Nie można otworzyć Menedżera zadań

**ImSoLost** · #1 23 grudnia 2007, 17:38

Ok, więc czytałem po trochę i wydaje się, że są różne rozwiązania. I'm running regula Windows Vista. Ctrl Alt Del nie działa ... prawy przycisk myszy nie działa. podczas wyszukiwania Taskmgr.exe to mówi, że została wyłączona przez administratora. Co mogę zrobić?

**Hybr! D** · #2 23 grudnia 2007, 17:41

Vista różni się od XP.

Kliknij prawym przyciskiem myszy pasek zadań, a następnie kliknij przycisk Menedżer zadań.

**ImSoLost** · #3 23 grudnia 2007, 18:11

I kliknięciu prawym przyciskiem myszy pasek zadań i jest nieaktywne. Jednak szukałem około trochę i znalazłem witrynę o bezpośredni link do mojego Reged i dał mi ostrzeżenie, a następnie po prostu odszedł z powodu nie miałem pojęcia, co robię. Potem z ciekawości I cheked pasku zadań i nie było nieaktywne. JA zaczęty na nowo mój komputer (aby upewnić się że nie było rzeczą czasowego), a dla niektórych dziwne przyczyny, gdy ekran się zalogować przyjdzie się ... to powiedział Ctrl Alt Del, aby się zalogować Nie rozumiem co się stało .

