Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3900: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3902: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3903: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3904: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
bardzo prosze o przeanalizowanie mojego loga • programosy.pl
Aktualizacje na programosy.pl: DVDFab PlatinumFreeplaneXYplorerProcess LassoMozilla FirefoxAVS Image ConverterAVS Audio ConverterSpyShelterTribler  

  • Ogłoszenie:

bardzo prosze o przeanalizowanie mojego loga

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

Bardzo prosze o przeanalizowanie mojego loga

Postprzez pawcio04 17 Lis 2005, 18:11

reklama
bardzo prosze o analize mojego loga i opis jak go naprawic


Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 16:33:26, on 2005-11-17
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/SYSTEM32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/System32/Ati2evxx.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/Program Files/Common Files/Symantec Shared/ccSetMgr.exe
C:/Program Files/Common Files/Symantec Shared/ccEvtMgr.exe
C:/WINDOWS/SYSTEM32/Ati2evxx.exe
C:/WINDOWS/explorer.exe
C:/WINDOWS/system32/spoolsv.exe
C:/Program Files/Norton AntiVirus/navapsvc.exe
C:/Program Files/Norton AntiVirus/SAVScan.exe
D:/Program Files/D-Tools/daemon.exe
C:/Program Files/QuickTime/qttask.exe
C:/Program Files/Common Files/Symantec Shared/ccApp.exe
C:/Program Files/Media Gateway/MediaGateway.exe
C:/WINDOWS/System32/paytime.exe
C:/WINDOWS/System32/ctfmon.exe
C:/WINDOWS/tool2.exe
C:/Program Files/AusLogics BoostSpeed/boostspeed.exe
E:/Program Files/Gadu-Gadu/gg.exe
C:/winstall.exe
C:/WINDOWS/System32/paytime.exe
C:/WINDOWS/tool2.exe
C:/WINDOWS/System32/sysvcs.exe
C:/Program Files/Common Files/Real/Update_OB/realsched.exe
C:/Program Files/Maxthon/Maxthon.exe
C:/Program Files/Microsoft Office/Office10/OUTLOOK.EXE
C:/Program Files/Microsoft Office/Office10/WINWORD.EXE
C:/DOCUME~1/PAWE~1/USTAWI~1/Temp/Rar$EX00.531/HijackThis.exe
C:/Documents and Settings/Paweł/Pulpit/HijackThis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = c:/secure32.html
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = c:/secure32.html
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = c:/secure32.html
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page = c:/secure32.html
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Local Page = c:/secure32.html
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Local Page = c:/secure32.html
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: Shell=explorer.exe                                                                                                    "C:/Program Files/Common Files/Microsoft Shared/Web Folders/ibm00001.exe"
O1 - Hosts file is located at: C:/WINDOWS/System32/drivers/etc/hosts
O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.5 x.full-tgp.net
O1 - Hosts: 127.0.0.5 counter.cenzura-spam.com
O1 - Hosts: 127.0.0.5 autoescrowpay.com
O1 - Hosts: 127.0.0.5 www.autoescrowpay.com
O1 - Hosts: 127.0.0.5 www.awmdabest.com
O1 - Hosts: 127.0.0.5 www.cenzura-spam.nu
O1 - Hosts: 127.0.0.5 awmdabest.com
O1 - Hosts: 127.0.0.5 cenzura-spam.nu
O1 - Hosts: 127.0.0.5 allforadult.com
O1 - Hosts: 127.0.0.5 www.allforadult.com
O1 - Hosts: 127.0.0.5 www.iframe.biz
O1 - Hosts: 127.0.0.5 iframe.biz
O1 - Hosts: 127.0.0.5 www.newiframe.biz
O1 - Hosts: 127.0.0.5 newiframe.biz
O1 - Hosts: 127.0.0.5 www.vesbiz.biz
O1 - Hosts: 127.0.0.5 vesbiz.biz
O1 - Hosts: 127.0.0.5 www.cenzura!.biz
O1 - Hosts: 127.0.0.5 cenzura!.biz
O1 - Hosts: 127.0.0.5 www.awmcash.biz
O1 - Hosts: 127.0.0.5 awmcash.biz
O1 - Hosts: 127.0.0.5 buldog-stats.com
