Aniol89
(Aniol89)
9 Maj 2006 20:00
#1
Mój problem polega na tym, że po włączeniu komputera wyskakuje mi pełno reklam, a potem jest tylko gorzej… mam nadzieję, że ktoś mi pomorze. Z góry dziękuje. Oto Log:
Logfile of HijackThis v1.99.1 Scan saved at 21:32:07, on 2006-05-09 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\QW5pb2w\command.exe C:\Program Files\Network Monitor\netmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\devldr32.exe C:\Documents and Settings\Mateusz\Pulpit\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {9A2033BC-F109-80AD-0876-8D3AF52772C1} - C:\WINDOWS\System32\uomqq.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: 217.96.35.130 auto.search.msn.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1E25941C-6A6D-42DD-B9BE-E85079E23B5D} - \ O2 - BHO: (no name) - {4274DE02-2768-4940-A291-410115D870B1} - \ O2 - BHO: (no name) - {5D91AB64-7543-4D2E-8015-BBC80ADE6491} - \ O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll O2 - BHO: (no name) - {6246A781-3B32-439F-6480-424692E08A9A} - C:\WINDOWS\System32\pwnoahev.dll O2 - BHO: (no name) - {658CF3C1-26FE-491F-9BBE-DC166AC1431C} - \ O2 - BHO: (no name) - {6597A711-CF86-41E4-AFEF-9064FDCA1EFA} - \ O2 - BHO: (no name) - {6F8F696E-1BFF-41AA-ACF8-708ABABF9A14} - \ O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7A130257-BC0F-4D7D-B893-6C309C2CD5BC} - \ O2 - BHO: (no name) - {7E0DCC75-D57C-413A-929D-1824144A4FD8} - \ O2 - BHO: (no name) - {937E383D-5352-4F83-A952-BF068E1D74F0} - \ O2 - BHO: (no name) - {95A40F48-3965-42B5-A17F-CFA668401C98} - \ O2 - BHO: (no name) - {99CB3AD4-FA55-4F90-BDE1-393E8115636B} - \ O2 - BHO: (no name) - {9A2033BC-F109-80AD-0876-8D3AF52772C1} - C:\WINDOWS\System32\uomqq.dll O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL O2 - BHO: (no name) - {B0AB73AC-2E61-4337-84B7-D6642EC2243E} - \ O2 - BHO: (no name) - {C0634BF8-7495-4A7E-84A0-8005216EE512} - \ O2 - BHO: (no name) - {D9D561D0-81BD-4669-AB95-320304AEB4E1} - \ O2 - BHO: (no name) - {E0D68563-1ED6-4CE0-8F05-E5E050FA64AD} - \ O2 - BHO: (no name) - {E7FD775D-D230-4E3F-A0F3-B23FDE94FBF4} - \ O2 - BHO: (no name) - {EC7B1276-7056-43D2-99AE-F3FD2839813D} - \ O2 - BHO: (no name) - {FF009C09-8BB9-48AB-87D6-C0D8D0D08137} - \ O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [Provan Security] psecure.exe O4 - HKLM…\Run: [scHost] svchosts32.exe O4 - HKLM…\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe O4 - HKLM…\Run: [ipWins] C:\Program Files\ipwins\ipwins.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [newname] C:\windows\newname17.exe O4 - HKLM…\Run: [mousepad] C:\windows\mousepad17.exe O4 - HKLM…\Run: [keyboard] C:\windows\keyboard17.exe O4 - HKLM…\RunServices: [Provan Security] psecure.exe O4 - HKLM…\RunServices: [scHost] svchosts32.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [suhw] “C:\WINDOWS\CROSOF~1\chkntfs.exe” -vt ndrv O4 - HKCU…\Run: [Tudvic] C:\Documents and Settings\Mateusz\Dane aplikacji?racle\n?tepad.exe O4 - HKCU…\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000125.exe O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5pb2w\command.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
Bieniol
(Bbieniol)
9 Maj 2006 20:07
#2
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable. Po użyciu tego narzędzia wymagany jest reset sysa.
