TA STRONA UŻYWA COOKIE. Dowiedz się więcej o celu ich używania i zmianie ustawień cookie w przeglądarce. Korzystając ze strony wyrażasz zgodę na używanie cookie, zgodnie z aktualnymi ustawieniami przeglądarki.
Od dnia 25.05.2018 r. na terenie Unii Europejskiej wchodzi w życie Rozporządzenie Parlamentu Europejskiego w sprawie ochrony danych osobowych. Prosimy o zapoznanie się z polityką prywatności oraz regulaminem serwisu  [X]

jak HijackThis-em usunąć komunikat

Tematyka związana z produktami firmy Microsoft.
Wyślij odpowiedź

Postprzez pp3088 » 20 Paź 2006, 15:09

PostUA:

Dokładnie. Nie przejmuj się, za pierwszym razem zawsze tak jest ; )

Czekam na efekty oby owocne.
Awatar użytkownika
pp3088
Aktywny w piśmie
Aktywny w piśmie
 
Posty: 999
Dołączenie: 11 Sie 2006, 23:59
Miejscowość: Szczecin
Góra

Postprzez Hpest » 20 Paź 2006, 15:43

PostUA:

fugas761 -> Silentrunners
Awatar użytkownika
Hpest
Zacny pisarz
Zacny pisarz
 
Posty: 1568
Dołączenie: 23 Lip 2005, 22:37
Miejscowość: [E]lita..
Góra

Postprzez fugas761 » 20 Paź 2006, 17:14

PostUA:

Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 17:13:41, on 2006-10-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesEset
od32krn.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32RunDll32.exe
C:Program FilesEset
od32kui.exe
C:Program FilesMultimedia Combo SetMouseDrv.exe
C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
C:WINDOWSsystem32HBO ScreenSaver.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesCommon Files{ACFCEBC0-0A6B-1045-0804-040406090030}Update.exe
C:Program FilesAresAres.exe
C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
C:Program FilesBright Bug SoftwareSharedScreen SaversBBDTMngr.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsTomekPulpithijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [nod32kui] "C:Program FilesEset
od32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [WireLessMouse ] C:Program FilesMultimedia Combo SetMouseDrv.exe
O4 - HKLM..Run: [WireLessKeyboard ] C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
O4 - HKLM..Run: [HBOScreensaver] "C:WINDOWSsystem32HBO ScreenSaver.exe" /sch
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [BearFlix] "C:Program FilesBearFlixBearFlix.exe" /pause
O4 - HKLM..Run: [PVModule] C:PROGRA~1PRINTV~1pvmodule.exe
O4 - HKCU..Run: [ares] "C:Program FilesAresAres.exe" -h
O4 - HKCU..Run: [Dzieńdobry!] C:Documents and SettingsTomekMoje dokumentyDzieńdobry!dziendobry.exe /auto
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
O4 - Global Startup: Run BBDTMngr.exe.lnk = C:Program FilesBright Bug SoftwareSharedScreen SaversBBDTMngr.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_71.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_30.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_30.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_23.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_30.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://83.18.237.172/plugin/h263ctrl.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_46.cab
O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_30.cab
O20 - Winlogon Notify: wintfj32 - C:WINDOWSSYSTEM32wintfj32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:Program FilesEset
od32krn.exe
Awatar użytkownika
fugas761
Postujący
Postujący
 
Posty: 237
Dołączenie: 19 Paź 2006, 21:54
Góra

Postprzez fugas761 » 20 Paź 2006, 17:16

PostUA:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun
"{ACFCEBC0-0A6B-1045-0804-040406090030}" = ""C:Program FilesCommon Files{ACFCEBC0-0A6B-1045-0804-040406090030}Update.exe" mc-110-12-0000272" [null data]

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ares" = ""C:Program FilesAresAres.exe" -h" ["Ares Development Group"]
"Dzieńdobry!" = "C:Documents and SettingsTomekMoje dokumentyDzieńdobry!dziendobry.exe /auto" ["VSD Software"]