O1 - Hosts: 127.0.0.5 www.buldog-stats.com
O1 - Hosts: 127.0.0.5 fregat.drocherway.com
O1 - Hosts: 127.0.0.5 slutmania.biz
O1 - Hosts: 127.0.0.5 www.slutmania.biz
O1 - Hosts: 127.0.0.5 toolbarpartner.com
O1 - Hosts: 127.0.0.5 www.toolbarpartner.com
O1 - Hosts: 127.0.0.5 www.megapornix.com
O1 - Hosts: 127.0.0.5 megapornix.com
O1 - Hosts: 127.0.0.5 www.sp2fucked.biz
O1 - Hosts: 127.0.0.5 sp2fucked.biz
O1 - Hosts: 127.0.0.5 greg-tut.com
O1 - Hosts: 127.0.0.5 www.greg-tut.com
O1 - Hosts: 127.0.0.5 nylonsexy.com
O1 - Hosts: 127.0.0.5 www.nylonsexy.com
O1 - Hosts: 127.0.0.5 vparivalka.com
O1 - Hosts: 127.0.0.5 www.vparivalka.com
O1 - Hosts: 127.0.0.5 iframeprofit.com
O1 - Hosts: 127.0.0.5 www.iframeprofit.com
O1 - Hosts: 127.0.0.5 topsearch10.com
O1 - Hosts: 127.0.0.5 www.topsearch10.com
O1 - Hosts: 127.0.0.5 statscash.biz
O1 - Hosts: 127.0.0.5 www.statscash.biz
O1 - Hosts: 127.0.0.5 vxiframe.biz
O1 - Hosts: 127.0.0.5 www.vxiframe.biz
O1 - Hosts: 127.0.0.5 crazy-toolbar.com
O1 - Hosts: 127.0.0.5 www.crazy-toolbar.com
O1 - Hosts: 127.0.0.5 topcash.biz
O1 - Hosts: 127.0.0.5 www.topcash.biz
O1 - Hosts: 127.0.0.5 loadcash.biz
O1 - Hosts: 127.0.0.5 www.loadcash.biz
O1 - Hosts: 127.0.0.5 txiframe.biz
O1 - Hosts: 127.0.0.5 www.txiframe.biz
O1 - Hosts: 127.0.0.5 procounter.biz
O1 - Hosts: 127.0.0.5 www.procounter.biz
O1 - Hosts: 127.0.0.5 advadmin.biz
O1 - Hosts: 127.0.0.5 www.advadmin.biz
O1 - Hosts: 127.0.0.5 trafficbest.net
O1 - Hosts: 127.0.0.5 www.trafficbest.net
O1 - Hosts: 127.0.0.5 besthvac.com
O1 - Hosts: 127.0.0.5 www.besthvac.com
O1 - Hosts: 127.0.0.5 traff4.com
O1 - Hosts: 127.0.0.5 www.traff4.com
O1 - Hosts: 127.0.0.5 ambush-script.com
O1 - Hosts: 127.0.0.5 www.ambush-script.com
O1 - Hosts: 127.0.0.5 beehappyy.biz
O1 - Hosts: 127.0.0.5 www.beehappyy.biz
O1 - Hosts: 127.0.0.5 tracktraff.cc
O1 - Hosts: 127.0.0.5 www.tracktraff.cc
O1 - Hosts: 127.0.0.5 allcount.net
O1 - Hosts: 127.0.0.5 www.allcount.net
O1 - Hosts: 127.0.0.5 onedayoffer.biz
O1 - Hosts: 127.0.0.5 www.onedayoffer.biz
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:/WINDOWS/nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Program Files/Adobe/Acrobat 7.0/ActiveX/AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:/Program Files/Siber Systems/AI RoboForm/roboform.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:/Program Files/Norton AntiVirus/NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:/Program Files/Siber Systems/AI RoboForm/roboform.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:/Program Files/Norton AntiVirus/NavShExt.dll
O4 - HKLM/../Run: [DAEMON Tools-1033] "D:/Program Files/D-Tools/daemon.exe" -lang 1045
O4 - HKLM/../Run: [KernelFaultCheck] %systemroot%/system32/dumprep 0 -k
O4 - HKLM/../Run: [QuickTime Task] "C:/Program Files/QuickTime/qttask.exe" -atboottime
O4 - HKLM/../Run: [SysMemory manager] c:/windows/system32/mdms.exe
O4 - HKLM/../Run: [ccApp] "C:/Program Files/Common Files/Symantec Shared/ccApp.exe"
O4 - HKLM/../Run: [Symantec NetDriver Monitor] C:/PROGRA~1/SYMNET~1/SNDMon.exe /Consumer
O4 - HKLM/../Run: [SSC_UserPrompt] C:/Program Files/Common Files/Symantec Shared/Security Center/UsrPrmpt.exe
O4 - HKLM/../Run: [Media Gateway] C:/Program Files/Media Gateway/MediaGateway.exe
O4 - HKLM/../Run: [Internet Optimizer] "C:/Program Files/Internet Optimizer/optimize.exe"
O4 - HKLM/../Run: [PayTime] C:/WINDOWS/System32/paytime.exe
O4 - HKLM/../Run: [TkBellExe] "C:/Program Files/Common Files/Real/Update_OB/realsched.exe"  -osboot
O4 - HKCU/../Run: [CTFMON.EXE] C:/WINDOWS/System32/ctfmon.exe
O4 - HKCU/../Run: [BoostSpeed] "C:/Program Files/AusLogics BoostSpeed/boostspeed.exe" /Q
O4 - HKCU/../Run: [Shell] "C:/Program Files/Common Files/Microsoft Shared/Web Folders/ibm00001.exe"