Start --> uruchom --> services.msc --> zatrzymaj i wyłącz usługe Command Service i Network Monitor
Otwórz hijackthis --> open misc tools section --> delete a NT service --> wpisz cmdService i ok
W trybie awaryjnym z wyłącząnym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku (w razie problemów z usuwaniem plików użyj narzędzia KillBox ):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R3 - URLSearchHook: (no name) - {9A2033BC-F109-80AD-0876-8D3AF52772C1} - C:\WINDOWS\System32\uomqq.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: 217.96.35.130 auto.search.msn.com O2 - BHO: (no name) - {1E25941C-6A6D-42DD-B9BE-E85079E23B5D} - \ O2 - BHO: (no name) - {4274DE02-2768-4940-A291-410115D870B1} - \ O2 - BHO: (no name) - {5D91AB64-7543-4D2E-8015-BBC80ADE6491} - \ O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll O2 - BHO: (no name) - {6246A781-3B32-439F-6480-424692E08A9A} - C:\WINDOWS\System32\pwnoahev.dll O2 - BHO: (no name) - {658CF3C1-26FE-491F-9BBE-DC166AC1431C} - \ O2 - BHO: (no name) - {6597A711-CF86-41E4-AFEF-9064FDCA1EFA} - \ O2 - BHO: (no name) - {6F8F696E-1BFF-41AA-ACF8-708ABABF9A14} - \ O2 - BHO: (no name) - {7A130257-BC0F-4D7D-B893-6C309C2CD5BC} - \ O2 - BHO: (no name) - {7E0DCC75-D57C-413A-929D-1824144A4FD8} - \ O2 - BHO: (no name) - {937E383D-5352-4F83-A952-BF068E1D74F0} - \ O2 - BHO: (no name) - {95A40F48-3965-42B5-A17F-CFA668401C98} - \ O2 - BHO: (no name) - {99CB3AD4-FA55-4F90-BDE1-393E8115636B} - \ O2 - BHO: (no name) - {9A2033BC-F109-80AD-0876-8D3AF52772C1} - C:\WINDOWS\System32\uomqq.dll O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL O2 - BHO: (no name) - {B0AB73AC-2E61-4337-84B7-D6642EC2243E} - \ O2 - BHO: (no name) - {C0634BF8-7495-4A7E-84A0-8005216EE512} - \ O2 - BHO: (no name) - {D9D561D0-81BD-4669-AB95-320304AEB4E1} - \ O2 - BHO: (no name) - {E0D68563-1ED6-4CE0-8F05-E5E050FA64AD} - \ O2 - BHO: (no name) - {E7FD775D-D230-4E3F-A0F3-B23FDE94FBF4} - \ O2 - BHO: (no name) - {EC7B1276-7056-43D2-99AE-F3FD2839813D} - \ O2 - BHO: (no name) - {FF009C09-8BB9-48AB-87D6-C0D8D0D08137} - \ O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll O4 - HKLM…\Run: [Provan Security] psecure.exe O4 - HKLM…\Run: [scHost] svchosts32.exe O4 - HKLM…\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe O4 - HKLM…\Run: [ipWins] C:\Program Files\ipwins\ipwins.exe O4 - HKLM…\Run: [newname] C:\windows\newname17.exe O4 - HKLM…\Run: [mousepad] C:\windows\mousepad17.exe O4 - HKLM…\Run: [keyboard] C:\windows\keyboard17.exe O4 - HKLM…\RunServices: [Provan Security] psecure.exe O4 - HKLM…\RunServices: [scHost] svchosts32.exe O4 - HKCU…\Run: [Tudvic] C:\Documents and Settings\Mateusz\Dane aplikacji?racle\n?tepad.exe O4 - HKCU…\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000125.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5pb2w\command.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
Po zabiegu daj nowy log do kontroli
kuz5
(Kuz5)
9 Maj 2006 20:24
#3
Komputer jest strasznie zasyfiony także przydał by sie również log z Silent Runners - nie sądzisz
No i musowo skan Ewido zrób update i przeskanuj
Ten wpis z kreseczką “_” usuniesz edytorem rejestru Registrar Lite
Uruchom edytor w pole Address wklej ścieżke
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks i kliknij Go poczym zostaniesz przeniesiony do tego klucza. Po prawej stronie będzie widoczny wpis _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} wszystkie inne wpisy z taką samą kreseczką także kasujesz i z prawokliku kasujesz wpisy.
