I nie uzywaj IE
Sprawdz lokalizację pliku Hosts. I co w nim siedzi.
Prawdziwy plik znajduje sie w :
C:\WINDOWS\system32\drivers\etc
Wszystko inne to badziew>>> do wywalenia.
Narzędzia>>>Opcje folderów>>>Widok, odznacz Ukryj rozszerzenia oraz
zaznacz pokaż ukryte pliki.
Wyłącz zbędne usługi:
http://forum.dobreprogramy.pl/viewtopic … e+us%B3ugi
W uruchom wpisz msconfig , zakładka uruchamianie usuń stamtąd zbędne programy.
Sprawdz jeszcze co pokazuje program
Podaj tutaj nazwy z lewego okienka.
Sprawdz system i usuwaj zbędne pliki programem.
Daj jeszcze raz loga do sprawdzenia.
heh…staruszek jak usiadze to czasem wejdzie na jakies xxx… ale to nie to… wszedlem na jakas normalna stronke. stronke klanu q3 i nagle zonk! wysypalo… co z tym zrobic? :<
Logfile of HijackThis v1.99.0
Scan saved at 23:03:59, on 2004-12-20
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\teamspeak2_RC2\TeamSpeak.exe
C:\Documents and Settings\Set\Pulpit\skanery\HijackThis.exe
O1 - Hosts: 129.30.83.206 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 44.181.207.55 kaspersky-labs.com
O1 - Hosts: 69.233.107.62 http://www.networkassociates.com
O1 - Hosts: 251.6.187.149 us.mcafee.com
O1 - Hosts: 165.237.145.132 f-secure.com
O1 - Hosts: 78.247.154.166 networkassociates.com
O1 - Hosts: 66.181.2.16 secure.nai.com
O1 - Hosts: 200.164.59.14 downloads1.kaspersky-labs.com
O1 - Hosts: 170.197.101.19 downloads2.kaspersky-labs.com
O1 - Hosts: 62.143.242.109 downloads3.kaspersky-labs.com
O1 - Hosts: 35.195.120.221 avp.com
O1 - Hosts: 211.22.228.64 http://www.sophos.com
O1 - Hosts: 187.173.117.187 my-etrust.com
O1 - Hosts: 130.240.32.70 http://www.kaspersky.com
O1 - Hosts: 177.35.93.103 http://www.f-secure.com
O1 - Hosts: 228.194.128.128 dispatch.mcafee.com
O1 - Hosts: 42.184.3.18 update.symantec.com
O1 - Hosts: 82.181.114.187 nai.com
O1 - Hosts: 54.99.240.242 http://www.nai.com
O1 - Hosts: 80.47.114.171 sophos.com
O1 - Hosts: 36.237.26.109 http://www.ca.com
O1 - Hosts: 76.139.111.150 ca.com
O1 - Hosts: 44.131.88.193 securityresponse.symantec.com
O1 - Hosts: 169.238.238.145 symantec.com
O1 - Hosts: 94.66.193.85 mast.mcafee.com
O1 - Hosts: 34.35.6.77 liveupdate.symantec.com
O1 - Hosts: 238.228.200.128 http://www.avp.com
O1 - Hosts: 112.140.41.107 http://www.viruslist.com
O1 - Hosts: 198.125.45.245 viruslist.com
O1 - Hosts: 77.35.187.116 http://www.symantec.com
O1 - Hosts: 107.55.189.180 downloads4.kaspersky-labs.com
O1 - Hosts: 192.131.131.72 downloads-us1.kaspersky-labs.com
O1 - Hosts: 53.51.233.139 customer.symantec.com
O1 - Hosts: 187.19.219.48 mcafee.com
O1 - Hosts: 209.106.36.46 viruslist.com
O1 - Hosts: 7.42.192.122 http://www.my-etrust.com
O1 - Hosts: 28.172.18.214 download.mcafee.com
O1 - Hosts: 128.84.169.161 updates.symantec.com
O1 - Hosts: 64.160.142.121 kaspersky.com
O1 - Hosts: 168.161.50.13 http://www.trendmicro.com
O1 - Hosts: 52.222.122.136 rads.mcafee.com
O1 - Hosts: 130.7.145.88 trendmicro.com
O1 - Hosts: 120.25.95.73 liveupdate.symantecliveupdate.com
O1 - Hosts: 187.201.231.50 http://www.mcafee.com
O1 - Hosts: 236.152.94.106 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 133.215.35.35 kaspersky-labs.com
O1 - Hosts: 87.79.180.138 http://www.networkassociates.com
O1 - Hosts: 195.15.171.207 us.mcafee.com
O1 - Hosts: 25.170.83.243 f-secure.com
O1 - Hosts: 212.166.165.61 networkassociates.com
O1 - Hosts: 37.183.66.124 secure.nai.com
O1 - Hosts: 103.111.123.131 downloads1.kaspersky-labs.com