**ImSoLost** · #4 23 grudnia 2007, 19:11

Oto mój HijackThis

C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ system32 \ dwm.exe
C: \ Windows \ explorer.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ HP \ QuickPlay \ QPService.exe
C: \ Program Files \ HP \ HP Software Update \ hpwuSchd2.exe
C: \ Program Files \ Hewlett-Packard \ HP Quick Launch Buttons \ QLBCTRL.exe
C: \ Program Files \ Hewlett-Packard \ HP Wireless Assistant \ WiFiMsg.exe
C: \ Program Files \ Hewlett-Packard \ HP Wireless Assistant \ HPWAMain.exe
C: \ Program Files \ Java \ jre1.6.0 \ bin \ jusched.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ Comcast \ Desktop Doctor \ bin \ sprtcmd.exe
C: \ Program Files \ Windows Sidebar \ sidebar.exe
C: \ Program Files \ Hewlett-Packard \ HP Advisor \ HPAdvisor.exe
C: \ WINDOWS \ System32 \ rundll32.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ Windows \ ehome \ ehmsas.exe
C: \ Users \ Yasmany \ Pulpit \ Veoh \ VeohClient.exe
C: \ Program Files \ Google \ googletoolbarnotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe
C: \ Program Files \ HP Połączenia \ 6811507 \ Program \ HP Connections.exe
C: \ Windows \ system32 \ wbem \ Unsecapp.exe
C: \ PROGRA ~ 1 \ HEWLET ~ 1 \ Shared \ HPQTOA ~ 1.EXE
C: \ Program Files \ Hewlett-Packard \ HP Advisor \ SSDK04.exe
C: \ Program Files \ Internet Explorer \ ieuser.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WLLoginProxy.exe
C: \ Windows \ system32 \ searchfilterhost.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ Windows \ system32 \ Macromed \ Flash \ FlashUtil9b.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.comcast.net/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.comcast.net/
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = Windows Internet Explorer dostarczonych przez Comcast
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer =: 0
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - (EA756889-2338-43DB-8F07-D1CA6FB9C90D) - C: \ Program Files \ AOL \ AIM Toolbar 5.0 \ aoltb.dll
O1 - Hosts::: 1 localhost
O2 - BHO: My Search BHO - (014DA6C1-189F-421a-88CD-07CFE51CFF10) - C: \ Program Files \ mysearch \ bar \ 1.bin \ S4BAR.DLL
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download i Zapis Plugin dla programu Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0 \ bin \ ssv.dll
O2 - BHO: AOL Toolbar Launcher - (7C554162-8CB7-45A4-B8F4-8EA1C75885F9) - C: \ Program Files \ AOL \ AIM Toolbar 5.0 \ aoltb.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: BDEX System - (A8565FBC-8D53-4D4F-9BB0-CBC68A22B126) - C: \ Windows \ blopenvxdt.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar1.dll
O2 - BHO: FastRX - (E09962E7-A39E-4F60-8003-66D57BED27B7) - C: \ WINDOWS \ system32 \ fastRX.dll (file missing)
O3 - Toolbar: My Search Bar - (014DA6C9-189F-421a-88CD-07CFE51CFF10) - C: \ Program Files \ mysearch \ bar \ 1.bin \ S4BAR.DLL
O3 - Toolbar: Veoh Browser Plug-in - (D0943516-5076-4020-A3B5-AEFAF26AB263) - C: \ Users \ Yasmany \ Desktop \ Veoh \ Plugins \ reg \ VeohTool bar.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - (DE9C389F-3316-41A7-809B-AA305ED9D922) - C: \ Program Files \ AOL \ AIM Toolbar 5.0 \ aoltb.dll
O3 - Toolbar: retnsrp - (CC304A4D-FC79-4CD3-9A67-46E3AF59319D) - C: \ Windows \ retnsrp.dll
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [QPService] "C: \ Program Files \ HP \ QuickPlay \ QPService.exe"
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [QlbCtrl]% ProgramFiles% \ Hewlett-Packard \ HP Quick Launch Buttons \ QLBCTRL.exe / Start
O4 - HKLM \ .. \ Run: [HP Health Check Scheduler] C: \ Program Files \ Hewlett-Packard \ HP Health Check \ HPHC_Scheduler.exe
O4 - HKLM \ .. \ Run: [WAWifiMessage]% ProgramFiles% \ Hewlett-Packard \ HP Wireless Assistant \ WiFiMsg.exe
O4 - HKLM \ .. \ Run: [hpWirelessAssistant]% ProgramFiles% \ Hewlett-Packard \ HP Wireless Assistant \ HPWAMain.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [KPX] C: \ WINDOWS \ system32 \ rundll32.exe C: \ WINDOWS \ system32 \ fastRX.dll DllInitApp
O4 - HKLM \ .. \ Run: [NvSvc] RUNDLL32.EXE C: \ Windows \ system32 \ nvsvc.dll, nvsvcStart
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ nvcpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-OSBOOT
O4 - HKLM \ .. \ Run: [SeekmoOE] C: \ Program Files \ Seekmo \ bin \ 10.0.341.0 \ OEAddOn.exe
O4 - HKLM \ .. \ Run: [SeekmoSA] "C: \ Program Files \ Seekmo \ bin \ 10.0.341.0 \ SeekmoSA.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Symantec PIF AlertEng] "C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe" / a / m " C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ AlertEng.dll "
O4 - HKLM \ .. \ Run: [ddoctorv2] "C: \ Program Files \ Comcast \ Desktop Doctor \ bin \ sprtcmd.exe" / P ddoctorv2
O4 - HKLM \ .. \ RunOnce: [Launcher]% WINDIR% \ SMINST \ launcher.exe
O4 - HKCU \ .. \ Run: [Sidebar] C: \ Program Files \ Windows Sidebar \ sidebar.exe / autorun
O4 - HKCU \ .. \ Run: [HPAdvisor] C: \ Program Files \ Hewlett-Packard \ HP Advisor \ HPAdvisor.exe
O4 - HKCU \ .. \ Run: [Aim6] "C: \ Program Files \ AIM6 \ aim6.exe" / d locale = en-US ee: / / aol / imApp
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [Veoh] "C: \ Users \ Yasmany \ Desktop \ Veoh \ VeohClient.exe" / VeohHide
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ googletoolbarnotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe
O4 - HKCU \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire Na Startup.lnk = C: \ Program Files \ LimeWire \ LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ AdobeCollabSync.exe
O4 - Global Startup: HP Connections.lnk = C: \ Program Files \ HP Połączenia \ 6811507 \ Program \ HP Connections.exe
O8 - Dodatkowe menu kontekstowego pozycję: & AOL Toolbar Search - C: \ Program Files \ AOL \ Celem pasku 5.0 \ zasoby \ en-US \ local \ search.html
O8 - Extra kontekście menu: E & ksportuj do programu Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0 \ bin \ ssv.dll
O9 - Extra button: Wyślij do programu OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & end do programu OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra button: AIM Toolbar - (3369AF0D-62E9-4bda-8103-B4C75499B578) - C: \ Program Files \ AOL \ AIM Toolbar 5.0 \ aoltb.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office12 \ REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl klasy) -- http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) (DivXBrowserPlugin Object) -- http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (BD393C14-72AD-4790-A095-76522973D6B8) (CBreakshotControl klasy) -- http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient klasy) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (DA758BB1-5F89-4465-975F-8D7179A4BCF3) (WheelofFortune Object) -- http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O21 - Service: leorop - (38CA8AE4-A78E-4111-8D0E-BDDF145A5040) - C: \ Windows \ leorop.dll
O21 - Service: nopzet - (9543D4D7-3E5B-4B70-BB93-83AC9865627C) - C: \ Windows \ nopzet.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, LP - C: \ Program Files \ Hewlett-Packard \ HP Quick Launch Buttons \ AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCSVCHST.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCSVCHST.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C: \ Program Files \ HP \ QuickPlay \ Kernel \ TV \ CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C: \ Program Files \ HP \ QuickPlay \ Kernel \ TV \ CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCSVCHST.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ googleupdaterservice.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C: \ Program Files \ Hewlett-Packard \ HP Health Check \ hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, LP - C: \ Program Files \ Hewlett-Packard \ Shared \ hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Roxio \ Roxio MyDVD Basic v9 \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Oznakowanie Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCSVCHST.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C: \ Program Files \ Common Files \ Roxio Shared \ 9.0 \ SharedCOM \ RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc - C: \ Program Files \ Comcast \ Desktop Doctor \ bin \ sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc - C: \ Program Files \ Common Files \ SureThing Shared \ stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ AppCore \ AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ viewpointservice.exe
O23 - Service: XAudioService - Conexant Systems, Inc - C: \ Windows \ System32 \ Drivers \ xaudio.exe

**howardhopkinson** · #5 31 grudnia 2007, 01:33

System jest przeżarta malware.