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun {++}
"ishost.exe" = "ishost.exe" [file not found]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ATICCC" = ""C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay" [null data]
"Skrót do strony właściwości High Definition Audio" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"nod32kui" = ""C:Program FilesEset
od32kui.exe" /WAITSERVICE" ["Eset "]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]
"WireLessMouse " = "C:Program FilesMultimedia Combo SetMouseDrv.exe" [empty string]
"WireLessKeyboard " = "C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe" [empty string]
"HBOScreensaver" = ""C:WINDOWSsystem32HBO ScreenSaver.exe" /sch" [null data]
"QuickTime Task" = ""C:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."]
"BearFlix" = ""C:Program FilesBearFlixBearFlix.exe" /pause" [file not found]
"PVModule" = "C:PROGRA~1PRINTV~1pvmodule.exe" [file not found]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpnyt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = "My Global Search Bar BHO"
-> {HKLM...CLSID} = "My Global Search Bar BHO"
InProcServer32(Default) = "C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL" [file not found]
{C004DEC2-2623-438e-9CA2-C9043AB28508}(Default) = (no title provided)
-> {HKLM...CLSID} = "ToolBar888"
InProcServer32(Default) = "C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll" [file not found]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]
Awatar użytkownika
fugas761
Postujący
Postujący
 
Posty: 237
Dołączenie: 19 Paź 2006, 21:54
Góra

Postprzez fugas761 » 20 Paź 2006, 17:20

PostUA:

Tego nie moge znalezc :MBOLS~`1 racert.exe-vt yazb i nie moge wykasowac w trybie zwyklym ani w awaryjnym pliku:wintfj 32.dll i nadal pokazuje mi sie trojan DIALER,QS trojan
Awatar użytkownika
fugas761
Postujący
Postujący
 
Posty: 237
Dołączenie: 19 Paź 2006, 21:54
Góra

Postprzez Hpest » 20 Paź 2006, 17:46

PostUA:

fugas761 Wklej cały LOG! Ten jest niekompletny!
Prawidłowy LOG kończy się komendą:
---------- (total run time: X seconds, including X seconds for message boxes)
Awatar użytkownika
Hpest
Zacny pisarz
Zacny pisarz
 
Posty: 1568
Dołączenie: 23 Lip 2005, 22:37
Miejscowość: [E]lita..
Góra

Postprzez fugas761 » 20 Paź 2006, 17:56

PostUA:

Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 17:53:46, on 2006-10-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesEset
od32krn.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32RunDll32.exe
C:Program FilesEset
od32kui.exe
C:Program FilesMultimedia Combo SetMouseDrv.exe
C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
C:WINDOWSsystem32HBO ScreenSaver.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesCommon Files{ACFCEBC0-0A6B-1045-0804-040406090030}Update.exe
C:Program FilesAresAres.exe
C:Program FilesBright Bug SoftwareSharedScreen SaversBBDTMngr.exe
C:WINDOWSsystem32wscntfy.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesEset
od32.exe
C:Program FilesOutlook Expressmsimn.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsTomekPulpithijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.bearshare.com/pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [nod32kui] "C:Program FilesEset
od32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [WireLessMouse ] C:Program FilesMultimedia Combo SetMouseDrv.exe
O4 - HKLM..Run: [WireLessKeyboard ] C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
O4 - HKLM..Run: [HBOScreensaver] "C:WINDOWSsystem32HBO ScreenSaver.exe" /sch
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [BearFlix] "C:Program FilesBearFlixBearFlix.exe" /pause
O4 - HKLM..Run: [PVModule] C:PROGRA~1PRINTV~1pvmodule.exe
O4 - HKCU..Run: [ares] "C:Program FilesAresAres.exe" -h
O4 - HKCU..Run: [Dzieńdobry!] C:Documents and SettingsTomekMoje dokumentyDzieńdobry!dziendobry.exe /auto
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
O4 - Global Startup: Run BBDTMngr.exe.lnk = C:Program FilesBright Bug SoftwareSharedScreen SaversBBDTMngr.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_71.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_30.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_30.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_23.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_30.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://83.18.237.172/plugin/h263ctrl.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_46.cab
O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_30.cab
O20 - Winlogon Notify: wintfj32 - C:WINDOWSSYSTEM32wintfj32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:Program FilesEset
od32krn.exe
Awatar użytkownika
fugas761
Postujący
Postujący
 