O1 - Hosts: 151.22.209.127 downloads2.kaspersky-labs.com
O1 - Hosts: 246.188.124.38 downloads3.kaspersky-labs.com
O1 - Hosts: 92.228.212.220 avp.com
O1 - Hosts: 243.50.209.67 http://www.sophos.com
O1 - Hosts: 97.2.213.215 my-etrust.com
O1 - Hosts: 131.240.134.149 http://www.kaspersky.com
O1 - Hosts: 91.149.110.192 http://www.f-secure.com
O1 - Hosts: 198.7.159.72 dispatch.mcafee.com
O1 - Hosts: 24.237.159.109 update.symantec.com
O1 - Hosts: 185.57.66.149 nai.com
O1 - Hosts: 99.179.73.128 http://www.nai.com
O1 - Hosts: 155.23.237.58 sophos.com
O1 - Hosts: 121.93.163.135 http://www.ca.com
O1 - Hosts: 237.94.191.179 ca.com
O1 - Hosts: 205.136.123.119 mast.mcafee.com
O1 - Hosts: 252.170.142.49 liveupdate.symantec.com
O1 - Hosts: 165.229.135.72 http://www.avp.com
O1 - Hosts: 180.15.74.176 http://www.viruslist.com
O1 - Hosts: 84.13.210.193 viruslist.com
O1 - Hosts: 183.151.173.49 http://www.symantec.com
O1 - Hosts: 189.226.1.233 downloads4.kaspersky-labs.com
O1 - Hosts: 55.215.84.73 downloads-us1.kaspersky-labs.com
O1 - Hosts: 187.158.93.86 customer.symantec.com
O1 - Hosts: 86.129.124.234 mcafee.com
O1 - Hosts: 126.124.201.248 viruslist.com
O1 - Hosts: 27.254.182.85 http://www.my-etrust.com
O1 - Hosts: 135.181.190.184 download.mcafee.com
O1 - Hosts: 230.86.173.216 updates.symantec.com
O1 - Hosts: 37.208.91.216 kaspersky.com
O1 - Hosts: 130.93.2.100 http://www.trendmicro.com
O1 - Hosts: 137.63.129.53 rads.mcafee.com
O1 - Hosts: 188.67.47.232 trendmicro.com
O1 - Hosts: 112.73.11.75 liveupdate.symantecliveupdate.com
O1 - Hosts: 144.98.130.141 http://www.mcafee.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM…\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM…\Run: [CberSrv32] C:\WINDOWS\cbersrv.exe
O4 - HKLM…\Run: [HahSrv32] C:\WINDOWS\hahsrv.exe
O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
to byl log, teraz to z LSP-Fix:
mswsock.dll
winrnr.dll
rsvpsp.dll
Z lSP-Fix jest ok.
za pomocą Security Task Manager
zlokailizuj cbersrv.exe , hahsrv.exe Ubij procesy i usuń
W kuczach:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main oraz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL = [www.zły wpis.com] >>> usuwasz
Default_Search_URL = [www.zły wpis.com] >>> usuwasz
Search Bar = [www.zły wpis.com] >>> usuwasz
Search Page = [www.zły wpis.com] >>> usuwasz
Start Page = [www.dobry wpis.com] >>> w tu jest wpis stronki startowej
Use Search Assistant = “yes” >>> zmieniasz na “no”
W kluczach:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search oraz
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
CustomizeSearch = [www.zły wpis.com] >>> usuwasz
SearchAssistant = [www.zły wpis.com] >>> usuwasz
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL
[www.syf.com] >>> usuwasz
oraz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
W tych ostatnich szukaj cbersrv.exe , hahsrv.exe.Usuń.
Restartuj.
Dalej zajmij sie plikiem HOSTS. Masz tam pełno wpisów stronek.
To moze mulić .
A może tak ma być… Jesli tak to zostaw.
no wiec zrobilem jak mowiles… zonk… w sumie to znalazlem pliki cbersrv.exe i hahsrv.exe z tym ze nie mozna ich usunac… za kazdym razem dostep zabroniony bo plik uzywany przez inne aplikacje
wylaczylem to a autostartu, wywalilem w STmanager… i dalej zonk. hmm wqrza mnie to powoli :< skonczy sie na format c:… 
Start do trybu awaryjnego i dopiero wtedy działaj.
Jak nie daje rady to usuwaj za pomocą
Zaznaczasz plik , klikasz Add a potem Replace i restart kmpa. Kasuje przed załdaowaniem sys.
