Tcmvtmsg.exe?

Dla specjalistów Bezpieczeństwo
#1

witam, od jakiegos czasu mam problemy z moim komputerkiem, a mianowicie - problem jest w tym ze co chwile sie zawiesza i kazde okno ktore jest otwarte robi sie biale :((( i chcial bym sie dowiedziec co to jest tcmvtmsg.exe :slight_smile:

Logfile of HijackThis v1.99.1

Scan saved at 23:43:43, on 2005-05-16

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\System32?ti2evxx.exe

C:\WINDOWS\System32\tcmvtmsg.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Remik.X-99TY7G43SF2Y9\Pulpit\hijackthis.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe

O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com

O1 - Hosts: 127.0.0.3 x.full-tgp.net

O1 - Hosts: 127.0.0.3 counter.sexmaniack.com

O1 - Hosts: 127.0.0.3 autoescrowpay.com

O1 - Hosts: 127.0.0.3 http://www.autoescrowpay.com

O1 - Hosts: 127.0.0.3 http://www.awmdabest.com

O1 - Hosts: 127.0.0.3 http://www.sexfiles.nu

O1 - Hosts: 127.0.0.3 awmdabest.com

O1 - Hosts: 127.0.0.3 sexfiles.nu

O1 - Hosts: 127.0.0.3 allforadult.com

O1 - Hosts: 127.0.0.3 http://www.allforadult.com

O1 - Hosts: 127.0.0.3 http://www.iframe.biz

O1 - Hosts: 127.0.0.3 iframe.biz

O1 - Hosts: 127.0.0.3 http://www.newiframe.biz

O1 - Hosts: 127.0.0.3 newiframe.biz

O1 - Hosts: 127.0.0.3 http://www.vesbiz.biz

O1 - Hosts: 127.0.0.3 vesbiz.biz

O1 - Hosts: 127.0.0.3 http://www.pizdato.biz

O1 - Hosts: 127.0.0.3 pizdato.biz

O1 - Hosts: 127.0.0.3 http://www.aaasexypics.com

O1 - Hosts: 127.0.0.3 aaasexypics.com

O1 - Hosts: 127.0.0.3 http://www.virgin-tgp.net

O1 - Hosts: 127.0.0.3 virgin-tgp.net

O1 - Hosts: 127.0.0.3 http://www.awmcash.biz

O1 - Hosts: 127.0.0.3 awmcash.biz

O1 - Hosts: 127.0.0.3 buldog-stats.com

O1 - Hosts: 127.0.0.3 http://www.buldog-stats.com

O1 - Hosts: 127.0.0.3 fregat.drocherway.com

O1 - Hosts: 127.0.0.3 slutmania.biz

O1 - Hosts: 127.0.0.3 http://www.slutmania.biz

O1 - Hosts: 127.0.0.3 toolbarpartner.com

O1 - Hosts: 127.0.0.3 http://www.toolbarpartner.com

O1 - Hosts: 127.0.0.3 http://www.megapornix.com

O1 - Hosts: 127.0.0.3 megapornix.com

O1 - Hosts: 127.0.0.3 http://www.sp2fucked.biz

O1 - Hosts: 127.0.0.3 sp2fucked.biz

O1 - Hosts: 127.0.0.3 greg-tut.com

O1 - Hosts: 127.0.0.3 http://www.greg-tut.com

O1 - Hosts: 127.0.0.3 nylonsexy.com

O1 - Hosts: 127.0.0.3 http://www.nylonsexy.com

O1 - Hosts: 127.0.0.3 vparivalka.com

O1 - Hosts: 127.0.0.3 http://www.vparivalka.com

O1 - Hosts: 127.0.0.3 iframeprofit.com

O1 - Hosts: 127.0.0.3 http://www.iframeprofit.com

O1 - Hosts: 127.0.0.3 topsearch10.com

O1 - Hosts: 127.0.0.3 http://www.topsearch10.com

O1 - Hosts: 127.0.0.3 statscash.biz

O1 - Hosts: 127.0.0.3 http://www.statscash.biz

O1 - Hosts: 127.0.0.3 vxiframe.biz

O1 - Hosts: 127.0.0.3 http://www.vxiframe.biz

O1 - Hosts: 127.0.0.3 crazy-toolbar.com

O1 - Hosts: 127.0.0.3 http://www.crazy-toolbar.com

O1 - Hosts: 127.0.0.3 topcash.biz

O1 - Hosts: 127.0.0.3 http://www.topcash.biz

O1 - Hosts: 127.0.0.3 loadcash.biz

O1 - Hosts: 127.0.0.3 http://www.loadcash.biz

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll

O2 - BHO: (no name) - {C11EE656-0D98-5E62-E6DB-27C0BBE55DC4} - C:\WINDOWS\System32\idhsbrq.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM…\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\WINDOWS\system32\1.tmp

