [Áł# é"h'ţ9ÓśU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ossro.exe

O4 - HKLM..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe

O4 - HKLM..\Run: [ieujrss7] C:\WINDOWS\system32\ieujrss7.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [spyware Vanisher] D:\spywarevanisher-free\FreeScanner.exe -FastScan

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Downl ... e-c338.cab

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4. ... egular.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - D:\Programy\Norton antywir\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Programy\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Speed Disk service - Symantec Corporation - D:\Programy\SPEEDD~1\nopdb.exe

O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe


(Musg) #2

leci:

pogrubione lecąrecznie z dysku

sposob usuwania znasz bo juz walczylismy

wklej log po naprawie


(Zemli33) #3

Z kilkoma smieciami nie moglem sobie poradzic przy usunieciu gdyz pokazywalo sie okienko "Sprawdz czy dysk nie jest zapelniony, chroniony przed zapisaem czy aktualnie uzywany..."

Poza tym probuje troche wyleczyc kumpla kompa a przedtem skaner mksvir wykryl ok 31 (trojanow+wirusow) i zastanawiam sie czy nie lepiej odrazu formata zrobic niz sie pieprzyc ale czekam na wasze porady...

Log teraz wyglada tak :

Logfile of HijackThis v1.99.1

Scan saved at 19:26:06, on 2005-06-05

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\CMEII\CMESys.exe

C:\Program Files\Media Access\MediaAccK.exe

C:\Program Files\Media Access\MediaAccess.exe

C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe

C:\WINDOWS\system32\ieujrss7.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Virtual CD v4\System\VCDTray.exe

D:\Programy\Norton antywir\Norton AntiVirus\navapsvc.exe

D:\Programy\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

D:\Programy\SPEEDD~1\nopdb.exe

C:\Program Files\Virtual CD v4\System\vcdsecs.exe

D:\Programy\Winamp\winamp.exe

C:\Program Files\wincmd\TOTALCMD.EXE

C:\Program Files\ISTsvc\istsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\wojtek\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programy\Norton antywir\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programy\Norton antywir\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM..\Run: [RodG] C:\WINDOWS\ossro.exe

O4 - HKLM..\Run: [Áł# é"h'ţ9ÓśU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ossro.exe

O4 - HKLM..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe

O4 - HKLM..\Run: [ieujrss7] C:\WINDOWS\system32\ieujrss7.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [spyware Vanisher] D:\spywarevanisher-free\FreeScanner.exe -FastScan

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Downl ... e-c338.cab

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4. ... egular.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - D:\Programy\Norton antywir\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Programy\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Speed Disk service - Symantec Corporation - D:\Programy\SPEEDD~1\nopdb.exe

O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe


(Musg) #4

jedziesz jeszcze tym progsem:

http://securityresponse.symantec.com/av ... Istbar.exe

i jeszcze to:

media


(Zemli33) #5

FxIstbar pokazuje to :

Symantec Adware.Istbar Removal Tool 1.0.7

registry: HKEY_USERS\S-1-5-21-1085031214-1078145449-682003330-1003\Software\Avenue Media (key deleted)

registry: HKEY_USERS\S-1-5-21-1085031214-1078145449-682003330-1003\Software\IST (key deleted)

registry: HKEY_USERS\S-1-5-21-1085031214-1078145449-682003330-1003\Software\Microsoft\Internet Explorer\Explorer Bars{8CBA1B49-8144-4721-A7B1-64C578C9EED7} (key deleted)

registry: HKEY_USERS\S-1-5-21-1085031214-1078145449-682003330-1003\Software\Policies\Avenue Media (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Avenue Media (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{8CBA1B49-8144-4721-A7B1-64C578C9EED7} (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{A3FDD654-A057-4971-9844-4ED8E67DBBB8} (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface{339D8AFF-0B42-4260-AD82-78CE605A9543} (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface{A36A5936-CFD9-4B41-86BD-319A1931887F} (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SideFind.Finder (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SideFind.Finder.1 (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib{58634367-D62B-4C2C-86BE-5AAC45CDB671} (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib{D0288A41-9855-4A9B-8316-BABE243648DA} (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions{10E42047-DEB9-4535-A118-B3F6EC39B807} (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SideFind (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{A3FDD654-A057-4971-9844-4ED8E67DBBB8} (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Avenue Media (key deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\SideFind (key deleted)