Logfile of HijackThis v1.99.0
Scan saved at 10:01:09, on 2004-12-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\xxuypfsp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Miciu\USTAWI~1\Temp\Rar$EX00.031\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM…\Run: [N8qYdB] C:\WINDOWS\xxuypfsp.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM…\Run: [N8Ý9żĚ*ú]Mú*ŔaîžaařC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xxuypfsp.exe
O4 - HKLM…\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 3747342812
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip…{F93D07F2-6EE7-46F1-AAAD-419BF983FEFB}: NameServer = 194.204.159.1,0.0.0.0
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: InCD File System Service - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
Mi się władował IST svc, mam pytanie-co i jak usunąć??
Wylacz przywracanie i zakoncz w menedzerze zadan nastepujace procesy:
xxuypfsp.exe
istsvc.exe
po wykonaniu tego usun pliki z dysku wraz z odpowiednimi katalogami i na koniec fix ponizszych pozycji w hijackthis:
C:\WINDOWS\xxuypfsp.exe
C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [N8qYdB] C:\WINDOWS\xxuypfsp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [N8Ý9żĚ*ú]Mú*ŔaîžaařC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\xxuypfsp.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exeLogfile of HijackThis v1.99.0
Scan saved at 11:41:05, on 2004-12-26
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Corel\Graphics9\Register\Remind32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Documents and Settings\de S qbAs\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.dobreprogramy.pl/index.php?sid=96523185e8455d36830a35f7ecfd6b46
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvewt32.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [WIN USB 2.0] winusb.exe
O4 - HKLM\..\RunServices: [WinSecured32] ssmr.exe
O4 - HKLM\..\RunServices: [Netunit32] wunit32.exe
O4 - HKCU\..\Run: [WIN USB 2.0] winusb.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Rejestrowanie produktów Corela.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe[/code]
prosze o porade.
mam tu coś takiego jak EliteBar i nie mogę tego usunąć --> tryb awaryjny --> nie mam przywracania systemu
usuwam te wpisy
[code]O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
ale po restarcie są one spowrotem 
prosze o help
W trybie awaryjnym:
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
Znasz taki program/proces ?
kalvewt32.exe Nie/Kasacja
I daj jeszcze raz log hijackthis - wygląda na dziwny !
Logfile of HijackThis v1.99.0
Scan saved at 12:04:48, on 2004-12-26
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Corel\Graphics9\Register\Remind32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\s e T u p\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.dobreprogramy.pl/index.php?sid=96523185e8455d36830a35f7ecfd6b46
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [WIN USB 2.0] winusb.exe
O4 - HKLM\..\RunServices: [WinSecured32] ssmr.exe
O4 - HKLM\..\RunServices: [Netunit32] wunit32.exe
O4 - HKCU\..\Run: [WIN USB 2.0] winusb.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Rejestrowanie produktów Corela.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
usunełem i teraz wygląda OK. dzięki
jeśli ktoś tu jeszcze coś widzi to prosze o rade 
Jeszcze to zostalo
O4 - HKLM\..\RunServices: [WIN USB 2.0] winusb.exe
O4 - HKLM\..\RunServices: [WinSecured32] ssmr.exe
O4 - HKLM\..\RunServices: [Netunit32] wunit32.exe
O4 - HKCU\..\Run: [WIN USB 2.0] winusb.exeMój świeży log:
Logfile of HijackThis v1.99.0
Scan saved at 16:05:25, on 2004-12-26
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\mysql\bin\winmysqladmin.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\mysql\bin\mysqld-nt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\DOCUME~1\Raq\USTAWI~1\Temp\Rar$EX00.055\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown - c:/mysql/bin/mysqld-nt.exeUsuń:
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Z msconfig wyłącz:
NeroCheck
ZAINSTALUJ SP2
Nie chce mi się 
A będzie SP1 ??
Proszę o sprawdzenie
Logfile of HijackThis v1.99.0
Scan saved at 19:26:38, on 2004-12-26
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVirenKit professional\AVKService.exe
C:\Program Files\AntiVirenKit professional\AVKWCtl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\AntiVirenKit professional\AVKPOP.EXE
C:\PROGRA~1\WANADOO\TaskbarIcon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
D:\Programy\Programiki\wirusy-narzędzia\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [AVK Mail Checker] “C:\Program Files\AntiVirenKit professional\AVKPOP.EXE”
O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM…\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM…\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM…\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip…{39585FD2-5951-40C3-AD26-CA15588A6F7F}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: AVK Service - Unknown - C:\Program Files\AntiVirenKit professional\AVKService.exe
O23 - Service: Strażnik AVK - Unknown - C:\Program Files\AntiVirenKit professional\AVKWCtl.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
siembiges
wg mnie czysty
Dzięki 
Prosze sprawdzić mojego loga. Mam problemy z pamięcią ram. Pojawiają sie komunikaty typu-“zbyt mało pamięcia” ramu mam 384 Mb. Skanowałem Symantekiem i nic - może tu gdzies tkwi problem.
