Fusher123
(Fusher Jacek)
26 Marzec 2007 13:58
#1
Mam taki problem, sciagnałem jakiś denny program Net Buster czy coś w tym stylou (juz go nie mam) ale przy instalacji zasyfiłem sobie komuter jakimiś adware albo jakies innye syfy. Teraz gdy np gram w counter strike podcZas gry wyskakuja mi reklamy i gra mi sie ciągle minimalizuje.
Prosze o pomoc w usunieciu tego gowna
Logfile of HijackThis v1.99.1 Scan saved at 15:55:31, on 2007-03-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe G:\programy\AVAST\aswUpdSv.exe G:\programy\AVAST\ashServ.exe C:\WINDOWS\Explorer.EXE G:\programy\AVG\AVG Anti-Spyware 7.5\guard.exe G:\programy\bluesolei\BTNtService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe G:\programy\AVAST\ashDisp.exe G:\programy\hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe G:\programy\hp\Digital Imaging\Unload\hpqcmon.exe G:\programy\hp\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\ctfmon.exe G:\programy\bluesolei\BlueSoleil.exe G:\programy\hp\Digital Imaging\bin\hpqtra08.exe c:\progra~1\intern~1\iexplore.exe G:\programy\hp\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe G:\programy\AVAST\ashMaiSv.exe G:\programy\AVAST\ashWebSv.exe G:\programy\hp\Digital Imaging\Bin\hpqSTE08.exe G:\programy\hp\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jacek\Pulpit\dla pauliny\umbrellann\umbrella.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jacek\Pulpit\dla pauliny\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\programy\FLASHGET\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\programy\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\programy\FLASHGET\fgiebar.dll O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\ScanSoft\TEXTAL~1\TAForIE.dll O4 - HKLM…\Run: [soltek] C:\WINDOWS\system32\autorun.exe O4 - HKLM…\Run: [avast!] G:\programy\AVAST\ashDisp.exe O4 - HKLM…\Run: [HP Software Update] “G:\programy\hp\HP Software Update\HPWuSchd2.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” O4 - HKLM…\Run: [CnxDslTaskBar] “C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” “ZTE Corporation\ZXDSL852” O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [DAEMON Tools] “G:\programy\daemon\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [CorelDRAW Graphics Suite 11b] G:\programy\Cores suite\Languages\PL\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=040507 serial=DR12WRS-8796594-FHE lang=PL O4 - HKLM…\Run: [CamMonitor] G:\programy\hp\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM…\Run: [share-to-Web Namespace Daemon] G:\programy\hp\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] G:\programy\NOKIAP~1\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [bikeWinDumbFor] C:\Documents and Settings\All Users\Dane aplikacji\play defy bike win\GridBeep.exe O4 - HKCU…\Run: [PcSync] G:\programy\nokia pc suite\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [iso cash] C:\DOCUME~1\Jacek\DANEAP~1\BROWSE~1\LOCKS PLAN.exe O4 - Startup: No-IP DUC.lnk = G:\programy\no-ip\DUC20.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\programy\hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - G:\programy\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - G:\programy\FlashGet\jc_all.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra ‘Tools’ menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\programy\FLASHGET\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\programy\FLASHGET\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://megapanel.gem.pl/WebInstaller.dll O17 - HKLM\System\CCS\Services\Tcpip…{0BAEA3B3-2815-407F-B598-E95E1AD0977D}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - G:\programy\AVAST\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - G:\programy\AVAST\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - G:\programy\AVAST\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - G:\programy\AVAST\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - G:\programy\AVG\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - G:\programy\bluesolei\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
adam9870
(adam9870)
26 Marzec 2007 14:30
#2
Foldery usuń ręcznie będąc w trybie awaryjnym natomiast wpisy HijackThis.
Użyj narzędzia NoLop .
Po wykonaniu pokaż nowy log z HijackThis, SilentRunners oraz zawartość pliku C:\NoLop.log
Fusher123
(Fusher Jacek)
26 Marzec 2007 14:57
#3
jeszcze jedno jak przejsc w tryb awaryjny i tam usunac bo tego nie umiem
edit:
a te oba foldery udalo mi sie usunać normalni bez tego trybu awaryjnego
Joan
(Joan Sunshine)
26 Marzec 2007 16:13
#6
czysto. Przeczyść rejestr – użyj do tego jv16 PowerTools 2006 1.5.2.344.
EDIT. Wejdź Start >>> uruchom >>> cmd >>> wpisz:
schtasks /delete /TN “ABF2B7C490ED2B50” /F