Iść TUTAJ i postępuj dokładnie według instrukcji.

Post wymaganych plików dziennika.

I `ll get mod przeniesienie tego wątku Powrót do forum bezpieczeństwa. Don `t know why it got przeniesiony stamtąd w pierwszej kolejności.

Uważa Howard.

**ImSoLost** · #6 5 stycznia 2008, 18:05

Przed założeniem niczego chcę zauważyć, że kiedy poszedłem do uruchomienia skanowania w trybie online nie pozwolił mi ... on powiedział coś nie mając zgody.

Kiedy spojrzał w moim Dodaj / Usuń sprzęt Są to niektóre z rzeczy znalazłem trochę podejrzane lub nie znałem.

MSXML 4.0 SP2
My Search Bar
muvee autoProducer 5.0
Smart Video Codec v1.6

SUPERAntiSpyware log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/05/2008 at 07:32 PM
Zastosowanie Wersja: 3.9.1008
Core Rules Database Version: 3374
Trace Rules Database Version: 1369
Scan type: Complete Scan
Total Scan Time: 01:23:02
Elementy pamięci skanowane: 712
Pamięć wykrycia zagrożenia: 1
Pozycje rejestru scanned: 8254
Zagrożeń wykrytych rejestru: 122
Przedmiotów pliku skanowania: 60434
Plik wykrycia zagrożenia: 12
Trojan.Net-MSV/VPS-Variant
C: \ WINDOWS \ BLOPENVXDT.DLL
C: \ WINDOWS \ BLOPENVXDT.DLL
HKLM \ Software \ Classes \ CLSID \ (A8565FBC-8D53-4D4F-9BB0-CBC68A22B126)
HKCR \ CLSID \ (A8565FBC-8D53-4D4F-9BB0-CBC68A22B126)
HKCR \ CLSID \ (A8565FBC-8D53-4D4F-9BB0-CBC68A22B126)
HKCR \ CLSID \ (A8565FBC-8D53-4D4F-9BB0-CBC68A22B126) \ InprocServer32
HKCR \ CLSID \ (A8565FBC-8D53-4D4F-9BB0-CBC68A22B126) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (A8565FBC-8D53-4D4F-9BB0-CBC68A22B126) \ ProgID
HKCR \ CLSID \ (A8565FBC-8D53-4D4F-9BB0-CBC68A22B126) \ Programmable
HKCR \ CLSID \ (A8565FBC-8D53-4D4F-9BB0-CBC68A22B126) \ TypeLib
HKCR \ CLSID \ (A8565FBC-8D53-4D4F-9BB0-CBC68A22B126) VersionIndependentProgID
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ lorer Exp \ Browser Helper Objects \ (A8565FBC-8D53-4D4F-9BB0-CBC68A22B126)
Adware.MyWay
HKLM \ Software \ Classes \ CLSID \ (014DA6C1-189F-421a-88CD-07CFE51CFF10)
HKCR \ CLSID \ (014DA6C1-189F-421a-88CD-07CFE51CFF10)
HKCR \ CLSID \ (014DA6C1-189F-421a-88CD-07CFE51CFF10)
HKCR \ CLSID \ (014DA6C1-189F-421a-88CD-07CFE51CFF10) \ InprocServer32
HKCR \ CLSID \ (014DA6C1-189F-421a-88CD-07CFE51CFF10) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (014DA6C1-189F-421a-88CD-07CFE51CFF10) \ Programmable
HKCR \ CLSID \ (014DA6C1-189F-421a-88CD-07CFE51CFF10) \ TypeLib
C: \ Program Files \ mysearch \ bar \ 1.bin \ S4BAR.DLL
HKLM \ Software \ Classes \ CLSID \ (014DA6C9-189F-421a-88CD-07CFE51CFF10)
HKCR \ CLSID \ (014DA6C9-189F-421a-88CD-07CFE51CFF10)
HKCR \ CLSID \ (014DA6C9-189F-421a-88CD-07CFE51CFF10)
HKCR \ CLSID \ (014DA6C9-189F-421a-88CD-07CFE51CFF10) \ InprocServer32
HKCR \ CLSID \ (014DA6C9-189F-421a-88CD-07CFE51CFF10) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (014DA6C9-189F-421a-88CD-07CFE51CFF10) \ Programmable
HKCR \ CLSID \ (014DA6C9-189F-421a-88CD-07CFE51CFF10) \ TypeLib
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ lorer Exp \ Browser Helper Objects \ (014DA6C1-189F-421a-88CD-07CFE51CFF10)
HKLM \ Software \ Microsoft \ Internet Explorer \ Toolbar # (014DA6C9-189F-421a-88CD-07CFE51CFF10)
HKCR \ TypeLib \ (014DA6C0-189F-421a-88CD-07CFE51CFF10)
HKCR \ TypeLib \ (014DA6C0-189F-421a-88CD-07CFE51CFF10) \ 1.0
HKCR \ TypeLib \ (014DA6C0-189F-421a-88CD-07CFE51CFF10) \ 1.0 \ 0
HKCR \ TypeLib \ (014DA6C0-189F-421a-88CD-07CFE51CFF10) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (014DA6C0-189F-421a-88CD-07CFE51CFF10) \ 1.0 \ FLAGS
HKCR \ TypeLib \ (014DA6C0-189F-421a-88CD-07CFE51CFF10) \ 1.0 \ HELPDIR
HKU \ S-1-5-21-3682377349-2593316749-328379415-1000 \ Software \ Microsoft \ Internet Explorer \ Toolbar \ WebBrowser # (014DA6C9-189F-421a-88CD-07CFE51CFF10)
Unclassified.Unknown pochodzenia
HKLM \ Software \ Classes \ CLSID \ (E09962E7-A39E-4F60-8003-66D57BED27B7)
HKCR \ CLSID \ (E09962E7-A39E-4F60-8003-66D57BED27B7)
HKCR \ CLSID \ (E09962E7-A39E-4F60-8003-66D57BED27B7)
HKCR \ CLSID \ (E09962E7-A39E-4F60-8003-66D57BED27B7) \ InprocServer32
HKCR \ CLSID \ (E09962E7-A39E-4F60-8003-66D57BED27B7) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (E09962E7-A39E-4F60-8003-66D57BED27B7) \ ProgID
HKCR \ CLSID \ (E09962E7-A39E-4F60-8003-66D57BED27B7) \ Programmable
HKCR \ CLSID \ (E09962E7-A39E-4F60-8003-66D57BED27B7) \ TypeLib
HKCR \ CLSID \ (E09962E7-A39E-4F60-8003-66D57BED27B7) VersionIndependentProgID
C: \ WINDOWS \ system32 \ FASTRX.DLL
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ lorer Exp \ Browser Helper Objects \ (E09962E7-A39E-4F60-8003-66D57BED27B7)
Adware.Tracking Cookie
C: \ Users \ Yasmany \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ yasmany@ar.atwola [2]. Txt
D: \ Users \ Yasmany \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ yasmany @ atwola [1]. Txt
C: \ Users \ Yasmany \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ yasmany @ DoubleClick [1]. Txt
C: \ Users \ Yasmany \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ yasmany @ adlegend [1]. Txt
C: \ Users \ Yasmany \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ yasmany @ reklamy [2]. Txt
C: \ Users \ Yasmany \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ yasmany @ 2o7 [1]. Txt
C: \ Users \ Yasmany \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ yasmany @ atdmt [2]. Txt
C: \ Users \ Yasmany \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ yasmany @ Mediaplex [1]. Txt
Adware.180solutions/Seekmo
HKCR \ Seekmo.DesktopFlash
HKCR \ Seekmo.DesktopFlash \ CLSID
HKCR \ Seekmo.DesktopFlash \ CurVer
HKCR \ Seekmo.DesktopFlash.1
HKCR \ Seekmo.DesktopFlash.1 \ CLSID
HKCR \ SeekmoAX.ClientDetector
HKCR \ SeekmoAX.ClientDetector \ CLSID
HKCR \ SeekmoAX.ClientDetector \ CurVer
HKCR \ SeekmoAX.ClientDetector.1
HKCR \ SeekmoAX.ClientDetector.1 \ CLSID
HKCR \ SeekmoAX.UserProfiles
HKCR \ SeekmoAX.UserProfiles \ CLSID
HKCR \ SeekmoAX.UserProfiles \ CurVer
HKCR \ SeekmoAX.UserProfiles.1
HKCR \ SeekmoAX.UserProfiles.1 \ CLSID
HKCR \ CLSID \ (1F158A1E-A687-4a11-9679-B3AC64B86A1C)
HKCR \ CLSID \ (1F158A1E-A687-4a11-9679-B3AC64B86A1C) \ Control
HKCR \ CLSID \ (1F158A1E-A687-4a11-9679-B3AC64B86A1C) \ InprocServer32
HKCR \ CLSID \ (1F158A1E-A687-4a11-9679-B3AC64B86A1C) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (1F158A1E-A687-4a11-9679-B3AC64B86A1C) MiscStatus
HKCR \ CLSID \ (1F158A1E-A687-4a11-9679-B3AC64B86A1C) MiscStatus \ 1
HKCR \ CLSID \ (1F158A1E-A687-4a11-9679-B3AC64B86A1C) \ ProgID
HKCR \ CLSID \ (1F158A1E-A687-4a11-9679-B3AC64B86A1C) \ Programmable
HKCR \ CLSID \ (1F158A1E-A687-4a11-9679-B3AC64B86A1C) ToolboxBitmap32
HKCR \ CLSID \ (1F158A1E-A687-4a11-9679-B3AC64B86A1C) \ TypeLib
HKCR \ CLSID \ (1F158A1E-A687-4a11-9679-B3AC64B86A1C) \ Version
HKCR \ CLSID \ (1F158A1E-A687-4a11-9679-B3AC64B86A1C) VersionIndependentProgID
HKCR \ CLSID \ (914A8F99-38E4-47ec-B875-2B0653516030)
HKCR \ CLSID \ (914A8F99-38E4-47ec-B875-2B0653516030) # AppID
HKCR \ CLSID \ (914A8F99-38E4-47ec-B875-2B0653516030) LocalServer32
