e320cdi , devon , urządzacie sobie czat??
Nadmiarowość usunięta
Description:
mspmspsv.exe is a process which normally comes with a specific update of Windows Media player. It allows for the SDMI protocol (Secure Digital Music Initiative) to be used during dealing with music media. This is a non-essential process. Disabling or enabling this is down to user preference
Nie wiecie, nie piszecie. Topik i tak jest obszerny…
:okulary:
Strasznie wolno zaczal chodzic mi net :o (mam neo (640/160)
Oto moj log:
Logfile of HijackThis v1.99.0
Scan saved at 00:16:41, on 2005-01-05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\SmsSystem32.exe
C:\WINDOWS\System32\winscr32.exe
C:\WINDOWS\System32\winxpdriver.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\WINDOWS\System32\services32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\sandra.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
C:\Program Files\Winamp\winamp.exe
E:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [updReg] C:\WINDOWS\Updreg.exe
O4 - HKLM…\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM…\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM…\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM…\Run: [CTAvTray] C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
O4 - HKLM…\Run: [Windows Compliant] sdtqiq.exe
O4 - HKLM…\Run: [MS Office32cb Startup] OfficeGUI32cb.exe
O4 - HKLM…\Run: [Registry System16 Checkup Monitor] SystemReg16.exe
O4 - HKLM…\Run: [Microsoft Update Time] wuam.exe
O4 - HKLM…\Run: [system32.exe] services32.exe
O4 - HKLM…\Run: [Microsoft Java Virtual Machine] winscr32.exe
O4 - HKLM…\Run: [sms System32] SmsSystem32.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [Windows Driver] winxpdriver.exe
O4 - HKLM…\RunServices: [Windows Compliant] sdtqiq.exe
O4 - HKLM…\RunServices: [MS Office32cb Startup] OfficeGUI32cb.exe
O4 - HKLM…\RunServices: [Registry System16 Checkup Monitor] SystemReg16.exe
O4 - HKLM…\RunServices: [Microsoft Update Time] wuam.exe
O4 - HKLM…\RunServices: [system32.exe] services32.exe
O4 - HKLM…\RunServices: [sms System32] SmsSystem32.exe
O4 - HKLM…\RunServices: [Microsoft Java Virtual Machine] winscr32.exe
O4 - HKLM…\RunServices: [Windows Driver] winxpdriver.exe
O4 - HKLM…\RunOnce: [sms System32] SmsSystem32.exe
O4 - HKLM…\RunOnce: [Microsoft Java Virtual Machine] winscr32.exe
O4 - HKLM…\RunOnce: [Windows Driver] winxpdriver.exe
O4 - HKLM…\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [MS Office32cb Startup] OfficeGUI32cb.exe
O4 - HKCU…\Run: [Microsoft Update Time] wuam.exe
O4 - HKCU…\Run: [Registry System16 Checkup Monitor] SystemReg16.exe
O4 - HKCU…\Run: [Windows Compliant] sdtqiq.exe
O4 - HKCU…\Run: [sms System32] SmsSystem32.exe
O4 - HKCU…\Run: [Microsoft Java Virtual Machine] winscr32.exe
O4 - HKCU…\Run: [Windows Driver] winxpdriver.exe
O4 - HKCU…\RunOnce: [sms System32] SmsSystem32.exe
O4 - HKCU…\RunOnce: [Microsoft Java Virtual Machine] winscr32.exe
O4 - HKCU…\RunOnce: [Windows Driver] winxpdriver.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip…{753A4B49-EDFD-4FB1-BEB8-BB558FC2ACF1}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: hpdj - Unknown - C:\DOCUME~1\maly\USTAWI~1\Temp\hpdj.exe (file missing)
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
Da sie cos wymyslec ??
