Prosze o sprawdzenie loga - TXS

OKITOKI · 8 Marzec 2005 09:22

teraz dopiero widze dlaczego te komputery tak zle chodza - dzieki HiJackThis

Suuuper narzedzie - tylko minie troche czasu - by sie go nauczyc ;(

tym razem prosze Was o sprawdzenie loga kompa mojej zony - z gory dzieki

Logfile of HijackThis v1.99.1

Scan saved at 10:04:13, on 05-03-08

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\WINDOWS\SYSTEM\USBMONIT.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTATKEEP.EXE

C:\WINDOWS\SYSTEM\CTFMON.EXE

C:\WINDOWS\PULPIT\ZEGARYNKA.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE

C:\PROGRAM FILES\ANALOGX\MAXMEM\MAXMEM.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE

C:\WINDOWS\SYSTEM\EPRZYPOMINACZ.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

E:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)

O3 - Toolbar: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL

O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM…\Run: [systemTray] SysTray.Exe

O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime

O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

O4 - HKLM…\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

O4 - HKLM…\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

O4 - HKLM…\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe

O4 - HKLM…\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE

O4 - HKLM…\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

O4 - HKLM…\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKCU…\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU…\Run: [Zegarynka] C:\WINDOWS\PULPIT\ZEGARYNKA.EXE

O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray

O4 - HKCU…\Run: [skype] “C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE” /nosplash /minimized

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe

O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: Pasek skrótów Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

O4 - Startup: Przypominacz.lnk = C:\WINDOWS\SYSTEM\eprzypominacz.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h … xdm395YYPL

O8 - Extra context menu item: Namo FlashCatcher - C:\PROGRAM FILES\COMMON FILES\SOURCETEC\SWF CATCHER\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra button: Namo FlashCatcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\PROGRAM FILES\COMMON FILES\SOURCETEC\SWF CATCHER\InternetExplorer.htm

O9 - Extra ‘Tools’ menuitem: Namo FlashCatcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\PROGRAM FILES\COMMON FILES\SOURCETEC\SWF CATCHER\InternetExplorer.htm

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu … .0.8-2.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games4.cab

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.advnt01.com/dialer/russia.CAB

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/ … taller.exe

O16 - DPF: {8135EF31-FE8C-4C6E-A18A-F59944C3A488} (Spocx Class) - http://ddddl.dudu.com/ddd/channel/spockx-channel.cab

O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/L … e_9_EN.cab

O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/E … S_1055.cab

O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/I … v32_EN.cab

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.com/media/fbd793/game … uncher.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll

O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://www.celebritaspoglie.net/all.exe

O16 - DPF: {8F2E4DC6-E858-4EF0-B596-7CD82AA94B0A} (M2AxCtl Class) - http://www.magentammt.com/demos/flowershop/m2axsvr.dll

O16 - DPF: {CAFECAFE-0013-0001-0006-ABCDEFABCDEF} (JInitiator 1.3.1.6) -

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

w startupie tez sa chyba jakies glupoty:

StartupList report, 05-03-08, 10:06:01

StartupList version: 1.52.2

Started from : E:\HIJACKTHIS\HIJACKTHIS.EXE

Detected: Windows 98 SE (Win9x 4.10.2222A)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\WINDOWS\SYSTEM\USBMONIT.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE

C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTATKEEP.EXE

C:\WINDOWS\SYSTEM\CTFMON.EXE

C:\WINDOWS\PULPIT\ZEGARYNKA.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE

C:\PROGRAM FILES\ANALOGX\MAXMEM\MAXMEM.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE

C:\WINDOWS\SYSTEM\EPRZYPOMINACZ.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

E:\HIJACKTHIS\HIJACKTHIS.EXE

Listing of startup folders:

Shell folders Startup:

[C]

Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe

Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

Pasek skrótów Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

Przypominacz.lnk = C:\WINDOWS\SYSTEM\eprzypominacz.exe

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

TaskMonitor = C:\WINDOWS\taskmon.exe

SystemTray = SysTray.Exe

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

Zasobnik systemowy = SysTray.Exe

QuickTime Task = “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime

AVG7_CC = C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP

AVG7_EMC = C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

AVG7_AMSVR = C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

Gene USB Monitor = C:\WINDOWS\SYSTEM\USBMonit.exe

Windows AdStatus = C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE

Zone Labs Client = “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

TrueVector = C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = ctfmon.exe

Zegarynka = C:\WINDOWS\PULPIT\ZEGARYNKA.EXE

Gadu-Gadu = “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray

Skype = “C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE” /nosplash /minimized

