Skocz do zawartości




Zdjęcie

log>>> prosze o pomoc


  • Zaloguj się, aby dodać odpowiedź
4 odpowiedzi w tym temacie

#1 gablon

gablon

    1

  • Members
  • PipPipPip
  • 47 postów

Napisano 17 listopad 2005 - 18:26

Logfile of HijackThis v1.99.1
Scan saved at 18:25:44, on 2005-11-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/csrss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/Program Files/Ahead/InCD/InCDsrv.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/system32/svchost.exe
C:/Program Files/Common Files/Symantec Shared/ccSetMgr.exe
C:/Program Files/Common Files/Symantec Shared/ccEvtMgr.exe
C:/WINDOWS/system32/spoolsv.exe
C:/WINDOWS/Explorer.EXE
C:/Program Files/ATI Technologies/ATI Control Panel/atiptaxx.exe
C:/Program Files/Intel/NCS/PROSet/PRONoMgr.exe
C:/WINDOWS/SOUNDMAN.EXE
C:/Program Files/HP/hpcoretech/hpcmpmgr.exe
C:/Program Files/Hewlett-Packard/HP Software Update/HPWuSchd2.exe
C:/WINDOWS/system32/hphmon05.exe
C:/Program Files/Common Files/Symantec Shared/ccApp.exe
C:/Program Files/Norton SystemWorks/Password Manager/AcctMgr.exe
C:/Program Files/CyberLink DVD Solution/PowerDVD/PDVDServ.exe
C:/Program Files/Ahead/InCD/InCD.exe
C:/Program Files/Java/jre1.5.0_01/bin/jusched.exe
C:/Program Files/webHancer/Programs/whSurvey.exe
C:/Program Files/Blubster/Blubster.exe
C:/Program Files/webHancer/Programs/whAgent.exe
C:/Program Files/WebRebates4/webrebates.exe
C:/WINDOWS/system32/ctfmon.exe
C:/Program Files/Messenger/msmsgs.exe
C:/Program Files/Gadu-Gadu/gg.exe
C:/Program Files/Norton SystemWorks/Norton Antivirus/navapsvc.exe
C:/PROGRA~1/NORTON~1/NORTON~2/NPROTECT.EXE
C:/PROGRA~1/NORTON~1/NORTON~2/SPEEDD~1/NOPDB.EXE
C:/WINDOWS/system32/wdfmgr.exe
C:/Program Files/Common Files/Symantec Shared/Security Center/SymWSC.exe
C:/WINDOWS/system32/HPZipm12.exe
C:/WINDOWS/System32/alg.exe
C:/Program Files/Norton SystemWorks/Norton Antivirus/SAVScan.exe
C:/Program Files/WebRebates4/w11150.exe
C:/Program Files/Internet Explorer/iexplore.exe
C:/PROGRA~1/COMMON~1/MICROS~1/Msinfo/OFFPROV.EXE
C:/Program Files/Internet Explorer/iexplore.exe
C:/Documents and Settings/miron/Pulpit/hijackthis/HijackThis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://ws1.appswebse...=10244&ttid=104
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.wp.pl/
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Program Files/Adobe/Acrobat 5.0/Reader/ActiveX/AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:/Program Files/Norton SystemWorks/Norton Antivirus/NavShExt.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:/Program Files/webHancer/programs/whiehlpr.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:/Program Files/Norton SystemWorks/Norton Antivirus/NavShExt.dll
O4 - HKLM/../Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM/../Run: [ATIPTA] C:/Program Files/ATI Technologies/ATI Control Panel/atiptaxx.exe
O4 - HKLM/../Run: [PRONoMgr.exe] C:/Program Files/Intel/NCS/PROSet/PRONoMgr.exe
O4 - HKLM/../Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM/../Run: [HPDJ Taskbar Utility] C:/WINDOWS/system32/spool/drivers/w32x86/3/hpztsb09.exe
O4 - HKLM/../Run: [HPHUPD05] C:/Program Files/Hewlett-Packard/{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}/hphupd05.exe
O4 - HKLM/../Run: [HP Component Manager] "C:/Program Files/HP/hpcoretech/hpcmpmgr.exe"
O4 - HKLM/../Run: [HP Software Update] "C:/Program Files/Hewlett-Packard/HP Software Update/HPWuSchd2.exe"
O4 - HKLM/../Run: [HPHmon05] C:/WINDOWS/system32/hphmon05.exe
O4 - HKLM/../Run: [ccApp] "C:/Program Files/Common Files/Symantec Shared/ccApp.exe"
O4 - HKLM/../Run: [AcctMgr] C:/Program Files/Norton SystemWorks/Password Manager/AcctMgr.exe /startup
O4 - HKLM/../Run: [Symantec NetDriver Monitor] C:/PROGRA~1/SYMNET~1/SNDMon.exe /Consumer
O4 - HKLM/../Run: [RemoteControl] "C:/Program Files/CyberLink DVD Solution/PowerDVD/PDVDServ.exe"
O4 - HKLM/../Run: [NeroFilterCheck] C:/WINDOWS/system32/NeroCheck.exe
O4 - HKLM/../Run: [InCD] C:/Program Files/Ahead/InCD/InCD.exe
O4 - HKLM/../Run: [SunJavaUpdateSched] C:/Program Files/Java/jre1.5.0_01/bin/jusched.exe
O4 - HKLM/../Run: [ElbyCheckAnyDVD] "C:/Program Files/SlySoft/AnyDVD/ElbyCheck.exe" /L AnyDVD
O4 - HKLM/../Run: [webHancer Survey Companion] "C:/Program Files/webHancer/Programs/whSurvey.exe"
O4 - HKLM/../Run: [Blubster] C:/Program Files/Blubster/Blubster.exe SILENT
O4 - HKLM/../Run: [webHancer Agent] "C:/Program Files/webHancer/Programs/whAgent.exe"
O4 - HKLM/../Run: [webrebates] "C:/Program Files/WebRebates4/webrebates.exe"
O4 - HKCU/../Run: [CTFMON.EXE] C:/WINDOWS/system32/ctfmon.exe
O4 - HKCU/../Run: [MSMSGS] "C:/Program Files/Messenger/msmsgs.exe" /background
O4 - HKCU/../Run: [Gadu-Gadu] "C:/Program Files/Gadu-Gadu/gg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = C:/Program Files/Microsoft Office/Office/OSA9.EXE
O8 - Extra context menu item: Web Rebates. - file://C:/Program Files/WebRebates4/websrebates/webtrebates/toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/Program Files/Java/jre1.5.0_01/bin/npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/Program Files/Java/jre1.5.0_01/bin/npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .spop: C:/Program Files/Internet Explorer/Plugins/NPDocBox.dll
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g...te_2_0_0_15.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g...ds_2_0_0_63.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g...er_2_0_0_36.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g...70_2_0_0_24.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g...ts_2_0_0_29.cab
O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g...cer_2_0_0_8.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g...d8_2_0_0_22.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g...dt_2_0_0_21.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g...er_2_0_0_22.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:/Program Files/Common Files/Symantec Shared/ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:/Program Files/Common Files/Symantec Shared/ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:/Program Files/Common Files/Symantec Shared/ccSetMgr.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:/Program Files/Ahead/InCD/InCDsrv.exe
O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - C:/Program Files/Norton SystemWorks/Norton Antivirus/navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:/Program Files/Intel/NCS/Sync/NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:/PROGRA~1/NORTON~1/NORTON~2/NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:/WINDOWS/system32/HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:/Program Files/Norton SystemWorks/Norton Antivirus/SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:/PROGRA~1/COMMON~1/SYMANT~1/SCRIPT~1/SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:/Program Files/Common Files/Symantec Shared/SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:/PROGRA~1/NORTON~1/NORTON~2/SPEEDD~1/NOPDB.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:/Program Files/Common Files/Symantec Shared/Security Center/SymWSC.exe