HKCR \ CLSID \ (914A8F99-38E4-47ec-B875-2B0653516030) \ ProgID
HKCR \ CLSID \ (914A8F99-38E4-47ec-B875-2B0653516030) \ Programmable
HKCR \ CLSID \ (914A8F99-38E4-47ec-B875-2B0653516030) \ TypeLib
HKCR \ CLSID \ (914A8F99-38E4-47ec-B875-2B0653516030) VersionIndependentProgID
HKCR \ CLSID \ (E313F5DC-CFE7-4568-84A4-C76653547571)
HKCR \ CLSID \ (E313F5DC-CFE7-4568-84A4-C76653547571) \ InprocServer32
HKCR \ CLSID \ (E313F5DC-CFE7-4568-84A4-C76653547571) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (E313F5DC-CFE7-4568-84A4-C76653547571) \ ProgID
HKCR \ CLSID \ (E313F5DC-CFE7-4568-84A4-C76653547571) \ Programmable
HKCR \ CLSID \ (E313F5DC-CFE7-4568-84A4-C76653547571) \ TypeLib
HKCR \ CLSID \ (E313F5DC-CFE7-4568-84A4-C76653547571) VersionIndependentProgID
HKCR \ TypeLib \ (995E885E-3FF5-4F66-A107-8BFB3A0F8F12)
HKCR \ TypeLib \ (995E885E-3FF5-4F66-A107-8BFB3A0F8F12) \ 1.0
HKCR \ TypeLib \ (995E885E-3FF5-4F66-A107-8BFB3A0F8F12) \ 1.0 \ 0
HKCR \ TypeLib \ (995E885E-3FF5-4F66-A107-8BFB3A0F8F12) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (995E885E-3FF5-4F66-A107-8BFB3A0F8F12) \ 1.0 \ FLAGS
HKCR \ TypeLib \ (995E885E-3FF5-4F66-A107-8BFB3A0F8F12) \ 1.0 \ HELPDIR
HKCR \ TypeLib \ (FBB40FDF-B715-4342-AB82-244ECC66E979)
HKCR \ TypeLib \ (FBB40FDF-B715-4342-AB82-244ECC66E979) \ 1.0
HKCR \ TypeLib \ (FBB40FDF-B715-4342-AB82-244ECC66E979) \ 1.0 \ 0
HKCR \ TypeLib \ (FBB40FDF-B715-4342-AB82-244ECC66E979) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (FBB40FDF-B715-4342-AB82-244ECC66E979) \ 1.0 \ FLAGS
HKCR \ TypeLib \ (FBB40FDF-B715-4342-AB82-244ECC66E979) \ 1.0 \ HELPDIR
HKCR \ Interface \ (BD5258AF-20AE-4BD3-B748-B2851ACA7335)
HKCR \ Interface \ (BD5258AF-20AE-4BD3-B748-B2851ACA7335) ProxyStubClsid
HKCR \ Interface \ (BD5258AF-20AE-4BD3-B748-B2851ACA7335) \ ProxyStubClsid32
HKCR \ Interface \ (BD5258AF-20AE-4BD3-B748-B2851ACA7335) \ TypeLib
HKCR \ Interface \ (BD5258AF-20AE-4BD3-B748-B2851ACA7335) \ TypeLib # Version
HKCR \ AppId \ SeekmoSA_df.exe
HKCR \ AppId \ SeekmoSA_df.exe # AppID
HKCR \ AppID \ (4A40E8FC-C7E4-4F57-9FA4-85DD77402897)
HKU \ S-1-5-21-3682377349-2593316749-328379415-1000 \ Software \ seekmosa
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ nstall Uni \ SeekmoSA
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ nstall Uni \ SeekmoSA # DisplayName
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ nstall Uni \ SeekmoSA # DisplayIcon
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ nstall Uni \ SeekmoSA # UninstallString
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ nstall Uni \ SeekmoSA # DisplayVersion
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ nstall Uni \ SeekmoSA HelpLink #
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ nstall Uni \ SeekmoSA Wydawnictwo #
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ nstall Uni \ SeekmoSA # URLInfoAbout
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run # SeekmoOE [C: \ Program Files \ Seekmo \ bin \ 10.0.341.0 \ OEAddOn.exe]
C: \ Users \ Yasmany \ AppData \ Roaming \ Seekmo
Trojan.DNSChanger-Codec
HKCR \ VAC.Video
HKCR \ VAC.Video \ CLSID
Trojan.Net-MSV/VPS
HKCR \ MSVPS.MSVPSApp
HKCR \ MSVPS.MSVPSApp \ CLSID
HKCR \ MSVPS.MSVPSApp \ CurVer
Trojan.Net-MU/Gen
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ nstall Uni \ WebVideo
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ nstall Uni \ WebVideo # DisplayName
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ nstall Uni \ WebVideo # UninstallString

