uls
(Barbaraes)
10 Czerwiec 2007 11:23
#1
Witam, od pewnego czasu wyskakują mi okienka z IE, np. broadcaster.
Proszę o pomoc.
Logfile of HijackThis v1.99.1
Scan saved at 13:25:11, on 2007-06-08
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\svchosts.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\WINDOWS\System32\PSIService.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\{024D170E-03BE-1045-0123-021018010030}\Update.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Czazur\DANEAP~1\MBOLS~1\winlogon.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Documents and Settings\Czazur\Dane aplikacji\??stem\w?wexec.exe
C:\WINDOWS\System32\wdfmgr.exe
D:\Programy\Gadu-Gadu\gg.exe
D:\Programy\Opera\opera.exe
C:\Documents and Settings\Czazur\Pulpit\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {098F17F1-8919-CBCF-6F8D-F1AD7E7FE2C1} - C:\WINDOWS\System32\kkupeat.dll (file missing)
O2 - BHO: (no name) - {0C1DEFD1-7664-3DEE-4D1F-58C7E972B498} - C:\WINDOWS\System32\pgrbkwbi.dll
O2 - BHO: (no name) - {11C2F83E-6386-7A01-A341-1DE33AE0AACC} - C:\WINDOWS\System32\lejzm.dll (file missing)
O2 - BHO: (no name) - {22DDF67B-609A-764A-B9E0-47A67E0897C7} - C:\WINDOWS\System32\kmqooabt.dll (file missing)
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: (no name) - {4297A33E-6884-7E55-A341-1DE33AEBFE9D} - C:\WINDOWS\System32\wyfivyc.dll (file missing)
O2 - BHO: (no name) - {93784815-D4A8-CF7C-D906-F9ADDEB3219E} - C:\WINDOWS\System32\djoks.dll (file missing)
O2 - BHO: (no name) - {942F4F46-D1AB-9824-D906-F9ADDEE728C5} - C:\WINDOWS\System32\aczxomsm.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{324D1~1\Bar888.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Programy\DAP\DAPIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{324D1~1\Bar888.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [{024D170E-03BE-1045-0123-021018010030}] "C:\Program Files\Common Files\{024D170E-03BE-1045-0123-021018010030}\Update.exe" te-110-12-0000245
O4 - HKLM\..\Run: [{024D170E-03BD-1045-0123-021018010030}] "C:\Program Files\Common Files\{024D170E-03BD-1045-0123-021018010030}\Update.exe" te-110-12-0000245
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [BearShare] "D:\Programy\Bearshare\BearShare.exe" /pause
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Saeh] "C:\DOCUME~1\Czazur\DANEAP~1\MBOLS~1\winlogon.exe" -vt yazb
O4 - HKCU\..\Run: [Slefns] C:\Documents and Settings\Czazur\Moje dokumenty\?racle\?xplorer.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Wmlmwoe] "C:\Documents and Settings\Czazur\Dane aplikacji\??stem\w?wexec.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programy\Office Premium 2000\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRAMY\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {CC7D09F5-FB74-4476-9E27-881E178238D6} (EscupX Control) - http://www.escup.com/c/escup1.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_31.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{988CD92D-7F86-49B2-9CE0-06B3435B7D2B}: NameServer = 85.255.116.119,85.255.112.220
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.119 85.255.112.220
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.119 85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.119 85.255.112.220
O20 - AppInit_DLLs: PAVWAIT.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000245 (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Gutek
(Gutek)
10 Czerwiec 2007 11:30
#2
Gutek
(Gutek)
10 Czerwiec 2007 20:29
#4
plik do usunięcia
Czyszczenie rejestru:
RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177
możesz rejestr przelecieć albo
jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509
Po tym nowy log z Combo
uls
(Barbaraes)
11 Czerwiec 2007 19:15
#5
Nie mam takiego folderu na dysku…
Wyszukiwanie pliku również nie przynosi rezultatu…
==
Nie wiem czy to to , a innego nie ma . . .