O4 - HKCU/../Run: [Gadu-Gadu] "E:/Program Files/Gadu-Gadu/gg.exe" /tray
O4 - HKCU/../Run: [Windows installer] C:/winstall.exe
O4 - HKCU/../Run: [PayTime] C:/WINDOWS/System32/paytime.exe
O4 - HKCU/../Run: [aupd] C:/WINDOWS/System32/sysvcs.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:/Program Files/Common Files/Adobe/Calibration/Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:/Program Files/Adobe/Acrobat 7.0/Reader/reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:/Program Files/Microsoft Office/Office10/OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:/PROGRA~1/MICROS~2/Office10/EXCEL.EXE/3000
O8 - Extra context menu item: Personalizuj Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Pasek Narzędzi - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O8 - Extra context menu item: Wypełnij Pola - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O8 - Extra context menu item: Zapisz Pola - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O9 - Extra button: Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O9 - Extra button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Zapisz Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Pasek Narzędzi - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:/WINDOWS/web/related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:/WINDOWS/web/related.htm
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:/nosuch.mht!http://toolbarbiz.biz/dl/adv588/x.chm::/load.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c282.cab
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/eng/roulette_2_0_0_17.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_65.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:/ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:/ex.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/eng/slots90_2_0_0_26.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/eng/navy_2_0_0_19.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/17393a6bee39e46d4b06/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130532149640
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_39.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://67.15.101.3/g_bin/eng/domino_2_0_0_24.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_31.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/eng/words_2_0_0_38.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_24.cab
O17 - HKLM/System/CCS/Services/Tcpip/../{DB18774E-1EF9-4E28-97B3-E2DEA3BC8ECD}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: nuclabdll - nuclabdll.dll (file missing)
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:/WINDOWS/System32/lenohkem.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:/WINDOWS/System32/Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:/WINDOWS/system32/ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:/Program Files/Common Files/Symantec Shared/ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:/Program Files/Common Files/Symantec Shared/ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:/Program Files/Common Files/Symantec Shared/ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:/Program Files/Common Files/InstallShield/Driver/1050/Intel 32/IDriverT.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:/Program Files/Norton AntiVirus/navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:/Program Files/Norton AntiVirus/SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:/PROGRA~1/COMMON~1/SYMANT~1/SCRIPT~1/SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:/Program Files/Common Files/Symantec Shared/SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:/Program Files/Common Files/Symantec Shared/Security Center/SymWSC.exe
pawcio04
~user
 
