Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3900: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3902: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3903: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3904: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
pomóżcie • programosy.pl
Aktualizacje na programosy.pl: Black Menu for Google360 Total SecurityEarthViewWise Registry CleanerGrammarly for ChromeFar ManagerClamAVBrave BrowserTrellix Stinger  

  • Ogłoszenie:

pomóżcie

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

pomóżcie

Postprzez Hamster21 12 Lis 2005, 08:57

reklama
Mam probelm. Po pierwsze Spysheriff, a po drugie setki wyskakujacych okien z reklamami.

Oto moj log:

Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 07:46:24, on 2005-11-12
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\norton\security 2005\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TW9uaWthIEtsaW1rb3dza2E\command.exe
D:\norton\security 2005\Norton AntiVirus\navapsvc.exe
D:\norton\antivirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\system.exe
C:\WINDOWS\System32\paytime.exe
C:\windows\system32\rldsregp.exe
C:\WINDOWS\System32\kwinmsaz.exe
C:\windows\adtech2005.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\tool2.exe
D:\komunikatory\Gadu-Gadu\gg.exe
C:\winstall.exe
C:\WINDOWS\System32\paytime.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\WINDOWS\tool2.exe
C:\PROGRA~1\COMMON~1\roko\rokom.exe
C:\WINDOWS\System32\sys32.exe
C:\PROGRA~1\COMMON~1\roko\rokoa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\System32\sysvcs.exe
D:\poczta\the bat\thebat.exe
D:\przegladarki\opera\Opera.exe
C:\Documents and Settings\Patryk\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe                                                                                                    "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O1 - Hosts: 72.9.232.244 www.bankone.com
O1 - Hosts: 72.9.232.244 bankone.com
O1 - Hosts: 72.9.232.244 halifax.com
O1 - Hosts: 72.9.232.244 www.halifax.com
O1 - Hosts: 72.9.232.244 halifax.co.uk
O1 - Hosts: 72.9.232.244 www.halifax.co.uk
O1 - Hosts: 72.9.232.244 www.bankofamerika.com
O1 - Hosts: 72.9.232.244 bankofamerika.com
O1 - Hosts: 72.9.232.244 www.paypal.com
O1 - Hosts: 72.9.232.244 paypal.com
O1 - Hosts: 72.9.232.244 www.lloydstsb.com
O1 - Hosts: 72.9.232.244 lloydstsb.com
O1 - Hosts: 72.9.232.244 www.lloydstsb.co.uk
O1 - Hosts: 72.9.232.244 lloydstsb.co.uk
O1 - Hosts: 72.9.232.244 www.bbvanet.com
O1 - Hosts: 72.9.232.244 bbvanet.com
O1 - Hosts: 72.9.232.244 www.bancopostaonline.poste.it
O1 - Hosts: 72.9.232.244 bancopostaonline.poste.it
O1 - Hosts: 72.9.232.244 www.poste.it
O1 - Hosts: 72.9.232.244 poste.it
O1 - Hosts: 72.9.232.244 www.credem.it
O1 - Hosts: 72.9.232.244 credem.it
O1 - Hosts: 72.9.232.244 www.creval.it
O1 - Hosts: 72.9.232.244 creval.it
O1 - Hosts: 72.9.232.244 www.gruppocarige.it
O1 - Hosts: 72.9.232.244 gruppocarige.it
O1 - Hosts: 72.9.232.244 www.rasbank.it
O1 - Hosts: 72.9.232.244 rasbank.it
O1 - Hosts: 72.9.232.244 www.bancagenerali.it
O1 - Hosts: 72.9.232.244 bancagenerali.it
O1 - Hosts: 72.9.232.244 www.garanti.com.tr
O1 - Hosts: 72.9.232.244 garanti.com.tr
O1 - Hosts: 72.9.232.244 www.kocbank.com.tr
O1 - Hosts: 72.9.232.244 kocbank.com.tr
O1 - Hosts: 72.9.232.244 www.finansbank.com.tr
O1 - Hosts: 72.9.232.244 finansbank.com.tr
O1 - Hosts: 72.9.232.244 www.disbank.com.tr
O1 - Hosts: 72.9.232.244 disbank.com.tr
O1 - Hosts: 72.9.232.244 www.cassarimini.it
O1 - Hosts: 72.9.232.244 cassarimini.it
O1 - Hosts: 72.9.232.244 www.unicredit.it
O1 - Hosts: 72.9.232.244 unicredit.it
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\norton\security 2005\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\SCIAGA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] D:\norton\ANTIVI~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] D:\norton\security 2005\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [System service] C:\WINDOWS\System32\system.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [{A0-01-10-01-ZN}] C:\windows\system32\rldsregp.exe DREU02
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\kwinmsaz.exe DREU02
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2005] C:\windows\adtech2005.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\komunikatory\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [klop] C:\WINDOWS\C25.tmp
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 - HKCU\..\Run: [roko] C:\PROGRA~1\COMMON~1\roko\rokom.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinmsaz.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\przegladarki\adobe\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\office\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\sciaganie\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\sciaganie\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\office\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\SCIAGA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\SCIAGA~1\FlashGet\flashget.exe
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\jtr2079oe.dll
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\System32\icqlobme.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW9uaWthIEtsaW1rb3dza2E\command.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\norton\security 2005\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\norton\security 2005\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\norton\antivirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\norton\security 2005\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Co mam zrobic?


