Ngpw36


(Andrzej Giszczak) #1

Co to za proces ngpw36 ?? nie da się go usunąć...i cały czas włącza si.e IE z jakimś oknem :[

Logfile of HijackThis v1.99.1

Scan saved at 17:06:42, on 2005-04-23

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

F:\Programy\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\soundman.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

F:\Programy\deamon\daemon.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

C:\windows\system32\adprot.exe

F:\ProgramyAVPersonal\AVGNT.EXE

C:\WINDOWS\System32\ctfmon.exe

F:\Programy\Internet Download Manager\IDMan.exe

F:\Programy\Tlen.pl\tlen.exe

C:\windows\system32\adprot.exe

F:\Programy\BitComet\BitComet.exe

F:\ProgramyAVPersonal\AVGUARD.EXE

C:\Program Files\AntiVirenKit\AVKService.exe

C:\Program Files\AntiVirenKit\AVKWCtl.exe

F:\ProgramyAVPersonal\AVWUPSRV.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\usr\MYSQL\bin\mysqld.exe

C:\WINDOWS\System32\nvsvc32.exe

F:\PROGRAMY\MOZILLA\FIREFOX.EXE

C:\WINDOWS\System32\ngpw36.exe

C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.google.pl/]http://www.google.pl/[/url]

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\Programy\Internet Download Manager\IDMIECC.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programy\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: ngsh33.clsIS - {941CA48C-3984-4E7D-AAF8-8755ED76EB50} - C:\WINDOWS\System32\ngsh33.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [SoundMan] soundman.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [SCANINICIO] "F:\Programy\Panda 7\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "F:\Programy\Panda 7\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Programy\deamon\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [BearShare] "F:\Programy\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [SmcService] F:\Programy\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [Aapp] C:\windows\system32\adprot

O4 - HKLM\..\Run: [AVGCtrl] "F:\ProgramyAVPersonal\AVGNT.EXE" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [IDMan] F:\Programy\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [Komunikator] F:\Programy\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "F:\Programy\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe

O4 - HKCU\..\Run: [ngpw36] C:\windows\system32\ngpw36.exe

O4 - HKCU\..\Run: [adprot] C:\windows\system32\adprot.exe

O4 - HKCU\..\Run: [AVKBar] "C:\Program Files\AntiVirenKit\AVKBar.exe"

O4 - HKCU\..\Run: [BitComet] "F:\Programy\BitComet\BitComet.exe"

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Download All Links with IDM - F:\Programy\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - F:\Programy\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - [url=res://F]res://F[/url]:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz z &BitSpirit - F:\Programy\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url=http://www.pandasoftware.com/activescan/as5/asinst.cab]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - F:\ProgramyAVPersonal\AVGUARD.EXE

O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirenKit\AVKService.exe

O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirenKit\AVKWCtl.exe

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - F:\ProgramyAVPersonal\AVWUPSRV.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - F:\Programy\Panda 7\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - F:\Programy\Panda 7\pavsrv51.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Programy\Sygate\SPF\smc.exe[code]

(Musg) #2

nie masz łat

zainstaluj najpierw sp2:

http://www.microsoft.com/poland/windows ... fault.mspx

nastepnie przeskanuj kompa:

http://forum.dobreprogramy.pl/viewtopic.php?t=23036

zafixuj za pomoca hijacka:

O2 - BHO: ngsh33.clsIS - {941CA48C-3984-4E7D-AAF8-8755ED76EB50} - C:\WINDOWS\System32\ngsh33.dll

O4 - HKLM..\Run: [Aapp] C:\windows\system32\adprot

O4 - HKCU..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe

O4 - HKCU..\Run: [adprot] C:\windows\system32\adprot.exe

sciagnij progam:

http://www.cexx.org/lspfix.htm

i napisz co masz po lewej stronie--wazne -tylko nic nie usuwaj

zrob to co napisalem powyzej i daj raz jeszcze log

pamietaj o wylaczeniu przywracania systemu i o trybie awaryjnym f8-podczas usuwania


(Andrzej Giszczak) #3

musg..jestem raczej początkujący :oops: wolałbym powoli i dokładnie


(Adarek) #4

Użyj programów:

PestPatrol

CWShredder

Ad-aware

Spybot Search & Destroy

Microsoft® Windows AntiSpyware

Opis używania

AntiSpyware