registry: HKEY_USERS\S-1-5-21-1085031214-1078145449-682003330-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping: {10E42047-DEB9-4535-A118-B3F6EC39B807} (value deleted)

registry: HKEY_USERS\S-1-5-21-1085031214-1078145449-682003330-1003\Software\Microsoft\Internet Explorer\Main: BandRest (value deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main: BandRest (value deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run: IST Service (value deleted)

registry: HKEY_LOCAL_MACHINE\SOFTWARE\PowerScan (key deleted)

registry: HKEY_USERS\S-1-5-21-1085031214-1078145449-682003330-1003\SOFTWARE\PowerScan (key deleted)

C:\System Volume Information: (not scanned)

D:\System Volume Information: (not scanned)

E:\System Volume Information: (not scanned)

Adware.Istbar has not been found on your computer.


(Musg) #6

wywalił istbara

jedna sprawa załatwiona.

Dajesz log kontrolnie :slight_smile:

i jeszcze usuwasz media --tez ci podalem linka w poprzednim poscie :slight_smile:


(Zemli33) #7

nie wiem czy sie cos zmienilo w logu :

Logfile of HijackThis v1.99.1

Scan saved at 20:44:49, on 2005-06-05

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\CMEII\CMESys.exe

C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe

C:\WINDOWS\system32\ieujrss7.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Virtual CD v4\System\VCDTray.exe

D:\Programy\Norton antywir\Norton AntiVirus\navapsvc.exe

D:\Programy\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\System32\nvsvc32.exe

D:\Programy\SPEEDD~1\nopdb.exe

C:\Program Files\Virtual CD v4\System\vcdsecs.exe

D:\Programy\Winamp\winamp.exe

C:\Program Files\ISTsvc\istsvc.exe

C:\Program Files\wincmd\TOTALCMD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\wojtek\Pulpit\blaze\BlazeFindRemoval.exe

C:\Documents and Settings\wojtek\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programy\Norton antywir\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programy\Norton antywir\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRA~1\YOURSI~1\ysb.dll

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [RodG] C:\WINDOWS\ossro.exe

O4 - HKLM..\Run: [Áł# é"h'ţ9ÓśU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ossro.exe

O4 - HKLM..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~1\System\VCDPlay.exe

O4 - HKLM..\Run: [ieujrss7] C:\WINDOWS\system32\ieujrss7.exe

O4 - HKLM..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [spyware Vanisher] D:\spywarevanisher-free\FreeScanner.exe -FastScan

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4. ... egular.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - D:\Programy\Norton antywir\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Programy\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Speed Disk service - Symantec Corporation - D:\Programy\SPEEDD~1\nopdb.exe

O23 - Service: VCDSecS - H+H Software GmbH - C:\Program Files\Virtual CD v4\System\vcdsecs.exe


(Musg) #8

jeszcze raz masz odpalic program:

http://securityresponse.symantec.com/av ... Istbar.exe

on ci musi usunc istbara! !!

media juz poleciały! !!

Usuwasz raz jeszcze to co ci podalem powyzej z hijacka.Cos robisz nie tak?

Wylaczasz przywracanie systemu w xp?

Robisz wszystko w trybie awaryjnym f 8 ?

Tak własnie trzeba to usuwac!


(Kuz5) #9

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Co do tego Spyware Vanisher to decyzja o usunięciu należy do ciebie (osobiście polecam usunięcie:

Pliki na czerwono usun ręcznie z dysku

Jeżeli bedzie problem z usunięciem plików zaznaczonych na czerwono to usunąć je programem Pocket Killbox czyli odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżke:

C:\Program Files\Common Files\CMEII**** CMESys.exe

następnie program będzie pytał o restart (oczywiście zgadzasz sie)

I to samo robisz ze ścieżkami:

C:\PROGRA~1\YOURSI~1**** ysb.dll

C:\WINDOWS**** ossro.exe

C:\WINDOWS\system32**** ieujrss7.exe

C:\Program Files\ISTsvc**** istsvc.exe

C:\Program Files\Common Files\GMT**** GMT.exe


(Gutek) #10

wystarczy że w dodaj\usun odinstaluje, a foldery usunie ręcznie :stuck_out_tongue: