Προς το περιεχόμενο

ta windows sernontai!

johntas

Από τον johntas
στο Windows

Προτεινόμενες αναρτήσεις

johntas Proficient

johntas

Δημοσ.
  • Μέλος
Δημοσ.

ennow pws sinexizei na bgazei to sfalma kai sinexizei na sernetai :???:

entos tis imeras tha kanw kai to hijack this mpas kai bgaloume akri apo ekei

 

euxaristw gia ti voithia paides

johntas Proficient

johntas

Δημοσ.
  • Μέλος
Δημοσ.

Akolouthei to log file tou hijack this:

 

Logfile of HijackThis v1.99.1

Scan saved at 09:29:35, on 14/4/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Roxio\GoBack\GBPoll.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\opcenum.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\MsgSys.EXE

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\Explorer.EXE

C:\WINNT\SOUNDMAN.EXE

C:\Program Files\NavNT\vptray.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\rundll32.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\Program Files\Roxio\GoBack\GBTray.exe

C:\Program Files\NavNT\VPC32.EXE

C:\WINNT\system32\ntvdm.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrator\Επιφάνεια εργασίας\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400005&utm_content=leftnav&utm_source=wdz&utm_medium=bund&utm_campaign=wdz0605'>http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400005&utm_content=leftnav&utm_source=wdz&utm_medium=bund&utm_campaign=wdz0605

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mycosmos.gr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400005&utm_content=leftnav&utm_source=wdz&utm_medium=bund&utm_campaign=wdz0605

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll

O2 - BHO: (no name) - {53F53E00-4C2B-43E5-8AF0-D3C863E8FC65} - (no file)

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: (no name) - {5D647E9C-6B37-4636-9A78-DADB1EB93BDF} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Ραδιόφωνο - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - Global Startup: GoBack.lnk = Roxio\GoBack\GBTray.exe

O4 - Global Startup: Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm297YYGR

O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{018972E3-33B5-4248-AF04-D203438ECEC1}: NameServer = 193.92.110.1,194.219.227.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{018972E3-33B5-4248-AF04-D203438ECEC1}: NameServer = 193.92.110.1,194.219.227.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{018972E3-33B5-4248-AF04-D203438ECEC1}: NameServer = 193.92.110.1,194.219.227.2

O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Υπηρεσία διαχείρισης λογικών δίσκων (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: OpcEnum - OPC Foundation - C:\WINNT\system32\opcenum.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

 

Ta fwta sas please...:confused:

 

PS:Episinapsa kai to minima sfalmatos

post-25338-129062931281_thumb.jpg

Dklearhos Mentor

Dklearhos

Δημοσ.
Δημοσ.

loipon mallon to problima einai stin ati,giati oi diergasies fenontai ok.bgale tous drivers xrisimopoiontas to dh driver cleaner kai katevase tous kainourious drivers tis ati kai valtous.logika ola tha einai ok.

MrTryANalyzer Proficient

MrTryANalyzer

Δημοσ.
Δημοσ.

@ johntas :

 

Θα κάνεις φιξ τα παρακάτω από το HijackThis :

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s

R3 - Default URLSearchHook is missing

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll

O2 - BHO: (no name) - {53F53E00-4C2B-43E5-8AF0-D3C863E8FC65} - (no file)

O2 - BHO: (no name) - {5D647E9C-6B37-4636-9A78-DADB1EB93BDF} - (no file)

O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm297YYGR

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

 

Έχεις το spyware New.net ..

 

Αφού κάνεις τα παραπάνω fix, εφόσον έχεις κλείσει ότι πρόγραμμα τρέχει στο pc σου απο το Task Manager ή από το μενού τους, θα κάνεις και το εξής:

 

- Θα πας στο Windows Add/Remove Programs και θα κάνεις uninstall το New.Net ή κατι παρεμφερές.

 

- Έπειτα θα κάνεις ενα restart και θα ξανα-ανεβάσεις εδω πέρα ενα log.

 

ΑΛΛΕΣ ΠΛΗΡΟΦΟΡΙΕΣ ΑΠΕΓΚΑΤΑΣΤΑΣΗΣ ΕΔΩ:

- http://www.newdotnet.com/removal.html

johntas Proficient

johntas

Δημοσ.
  • Μέλος
Δημοσ.

here you go

 

Logfile of HijackThis v1.99.1

Scan saved at 16:17:48, on 14/4/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Roxio\GoBack\GBPoll.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\opcenum.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\MsgSys.EXE

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\Explorer.EXE

C:\WINNT\SOUNDMAN.EXE

C:\Program Files\NavNT\vptray.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\Documents and Settings\Administrator\Επιφάνεια εργασίας\HijackThis.exe

C:\Program Files\Roxio\GoBack\GBTray.exe

C:\WINNT\system32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mycosmos.gr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400005&utm_content=leftnav&utm_source=wdz&utm_medium=bund&utm_campaign=wdz0605

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Ραδιόφωνο - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - Global Startup: GoBack.lnk = Roxio\GoBack\GBTray.exe

O4 - Global Startup: Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{018972E3-33B5-4248-AF04-D203438ECEC1}: NameServer = 193.92.110.1,194.219.227.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{018972E3-33B5-4248-AF04-D203438ECEC1}: NameServer = 193.92.110.1,194.219.227.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{018972E3-33B5-4248-AF04-D203438ECEC1}: NameServer = 193.92.110.1,194.219.227.2

O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Υπηρεσία διαχείρισης λογικών δίσκων (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: OpcEnum - OPC Foundation - C:\WINNT\system32\opcenum.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

 

thanks again :mrgreen:

MrTryANalyzer Proficient

MrTryANalyzer

Δημοσ.
Δημοσ.

Αυτό εδώ σου ξέφυγε, κάντο φιξ:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s

 

Θα σου πρότεινα επίσης να κατεβάσεις και να κάνεις scan με το Spybot.

Μη ξεχάσεις να το κάνεις update ! :)

 

Όσο για το πρόβλημα με αρχείο atiptaxx.exe, αυτό που προτείνεται είναι να :

1) Να κάνεις uninstall και μετα επανεγκατάσταση τους drivers.

2) Να κάνεις update τους υπάρχον drivers.

  • 2 εβδομάδες αργότερα...
johntas Proficient

johntas

Δημοσ.
  • Μέλος
Δημοσ.

Logfile of HijackThis v1.99.1

Scan saved at 08:56:43, on 25/4/2006

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\NavNT\defwatch.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Roxio\GoBack\GBPoll.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NavNT\rtvscan.exe

C:\WINNT\system32\opcenum.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\MsgSys.EXE

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\Explorer.EXE

C:\WINNT\SOUNDMAN.EXE

C:\Program Files\NavNT\vptray.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\Program Files\Roxio\GoBack\GBTray.exe

C:\WINNT\system32\wuauclt.exe

C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE

C:\hijack this\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mycosmos.gr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Ραδιόφωνο - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe

O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - Global Startup: GoBack.lnk = Roxio\GoBack\GBTray.exe

O4 - Global Startup: Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{018972E3-33B5-4248-AF04-D203438ECEC1}: NameServer = 193.92.110.1,194.219.227.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{018972E3-33B5-4248-AF04-D203438ECEC1}: NameServer = 193.92.110.1,194.219.227.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{018972E3-33B5-4248-AF04-D203438ECEC1}: NameServer = 193.92.110.1,194.219.227.2

O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe

O23 - Service: Υπηρεσία διαχείρισης λογικών δίσκων (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe

O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

O23 - Service: OpcEnum - OPC Foundation - C:\WINNT\system32\opcenum.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

Dark-Shadow Experienced

Dark-Shadow

Δημοσ.
Δημοσ.

johntas Eides pou eixes spyware???

1:R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s

 

2:O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZRxdm297YYGR

 

3:O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll

 

 

Kane auta fix ke mpes se safe mode ke trekse spybot ke microsoft anispyware!!!

 

Episis yparxoun 2 site pou vazeis to arxeio log sto site ke sou lei ti na kaneis fix!!!

http://www.hijackthis.de/

http://hjt.networktechs.com/

Αρχειοθετημένο

Αυτό το θέμα έχει αρχειοθετηθεί και είναι κλειστό για περαιτέρω απαντήσεις.

Προς την λίστα θεμάτων
  • Δημιουργία νέου...