Proszę

Dla specjalistów Bezpieczeństwo
#1

Logfile of HijackThis v1.99.1

Scan saved at 14:45:20, on 2005-05-13

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

D:\programy\Trend Micro\Internet Security\TMOAGENT.EXE

C:\WINDOWS\System32\Drivers\svchost.exe

D:\programy\Phone\Skype.exe

D:\programy\Trend Micro\Internet Security\pccguide.exe

D:\programy\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

D:\programy\Trend Micro\Internet Security\Tmntsrv.exe

D:\programy\Trend Micro\Internet Security\tmproxy.exe

D:\programy\Trend Micro\Internet Security\PccPfw.exe

D:\Program Files\FlashGet\flashget.exe

D:\programy\OPERA\opera.exe

D:\programy\hijacthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”

O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM…\Run: [TM Outbreak Agent] “D:\programy\Trend Micro\Internet Security\TMOAGENT.EXE” /run

O4 - HKLM…\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\System32\Drivers\svchost.exe

O4 - HKCU…\Run: [skype] “D:\programy\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [Eraser] D:\programy\eraser\Eraser\eraser.exe -hide

O4 - Global Startup: PCCGuide.lnk = D:\programy\Trend Micro\Internet Security\pccguide.exe

O4 - Global Startup: PCClient.lnk = D:\programy\Trend Micro\Internet Security\PCClient.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\programy\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 5885762437

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\PccPfw.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\tmproxy.exe

DZIĘKI SERDECZNE

:slight_smile: :slight_smile: :slight_smile:

#2

znajdz lokalizacje i usun recznie z sysemu

tryb awaryjny f8 i wylacz przywracanie systemu w xp

tylko znajdz prawidlową lokalizacje! !!

scan

http://forum.dobreprogramy.pl/viewtopic.php?t=23036

i daj log

#3

Nie mogę tego usunąć ręcznie

#4

tryb awaryjny f8 podczas usuwania–wejdz w niego

#5

Logfile of HijackThis v1.99.1

Scan saved at 15:34:05, on 2005-05-13

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

D:\programy\Trend Micro\Internet Security\TMOAGENT.EXE

D:\programy\Phone\Skype.exe

D:\programy\eraser\Eraser\eraser.exe

D:\programy\Trend Micro\Internet Security\pccguide.exe

D:\programy\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

D:\programy\Trend Micro\Internet Security\Tmntsrv.exe

D:\programy\Trend Micro\Internet Security\tmproxy.exe

D:\programy\Trend Micro\Internet Security\PccPfw.exe

D:\programy\OPERA\opera.exe

D:\programy\TLEN\tlen.exe

D:\programy\hijacthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”

O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM…\Run: [TM Outbreak Agent] “D:\programy\Trend Micro\Internet Security\TMOAGENT.EXE” /run

O4 - HKLM…\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\System32\Drivers\svchost.exe

O4 - HKCU…\Run: [skype] “D:\programy\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [Eraser] D:\programy\eraser\Eraser\eraser.exe -hide

O4 - Global Startup: PCCGuide.lnk = D:\programy\Trend Micro\Internet Security\pccguide.exe

O4 - Global Startup: PCClient.lnk = D:\programy\Trend Micro\Internet Security\PCClient.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\programy\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 5885762437

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\PccPfw.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\tmproxy.exe

#6

Usunąłem,wyłączyłem,w systemie go nie widzę ale Hijack dalej go znajduje! !!

#7

to zafixuj go hijackiem teraz w normalnym trybie jesli wylaczyles

#8

Dzięki serdeczne! !!

Możesz mi jeszcze napisać co to było i jak jest teraz u mnie z przywracaniem systemu.

Jeszcze raz dzięki :smiley: :smiley: :smiley:

#9

to twoja decyzja czy chcesz wlaczyc czy nie

tobie polecam teraz spowrotem wlaczyc przywracanie

robaczek internetowy–zassany zapewne przez poczte

:slight_smile:

#10

Logfile of HijackThis v1.99.1

Scan saved at 18:57:34, on 2005-05-13

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

D:\programy\Trend Micro\Internet Security\Tmntsrv.exe

D:\programy\Trend Micro\Internet Security\tmproxy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

D:\programy\Trend Micro\Internet Security\PccPfw.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

D:\programy\Trend Micro\Internet Security\TMOAGENT.EXE

C:\WINDOWS\pyolx.exe

D:\programy\Phone\Skype.exe

D:\programy\Trend Micro\Internet Security\pccguide.exe

D:\programy\Trend Micro\Internet Security\PCClient.exe

C:\Program Files\BullsEye Network\bin\bargains.exe

C:\DOCUME~1\kom\USTAWI~1\Temp\JYDeQP.exe

D:\programy\hijacthis\HijackThis.exe

C:\Program Files\ISTsvc\istsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)

O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”

O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM…\Run: [TM Outbreak Agent] “D:\programy\Trend Micro\Internet Security\TMOAGENT.EXE” /run

O4 - HKLM…\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM…\Run: [pgl52E] C:\WINDOWS\pyolx.exe