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:58 PM, w dniu 12/23/2007
Platforma: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Uruchamianie procesów:
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ system32 \ dwm.exe
C: \ Windows \ explorer.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ HP \ QuickPlay \ QPService.exe
C: \ Program Files \ HP \ HP Software Update \ hpwuSchd2.exe
C: \ Program Files \ Hewlett-Packard \ HP Quick Launch Buttons \ QLBCTRL.exe
C: \ Program Files \ Hewlett-Packard \ HP Wireless Assistant \ WiFiMsg.exe
C: \ Program Files \ Hewlett-Packard \ HP Wireless Assistant \ HPWAMain.exe
C: \ Program Files \ Java \ jre1.6.0 \ bin \ jusched.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ Comcast \ Desktop Doctor \ bin \ sprtcmd.exe
C: \ Program Files \ Windows Sidebar \ sidebar.exe
C: \ Program Files \ Hewlett-Packard \ HP Advisor \ HPAdvisor.exe
C: \ WINDOWS \ System32 \ rundll32.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ Windows \ ehome \ ehmsas.exe
C: \ Users \ Yasmany \ Pulpit \ Veoh \ VeohClient.exe
C: \ Program Files \ Google \ googletoolbarnotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe
C: \ Program Files \ HP Połączenia \ 6811507 \ Program \ HP Connections.exe
C: \ Windows \ system32 \ wbem \ Unsecapp.exe
C: \ PROGRA ~ 1 \ HEWLET ~ 1 \ Shared \ HPQTOA ~ 1.EXE
C: \ Program Files \ Hewlett-Packard \ HP Advisor \ SSDK04.exe
C: \ Program Files \ Internet Explorer \ ieuser.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WLLoginProxy.exe
C: \ Windows \ system32 \ searchfilterhost.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ Windows \ system32 \ Macromed \ Flash \ FlashUtil9b.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.comcast.net/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.comcast.net/
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = Windows Internet Explorer dostarczonych przez Comcast
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer =: 0
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - (EA756889-2338-43DB-8F07-D1CA6FB9C90D) - C: \ Program Files \ AOL \ AIM Toolbar 5.0 \ aoltb.dll
O1 - Hosts::: 1 localhost
O2 - BHO: My Search BHO - (014DA6C1-189F-421a-88CD-07CFE51CFF10) - C: \ Program Files \ mysearch \ bar \ 1.bin \ S4BAR.DLL
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download i Zapis Plugin dla programu Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0 \ bin \ ssv.dll
O2 - BHO: AOL Toolbar Launcher - (7C554162-8CB7-45A4-B8F4-8EA1C75885F9) - C: \ Program Files \ AOL \ AIM Toolbar 5.0 \ aoltb.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: BDEX System - (A8565FBC-8D53-4D4F-9BB0-CBC68A22B126) - C: \ Windows \ blopenvxdt.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar1.dll
O2 - BHO: FastRX - (E09962E7-A39E-4F60-8003-66D57BED27B7) - C: \ WINDOWS \ system32 \ fastRX.dll (file missing)
O3 - Toolbar: My Search Bar - (014DA6C9-189F-421a-88CD-07CFE51CFF10) - C: \ Program Files \ mysearch \ bar \ 1.bin \ S4BAR.DLL
O3 - Toolbar: Veoh Browser Plug-in - (D0943516-5076-4020-A3B5-AEFAF26AB263) - C: \ Users \ Yasmany \ Desktop \ Veoh \ Plugins \ reg \ VeohTool bar.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - (DE9C389F-3316-41A7-809B-AA305ED9D922) - C: \ Program Files \ AOL \ AIM Toolbar 5.0 \ aoltb.dll
O3 - Toolbar: retnsrp - (CC304A4D-FC79-4CD3-9A67-46E3AF59319D) - C: \ Windows \ retnsrp.dll
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [QPService] "C: \ Program Files \ HP \ QuickPlay \ QPService.exe"
O4 - HKLM \ .. \ Run: [HP Software Update] C: \ Program Files \ HP \ HP Software Update \ HPWuSchd2.exe
O4 - HKLM \ .. \ Run: [QlbCtrl]% ProgramFiles% \ Hewlett-Packard \ HP Quick Launch Buttons \ QLBCTRL.exe / Start
O4 - HKLM \ .. \ Run: [HP Health Check Scheduler] C: \ Program Files \ Hewlett-Packard \ HP Health Check \ HPHC_Scheduler.exe
O4 - HKLM \ .. \ Run: [WAWifiMessage]% ProgramFiles% \ Hewlett-Packard \ HP Wireless Assistant \ WiFiMsg.exe
O4 - HKLM \ .. \ Run: [hpWirelessAssistant]% ProgramFiles% \ Hewlett-Packard \ HP Wireless Assistant \ HPWAMain.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [KPX] C: \ WINDOWS \ system32 \ rundll32.exe C: \ WINDOWS \ system32 \ fastRX.dll DllInitApp
O4 - HKLM \ .. \ Run: [NvSvc] RUNDLL32.EXE C: \ Windows \ system32 \ nvsvc.dll, nvsvcStart
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ nvcpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-OSBOOT