Posty: 237
Dołączenie: 19 Paź 2006, 21:54
Góra

Postprzez pp3088 » 20 Paź 2006, 18:12

PostUA:

Mamy dziada ! Infekcja Smitfrauda użyj tego : http://siri.urz.free.fr/Fix/SmitfraudFix.php

Odpalasz SmitFraudFix.cmd, wklepujesz dowoly klawisz potem wciskasz 2 i program kosi gnojka, być może komp będzie wymagał restartu. Wklej na forum loga z C:
aport.txt

Hpestowi chodziło o log z Silenta

Co do wintfj32.dll

Sciągnij http://www.instalki.pl/programy/downloa ... llBox.html

otwóz zaznacz delete on rebot i wpisz
Kod: Zaznacz wszystko
C:/WINDOWS/system32/wintfj32.dll <-zamień tylko slashe z / na ten and enterem
Awatar użytkownika
pp3088
Aktywny w piśmie
Aktywny w piśmie
 
Posty: 999
Dołączenie: 11 Sie 2006, 23:59
Miejscowość: Szczecin
Góra

Postprzez fugas761 » 20 Paź 2006, 19:54

PostUA:

zrobilem jak kazales ,sciagnalem SmitFraudFix.cmd iusuwalo "cos..." ,a co mam wkleic aport txt?, nie rozumiem . Kilboxa tez juz mam i ustawilem na delete on rebot i co mam zrobic? jak to sie zmienia ? Ten DialerQS trojan wciaz sie pokazuje.
Awatar użytkownika
fugas761
Postujący
Postujący
 
Posty: 237
Dołączenie: 19 Paź 2006, 21:54
Góra

Postprzez fugas761 » 20 Paź 2006, 19:57

PostUA:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun
"{ACFCEBC0-0A6B-1045-0804-040406090030}" = ""C:Program FilesCommon Files{ACFCEBC0-0A6B-1045-0804-040406090030}Update.exe" mc-110-12-0000272" [null data]

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ares" = ""C:Program FilesAresAres.exe" -h" ["Ares Development Group"]
"Dzieńdobry!" = "C:Documents and SettingsTomekMoje dokumentyDzieńdobry!dziendobry.exe /auto" ["VSD Software"]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ATICCC" = ""C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay" [null data]
"Skrót do strony właściwości High Definition Audio" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"nod32kui" = ""C:Program FilesEset
od32kui.exe" /WAITSERVICE" ["Eset "]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]
"WireLessMouse " = "C:Program FilesMultimedia Combo SetMouseDrv.exe" [empty string]
"WireLessKeyboard " = "C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe" [empty string]
"HBOScreensaver" = ""C:WINDOWSsystem32HBO ScreenSaver.exe" /sch" [null data]
"QuickTime Task" = ""C:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."]
"BearFlix" = ""C:Program FilesBearFlixBearFlix.exe" /pause" [file not found]
"PVModule" = "C:PROGRA~1PRINTV~1pvmodule.exe" [file not found]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpnyt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = "My Global Search Bar BHO"
-> {HKLM...CLSID} = "My Global Search Bar BHO"
InProcServer32(Default) = "C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL" [file not found]
{C004DEC2-2623-438e-9CA2-C9043AB28508}(Default) = (no title provided)
-> {HKLM...CLSID} = "ToolBar888"
InProcServer32(Default) = "C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll" [file not found]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
InProcServer32(Default) = "C:Program FilesATI TechnologiesATI.ACEatiacmxx.dll" [empty string]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesMicrosoft OfficeOFFICE11msohev.dll" [MS]
"{B089FE88-FB52-11d3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
InProcServer32(Default) = "C:Program FilesEset
odshex.dll" ["Eset "]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadlibNeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadlibNeroDigitalExt.dll" ["Nero AG"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> wintfj32DLLName = "wintfj32.dll" [null data]

HKLMSoftwareClassesPROTOCOLSFilter
<<!>> text/xmlCLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL" [MS]

HKLMSoftwareClassesFoldershellexColumnHandlers
{7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
InProcServer32(Default) = "C:Program FilesCommon FilesAheadlibNeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
InProcServer32(Default) = "C:Program FilesEset
odshex.dll" ["Eset "]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11d3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
InProcServer32(Default) = "C:Program FilesEset
odshex.dll" ["Eset "]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "C:Program FilesWinRAR arext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsTomekUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSSystem32Goldfish.scr" [null data]