ComboFix 07-06-09.5
Gutek
(Gutek)
11 Czerwiec 2007 19:51
#6
Użyj Pocket Killbox . Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki
C:\WINDOWS\System32\bdaefcd3_r.dll
C:\WINDOWS\System32\aczxomsm.dll
i naciskasz X czerwony . Program poprosi o reset kompa … czyli resetujesz.
uls
(Barbaraes)
12 Czerwiec 2007 12:27
#7
Problem zniknął po wcześniejszych zabiegach
ComboFix 07-06-09.5
"Czazur" - 2007-06-09 16:54:49
((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))
2007-06-09 14:03
[code]Logfile of HijackThis v1.99.1 Scan saved at 17:07, on 2007-06-09 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\runservice.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\WINDOWS\System32\PSIService.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe C:\WINDOWS\System32\svchost.exe D:\Programy\Opera\opera.exe C:\ComboFix\catchme.cfexe C:\ComboFix\catchme.cfexe C:\WINDOWS\explorer.exe C:\Documents and Settings\Czazur\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza O2 - BHO: (no name) - {098F17F1-8919-CBCF-6F8D-F1AD7E7FE2C1} - (no file) O2 - BHO: (no name) - {0C1DEFD1-7664-3DEE-4D1F-58C7E972B498} - C:\WINDOWS\System32\pgrbkwbi.dll O2 - BHO: (no name) - {11C2F83E-6386-7A01-A341-1DE33AE0AACC} - (no file) O2 - BHO: (no name) - {22DDF67B-609A-764A-B9E0-47A67E0897C7} - (no file) O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: (no name) - {4297A33E-6884-7E55-A341-1DE33AEBFE9D} - (no file) O2 - BHO: (no name) - {93784815-D4A8-CF7C-D906-F9ADDEB3219E} - (no file) O2 - BHO: (no name) - {942F4F46-D1AB-9824-D906-F9ADDEE728C5} - C:\WINDOWS\System32\aczxomsm.dll (file missing) O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Programy\DAP\DAPIEBar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM…\Run: [AdaptecDirectCD] “C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe” O4 - HKLM…\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Saeh] “C:\DOCUME~1\Czazur\DANEAP~1\MBOLS~1\winlogon.exe” -vt yazb O4 - HKCU…\Run: [Slefns] C:\Documents and Settings\Czazur\Moje dokumenty?racle?xplorer.exe O4 - HKCU…\Run: [Wmlmwoe] “C:\Documents and Settings\Czazur\Dane aplikacji??stem\w?wexec.exe” O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programy\Office Premium 2000\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRAMY\DAP\DAP.EXE O16 - DPF: {CC7D09F5-FB74-4476-9E27-881E178238D6} (EscupX Control) - http://www.escup.com/c/escup1.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_31.cab O17 - HKLM\System\CCS\Services\Tcpip…{988CD92D-7F86-49B2-9CE0-06B3435B7D2B}: NameServer = 172.23.1.1,195.114.161.161 O20 - AppInit_DLLs: PAVWAIT.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
adam9870
(adam9870)
12 Czerwiec 2007 15:54
#8
Poprzez aplet Dodaj/usuń programy odinstaluj MyGlobalSearch oraz WeatherCast.
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe C:\winstall.exe C:\Program Files\WeatherCast C:\WINDOWS\System32\0mcamcap.exe C:\Program Files\ipwins (tych plików może po prostu nie być) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ O2 - BHO: (no name) - {098F17F1-8919-CBCF-6F8D-F1AD7E7FE2C1} - (no file) O2 - BHO: (no name) - {0C1DEFD1-7664-3DEE-4D1F-58C7E972B498} - C:\WINDOWS\System32\pgrbkwbi.dll O2 - BHO: (no name) - {11C2F83E-6386-7A01-A341-1DE33AE0AACC} - (no file) O2 - BHO: (no name) - {22DDF67B-609A-764A-B9E0-47A67E0897C7} - (no file) O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: (no name) - {4297A33E-6884-7E55-A341-1DE33AEBFE9D} - (no file) O2 - BHO: (no name) - {93784815-D4A8-CF7C-D906-F9ADDEB3219E} - (no file) O2 - BHO: (no name) - {942F4F46-D1AB-9824-D906-F9ADDEE728C5} - C:\WINDOWS\System32\aczxomsm.dll (file missing) O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKCU…\Run: [saeh] “C:\DOCUME~1\Czazur\DANEAP~1\MBOLS~1\winlogon.exe” -vt yazb O4 - HKCU…\Run: [Wmlmwoe] “C:\Documents and Settings\Czazur\Dane aplikacji??stem\w?wexec.exe”
Pliki i foldery zaznaczone na czerwono usuń ręcznie z dysku w trybie awaryjnym natomiast wpisy HijackThis. Ze względu na to, że masz do usunięcia tzw. pytajnikowca, przez zabraniem się za usuwanie poczytaj - Usuwanie PurityScan .