O4 - HKLM \ .. \ Run: [SeekmoOE] C: \ Program Files \ Seekmo \ bin \ 10.0.341.0 \ OEAddOn.exe
O4 - HKLM \ .. \ Run: [SeekmoSA] "C: \ Program Files \ Seekmo \ bin \ 10.0.341.0 \ SeekmoSA.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Symantec PIF AlertEng] "C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe" / a / m " C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ AlertEng.dll "
O4 - HKLM \ .. \ Run: [ddoctorv2] "C: \ Program Files \ Comcast \ Desktop Doctor \ bin \ sprtcmd.exe" / P ddoctorv2
O4 - HKLM \ .. \ RunOnce: [Launcher]% WINDIR% \ SMINST \ launcher.exe
O4 - HKCU \ .. \ Run: [Sidebar] C: \ Program Files \ Windows Sidebar \ sidebar.exe / autorun
O4 - HKCU \ .. \ Run: [HPAdvisor] C: \ Program Files \ Hewlett-Packard \ HP Advisor \ HPAdvisor.exe
O4 - HKCU \ .. \ Run: [Aim6] "C: \ Program Files \ AIM6 \ aim6.exe" / d locale = en-US ee: / / aol / imApp
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [Veoh] "C: \ Users \ Yasmany \ Desktop \ Veoh \ VeohClient.exe" / VeohHide
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ googletoolbarnotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe
O4 - HKCU \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire Na Startup.lnk = C: \ Program Files \ LimeWire \ LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ AdobeCollabSync.exe
O4 - Global Startup: HP Connections.lnk = C: \ Program Files \ HP Połączenia \ 6811507 \ Program \ HP Connections.exe
O8 - Dodatkowe menu kontekstowego pozycję: & AOL Toolbar Search - C: \ Program Files \ AOL \ Celem pasku 5.0 \ zasoby \ en-US \ local \ search.html
O8 - Extra kontekście menu: E & ksportuj do programu Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0 \ bin \ ssv.dll
O9 - Extra button: Wyślij do programu OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & end do programu OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra button: AIM Toolbar - (3369AF0D-62E9-4bda-8103-B4C75499B578) - C: \ Program Files \ AOL \ AIM Toolbar 5.0 \ aoltb.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office12 \ REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl klasy) -- http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) (DivXBrowserPlugin Object) -- http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (BD393C14-72AD-4790-A095-76522973D6B8) (CBreakshotControl klasy) -- http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient klasy) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (DA758BB1-5F89-4465-975F-8D7179A4BCF3) (WheelofFortune Object) -- http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O21 - Service: leorop - (38CA8AE4-A78E-4111-8D0E-BDDF145A5040) - C: \ Windows \ leorop.dll
O21 - Service: nopzet - (9543D4D7-3E5B-4B70-BB93-83AC9865627C) - C: \ Windows \ nopzet.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, LP - C: \ Program Files \ Hewlett-Packard \ HP Quick Launch Buttons \ AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCSVCHST.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCSVCHST.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C: \ Program Files \ HP \ QuickPlay \ Kernel \ TV \ CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C: \ Program Files \ HP \ QuickPlay \ Kernel \ TV \ CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCSVCHST.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ googleupdaterservice.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C: \ Program Files \ Hewlett-Packard \ HP Health Check \ hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, LP - C: \ Program Files \ Hewlett-Packard \ Shared \ hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Roxio \ Roxio MyDVD Basic v9 \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C: \ Program Files \ Norton AntiVirus \ isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Oznakowanie Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCSVCHST.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C: \ Program Files \ Common Files \ Roxio Shared \ 9.0 \ SharedCOM \ RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc - C: \ Program Files \ Comcast \ Desktop Doctor \ bin \ sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc - C: \ Program Files \ Common Files \ SureThing Shared \ stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ AppCore \ AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ viewpointservice.exe
O23 - Service: XAudioService - Conexant Systems, Inc - C: \ Windows \ System32 \ Drivers \ xaudio.exe
--
End of file - 13628 bytes