Startup items in "Tomek" & "All Users" startup folders:
-------------------------------------------------------

C:Documents and SettingsAll UsersMenu StartProgramyAutostart
"Adobe Reader Speed Launch" -> shortcut to: "C:Program FilesAdobeAcrobat 7.0Reader eader_sl.exe" ["Adobe Systems Incorporated"]
"Run BBDTMngr.exe" -> shortcut to: "C:Program FilesBright Bug SoftwareSharedScreen SaversBBDTMngr.exe" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
imon.dll ["Eset "], 01 - 05, 19
%SystemRoot%system32mswsock.dll [MS], 06 - 08, 11 - 18
%SystemRoot%system32 svpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpnyt.dll" ["Yahoo! Inc."]
"{37B85A29-692B-4205-9CAD-2626E4993404}"
-> {HKLM...CLSID} = "My Global Search Bar"
InProcServer32(Default) = "C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL" [file not found]

HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
InProcServer32(Default) = "C:Program FilesYahoo!CompanionInstallscpnyt.dll" ["Yahoo! Inc."]
"{C004DEC2-2623-438E-9CA2-C9043AB28508}" = (no title provided)
-> {HKLM...CLSID} = "ToolBar888"
InProcServer32(Default) = "C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll" [file not found]

Explorer Bars

HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars

HKLMSoftwareClassesCLSID{10ADD1E8-EC8A-4719-B39D-B46DD1D6A65D}(Default) = "PrintView"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "C:PROGRA~1PRINTV~1PRINTH~1.DLL" [empty string]

HKLMSoftwareClassesCLSID{90FE6C53-F8B4-4631-B42A-02D63D1C949C}(Default) = "PrintView"
Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar]
InProcServer32(Default) = "C:PROGRA~1PRINTV~1PRINTH~1.DLL" [empty string]

HKLMSoftwareClassesCLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = "&Badanie"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{92780B25-18CC-41C8-B9BE-3C9C571A8263}
"ButtonText" = "Badanie"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSSystem32Ati2evxx.exe" ["ATI Technologies Inc."]
Machine Debug Manager, MDM, ""C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE"" [MS]
NOD32 Kernel Service, NOD32krn, ""C:Program FilesEset
od32krn.exe"" ["Eset "]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLMSystemCurrentControlSetControlPrintMonitors
Microsoft Document Imaging Writer MonitorDriver = "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 70 seconds, including 3 seconds for message boxes)
Awatar użytkownika
fugas761
Postujący
Postujący
 
Posty: 237
Dołączenie: 19 Paź 2006, 21:54
Góra

Postprzez pp3088 » 20 Paź 2006, 20:21

PostUA:

fugas761 napisał(a):zrobilem jak kazales ,sciagnalem SmitFraudFix.cmd iusuwalo "cos..." ,a co mam wkleic aport txt?, nie rozumiem . Kilboxa tez juz mam i ustawilem na delete on rebot i co mam zrobic? jak to sie zmienia ? Ten DialerQS trojan wciaz sie pokazuje.


Widać polepszenie ^_^. Wklej plik z C: o nazwie raport.txt jest to wnik skanu i usuwania ze SmitFraudFix`a. Po prostu chcę mieć pewność, że wszystko poszło należycie.

Odpal, Killboxa wstaw odpowiednia scieżkę, zaznacz delete on reboot i daj czerowny "X". Jeśli nie będzie nic pisać, to masz złe wstawione slashe. Musisz kombinowąć, bo forum coś nie wyświetla odpowiedniego flasha.


Przejdź proszę do:
C:/Program Files/Common Files/{ACFCEBC0-0A6B-1045-0804-040406090030}/Update.exe
Następnie do
C:/Program Files/MyGlobalSearchBar

Kasujesz ten wpis/folder, który jest na czerowno. Jeśli odmowa to użyj Killboxa.

