Potrzebuje pomocy! Potrzebuje sprawdzenia logfile

Dla specjalistów Bezpieczeństwo
#1

Prosze sprawdzcie mój log. Oto i on:

Logfile of HijackThis v1.99.1

Scan saved at 10:17:44, on 2005-02-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\WINDOWS\ALCMTR.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ANTIVIRUS.EXE

C:\WINDOWS\System\Rundll~.exe

C:\WINDOWS\system32\IEXPLORE.EXE

C:\Program Files\Eset\nod32kui.exe

C:\program files\konektortp\konektortp.exe

C:\Program Files\DeskAd Service\DeskAdServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\IEXPLORE.EXE

C:\Program Files\DeskAd Service\DeskAdKeep.exe

C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

C:\WINDOWS\regedit.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\DAP\DAP.EXE

C:\Documents and Settings\x\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll

O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll

O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [hpfsched] C:\WINDOWS\hpfsched.exe

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [antivirus32] ANTIVIRUS.EXE

O4 - HKLM…\Run: [Rundll] C:\WINDOWS\System\Rundll~.exe /out

O4 - HKLM…\Run: [Microsoft Synchronization Manager] IEXPLORE.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

O4 - HKLM…\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM…\Run: [KonektorTP] “c:\program files\konektortp\konektortp.exe” tray

O4 - HKLM…\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe

O4 - HKLM…\RunServices: [Microsoft Synchronization Manager] IEXPLORE.EXE

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Microsoft Synchronization Manager] IEXPLORE.EXE

O4 - HKCU…\RunOnce: [antivirus32] ANTIVIRUS.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAID Manager.lnk = ?

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Downl … e-c283.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

Z góry thx

#2

tylko teraz uwazaj co robisz na kompie. :slight_smile:

Miales farta bo czasami…

#3

Możesz wyłączyć CTFMON.EXE: Panel sterowania => Opcje regionalne=> Języki => Szczegóły => Zaawansowane => zaznaczasz wyłącz zaawansowane usługi tekstowe

Start=>Uruchom=>Wpisz polecenie msconfig=>Zakładka Uruchamianie i odchacz:

NeroCheck

Jeżeli nie używasz Windows Messenger to go usuń:

Start=>Uruchom=>Wpisz polecenie

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

lub programem Xp-AntiSpy PL

#4

Trojan CWS

EliteBar:

Trojany:

WORM_SPYBOT.LL

Activex

1.Wyłącz przywracanie systemu

2.Usuwaj w trybie awaryjnym

3.Ponowny log

#5

Teraz to wygląda tak:

Logfile of HijackThis v1.99.1

Scan saved at 08:52:35, on 2005-02-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ANTIVIRUS.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

E:\STARY\d\Programy\Instalki\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [antivirus32] ANTIVIRUS.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

O4 - HKLM…\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM…\RunServices: [Microsoft Synchronization Manager] IEXPLORE.EXE

O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\RunOnce: [antivirus32] ANTIVIRUS.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAID Manager.lnk = ?

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

Jest już dobrze czy jeszcze mam coś zmienić?

#6

Wywal:

#7

A teraz jest już wszystko dobrze??

Logfile of HijackThis v1.99.1

Scan saved at 17:22:11, on 2005-02-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ANTIVIRUS.EXE

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Internet Explorer\iexplore.exe

E:\STARY\d\Programy\Instalki\hijackthis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [antivirus32] ANTIVIRUS.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

O4 - HKLM…\Run: [Resume copy] copyfstq.exe /startup

O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\RunOnce: [antivirus32] ANTIVIRUS.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAID Manager.lnk = ?

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

#8

Usuń i poczytaj:

C:\WINDOWS\system32\ANTIVIRUS.EXE

   	O4 - HKLM\..\Run: [antivirus32] ANTIVIRUS.EXE

   	O4 - HKCU\..\RunOnce: [antivirus32] ANTIVIRUS.EXE

http://www.greatis.com/appdata/d/a/anti … emoval.htm

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

Znasz zostawiasz, nie - usuwasz.

#9

Możesz wyłączyć CTFMON.EXE: Panel sterowania => Opcje regionalne=> Języki => Szczegóły => Zaawansowane => zaznaczasz wyłącz zaawansowane usługi tekstowe

#10

Oby to było to:

Logfile of HijackThis v1.99.1

Scan saved at 18:21:03, on 2005-02-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

E:\STARY\d\Programy\Instalki\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

O4 - HKLM…\Run: [Resume copy] copyfstq.exe /startup

O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAID Manager.lnk = ?

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

#11

Usuń:

Wyłącz z msconfig:

#12

Czy to już jest to??

Logfile of HijackThis v1.99.1

Scan saved at 18:37:56, on 2005-02-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Speed Disk\nopdb.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kazaa Lite Rewolucja\kazaalite.kpp

C:\Program Files\Winamp\winamp.exe

E:\STARY\d\Programy\Instalki\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

O4 - HKLM…\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: RAID Manager.lnk = ?

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

#13

Tak, jest już OK.

#14

To SUPER! !!