===================
Pusuwałem co się da w usuwaniu windosowskim i teraz mój log wygląda tak:

Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 08:14:26, on 2005-11-12
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\norton\security 2005\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
D:\komunikatory\Gadu-Gadu\gg.exe
C:\winstall.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\sysvcs.exe
D:\norton\security 2005\Norton AntiVirus\navapsvc.exe
D:\norton\antivirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Patryk\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe                                                                                                    "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O1 - Hosts: 72.9.232.244 www.bankone.com
O1 - Hosts: 72.9.232.244 bankone.com
O1 - Hosts: 72.9.232.244 halifax.com
O1 - Hosts: 72.9.232.244 www.halifax.com
O1 - Hosts: 72.9.232.244 halifax.co.uk
O1 - Hosts: 72.9.232.244 www.halifax.co.uk
O1 - Hosts: 72.9.232.244 www.bankofamerika.com
O1 - Hosts: 72.9.232.244 bankofamerika.com
O1 - Hosts: 72.9.232.244 www.paypal.com
O1 - Hosts: 72.9.232.244 paypal.com
O1 - Hosts: 72.9.232.244 www.lloydstsb.com
O1 - Hosts: 72.9.232.244 lloydstsb.com
O1 - Hosts: 72.9.232.244 www.lloydstsb.co.uk
O1 - Hosts: 72.9.232.244 lloydstsb.co.uk
O1 - Hosts: 72.9.232.244 www.bbvanet.com
O1 - Hosts: 72.9.232.244 bbvanet.com
O1 - Hosts: 72.9.232.244 www.bancopostaonline.poste.it
O1 - Hosts: 72.9.232.244 bancopostaonline.poste.it
O1 - Hosts: 72.9.232.244 www.poste.it
O1 - Hosts: 72.9.232.244 poste.it
O1 - Hosts: 72.9.232.244 www.credem.it
O1 - Hosts: 72.9.232.244 credem.it
O1 - Hosts: 72.9.232.244 www.creval.it
O1 - Hosts: 72.9.232.244 creval.it
O1 - Hosts: 72.9.232.244 www.gruppocarige.it
O1 - Hosts: 72.9.232.244 gruppocarige.it
O1 - Hosts: 72.9.232.244 www.rasbank.it
O1 - Hosts: 72.9.232.244 rasbank.it
O1 - Hosts: 72.9.232.244 www.bancagenerali.it
O1 - Hosts: 72.9.232.244 bancagenerali.it
O1 - Hosts: 72.9.232.244 www.garanti.com.tr
O1 - Hosts: 72.9.232.244 garanti.com.tr
O1 - Hosts: 72.9.232.244 www.kocbank.com.tr
O1 - Hosts: 72.9.232.244 kocbank.com.tr
O1 - Hosts: 72.9.232.244 www.finansbank.com.tr
O1 - Hosts: 72.9.232.244 finansbank.com.tr
O1 - Hosts: 72.9.232.244 www.disbank.com.tr
O1 - Hosts: 72.9.232.244 disbank.com.tr
O1 - Hosts: 72.9.232.244 www.cassarimini.it
O1 - Hosts: 72.9.232.244 cassarimini.it
O1 - Hosts: 72.9.232.244 www.unicredit.it
O1 - Hosts: 72.9.232.244 unicredit.it
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\norton\security 2005\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\SCIAGA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\kwinmsaz.exe DREU02
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\komunikatory\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [klop] C:\WINDOWS\C25.tmp
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinmsaz.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\przegladarki\adobe\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\office\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\sciaganie\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\sciaganie\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\office\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\SCIAGA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\SCIAGA~1\FlashGet\flashget.exe
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\n86qlij518o.dll
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\System32\icqlobme.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\norton\security 2005\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\norton\security 2005\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\norton\antivirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\norton\security 2005\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Hamster21
~user
 