Start >>> uruchom >>> wpis cmd i kliknij OK >>> w konsoli, która się otworzy wydaj następujące polecenia:
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
Po wykonaniu wklej komplet nowych logów.
uls
(Barbaraes)
12 Czerwiec 2007 17:37
#9
Nie ma na dysku żadnego pliku i folderu zaznaczonego na czerwono.
Nie mogę również usunać pytajnikowca gdyż nie ma folderu system32…
ComboFix 07-06-09.5
"Czazur" - 2007-06-09 22:08:14
((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))
2007-06-09 21:38 225,280 --a------ C:\Program Files\Uninstall My Global Search Bar.dll
2007-06-09 14:03
[code]Logfile of HijackThis v1.99.1 Scan saved at 22:17, on 2007-06-09 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\WINDOWS\runservice.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\WINDOWS\System32\PSIService.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\chkdsk.exe C:\ComboFix\sed.cfexe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\findstr.exe C:\ComboFix\sed.cfexe C:\WINDOWS\explorer.exe D:\Programy\Opera\opera.exe C:\WINDOWS\System32\taskmgr.exe C:\Documents and Settings\Czazur\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza O2 - BHO: (no name) - {098F17F1-8919-CBCF-6F8D-F1AD7E7FE2C1} - (no file) O2 - BHO: (no name) - {0C1DEFD1-7664-3DEE-4D1F-58C7E972B498} - C:\WINDOWS\System32\pgrbkwbi.dll (file missing) O2 - BHO: (no name) - {11C2F83E-6386-7A01-A341-1DE33AE0AACC} - (no file) O2 - BHO: (no name) - {22DDF67B-609A-764A-B9E0-47A67E0897C7} - (no file) O2 - BHO: (no name) - {4297A33E-6884-7E55-A341-1DE33AEBFE9D} - (no file) O2 - BHO: (no name) - {93784815-D4A8-CF7C-D906-F9ADDEB3219E} - (no file) O2 - BHO: (no name) - {942F4F46-D1AB-9824-D906-F9ADDEE728C5} - C:\WINDOWS\System32\aczxomsm.dll (file missing) O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Programy\DAP\DAPIEBar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [AdaptecDirectCD] “C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe” O4 - HKLM…\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Saeh] “C:\DOCUME~1\Czazur\DANEAP~1\MBOLS~1\winlogon.exe” -vt yazb O4 - HKCU…\Run: [Slefns] C:\Documents and Settings\Czazur\Moje dokumenty?racle?xplorer.exe O4 - HKCU…\Run: [Wmlmwoe] “C:\Documents and Settings\Czazur\Dane aplikacji??stem\w?wexec.exe” O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programy\Office Premium 2000\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRAMY\DAP\DAP.EXE O16 - DPF: {CC7D09F5-FB74-4476-9E27-881E178238D6} (EscupX Control) - http://www.escup.com/c/escup1.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_31.cab O17 - HKLM\System\CCS\Services\Tcpip…{988CD92D-7F86-49B2-9CE0-06B3435B7D2B}: NameServer = 172.23.1.1,195.114.161.161 O20 - AppInit_DLLs: PAVWAIT.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Gutek
(Gutek)
12 Czerwiec 2007 18:44
#10
poczytaj Usuwanie PurityScan. - link wyżej, wpisy usuń HJT
Skan AVG Anti-Spyware 7.5 po update
Czyszczenie rejestru:
RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177
możesz rejestr przelecieć albo
jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509
Po tym log z Combo