Wylaczasz przywracanie systemu, ubijasz ponizsze procesy w menedzerze zadan (dostep poprzez trzech kroli: ctrl+alt+del). Nastepnie przy pomocy systemowej wyszukiwarki wyszukujesz je (z zaznaczeniem aby system pokazywal pliki ukryte) i wywalasz z dysku:
C:\WINDOWS\System32\SmsSystem32.exe
C:\WINDOWS\System32\winscr32.exe
C:\WINDOWS\System32\winxpdriver.exe
C:\WINDOWS\System32\services32.exe
O4 - HKLM\..\Run: [Windows Compliant] sdtqiq.exe
O4 - HKLM\..\Run: [MS Office32cb Startup] OfficeGUI32cb.exe
O4 - HKLM\..\Run: [Registry System16 Checkup Monitor] SystemReg16.exe
O4 - HKLM\..\Run: [Microsoft Update Time] wuam.exe
O4 - HKLM\..\Run: [system32.exe] services32.exe
O4 - HKLM\..\Run: [Microsoft Java Virtual Machine] winscr32.exe
O4 - HKLM\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\Run: [Windows Driver] winxpdriver.exe
O4 - HKLM\..\RunServices: [Windows Compliant] sdtqiq.exe
O4 - HKLM\..\RunServices: [MS Office32cb Startup] OfficeGUI32cb.exe
O4 - HKLM\..\RunServices: [Registry System16 Checkup Monitor] SystemReg16.exe
O4 - HKLM\..\RunServices: [Microsoft Update Time] wuam.exe
O4 - HKLM\..\RunServices: [system32.exe] services32.exe
O4 - HKLM\..\RunServices: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\RunServices: [Microsoft Java Virtual Machine] winscr32.exe
O4 - HKLM\..\RunServices: [Windows Driver] winxpdriver.exe
O4 - HKLM\..\RunOnce: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\RunOnce: [Microsoft Java Virtual Machine] winscr32.exe
O4 - HKLM\..\RunOnce: [Windows Driver] winxpdriver.exe
O4 - HKCU\..\Run: [MS Office32cb Startup] OfficeGUI32cb.exe
O4 - HKCU\..\Run: [Microsoft Update Time] wuam.exe
O4 - HKCU\..\Run: [Registry System16 Checkup Monitor] SystemReg16.exe
O4 - HKCU\..\Run: [Windows Compliant] sdtqiq.exe
O4 - HKCU\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\Run: [Microsoft Java Virtual Machine] winscr32.exe
O4 - HKCU\..\Run: [Windows Driver] winxpdriver.exe
O4 - HKCU\..\RunOnce: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\RunOnce: [Microsoft Java Virtual Machine] winscr32.exe
O4 - HKCU\..\RunOnce: [Windows Driver] winxpdriver.exe
O23 - Service: hpdj - Unknown - C:\DOCUME~1\maly\USTAWI~1\Temp\hpdj.exe (file missing)
Aktualizujesz posiadanego antywirusa o najnowsze bazy i robisz gruntowny skan (mozesz tez uzyc skanerow online). I po uporzadkowaniu instalujesz ktoregos z service packow.