Usuń ten wpis w Hijacku
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:PROGRA~1PRINTV~1PRINTH~1.DLL
Awatar użytkownika
pp3088
Aktywny w piśmie
Aktywny w piśmie
 
Posty: 999
Dołączenie: 11 Sie 2006, 23:59
Miejscowość: Szczecin
Góra

Postprzez fugas761 » 20 Paź 2006, 21:26

PostUA:

to juz usunolem w trybie awar. bo inaczej sie nie dalo : C:/Program Files/Common Files/{ACFCEBC0-0A6B-1045-0804-040406090030}/Update.exe
Następnie do
C:/Program Files/MyGlobalSearchBar

a tego juz nie ma w hijackthis sam zobacz : O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:PROGRA~1PRINTV~1PRINTH~1.DLL , ale po mimo tego wirus sie pokazuje ale NOD32 go caly czas kasuje i nie dopuszcza
Awatar użytkownika
fugas761
Postujący
Postujący
 
Posty: 237
Dołączenie: 19 Paź 2006, 21:54
Góra

Postprzez fugas761 » 20 Paź 2006, 21:26

PostUA:

Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 21:25:42, on 2006-10-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesEset
od32krn.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:WINDOWSsystem32RunDll32.exe
C:Program FilesEset
od32kui.exe
C:Program FilesMultimedia Combo SetMouseDrv.exe
C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
C:WINDOWSsystem32HBO ScreenSaver.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesAresAres.exe
C:Program FilesBright Bug SoftwareSharedScreen SaversBBDTMngr.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesOutlook Expressmsimn.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsTomekPulpithijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [nod32kui] "C:Program FilesEset
od32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [WireLessMouse ] C:Program FilesMultimedia Combo SetMouseDrv.exe
O4 - HKLM..Run: [WireLessKeyboard ] C:Program FilesMultimedia Combo SetPS2USBKbdDrv.exe
O4 - HKLM..Run: [HBOScreensaver] "C:WINDOWSsystem32HBO ScreenSaver.exe" /sch
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [BearFlix] "C:Program FilesBearFlixBearFlix.exe" /pause
O4 - HKLM..Run: [PVModule] C:PROGRA~1PRINTV~1pvmodule.exe
O4 - HKCU..Run: [ares] "C:Program FilesAresAres.exe" -h
O4 - HKCU..Run: [Dzieńdobry!] C:Documents and SettingsTomekMoje dokumentyDzieńdobry!dziendobry.exe /auto
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
O4 - Global Startup: Run BBDTMngr.exe.lnk = C:Program FilesBright Bug SoftwareSharedScreen SaversBBDTMngr.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_71.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_30.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_30.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_23.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_30.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://83.18.237.172/plugin/h263ctrl.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_46.cab
O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_30.cab
O20 - Winlogon Notify: wintfj32 - C:WINDOWSSYSTEM32wintfj32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:Program FilesEset
od32krn.exe
Awatar użytkownika
fugas761
Postujący
Postujący
 
Posty: 237
Dołączenie: 19 Paź 2006, 21:54
Góra

Postprzez fugas761 » 20 Paź 2006, 21:28

PostUA:

C:/Program Files/MyGlobalSearchBar - ten folder caly tez usunolem
Awatar użytkownika
fugas761
Postujący
Postujący
 
Posty: 237
Dołączenie: 19 Paź 2006, 21:54
Góra

Postprzez pp3088 » 20 Paź 2006, 21:43

PostUA:

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchar1.binMGSBAR.DLL (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
C9043AB28508} - C:Program FilesCommon Files{3CFCEBC0-0A6B-1045-0804-040406090030}MyToolBar.dll (file missing)


Skasuj przez HiJack

Nadal ten cholerny wintfj32.dll skasuj go w awaryjnym.
Awatar użytkownika
pp3088
Aktywny w piśmie
Aktywny w piśmie
 
Posty: 999
Dołączenie: 11 Sie 2006, 23:59
Miejscowość: Szczecin
Góra
PoprzedniaNastępna
Wyślij odpowiedź

Powróć do Microsoft Windows

Kto jest na forum

Zarejestrowani użytkownicy: Bing [Bot], Google [Bot]

Switch to mobile style
Technologię dostarcza phpBB® Forum Software © phpBB Group
Profesjonalne polskie tłumaczenie phpBB3
Korzystanie z forum oznacza akceptację polityki prywatności
cron