O4 - HKLM…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKLM…\Run: [sac] c:\program files\180searchassistant\sac.exe

O4 - HKLM…\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

O4 - HKLM…\Run: [AutoLoader7Fx61OMlcdaV] “C:\WINDOWS\System32\terx5016.exe” /HideDir /HideUninstall /PC=“CP.AMS” /ShowLegalNote=“nonbranded”

O4 - HKLM…\Run: [AutoUpdater] “C:\Program Files\AutoUpdate\AutoUpdate.exe”

O4 - HKLM…\Run: [7sEg34R] terx5016.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [PayTime] C:\WINDOWS\System32\paytime.exe

O4 - HKCU…\Run: [Enct] C:\Documents and Settings\Remik.X-99TY7G43SF2Y9\Dane aplikacji\moar.exe

O4 - HKCU…\Run: [Mci] C:\WINDOWS\System32?ti2evxx.exe

O4 - HKCU…\Run: [MBxmRQdnj] tcmvtmsg.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 81.222.131.59

O15 - Trusted IP range: 81.222.131.59 (HKLM)

O17 - HKLM\System\CCS\Services\Tcpip…{C9142B3F-CFAC-46CB-B9E9-F3F6B9B9DDEA}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

#2

Wklej loga :arrow: HijackThis 1.99.1

Odpalasz program i klikasz Do a system scan and save a logfile następnie automatycznie wyskoczy dokument tekstowy którego całą zawartośći wklejasz na forum.

Zapewne jakiś syf a jaka jest ścieżka do tego pliku

#3

Przenosze>.Bezpieczeństwo

#4

wyłącz przywracanie systemu. W trybie awaryjnym fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php