O to moje logi mam prosbe jak ktos moze to pomocy juz komp mi prawie nie chodzi tylko prosil bym bardzo o to zeby ktos napisal mi to lopatologicznie bo za bardzo pojetny to ja nir jestem Prosze o pomoc
Z goty dziekuje
Logfile of HijackThis v1.99.0
Scan saved at 03:23:10, on 05-01-05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVW32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HIJACKTHIS\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {06595203-CBDE-F96D-5EB1-DA1921F43FFF} - keybdll.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTWARE\QUICKF~1\PLUGINS\IEHELP.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\SYSTEM\SPM1316.DLL
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765721316} - C:\WINDOWS\SYSTEM\WER1316.DLL
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-716D61788264} - C:\WINDOWS\SYSTEM\MAX8264.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\SYSTEM\IECUST.DLL
O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM…\Run: [internat.exe] internat.exe
O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [scands32.exe] C:\WINDOWS\SYSTEM\SCANDS32.EXE
O4 - HKLM…\Run: [killall] borlandg.exe
O4 - HKLM…\Run: [vxdman] FLKPT.exe
O4 - HKLM…\Run: [system Restore] svcnet.exe
O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM…\RunServices: [schedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM…\RunServices: [symTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe “Norton SystemWorks”
O4 - HKLM…\RunServices: [scriptBlocking] “C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe” -reg
O4 - HKLM…\RunServices: [ccEvtMgr] “C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”
O4 - HKLM…\RunServices: [ccSetMgr] “C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”
O4 - HKCU…\Run: [WareOut] “C:\Program Files\WareOut\WareOut.exe”
O4 - HKCU…\Run: [wormexe] sysconf16.exe
O4 - HKCU…\Run: [MON76234] systemdll.exe
O4 - HKCU…\Run: [Kargo] WTFCTF.exe
O4 - HKCU…\Run: [system Restore] svcnet.exe
O4 - HKCU…\Run: [spyware Doctor] “C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE” /Q
O4 - Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {F96D229F-129A-43B5-9B51-B7820E1BF2D3} (GameControl2 Control) - http://www.miastoplusa.pl/applets/GameControl104.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 - DPF: {A1FE3DE0-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Demon) - http://67.15.101.3/g_bin/pl/demon_2_0_0_18.cab
O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://67.15.101.3/g_bin/pl/breakout_2_0_0_15.cab
O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_33.cab
O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - http://67.15.101.3/g_bin/pl/makao_2_0_0_15.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_20.cab
O16 - DPF: {9EAC0102-5E61-2312-BC2D-000000000000} - http://www.awmdabest.com/cabl/195/tubby.cab
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht! http://www.foxik.com/6/files.chm::/file.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.182.113.107/activex/AxisCamControl.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 62.233.190.1,62.233.189.10,217.98.20.34
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\SYSTEM\TEXTWAREILLUMINATORBASEPROTOCOL.DLL
Prosze o sprawdzenie mojego loga
Logfile of HijackThis v1.99.0
Scan saved at 14:03:54, on 2005-01-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MindSoft\MindSoft FreeRAM\freeram.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\WF2K.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\The All-Seeing Eye\eye.exe
C:\Program Files\Wolfenstein - Enemy Territory\ET.exe
C:\DOCUME~1\Piotr\USTAWI~1\Temp\Rar$EX00.000\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.your-search.info/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MindSoft FreeRAM] C:\Program Files\MindSoft\MindSoft FreeRAM\freeram.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Steam] D:\Program Files\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Skype] "D:\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Piotr\Ustawienia lokalne\Temp\{1A3E4FDE-2CFB-4BE5-9436-EFC3F885377E}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: komentator - http://sport.onet.pl/komentator.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F38A937D-5C59-45A1-B30D-5B175C06FCDF}: NameServer = 10.0.0.1
O19 - User stylesheet: C:\WINDOWS\sstyle.css (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeFix checked ponizszych pozycji
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.your-search.info/search.html
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O19 - User stylesheet: C:\WINDOWS\sstyle.css (file missing)O to moje logi mam prosbe jak ktos moze to pomocy juz komp mi prawie nie chodzi tylko prosil bym bardzo o to zeby ktos napisal mi to lopatologicznie bo za bardzo pojetny to ja nir jestem Prosze o pomoc
Z goty dziekuje Blagam
Logfile of HijackThis v1.99.0
Scan saved at 03:23:10, on 05-01-05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVW32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HIJACKTHIS\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {06595203-CBDE-F96D-5EB1-DA1921F43FFF} - keybdll.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTWARE\QUICKF~1\PLUGINS\IEHELP.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\SYSTEM\SPM1316.DLL
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765721316} - C:\WINDOWS\SYSTEM\WER1316.DLL
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-716D61788264} - C:\WINDOWS\SYSTEM\MAX8264.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\SYSTEM\IECUST.DLL
O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM…\Run: [internat.exe] internat.exe
O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [scands32.exe] C:\WINDOWS\SYSTEM\SCANDS32.EXE
O4 - HKLM…\Run: [killall] borlandg.exe
O4 - HKLM…\Run: [vxdman] FLKPT.exe
O4 - HKLM…\Run: [system Restore] svcnet.exe
O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM…\RunServices: [schedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM…\RunServices: [symTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe “Norton SystemWorks”
O4 - HKLM…\RunServices: [scriptBlocking] “C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe” -reg
O4 - HKLM…\RunServices: [ccEvtMgr] “C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”
O4 - HKLM…\RunServices: [ccSetMgr] “C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”
O4 - HKCU…\Run: [WareOut] “C:\Program Files\WareOut\WareOut.exe”
O4 - HKCU…\Run: [wormexe] sysconf16.exe
O4 - HKCU…\Run: [MON76234] systemdll.exe
O4 - HKCU…\Run: [Kargo] WTFCTF.exe
O4 - HKCU…\Run: [system Restore] svcnet.exe
O4 - HKCU…\Run: [spyware Doctor] “C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE” /Q
O4 - Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {F96D229F-129A-43B5-9B51-B7820E1BF2D3} (GameControl2 Control) - http://www.miastoplusa.pl/applets/GameControl104.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 - DPF: {A1FE3DE0-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Demon) - http://67.15.101.3/g_bin/pl/demon_2_0_0_18.cab
O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://67.15.101.3/g_bin/pl/breakout_2_0_0_15.cab
O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_33.cab
O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - http://67.15.101.3/g_bin/pl/makao_2_0_0_15.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_20.cab
O16 - DPF: {9EAC0102-5E61-2312-BC2D-000000000000} - http://www.awmdabest.com/cabl/195/tubby.cab
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht! http://www.foxik.com/6/files.chm::/file.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.182.113.107/activex/AxisCamControl.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 62.233.190.1,62.233.189.10,217.98.20.34
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\SYSTEM\TEXTWAREILLUMINATORBASEPROTOCOL.DLL
Tryb Awaryjny:
Narazie … :twisted:
Później: Robisz wszystkie skany programami:
ware Se Personal
Konfiguracji PestPatrol’a
Skanujesz jeszcze:
…::GeCAD (RAV)::…
http://www.ravantivirus.com/scan/
…::F-Secure::…
http://support.f-secure.com/enu/home/ols.shtml
…::X-Scan::…
http://www.spywareinfo.com/xscan.php
I dajesz jeszcze raz log Hijackthis !
no lae w awaryjnym to mam w tym hijack kasowac to co napisales?
to sa moje logi co mam zrobic bo juz rady nie daje mnapiszcie mi co i jak krok po kroku robic Blagam
Logfile of HijackThis v1.99.0
Scan saved at 18:48:51, on 05-01-05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SCANDS32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\HIJACKTHIS\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = =%3D
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {06595203-CBDE-F96D-5EB1-DA1921F43FFF} - keybdll.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTWARE\QUICKF~1\PLUGINS\IEHELP.DLL
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\SYSTEM\SPM1316.DLL
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765721316} - C:\WINDOWS\SYSTEM\WER1316.DLL
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-716D61788264} - C:\WINDOWS\SYSTEM\MAX8264.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\SYSTEM\IECUST.DLL
O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM…\Run: [internat.exe] internat.exe
O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM…\Run: [scands32.exe] C:\WINDOWS\SYSTEM\SCANDS32.EXE
O4 - HKLM…\Run: [killall] borlandg.exe
O4 - HKLM…\Run: [vxdman] FLKPT.exe
O4 - HKLM…\Run: [system Restore] svcnet.exe
O4 - HKLM…\Run: [AWMON] “C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PROFESSIONAL\AD-WATCH.EXE”
O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM…\RunServices: [schedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM…\RunServices: [symTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe “Norton SystemWorks”
O4 - HKCU…\Run: [WareOut] “C:\Program Files\WareOut\WareOut.exe”
O4 - HKCU…\Run: [wormexe] sysconf16.exe
O4 - HKCU…\Run: [MON76234] systemdll.exe
O4 - HKCU…\Run: [Kargo] WTFCTF.exe
O4 - HKCU…\Run: [system Restore] svcnet.exe
O4 - HKCU…\Run: [spyware Doctor] “C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE” /Q
O4 - Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {F96D229F-129A-43B5-9B51-B7820E1BF2D3} (GameControl2 Control) - http://www.miastoplusa.pl/applets/GameControl104.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 - DPF: {A1FE3DE0-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Demon) - http://67.15.101.3/g_bin/pl/demon_2_0_0_18.cab
O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://67.15.101.3/g_bin/pl/breakout_2_0_0_15.cab
O16 - DPF: {9085316E-42BA-11D4-BAA3-0080C8D7ED4A} (GameDesire JungleHunter) - http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_33.cab
O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - http://67.15.101.3/g_bin/pl/makao_2_0_0_15.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_20.cab
O16 - DPF: {9EAC0102-5E61-2312-BC2D-000000000000} - http://www.awmdabest.com/cabl/195/tubby.cab
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht! http://www.foxik.com/6/files.chm::/file.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.182.113.107/activex/AxisCamControl.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 62.233.190.1,62.233.189.10,217.98.20.34
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\SYSTEM\TEXTWAREILLUMINATORBASEPROTOCOL.DLL
Wykonałeś te skanery co Ci podałem wyżej ? :twisted:
Poskanuj tymi wszystkimi programami, a dopiero potem daj log !
Sprawdźcie mi loga 
oto i on:
Logfile of HijackThis v1.99.0
Scan saved at 20:12:57, on 2005-01-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\WINDOWS\system32\GStartUp.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\cmdk32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ntcpl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
C:\PROGRA~1\MOZILLA FIREFOX\FIREFOX.EXE
C:\Documents and Settings\Mateusz\Pulpit\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\IEHelper.dll
O2 - BHO: (no name) - {4CFA635E-E936-57E5-8605-12557BD97236} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\Jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SiSSoundMan] C:\WINDOWS\System32\SoundMan.exe
O4 - HKLM\..\Run: [SiSSetCDfmt] C:\WINDOWS\System32\SetCDfmt.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Ardamax Keylogger] C:\WINDOWS\System32\cmdk32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\system32\ntcpl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Samsung Internet Keyboard.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11111111-1111-1111-1111-111111111237} - http://66.79.169.45/1/deaPL844.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=580b654524d68b23906b34a03fd33a9de69f5f922a0754ee169442
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093964168406
O16 - DPF: {91BE8DAC-957E-416C-B735-E2B63CDB915B} (MyEMessengerSetup Control) - http://www.myemessenger.com/activex/MyEMessengerSetupProject.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/ieplug.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: DefWatch - Unknown - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: StartUp Service - G DATA Software Sp. z o.o. - C:\WINDOWS\system32\GStartUp.exe
O23 - Service: Symantec AntiVirus Client - Unknown - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe (file missing)
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeNie znasz przeznaczenia i sposobu uzycia emotek - nie uzywaj.
Do kasacji:
C:\WINDOWS\system32\GStartUp.exe
C:\WINDOWS\System32\cmdk32.exe
C:\WINDOWS\system32\ntcpl.exe
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\IEHelper.dll
O2 - BHO: (no name) - {4CFA635E-E936-57E5-8605-12557BD97236} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file)
O4 - HKLM\..\Run: [Ardamax Keylogger] C:\WINDOWS\System32\cmdk32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplD] C:\WINDOWS\system32\ntcpl.exe
O4 - HKCU\..\Run: [win_upd2.exe] C:\WINDOWS\System32\WINdirect.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Samsung Internet Keyboard.lnk = ?