Posty: 2
Dołączenie: 17 Lis 2005, 18:02


Góra

Postprzez jeff 17 Lis 2005, 18:51

a cos sie dzieje nie tak :?:
jeff
 


Góra

Postprzez pawcio04 17 Lis 2005, 19:10

Bardzo prosze o pomoc w Traiu pojakiły mi sie 3 czerwone koła z białym krzezykiem. Włacza mi sie jakiś SpySheriff i cały czas wyskakuje mi " computer is infect" wiem że czeba zrobić raporty mam i wklejam. Bardzo prosze o pomoc bo nie moge normalnie pracować
pawcio04
~user
 
Posty: 2
Dołączenie: 17 Lis 2005, 18:02


Góra

Postprzez jeff 17 Lis 2005, 19:22

wszystkie czynności wykonujesz w trybie awaryjnym z wyłączonym przywracaniem systemu

w dodaj usuń odinstalowujesz Internet Optimizer oraz MediaGateway

C:/WINDOWS/tool2.exe
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = c:/secure32.html
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = c:/secure32.html
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = c:/secure32.html
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page = c:/secure32.html
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Local Page = c:/secure32.html
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Local Page = c:/secure32.html
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:/Program Files/Common Files/Microsoft Shared/Web Folders/ibm00001.exe
O1 - Hosts file is located at: C:/WINDOWS/System32/drivers/etc/hosts
O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.5 x.full-tgp.net
O1 - Hosts: 127.0.0.5 counter.cenzura-spam.com
O1 - Hosts: 127.0.0.5 autoescrowpay.com
O1 - Hosts: 127.0.0.5 www.autoescrowpay.com
O1 - Hosts: 127.0.0.5 www.awmdabest.com
O1 - Hosts: 127.0.0.5 www.cenzura-spam.nu
O1 - Hosts: 127.0.0.5 awmdabest.com
O1 - Hosts: 127.0.0.5 cenzura-spam.nu
O1 - Hosts: 127.0.0.5 allforadult.com
O1 - Hosts: 127.0.0.5 www.allforadult.com
O1 - Hosts: 127.0.0.5 www.iframe.biz
O1 - Hosts: 127.0.0.5 iframe.biz
O1 - Hosts: 127.0.0.5 www.newiframe.biz
O1 - Hosts: 127.0.0.5 newiframe.biz
O1 - Hosts: 127.0.0.5 www.vesbiz.biz
O1 - Hosts: 127.0.0.5 vesbiz.biz
O1 - Hosts: 127.0.0.5 www.cenzura!.biz
O1 - Hosts: 127.0.0.5 cenzura!.biz
O1 - Hosts: 127.0.0.5 www.awmcash.biz
O1 - Hosts: 127.0.0.5 awmcash.biz
O1 - Hosts: 127.0.0.5 buldog-stats.com
O1 - Hosts: 127.0.0.5 www.buldog-stats.com
O1 - Hosts: 127.0.0.5 fregat.drocherway.com
O1 - Hosts: 127.0.0.5 slutmania.biz
O1 - Hosts: 127.0.0.5 www.slutmania.biz
O1 - Hosts: 127.0.0.5 toolbarpartner.com
O1 - Hosts: 127.0.0.5 www.toolbarpartner.com
O1 - Hosts: 127.0.0.5 www.megapornix.com
O1 - Hosts: 127.0.0.5 megapornix.com
O1 - Hosts: 127.0.0.5 www.sp2fucked.biz
O1 - Hosts: 127.0.0.5 sp2fucked.biz
O1 - Hosts: 127.0.0.5 greg-tut.com
O1 - Hosts: 127.0.0.5 www.greg-tut.com
O1 - Hosts: 127.0.0.5 nylonsexy.com
O1 - Hosts: 127.0.0.5 www.nylonsexy.com
O1 - Hosts: 127.0.0.5 vparivalka.com
O1 - Hosts: 127.0.0.5 www.vparivalka.com
O1 - Hosts: 127.0.0.5 iframeprofit.com