Posty: 3
Dołączenie: 12 Lis 2005, 08:53


Góra

Postprzez jeff 12 Lis 2005, 10:43

wszystkie czynności wykonujesz w trybie awaryjnym z wyłączonym przywracaniem systemu

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
O1 - Hosts: 72.9.232.244 www.bankone.com
O1 - Hosts: 72.9.232.244 bankone.com
O1 - Hosts: 72.9.232.244 halifax.com
O1 - Hosts: 72.9.232.244 www.halifax.com
O1 - Hosts: 72.9.232.244 halifax.co.uk
O1 - Hosts: 72.9.232.244 www.halifax.co.uk
O1 - Hosts: 72.9.232.244 www.bankofamerika.com
O1 - Hosts: 72.9.232.244 bankofamerika.com
O1 - Hosts: 72.9.232.244 www.paypal.com
O1 - Hosts: 72.9.232.244 paypal.com
O1 - Hosts: 72.9.232.244 www.lloydstsb.com
O1 - Hosts: 72.9.232.244 lloydstsb.com
O1 - Hosts: 72.9.232.244 www.lloydstsb.co.uk
O1 - Hosts: 72.9.232.244 lloydstsb.co.uk
O1 - Hosts: 72.9.232.244 www.bbvanet.com
O1 - Hosts: 72.9.232.244 bbvanet.com
O1 - Hosts: 72.9.232.244 www.bancopostaonline.poste.it
O1 - Hosts: 72.9.232.244 bancopostaonline.poste.it
O1 - Hosts: 72.9.232.244 www.poste.it
O1 - Hosts: 72.9.232.244 poste.it
O1 - Hosts: 72.9.232.244 www.credem.it
O1 - Hosts: 72.9.232.244 credem.it
O1 - Hosts: 72.9.232.244 www.creval.it
O1 - Hosts: 72.9.232.244 creval.it
O1 - Hosts: 72.9.232.244 www.gruppocarige.it
O1 - Hosts: 72.9.232.244 gruppocarige.it
O1 - Hosts: 72.9.232.244 www.rasbank.it
O1 - Hosts: 72.9.232.244 rasbank.it
O1 - Hosts: 72.9.232.244 www.bancagenerali.it
O1 - Hosts: 72.9.232.244 bancagenerali.it
O1 - Hosts: 72.9.232.244 www.garanti.com.tr
O1 - Hosts: 72.9.232.244 garanti.com.tr
O1 - Hosts: 72.9.232.244 www.kocbank.com.tr
O1 - Hosts: 72.9.232.244 kocbank.com.tr
O1 - Hosts: 72.9.232.244 www.finansbank.com.tr
O1 - Hosts: 72.9.232.244 finansbank.com.tr
O1 - Hosts: 72.9.232.244 www.disbank.com.tr
O1 - Hosts: 72.9.232.244 disbank.com.tr
O1 - Hosts: 72.9.232.244 www.cassarimini.it
O1 - Hosts: 72.9.232.244 cassarimini.it
O1 - Hosts: 72.9.232.244 www.unicredit.it
O1 - Hosts: 72.9.232.244 unicredit.it
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [klop] C:\WINDOWS\C25.tmp
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\n86qlij518o.dll
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\System32\icqlobme.dll (file missing)


Najpierw kasujesz wpisy w Hijacku, potem ręcznie pogrubione pliki/foldery

Znasz to ?

O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\kwinmsaz.exe DREU02
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinmsaz.exe


Jak nie to kasujesz

usuwanie SpySheriff STĄD

po zabiegach nowy log z Hijacka oraz :

Red napisał(a):1. Sciagnij i uruchom (wypakuj) programik http://www.atribune.org/downloads/l2mfix.exe
2. Odpal go przez l2mfix.bat z jego folderu
3. Uruchom w nim opcje 1 (Run Find Log)
4. Czekaj cierpliwie na zakonczenie
5. Pokaz log ktory dostaniesz po zakonczeniu


i czekasz na Reda
jeff
 


Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 14 gości

Powered by phpBB © Group
Forum Programosy.pl