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {11111111-1111-1111-1111-111111111237} - http://66.79.169.45/1/deaPL844.exeWitam.
gdy przegladam strony w IE restartuje mi kompa.
W Operze moge caly dzien smigac i nic. Niestety niektore strony i komunikatory dzialaja tylko w IE.
jesli chodzi o skanery , ktore tu podajecie, to juz robilem i nic. 
moze to tylko jakis blad w IE ?
sprawdzcie prosze jeszcze raz :lol:
Logfile of HijackThis v1.97.7
Scan saved at 09:26:39, on 06.01.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\PestPatrol\PPControl.exe
C:\Programme\PestPatrol\PPMemCheck.exe
C:\Programme\PestPatrol\CookiePatrol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\TuneUp Utilities\MemOptimizer.exe
C:\PROGRA~1\GEMEIN~1\aol\ACS\AOLacsd.exe
C:\Programme\Virenschutz\AVKService.exe
C:\Programme\Virenschutz\AVKWCtl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Opera\opera.exe
D:\Programme\viren,trojan&\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [AVK Mail Checker] “C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE”
O4 - HKLM…\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM…\Run: [WinPatrol] “C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe”
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe
O4 - HKLM…\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe
O4 - HKLM…\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [TuneUp MemOptimizer] C:\Programme\TuneUp Utilities\MemOptimizer.exe autostart
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: View EXIF - C:\ViewEXIF\EXIF.htm
O9 - Extra ‘Tools’ menuitem: Sun Java Konsole (HKLM)
Log Czysty.
dzieki
to juz nie wiem :evil:
wlasnie zainstalowalem wszystkie latki do Win.
moze pomoze.
pozdrawiam
Damian 
nie czysty … :twisted: :twisted:
Bardzo wielką uwagę zwracam na kosmetykę 
Start >>> uruchom >>> msconfig >>> uruchamianie >>> odznaczasz:
dumprep 0 -k lub KernelFaultCheck
Od Spy,trojanów czy wirusów czysty :twisted:
Logfile of HijackThis v1.99.0
Scan saved at 11:40:03, on 2005-01-07
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\kxmixer.exe
C:\WINDOWS\autoclk.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\FlashGet\flashget.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Damian\USTAWI~1\Temp\Rar$EX00.579\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://patrick.kolla.de/spybotsd.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM…\Run: [Task Help] wualcts.exe
O4 - HKLM…\Run: [MSN Update] msn32.exe
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [ccRegVfy] “C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe”
O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM…\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [skrót do strony właściwości High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM…\Run: [kX Mixer] C:\WINDOWS\System32\kxmixer.exe --startup
O4 - HKLM…\Run: [autoclk] autoclk.exe
O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM…\Run: [gcasServ] “C:\Program Files\Microsoft AntiSpyware\gcasServ.exe”
O4 - HKLM…\RunServices: [Task Help] wualcts.exe
O4 - HKLM…\RunServices: [MSN Update] msn32.exe
O4 - HKLM…\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [Task Help] wualcts.exe
O4 - HKCU…\Run: [MSN Update] msn32.exe
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\DSLMON.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip…{CE5DE90E-1A19-4E3E-9ABE-C85ABB48E2B0}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip…{D8BFB800-E91A-4ACE-A3AF-798B0B019C61}: NameServer = 212.244.54.190,194.204.159.1
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Task Help - Unknown - C:\WINDOWS\System32\wualcts.exe (file missing)
Co można tu jeszcze usunąć ??
Prosze o sprawdzenie loga
Logfile of HijackThis v1.99.0
Scan saved at 13:50:53, on 2005-01-08
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\PROGRA~1\FLASHGET\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 5111046293
O17 - HKLM\System\CCS\Services\Tcpip…{4ED91221-93C1-4E15-AEDA-FCA5345D34A3}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Prosze o odpowiedz