Loga zrobiłe w trybie normalnym nie awaryjnym. Mam nadziej że dobrze.
Logfile of HijackThis v1.98.0
Scan saved at 10:12:49, on 2004-12-27
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\PLANET\WL-8303\RTLWAKE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\MOJE DOKUMENTY\2004\HIJACKTHIS1980.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEINT.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM…\Run: [systemTray] SysTray.Exe
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM…\Run: [siS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM…\Run: [internat.exe] internat.exe
O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe
O4 - HKLM…\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM…\RunServices: [ccEvtMgr] “C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”
O4 - HKLM…\RunServices: [ccSetMgr] “C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”
O4 - HKLM…\RunServices: [iSSVC] “C:\Program Files\Norton Internet Security\ISSVC.exe”
O4 - HKLM…\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O4 - HKLM…\RunServices: [scriptBlocking] “C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe” -reg
O4 - Startup: PLANET WL-8303.lnk = C:\Program Files\PLANET\WL-8303\RtlWake.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAM FILES\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: Notowania ONET - http://notowania.bph.pl/arkusz/notowania.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://kamera.wszib.edu.pl/activex/AxisCamControl.ocx
O16 - DPF: {AFD8ED36-EA54-11D6-AC3F-00105ADCF632} (Ntw4 Control) - https://www.brebrokers.pl/res/ntw4.cab
O16 - DPF: {43A848AB-928D-43A0-8B8A-81D953E9F3EE} (XMLFileSaver Class) - https://www.brebrokers.pl/res/EPMXMLFILESAVERCOM.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34
Log kolegi, daję do oceny specjalistom.
Logfile of HijackThis v1.99.0
Scan saved at 19:24:59, on 2004-12-27
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\msc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\System32\mslima.exe
C:\WINDOWS\mejwc.exe
C:\WINDOWS\System32\winmplayd.exe
C:\asgag.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\ISTsvc\istsvc.exe
E:\Programy\Opera\opera.exe
c:\windows\msbb.exe
C:\WINDOWS\System32\mshelp32.exe
c:\fadjad.exe
c:\gasjad.exe
c:\rtadjd.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Szymek\USTAWI~1\Temp\Rar$EX00.141\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://interia.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.tlen.pl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\Programy\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSN service] mslima.exe
O4 - HKLM\..\Run: [NvCplScan] msc32.exe
O4 - HKLM\..\Run: [2ABa32L] C:\WINDOWS\mejwc.exe
O4 - HKLM\..\Run: [glid] C:\WINDOWS\glid.exe
O4 - HKLM\..\Run: [Microsofts media] winmplayd.exe
O4 - HKLM\..\Run: [msnmsg] C:\asgag.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe
O4 - HKLM\..\RunServices: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\RunServices: [MSN service] mslima.exe
O4 - HKLM\..\RunServices: [NvCplScan] msc32.exe
O4 - HKLM\..\RunServices: [Microsofts media] winmplayd.exe
O4 - HKLM\..\RunOnce: [NvCplScan] msc32.exe
O4 - HKCU\..\Run: [WITaj!] rem -- Anulowane uruchamianie programu WITaj! 2000
O4 - HKCU\..\Run: [Microsoft Help System] mshelp32.exe
O4 - HKCU\..\Run: [NvCplScan] msc32.exe
O4 - HKCU\..\RunServices: [Microsoft Help System] mshelp32.exe
O4 - HKCU\..\RunOnce: [NvCplScan] msc32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:\Programy\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:\Programy\FlashGet\jc_all.htm
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c18.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E0F9703-EF87-4E0B-86B7-3CECF27BB39C}: NameServer = 62.29.128.51 62.29.255.71
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E0F9703-EF87-4E0B-86B7-3CECF27BB39C}: NameServer = 62.29.128.51 62.29.255.71
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Filter: text/html - {98CF8B50-67E6-4964-AC48-8732BCDA77A2} - C:\Documents and Settings\Szymek\Ustawienia lokalne\Dane aplikacji\microsoft\internet explorer\V0.26.dat
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Podejrzane wg mnie jest
c:\windows\msbb.exe
C:\WINDOWS\System32\mshelp32.exe
c:\fadjad.exe
c:\gasjad.exe
c:\rtadjd.exe
J