Aniol89
(Aniol89)
9 Maj 2006 20:49
#4
tak wygląda log po pierwszej poradzie… Napiszcie mi czy opłaca sie czyścić komputer czy może lepiej zrobić formata dysku ?? Pozdrawiam
Logfile of HijackThis v1.99.1 Scan saved at 22:47:43, on 2006-05-09 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\psecure.exe C:\Program Files\ipwins\ipwins.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\svchosts32.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Outlook Express\woemig50.exe c:\mc-110-12-0000125.exe c:\defender1.exe C:\WINDOWS\System32\taskmgr.exe C:\Documents and Settings\Mateusz\Pulpit\hijackthis\HijackThis.exe C:\Documents and Settings\Mateusz\Dane aplikacji?racle\n?tepad.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {9A2033BC-F109-80AD-0876-8D3AF52772C1} - C:\WINDOWS\System32\uomqq.dll (file missing) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {0D4C63FE-FD46-DFE0-4782-82CA9A51E59B} - C:\WINDOWS\System32\nwavczk.dll F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: 217.96.35.130 auto.search.msn.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0D4C63FE-FD46-DFE0-4782-82CA9A51E59B} - C:\WINDOWS\System32\nwavczk.dll O2 - BHO: (no name) - {15C0FA00-8748-433F-971D-8959FD7C4C80} - \ O2 - BHO: (no name) - {1E25941C-6A6D-42DD-B9BE-E85079E23B5D} - \ O2 - BHO: (no name) - {239DB93F-B2DB-469B-9E02-DC68D0079DE5} - \ O2 - BHO: (no name) - {4274DE02-2768-4940-A291-410115D870B1} - \ O2 - BHO: (no name) - {5D91AB64-7543-4D2E-8015-BBC80ADE6491} - \ O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll O2 - BHO: (no name) - {6246A781-3B32-439F-6480-424692E08A9A} - C:\WINDOWS\System32\pwnoahev.dll (file missing) O2 - BHO: (no name) - {658CF3C1-26FE-491F-9BBE-DC166AC1431C} - \ O2 - BHO: (no name) - {6597A711-CF86-41E4-AFEF-9064FDCA1EFA} - \ O2 - BHO: (no name) - {6F8F696E-1BFF-41AA-ACF8-708ABABF9A14} - \ O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7A130257-BC0F-4D7D-B893-6C309C2CD5BC} - \ O2 - BHO: (no name) - {7E0DCC75-D57C-413A-929D-1824144A4FD8} - \ O2 - BHO: (no name) - {937E383D-5352-4F83-A952-BF068E1D74F0} - \ O2 - BHO: (no name) - {95A40F48-3965-42B5-A17F-CFA668401C98} - \ O2 - BHO: (no name) - {99CB3AD4-FA55-4F90-BDE1-393E8115636B} - \ O2 - BHO: (no name) - {9A2033BC-F109-80AD-0876-8D3AF52772C1} - C:\WINDOWS\System32\uomqq.dll (file missing) O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL (file missing) O2 - BHO: (no name) - {B0AB73AC-2E61-4337-84B7-D6642EC2243E} - \ O2 - BHO: (no name) - {C0634BF8-7495-4A7E-84A0-8005216EE512} - \ O2 - BHO: (no name) - {D9D561D0-81BD-4669-AB95-320304AEB4E1} - \ O2 - BHO: (no name) - {E0D68563-1ED6-4CE0-8F05-E5E050FA64AD} - \ O2 - BHO: (no name) - {E54260F0-546C-4704-AC66-BC813EA1A366} - \ O2 - BHO: (no name) - {E6A4AC3F-842D-4139-8DA5-F1084445BEF6} - \ O2 - BHO: (no name) - {E7FD775D-D230-4E3F-A0F3-B23FDE94FBF4} - \ O2 - BHO: (no name) - {EC7B1276-7056-43D2-99AE-F3FD2839813D} - \ O2 - BHO: (no name) - {FF009C09-8BB9-48AB-87D6-C0D8D0D08137} - \ O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll (file missing) O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [Provan Security] psecure.exe O4 - HKLM…\Run: [scHost] svchosts32.exe O4 - HKLM…\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe O4 - HKLM…\Run: [ipWins] C:\Program Files\ipwins\ipwins.exe O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [newname] c:\newname18.exe O4 - HKLM…\Run: [keyboard] c:\keyboard18.exe O4 - HKLM…\Run: [defender] c:\defender1.exe O4 - HKLM…\RunServices: [Provan Security] psecure.exe O4 - HKLM…\RunServices: [scHost] svchosts32.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [suhw] “C:\WINDOWS\CROSOF~1\chkntfs.exe” -vt ndrv O4 - HKCU…\Run: [Tudvic] C:\Documents and Settings\Mateusz\Dane aplikacji?racle\n?tepad.exe O4 - HKCU…\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000125.exe O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
Bieniol
(Bbieniol)
9 Maj 2006 20:54
#5
No niestety prawie nic z tego nie zostało usunięte :roll:
Zapoznaj się z tym tematem - http://forum.dobreprogramy.pl/viewtopic.php?t=36654 - tutaj masz opisane w jaki sposób usuwa się w Hijacku wpisy, a nastepnie usuwasz ręcznie pliki
Zawsze opłaca się walczyć, tylko trzeba troche czasu temu poświęcić
Aniol89
(Aniol89)
10 Maj 2006 11:15
#6
Usunołem pliki zaznaczone na czerwono i wpisy, ale nic się nie zmieniło
Teraz mój log wygląda tak:
Logfile of HijackThis v1.99.1 Scan saved at 13:10:46, on 2006-05-10 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\CROSOF~1\chkntfs.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Windows\wWinUpdate.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Mateusz\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1E25941C-6A6D-42DD-B9BE-E85079E23B5D} - \ O2 - BHO: (no name) - {658CF3C1-26FE-491F-9BBE-DC166AC1431C} - \ O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [suhw] “C:\WINDOWS\CROSOF~1\chkntfs.exe” -vt ndrv O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
kuz5
(Kuz5)
10 Maj 2006 13:28
#8
Miałeś jeszcze wkleić loga SilentRunners