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

C:\WINDOWS\WININIT.BAK listing:

(Created 8/3/2005, 8:46:28)

[rename]

C:\PROGRA~1\GRISOFT\AVGFRE~1\MICROAVI.AVG=C:\WINDOWS\ALLUSE~1\DANEAP~1\GRISOFT\AVG7DATA\AVG7UPD\INSTALL.1\MICROAVI.AVG

C:\PROGRA~1\GRISOFT\AVGFRE~1\MINIAVI.AVG=C:\WINDOWS\ALLUSE~1\DANEAP~1\GRISOFT\AVG7DATA\AVG7UPD\INSTALL.1\MINIAVI.AVG

C:\PROGRA~1\GRISOFT\AVGFRE~1\UPD_VERS.CFG=C:\WINDOWS\ALLUSE~1\DANEAP~1\GRISOFT\AVG7DATA\AVG7UPD\INSTALL.1\UPD_VERS.CFG

NUL=C:\PROGRA~1\GRISOFT\AVGFRE~1\WAIT4SD

NUL=C:\WINDOWS\ALLUSE~1\DANEAP~1\GRISOFT\AVG7DATA\AVG7UPD\INSTALL.1\U-FWD.IDX

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL - {02478D38-C3F9-4efb-9B51-7695ECA05670}

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

mwsBar BHO - (no file) - {07B18EA1-A523-4961-B6BB-170DE4475CCA}

MyWebSearch Search Assistant BHO - (no file) - {00A6FAF1-072E-44cf-8957-5838F569A31D}

(no name) - (no file) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8}

Enumerating Task Scheduler jobs:

Rozpoczęcie aplikacji dostrajania.job

Symantec NetDetect.job

Enumerating Download Program Files:

[update Class]

InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL

CODEBASE = http://v4.windowsupdate.microsoft.com/C … 6054282407

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX

CODEBASE = http://download.macromedia.com/pub/shoc … wflash.cab

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL

CODEBASE = http://download.macromedia.com/pub/shoc … tor/sw.cab

[{D27CDB6E-0000-0000-0000-000000000000}]

CODEBASE = http://download.macromedia.com/pub/shoc … wflash.cab

[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]

CODEBASE = http://ak.imgfarm.com/images/nocache/fu … .0.8-2.cab

[{91433D86-9F27-402C-B5E3-DEBDD122C339}]

CODEBASE = http://www.netvenda.com/sites/games-intl/pl/games4.cab

[VacPro.russia_ver3]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUSSIA.OCX

CODEBASE = http://www.advnt01.com/dialer/russia.CAB

[CamImage Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AXISCAMCONTROL.OCX

CODEBASE = http://activex.webcam.nl/AxisCamControl.cab

[Virtools WebPlayer Class]

InProcServer32 = C:\PROGRAM FILES\VIRTOOLS WEB PLAYER 2.5\WEBPLAYER.OCX

CODEBASE = http://a532.g.akamai.net/f/532/6712/4h/ … taller.exe

[spocx Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\DDDSPOCX.DLL

CODEBASE = http://ddddl.dudu.com/ddd/channel/spockx-channel.cab

[{DDF44FD9-749F-4761-89BB-E8A59339E459}]

InProcServer32 = C:\WINDOWS\SYSTEM\LIVESERVICE_9.DLL

CODEBASE = http://akamai.downloadv3.com/binaries/L … e_9_EN.cab

[{E3943A24-2F83-4505-9AE5-F705E81B50CB}]

InProcServer32 = C:\WINDOWS\SYSTEM\EGDACCESS_1055.DLL

CODEBASE = http://akamai.downloadv3.com/binaries/E … S_1055.cab

[{F72BC3F0-6C20-4793-9DDA-258589D8A907}]

InProcServer32 = C:\WINDOWS\SYSTEM\NETSLV32.DLL

CODEBASE = http://akamai.downloadv3.com/binaries/I … v32_EN.cab

[sproutLauncherCtrl Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SPROUTWEBLAUNCHER.DLL