O1 - Hosts: 127.0.0.5 www.iframeprofit.com
O1 - Hosts: 127.0.0.5 topsearch10.com
O1 - Hosts: 127.0.0.5 www.topsearch10.com
O1 - Hosts: 127.0.0.5 statscash.biz
O1 - Hosts: 127.0.0.5 www.statscash.biz
O1 - Hosts: 127.0.0.5 vxiframe.biz
O1 - Hosts: 127.0.0.5 www.vxiframe.biz
O1 - Hosts: 127.0.0.5 crazy-toolbar.com
O1 - Hosts: 127.0.0.5 www.crazy-toolbar.com
O1 - Hosts: 127.0.0.5 topcash.biz
O1 - Hosts: 127.0.0.5 www.topcash.biz
O1 - Hosts: 127.0.0.5 loadcash.biz
O1 - Hosts: 127.0.0.5 www.loadcash.biz
O1 - Hosts: 127.0.0.5 txiframe.biz
O1 - Hosts: 127.0.0.5 www.txiframe.biz
O1 - Hosts: 127.0.0.5 procounter.biz
O1 - Hosts: 127.0.0.5 www.procounter.biz
O1 - Hosts: 127.0.0.5 advadmin.biz
O1 - Hosts: 127.0.0.5 www.advadmin.biz
O1 - Hosts: 127.0.0.5 trafficbest.net
O1 - Hosts: 127.0.0.5 www.trafficbest.net
O1 - Hosts: 127.0.0.5 besthvac.com
O1 - Hosts: 127.0.0.5 www.besthvac.com
O1 - Hosts: 127.0.0.5 traff4.com
O1 - Hosts: 127.0.0.5 www.traff4.com
O1 - Hosts: 127.0.0.5 ambush-script.com
O1 - Hosts: 127.0.0.5 www.ambush-script.com
O1 - Hosts: 127.0.0.5 beehappyy.biz
O1 - Hosts: 127.0.0.5 www.beehappyy.biz
O1 - Hosts: 127.0.0.5 tracktraff.cc
O1 - Hosts: 127.0.0.5 www.tracktraff.cc
O1 - Hosts: 127.0.0.5 allcount.net
O1 - Hosts: 127.0.0.5 www.allcount.net
O1 - Hosts: 127.0.0.5 onedayoffer.biz
O1 - Hosts: 127.0.0.5 www.onedayoffer.biz
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:/WINDOWS/nem220.dll (file missing)
O4 - HKLM/../Run: [KernelFaultCheck] %systemroot%/system32/dumprep 0 -k
O4 - HKLM/../Run: [SysMemory manager] c:/windows/system32/mdms.exe
O4 - HKLM/../Run: [Media Gateway] C:/Program Files/Media Gateway/MediaGateway.exe
O4 - HKLM/../Run: [Internet Optimizer] "C:/Program Files/Internet Optimizer/optimize.exe
O4 - HKLM/../Run: [PayTime] C:/WINDOWS/System32/paytime.exe
O4 - HKCU/../Run: [Shell] "C:/Program Files/Common Files/Microsoft Shared/Web Folders/ibm00001.exe
O4 - HKCU/../Run: [Windows installer] C:/winstall.exe
O4 - HKCU/../Run: [PayTime] C:/WINDOWS/System32/paytime.exe
O4 - HKCU/../Run: [aupd] C:/WINDOWS/System32/sysvcs.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:/WINDOWS/web/related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:/WINDOWS/web/related.htm
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:/nosuch.mht!http://toolbarbiz.biz/dl/adv588/x.chm::/load.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/180solutions/ie/bridge-c282.cab
O20 - Winlogon Notify: nuclabdll - nuclabdll.dll (file missing)
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:/WINDOWS/System32/lenohkem.dll (file missing)


najpierw kasujesz wpisyu w Hijacku poprzez Fix Checked, potem ręcznie pogrubione pliki i foldery.

usuwanie SpySheriff STĄD

po zabiegach nowy log :P
jeff
 


Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 4 gości

Powered by phpBB © Group
Forum Programosy.pl