F2 - REG:system.ini: Shell=explorer.exe

O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com

O1 - Hosts: 127.0.0.3 x.full-tgp.net

O1 - Hosts: 127.0.0.3 counter.sexmaniack.com

O1 - Hosts: 127.0.0.3 autoescrowpay.com

O1 - Hosts: 127.0.0.3 http://www.autoescrowpay.com

O1 - Hosts: 127.0.0.3 http://www.awmdabest.com

O1 - Hosts: 127.0.0.3 http://www.sexfiles.nu

O1 - Hosts: 127.0.0.3 awmdabest.com

O1 - Hosts: 127.0.0.3 sexfiles.nu

O1 - Hosts: 127.0.0.3 allforadult.com

O1 - Hosts: 127.0.0.3 http://www.allforadult.com

O1 - Hosts: 127.0.0.3 http://www.iframe.biz

O1 - Hosts: 127.0.0.3 iframe.biz

O1 - Hosts: 127.0.0.3 http://www.newiframe.biz

O1 - Hosts: 127.0.0.3 newiframe.biz

O1 - Hosts: 127.0.0.3 http://www.vesbiz.biz

O1 - Hosts: 127.0.0.3 vesbiz.biz

O1 - Hosts: 127.0.0.3 http://www.pizdato.biz

O1 - Hosts: 127.0.0.3 pizdato.biz

O1 - Hosts: 127.0.0.3 http://www.aaasexypics.com

O1 - Hosts: 127.0.0.3 aaasexypics.com

O1 - Hosts: 127.0.0.3 http://www.virgin-tgp.net

O1 - Hosts: 127.0.0.3 virgin-tgp.net

O1 - Hosts: 127.0.0.3 http://www.awmcash.biz

O1 - Hosts: 127.0.0.3 awmcash.biz

O1 - Hosts: 127.0.0.3 buldog-stats.com

O1 - Hosts: 127.0.0.3 http://www.buldog-stats.com

O1 - Hosts: 127.0.0.3 fregat.drocherway.com

O1 - Hosts: 127.0.0.3 slutmania.biz

O1 - Hosts: 127.0.0.3 http://www.slutmania.biz

O1 - Hosts: 127.0.0.3 toolbarpartner.com

O1 - Hosts: 127.0.0.3 http://www.toolbarpartner.com

O1 - Hosts: 127.0.0.3 http://www.megapornix.com

O1 - Hosts: 127.0.0.3 megapornix.com

O1 - Hosts: 127.0.0.3 http://www.sp2fucked.biz

O1 - Hosts: 127.0.0.3 sp2fucked.biz

O1 - Hosts: 127.0.0.3 greg-tut.com

O1 - Hosts: 127.0.0.3 http://www.greg-tut.com

O1 - Hosts: 127.0.0.3 nylonsexy.com

O1 - Hosts: 127.0.0.3 http://www.nylonsexy.com

O1 - Hosts: 127.0.0.3 vparivalka.com

O1 - Hosts: 127.0.0.3 http://www.vparivalka.com

O1 - Hosts: 127.0.0.3 iframeprofit.com

O1 - Hosts: 127.0.0.3 http://www.iframeprofit.com

O1 - Hosts: 127.0.0.3 topsearch10.com

O1 - Hosts: 127.0.0.3 http://www.topsearch10.com

O1 - Hosts: 127.0.0.3 statscash.biz

O1 - Hosts: 127.0.0.3 http://www.statscash.biz

O1 - Hosts: 127.0.0.3 vxiframe.biz

O1 - Hosts: 127.0.0.3 http://www.vxiframe.biz

O1 - Hosts: 127.0.0.3 crazy-toolbar.com

O1 - Hosts: 127.0.0.3 http://www.crazy-toolbar.com

O1 - Hosts: 127.0.0.3 topcash.biz

O1 - Hosts: 127.0.0.3 http://www.topcash.biz

O1 - Hosts: 127.0.0.3 loadcash.biz

O1 - Hosts: 127.0.0.3 http://www.loadcash.biz

O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll

O2 - BHO: (no name) - {C11EE656-0D98-5E62-E6DB-27C0BBE55DC4} - C:\WINDOWS\System32\idhsbrq.dll

O4 - HKLM…\Run: [AutoUpdater] “C:\Program Files\AutoUpdate\AutoUpdate.exe”

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 81.222.131.59

O15 - Trusted IP range: 81.222.131.59 (HKLM)

wpisy 015 usuwasz tym:

Kill Trusted :

http://www.searchengines.pl/phpbb203/in … ost&id=459

#5

Te 997 nie odstawiaj kaszany i nie bierz sie za coś na czym sie nie znasz.

Oszczedzisz nerów i mnie i innym ktorzy beda odpowiadac.

Zaczynamy od tego ?ti2evxx.exe , masz juz uruchomiony proces Ati2evxx.exe co wylucza błąd Hijacka

O pytajnikowcach wiecej masz tutaj

Ponadto wylatuje razem z n/w plikami

Poza tym wpisów z hosts nie usuwaj a jedynie wyedytuj plik hosts z katalogu C:\WINDOWS\system32\drivers\etc i zamien wszystkie 3 na 1

Ma być 127.0.0.1 przed wszystkimi pozycjami

Plik otworz notatnikiem

#6

Logfile of HijackThis v1.99.1

Scan saved at 12:29:27, on 2005-05-17

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\Remik.X-99TY7G43SF2Y9\Pulpit\hijackthis.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BHOmodObj Class - {7F6828CA-9E42-462C-BC60-418C8144012C} - c:\windows\system\BHOmod.dll

O2 - BHO: (no name) - {C11EE656-0D98-5E62-E6DB-27C0BBE55DC4} - C:\WINDOWS\System32\idhsbrq.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM…\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

O4 - HKLM…\Run: [AutoUpdater] “C:\Program Files\AutoUpdate\AutoUpdate.exe”

O4 - HKLM…\Run: [Device Detector] “C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe” -autorun

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O17 - HKLM\System\CCS\Services\Tcpip…{C9142B3F-CFAC-46CB-B9E9-F3F6B9B9DDEA}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

z tymi 01-Hosts nic nie robilem, samo zniklo ;]

#7

Zainstaluj Sp2

#8

leci jeszcze :

pogrubione usuwasz recznie

nastepnie wylacz te usluge:

i zafixuj hijackiem- instrukcja usuwania AutoUpdate.exe:

http://www.pchell.com/support/peopleonpage.shtml

czyto jest twoja strona startowa po wejsciu do netu:

#9

to jedno czyli Wariant CWS: systime.exe :stuck_out_tongue:

#10

Logfile of HijackThis v1.99.1

Scan saved at 21:12:50, on 2005-05-17

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Documents and Settings\Remik.X-99TY7G43SF2Y9\Pulpit\hijackthis.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe

O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM…\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE

O4 - HKLM…\Run: [Device Detector] “C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe” -autorun

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O17 - HKLM\System\CCS\Services\Tcpip…{C9142B3F-CFAC-46CB-B9E9-F3F6B9B9DDEA}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

i tak mi sie wiesza komputer, tak samo jak na poczatku, moze czegos mi brakuje w systemie ;/

#11

Log OK :stuck_out_tongue:

Zainstaluj SP2

#12

SP2 hmm mialem juz i cos mi nie gralo, trzeba go dobrze skonfigurowac ze by byl z niego pozytek a mi sie nie chce bawic :((( wiecie co Ad-aware SE wciaz mi wykrywa jakies badziewia ;/ usuwam je tym programem ale to nic nie daje ;/

PeopleOnPage Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\apropos

PeopleOnPage Object Recognized!

Type : Regkey

Data :

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\envolo

PeopleOnPage Object Recognized!

Type : Regkey

Data : e_uninstall.log

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\autoupdate

PeopleOnPage Object Recognized!

Type : RegValue

Data : e_uninstall.log

Category : Data Miner

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\autoupdate

Value : UninstallString