CODEBASE = http://media.grab.com/media/fbd793/game … uncher.cab

[CR64Loader Object]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MINICLIPGAMELOADER.DLL

CODEBASE = http://www.miniclip.com/platypus/miniclipGameLoader.dll

[{DB893839-10F0-4AF9-92FA-B23528F530AF}]

CODEBASE = http://www.celebritaspoglie.net/all.exe

[M2AxCtl Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\M2AXSVR.DLL

CODEBASE = http://www.magentammt.com/demos/flowershop/m2axsvr.dll

[JInitiator 1.3.1.6]

InProcServer32 = C:\Program Files\Oracle\JInitiator 1.3.1.6\bin\npjinit1316.dll

[EARTPatchX Class]

InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\EARTPX.DLL

CODEBASE = http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

OKITOKI · 8 Marzec 2005 09:25

ps.

podziwiam moderatorow - za cierpliwosc do wszystkich “nowych”

DUUZE dzieki dla Was - robicie kawal DOOOBREJ ROBOTY

boczi · 8 Marzec 2005 09:32

Co do loga Hijackthis:

Usuwasz w trybie awaryjnym [F8 po załadowaniu informacji o procesorze, karcie graficznej:]

C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTATKEEP.EXE

   	R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)

   	R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

   	O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)

   	O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)

   	O3 - Toolbar: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - (no file)

   	O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe

   	O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

   	O4 - HKLM\..\Run: [Windows AdStatus] C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTAT.EXE

   	O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

 	O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

   	O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

   	O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm395YYP

   	O8 - Extra context menu item: Namo FlashCatcher - C:\PROGRAM FILES\COMMON FILES\SOURCETEC\SWF CATCHER\InternetExplorer.htm

   	O9 - Extra button: Namo FlashCatcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\PROGRAM FILES\COMMON FILES\SOURCETEC\SWF CATCHER\InternetExplorer.htm

   	O9 - Extra 'Tools' menuitem: Namo FlashCatcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\PROGRAM FILES\COMMON FILES\SOURCETEC\SWF CATCHER\InternetExplorer.htm

   	O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitial Setup1.0.0.8-2.cab

   	O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games4.cab

   	O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.advnt01.com/dialer/russia.CAB

   	O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Inst all2.5/Installer.exe

O16 - DPF: {8135EF31-FE8C-4C6E-A18A-F59944C3A488} (Spocx Class) - http://ddddl.dudu.com/ddd/channel/spockx-channel.cab

   	O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN.cab

O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1055.cab

   	O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab

   	O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://media.grab.com/media/fbd793/games/files/209/SproutLauncher.cab

   	O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll

   	O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://www.celebritaspoglie.net/all.exe

   	O16 - DPF: {8F2E4DC6-E858-4EF0-B596-7CD82AA94B0A} (M2AxCtl Class) - http://www.magentammt.com/demos/flowershop/m2axsvr.dll

O16 - DPF: {CAFECAFE-0013-0001-0006-ABCDEFABCDEF} (JInitiator 1.3.1.6) -

stachan · 8 Marzec 2005 09:37

:roll: wg mnie do usunięcia:

C:\PROGRAM FILES\WINDOWS ADSTATUS\WINSTATKEEP.EXE

R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h … xdm395YYPL

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu … FWBInitial Setup1.0.0.8-2.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games4.cab

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.advnt01.com/dialer/russia.CAB

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/ … layer/Inst all2.5/Installer.exe

O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/L … e_9_EN.cab

O16 - DPF: {E3943A24-2F83-4505-9AE5-F705E81B50CB} - http://akamai.downloadv3.com/binaries/E … S_1055.cab

O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/I … v32_EN.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll

następnie zajrzyj tutaj:

http://forum.dobreprogramy.pl/viewtopic.php?t=8175

wykonaj wszystkie skany i zapodaj nowy log.

OKITOKI · 8 Marzec 2005 11:12

no oki - pierwsze koty za ploty; juz troche lepiej dziala

oto aktualny log, polookajcie i jak jeszcze co to podpowiedzcie - txs

Logfile of HijackThis v1.99.1

Scan saved at 12:03:01, on 05-03-08