#2 deino

deino

    1

  • Moderators
  • 17164 postów

Napisano 17 listopad 2005 - 18:41

ulalala.. norton pilnuje porzadku.. fiu....

#3 gablon

gablon

    1

  • Members
  • PipPipPip
  • 47 postów

Napisano 17 listopad 2005 - 18:48

ulalalala ten norton to chyba jest do d......... POMOCY>>!!!!!!!!!!!

#4 Nieciej

Nieciej

    1

  • Members
  • PipPipPip
  • 902 postów

Napisano 17 listopad 2005 - 19:47

Spokojnie, to tylko WebRebates .

Spróbuj odinstalować WebRebates 4 z Dodaj/usuń programy. Jeśli się nie da i nawet gdy się już udało, zrób poniższe (najwyżej czegoś może już nie być na dysku):

Wyłącz przywracanie systemu (prawym na Mój komputer -> Właściwości, karta Przywracanie systemu -> zaznacz "Wyłącz przywracanie...").
Zamknij także przeglądarkę internetu, MS Office'a, RealPlayera, Winampa, komunikatory i inne takie tam przed usuwaniem wpisów Hijack This-em.

Zakończ procesy (Alt+Ctrl+Del -> zakładka Procesy, zaznacz 'Pokaż procesy wszystkich użytkowników', -> Zakończ proces -> Tak):

C:/Program Files/Java/jre1.5.0_01/bin/jusched.exe
C:/Program Files/WebRebates4/webrebates.exe
C:/Program Files/Messenger/msmsgs.exe
C:/Program Files/WebRebates4/w11150.exe


W Hijack This haczyk i "Fix checked":

O4 - HKLM/../Run: [SunJavaUpdateSched] C:/Program Files/Java/jre1.5.0_01/bin/jusched.exe
O4 - HKLM/../Run: [webrebates] "C:/Program Files/WebRebates4/webrebates.exe"
O4 - HKCU/../Run: [MSMSGS] "C:/Program Files/Messenger/msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:/Program Files/Microsoft Office/Office/OSA9.EXE
O8 - Extra context menu item: Web Rebates. - file://C:/Program Files/WebRebates4/websrebates/webtrebates/toprC0.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - [http://67.15.101.3/g...e_2_0_0_15.cab]
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - [http://67.15.101.3/g...s_2_0_0_63.cab]
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - [http://67.15.101.3/g...r_2_0_0_36.cab]
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - [http://67.15.101.3/g...0_2_0_0_24.cab]
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - [http://67.15.101.3/g...s_2_0_0_29.cab]
O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - [http://67.15.101.3/g...er_2_0_0_8.cab]
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - [http://67.15.101.3/g...8_2_0_0_22.cab]
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - [http://67.15.101.3/g...t_2_0_0_21.cab]
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - [http://67.15.101.3/g...r_2_0_0_22.cab]



Usuń pliki, jeśli istnieją (tryb normalny, jak nie da rady bo "Plik używany..." - restart do trybu awaryjnego czyli klawisz F8 nadużywany podczas uruchamiania komputera):

C:/Program Files/WebRebates4/webrebates.exe <- i cały folder WebRebates4 wraz z nim, całą zawartością i podfolderami

Restart, włącz Przywracanie (jeśli chcesz).
Nowy log daj na Forum.

#5 deino

deino

    1

  • Moderators
  • 17164 postów

Napisano 18 listopad 2005 - 00:08

010 to tym http://komputery.kat...strona2/#post10 bo moze siec pasc




Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych


Pozycjonowanie strony: Virtual Development