UnSpyPC+remove toolbar w na pasku zadań


(Mufan11) #1

Witam mam problem z tym paskiem w moj komputer Remove Toolbar oto log

Logfile of HijackThis v1.99.1

Scan saved at 19:51:45, on 2006-04-19

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\ATKKBService.exe

E:\Kacperek AntiVir\avpcc.exe

E:\Kacperek AntiVir\avpm.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\System32\UAService7.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\ctfmon.exe

E:\Bankruttomek\bankrut.exe

C:\WINDOWS\explorer.exe

E:\DAP\DAP\DAP.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\KAV Shared Files\avpupd.exe

C:\Documents and Settings\Tomek\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {D3FF66FD-7C1E-D3E7-2380-5D76D1FD90E0} - xwiz.dll (file missing)

F2 - REG:system.ini: Shell=explorer.exe 

O1 - Hosts: localhost 127.0.0.1

O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\mspdz.dll

O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - E:\DAP\DAP\DAPIEBar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\mspdz.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PrcIdle] NsCplTray.exe

O4 - HKLM\..\Run: [xsetup] driver64.exe

O4 - HKLM\..\Run: [bingo9] killall.exe

O4 - HKLM\..\Run: [trycrt] TemplateDongle.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start

O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\SmartCom\RTEGPRS.exe" tray

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [SysEntry] NopeZ.exe

O4 - HKCU\..\Run: [porka_] NsCplTray.exe

O4 - HKCU\..\Run: [abrek] SysEntry.exe

O4 - Startup: Bankrut.lnk = E:\Bankrut\Bankrut1\bankrut.exe

O4 - Startup: winupdate45254783[1].exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Download with &DAP - E:\DAP\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - E:\DAP\DAP\dapextie2.htm

O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm

O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm

O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\DAP\DAP\DAP.EXE

O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - E:\Przegladarka graficzna\Ebay\Ebay.htm

O17 - HKLM\System\CCS\Services\Tcpip\..\{1D28D646-476A-45E9-8B17-0FF2768DC350}: NameServer = 85.255.116.150,85.255.112.24

O17 - HKLM\System\CCS\Services\Tcpip\..\{32F18854-CA57-4A3F-9ACA-51F97EC62906}: NameServer = 85.255.116.150 85.255.112.24

O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8A67E0-402E-419D-B81F-63A9B8997051}: NameServer = 85.255.116.150,85.255.112.24

O17 - HKLM\System\CS1\Services\Tcpip\..\{1D28D646-476A-45E9-8B17-0FF2768DC350}: NameServer = 85.255.116.150,85.255.112.24

O17 - HKLM\System\CS2\Services\Tcpip\..\{1D28D646-476A-45E9-8B17-0FF2768DC350}: NameServer = 85.255.116.150,85.255.112.24

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - E:\Kacperek AntiVir\avpcc.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - E:\Kacperek AntiVir\avpm.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

(Kuz5) #2

Daruj sobie sprawdzanie logów

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Pliki na czerwono usun ręcznie z dysku

To nie twoje DNSy, tylko jakieś Ukraińskie, wiec je skoś:

Taka mała uwaga, nie podpinaj sie pod nie swoje tematy :?


(Gutek) #3

Ale spóźniłem się lecz: użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable. Po użyciu tego narzędzia wymagany jest reset sysa.

Scan EWIDO po update :wink:

Daj po wszytskim jeszcze log z Silenta