**howardhopkinson** · #7 5 stycznia 2008, 19:34

Można skopiować i wkleić te instrukcje w notatniku plik. Następnie możesz otworzyć pliku w trybie awaryjnym, dzięki czemu można wykonać instrukcje łatwiejsze.

Rozruch w trybie awaryjnym, w ramach normalnej nazwy użytkownika (nie konta administratora). Zobacz, jak TUTAJ.

W Eksploratorze Windows włączyć "Pokaż wszystkie pliki i foldery, w tym ukryte i systemowe". Zobacz, jak TUTAJ.

Idź do dodaj usuń programy w panelu sterowania i odinstaluj nic wspólnego z (jeśli nie).

Mysearch
bar
Seekmo
Viewpoint

Zamknij Panel sterowania.

Kliknij przycisk Start / Uruchom i wpisz polecenie services.msc w polu Uruchom i naciśnij klawisz Enter.

Gdy pojawi się okno zmaksymalizować go. Kliknij dwukrotnie na następujące usługi (jeśli nie) I wybierz przystanek jeśli są one uruchomione. Ustaw typ uruchamiania na niepełnosprawnych. Kliknij przycisk Apply / ok dla każdej usługi można wyłączyć.

Viewpoint Manager Service

Zamknij okno usługi.

Otwórz Menedżera zadań, trzymając Ctrl i Alt i naciskając klawisz Delete.

Kliknij kartę Procesy i na końcu procesu (jeśli nie).

ViewpointService.exe
Launcher.exe
SeekmoSA.exe
OEAddOn.exe

Zamknij Menedżera zadań.

Uruchom HJT z żadnych innych otwartych programów (z wyjątkiem notatnika). Kliknij przycisk skanowania. Czy HJT ustalić następujące przez umieszczenie zaznaczyć w małym polu obok (jeśli nie).

O2 - BHO: My Search BHO - (014DA6C1-189F-421a-88CD-07CFE51CFF10) - C: \ Program Files \ mysearch \ bar \ 1.bin \ S4BAR.DLL

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)

O2 - BHO: BDEX System - (A8565FBC-8D53-4D4F-9BB0-CBC68A22B126) - C: \ Windows \ blopenvxdt.dll

O2 - BHO: FastRX - (E09962E7-A39E-4F60-8003-66D57BED27B7) - C: \ WINDOWS \ system32 \ fastRX.dll (file missing)

O3 - Toolbar: My Search Bar - (014DA6C9-189F-421a-88CD-07CFE51CFF10) - C: \ Program Files \ mysearch \ bar \ 1.bin \ S4BAR.DLL

O3 - Toolbar: retnsrp - (CC304A4D-FC79-4CD3-9A67-46E3AF59319D) - C: \ Windows \ retnsrp.dll

O4 - HKLM \ .. \ Run: [KPX] C: \ WINDOWS \ system32 \ rundll32.exe C: \ WINDOWS \ system32 \ fastRX.dll DllInitApp

O4 - HKLM \ .. \ Run: [SeekmoOE] C: \ Program Files \ Seekmo \ bin \ 10.0.341.0 \ OEAddOn.exe

O4 - HKLM \ .. \ Run: [SeekmoSA] "C: \ Program Files \ Seekmo \ bin \ 10.0.341.0 \ SeekmoSA.exe"

O4 - HKLM \ .. \ RunOnce: [Launcher]% WINDIR% \ SMINST \ launcher.exe

O21 - Service: leorop - (38CA8AE4-A78E-4111-8D0E-BDDF145A5040) - C: \ Windows \ leorop.dll

O21 - Service: nopzet - (9543D4D7-3E5B-4B70-BB93-83AC9865627C) - C: \ Windows \ nopzet.dll

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ viewpointservice.exe

Kliknij na przycisk naprawić sprawdzane.

Zamknij HJT.

Zlokalizuj i usuń następujące bold plików i / lub foldery (jeśli nie).

C: \ Program Files \Viewpoint<Usuń cały folder.
C: \ Windows \nopzet.dll
C: \ Windows \leorop.dll

% WINDIR% \ SMINST \Launcher.exe
C: \ Program Files \Seekmo<Usuń cały folder.
C: \ Windows \ system32 \fastRX.dll

C: \ Windows \retnsrp.dll
C: \ Program Files \Mysearch<Usuń cały folder.
C: \ Windows \blopenvxdt.dll

Uruchom ponownie w trybie normalnym i rehide swój chronione pliki systemu operacyjnego.

Pobrać combofix.exe na pulpicie. Double ComboFix.exe kliknij i postępuj zgodnie z instrukcjami. Otworzy się okno z ostrzeżeniem. Typ "1" (i Enter), aby rozpocząć poprawki. Podczas skanowania zostanie otwarte okno tekstowe. Proszę załączyć zalogować się tutaj wraz z świeże dziennika HJT. Uwaga - nie dotykaj myszki / klawiatury do skanowania zakończył. Skanowania zostanie tymczasowo wyłączony pulpicie, a jeśli nie może opuścić przerwane pulpicie niepełnosprawnych. Jeśli to nastąpi, należy ponownie uruchomić komputer, aby przywrócić pulpicie.

Combofix automatycznie zapisać w pliku C: \ combofix.txt

Post Combofix log, jak również świeże HJT zalogować.

Uważa Howard.

**ImSoLost** · #8 5 stycznia 2008, 19:45

Man Mam złe terminy. Właśnie dowiedziałem się, jak uruchomić skanowania w trybie online. I'm running it right now, jak mówimy. Czy nadal chcesz żebym zrobił jak powiedział.

**howardhopkinson** · #9 5 stycznia 2008, 19:47

Zapomnij online skanowanie teraz, wystarczy postępować zgodnie z instrukcjami wam daję.

Uważa Howard.

**ImSoLost** · #10 5 stycznia 2008, 21:01

Kiedy próbuje uruchomić ComboFix mogę niebieskie okno ale potem mówi, przygotowuje się do uruchomienia, a następnie w pamięci lub naruszenia zasad dostępu, a następnie uzyskać inny pop-up, mówiąc "życie Freeware z Reg.exe przestał działać i zmusza mnie do zamknięcia ustanawiająca program. Czy chcesz, żebym po HJT log?

Przepraszamy za wszystkie kłopoty.

Chwileczkę, nie wiem jak, ale teraz już wszystko działa I'm going to go uruchomić.