O4 - HKCU…\Run: [skype] “D:\programy\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [Eraser] D:\programy\eraser\Eraser\eraser.exe -hide

O4 - Global Startup: PCCGuide.lnk = D:\programy\Trend Micro\Internet Security\pccguide.exe

O4 - Global Startup: PCClient.lnk = D:\programy\Trend Micro\Internet Security\PCClient.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\programy\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 5885762437

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\PccPfw.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\tmproxy.exe

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

#11

Odpowiedziałem w temacie wcześniejszym :stuck_out_tongue:

#12

i narobiles balaganu

trzeba to jakos odkrecic :slight_smile:

gutek shrek wie ze odpowiedziales , a ty nie wiesz ,ze on zalozył kolejny temat :smiley:

#13

Logfile of HijackThis v1.99.1

Scan saved at 20:25:41, on 2005-05-13

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

D:\programy\Trend Micro\Internet Security\Tmntsrv.exe

D:\programy\Trend Micro\Internet Security\tmproxy.exe

D:\programy\Trend Micro\Internet Security\PccPfw.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

D:\programy\Trend Micro\Internet Security\TMOAGENT.EXE

D:\programy\Phone\Skype.exe

D:\programy\Trend Micro\Internet Security\pccguide.exe

D:\programy\Trend Micro\Internet Security\PCClient.exe

D:\programy\TLEN\tlen.exe

C:\Program Files\Internet Optimizer\optimize.exe

D:\programy\hijacthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”

O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM…\Run: [TM Outbreak Agent] “D:\programy\Trend Micro\Internet Security\TMOAGENT.EXE” /run

O4 - HKLM…\Run: [internet Optimizer] “C:\Program Files\Internet Optimizer\optimize.exe”

O4 - HKCU…\Run: [skype] “D:\programy\Phone\Skype.exe” /nosplash /minimized

O4 - Global Startup: PCCGuide.lnk = D:\programy\Trend Micro\Internet Security\pccguide.exe

O4 - Global Startup: PCClient.lnk = D:\programy\Trend Micro\Internet Security\PCClient.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\programy\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 5885762437

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\PccPfw.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\tmproxy.exe

#14

teraz zaistnial:

masz Internet Optimizer recznie usunac z dodaj usun programy

sposob usuwania znasz!

i wracaj z nowym logiem ,a dostaniesz kilka ciekawych progsow na twoj sprzet

wywal Internet Optimizer

#15

w trybie awaryjnym odinstaluj program a folder skasuj recznie :stuck_out_tongue:

EDIT: Sorki że się powtórzył topic ale jestem na kilku forach na raz i odpowiedź zajmuje mi czase 3 minutki, 4 :frowning:

#16

Logfile of HijackThis v1.99.1

Scan saved at 20:39:06, on 2005-05-13

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

D:\programy\Trend Micro\Internet Security\Tmntsrv.exe

D:\programy\Trend Micro\Internet Security\tmproxy.exe

D:\programy\Trend Micro\Internet Security\PccPfw.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

D:\programy\Trend Micro\Internet Security\TMOAGENT.EXE

D:\programy\Phone\Skype.exe

D:\programy\Trend Micro\Internet Security\pccguide.exe

D:\programy\Trend Micro\Internet Security\PCClient.exe

D:\programy\TLEN\tlen.exe

D:\programy\hijacthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”

O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM…\Run: [TM Outbreak Agent] “D:\programy\Trend Micro\Internet Security\TMOAGENT.EXE” /run

O4 - HKCU…\Run: [skype] “D:\programy\Phone\Skype.exe” /nosplash /minimized

O4 - Global Startup: PCCGuide.lnk = D:\programy\Trend Micro\Internet Security\pccguide.exe

O4 - Global Startup: PCClient.lnk = D:\programy\Trend Micro\Internet Security\PCClient.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\programy\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 5885762437

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\PccPfw.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\Tmntsrv.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - D:\programy\Trend Micro\Internet Security\tmproxy.exe

#17

wywal Flashgeta bo ma Cydoora !

#18

LOG OK jak masz FlashGet’a fula zostaw spokojnie :stuck_out_tongue:

#19

fula nie mam tylko FlashGet 1.65 to mam go wywalić??

#20

log masz teraz czysty,a oto obowiazkowe adresy dla Ciebie i zony:

http://www.amnezja.org/pl/html/modules. … e&sid=1509

pozamykaj wszystkie porty

http://www.dobreprogramy.com/index.php?dz=2&id=657&t=55

scanuj od czasu do czasu-zainstaluj

dalej sp2-obowiazek:

http://www.microsoft.com/poland/windows … fault.mspx

po zainstalowaniu update machnij

sciagnij sobie dodatkowy scaner online–polecam:

http://egama.prv.pl/

bitdefender w polskiej wersji jezykowej

na koniec zainstaluj sobie:

http://www.dobreprogramy.pl/index.php?dz=2&id=107&t=82

http://www.dobreprogramy.pl/index.php?dz=2&id=188&t=82

od czasu do czasu masz uaktualniac i scanowac

obowiazkowy Wasz zestaw do serfowania

:slight_smile: