Dodaj do ulubionych

Sprawdzenie loga z Hijack This

IP: *.autocom.pl 11.04.05, 07:19
Logfile of HijackThis v1.99.1
Scan saved at 07:18:14, on 05-04-11
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SOINTGR.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TEMP\OM- LICZNIK 1.0.EXE
C:\PROGRAM FILES\REAL\REALJBOX.EXE
C:\PROGRAM FILES\SERVICEPACKFILES\MEMREALOAD.EXE
C:\PROGRAM FILES\D4\D4.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE
C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE
C:\PROGRAM FILES\ATNOTES\ATNOTES.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: CrsHO Class - {5843A29E-1246-11D4-BA8C-0050DA707ACD} -
C:\WINDOWS\SYSTEM\CRS32.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
C:\WINDOWS\SYSTEM\MSBE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-
3FFD8020233E} - C:\PROGRAM FILES\THESEARCHACCELERATOR\UCMTSAIE.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\dsb.exe
O4 - HKLM\..\Run: [OM- Licznik 1.0] C:\WINDOWS\TEMP\OM- LICZNIK 1.0.EXE
O4 - HKLM\..\Run: [REAL] C:\Program Files\REAL\realjbox.exe
O4 - HKLM\..\Run: [Indexindicator] C:\WINDOWS\SYSTEM\Indexindicator.exe /check
O4 - HKLM\..\Run: [MEMreaload] C:\Program
Files\ServicePackFiles\MEMreaload.exe /checkmouse /updateratio
O4 - HKLM\..\Run: [Suite] C:\WINDOWS\SYSTEM\SuiteOffices.exe /cleandb
O4 - HKLM\..\Run: [Reload] C:\Program
Files\ServicePackFiles\reload.exe /reloadenterpice
O4 - HKLM\..\Run: [Diesel] C:\WINDOWS\SYSTEM\Recalculate.exe /reloadenterpice
O4 - HKLM\..\Run: [Dimension4] C:\PROGRAM FILES\D4\D4.EXE
O4 - HKLM\..\Run: [LocalProxy] C:\Program Files\LocalProxy\proxy4free.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4
\ASHWEBSV.EXE
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4
\ashServ.exe
O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP
ARCHITECT\DATRAY.EXE" -S
O4 - Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pcg: C:\PROGRA~1\INTERN~1\Plugins\nppcgplg.dll
O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c11.cab
Edytor zaawansowany
  • m.gregor 11.04.05, 09:09
    1.) Odinstaluj z panelu sterowania -> dodaj/usun programy wszystkie search
    acceleratory i inne cuda
    2.) Zaznacz i wykasuj:
    > O2 - BHO: CrsHO Class - {5843A29E-1246-11D4-BA8C-0050DA707ACD} -
    > C:\WINDOWS\SYSTEM\CRS32.DLL
    > O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
    > C:\WINDOWS\SYSTEM\MSBE.DLL
    > O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-
    > 3FFD8020233E} - C:\PROGRAM FILES\THESEARCHACCELERATOR\UCMTSAIE.DLL
    > O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
    > O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
    > O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\dsb.exe
    > O4 - HKLM\..\Run: [OM- Licznik 1.0] C:\WINDOWS\TEMP\OM- LICZNIK 1.0.EXE
    > O4 - HKLM\..\Run: [Indexindicator] C:\WINDOWS\SYSTEM\Indexindicator.exe /check
    > O4 - HKLM\..\Run: [MEMreaload] C:\Program
    > Files\ServicePackFiles\MEMreaload.exe /checkmouse /updateratio
    > O4 - HKLM\..\Run: [Suite] C:\WINDOWS\SYSTEM\SuiteOffices.exe /cleandb
    > O4 - HKLM\..\Run: [Reload] C:\Program
    > Files\ServicePackFiles\reload.exe /reloadenterpice
    > O4 - HKLM\..\Run: [Diesel] C:\WINDOWS\SYSTEM\Recalculate.exe /reloadenterpice
    > O4 - HKLM\..\Run: [Dimension4] C:\PROGRAM FILES\D4\D4.EXE
    > O4 - HKLM\..\Run: [LocalProxy] C:\Program Files\LocalProxy\proxy4free.exe
    > O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
    > O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
    > Network\bin\bargains.exe
    > O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS\SOINTGR.EXE
    > O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP
    > ARCHITECT\DATRAY.EXE" -S
    > O4 - Startup: ATnotes.lnk = C:\Program Files\ATnotes\ATnotes.exe
    > O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
    > static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c11.cab

    A potem zrob i wklej nowego loga.
    --
    "And the man in the rain picked up his bag of secrets,
    and journeyed up the mountainside, far above the clouds,
    and nothing was ever heard from him again,
    except for the sound of Tubular Bells..."
  • Gość: Bezradna IP: *.autocom.pl 11.04.05, 19:19
    Logfile of HijackThis v1.99.1
    Scan saved at 19:17:18, on 05-04-11
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
    C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.onet.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE
    O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\Run: [REAL] C:\Program Files\REAL\realjbox.exe
    O4 - HKLM\..\Run: [Diesel] C:\WINDOWS\SYSTEM\Recalculate.exe /reloadenterpice
    O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4
    \ashServ.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
    00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .pcg: C:\PROGRA~1\INTERN~1\Plugins\nppcgplg.dll
    O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
    bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
  • Gość: Bezradna IP: *.autocom.pl 11.04.05, 19:22
    Oczywiście nie będę udawać, że wiem o co chodzi ;-) niepokoi mnie trochę, że
    kazałeś mi usunąć ATNotes i Licznik OM he he...
  • m.gregor 11.04.05, 21:27
    Jesli wiesz co to za wpisy i jestes na 100% pewna tych programow mozesz je
    przywrocic. W tym celu uruchamiasz HijackThis, wybierasz 'View the list of
    backups' a potem zaznaczasz te dwie linijki i wybierasz Restore.

    A potem postepujesz tak jak podalem na stronie i kasujesz nastepujaca linie:
    > O4 - HKLM\..\Run: [Diesel] C:\WINDOWS\SYSTEM\Recalculate.exe /reloadenterpice
    To trojan Lazar. Jesli problem bedzie sie powtarzal (po restarcie i ponownym
    skanowaniu ta linia sie pojawi) przeskanuj system skanerem on-line. Np. Pandy.
    --
    "And the man in the rain picked up his bag of secrets,
    and journeyed up the mountainside, far above the clouds,
    and nothing was ever heard from him again,
    except for the sound of Tubular Bells..."
  • Gość: Bezradna IP: *.autocom.pl 12.04.05, 07:01
    Nie wiem, co to znaczy, czy jestem pewna ich na 100%. ATnotes wzięłam z płytki
    dołączonej do Komputer Świata, OM licznik ściągnęłam z netu. No ale potrzebne
    mi są trochę.
    Zrobiłam wszystko jak kazałeś, wczoraj przeskanowałam on line i wynalazło mi
    dwa trojany i poleciło skasować pliki. Komputer posłusznie się zamknął. Dziś
    rano sprawdziłam jeszcze, czy się nie pojawił ten trojan i przeskanowałam on
    line. Wszystko wydaje się w porządku.
    Dziękuję bardzo za pomoc! To niesamowita sprawa, że zawsze można na Was liczyć,
    towarzyszu ;-)
  • Gość: Adrien Brody Fan IP: *.autocom.pl 11.04.05, 20:24
    NIE wiem, NIE umiem, NIE robię, NIE chce mi się... Cóż.... Mogę wrescie to gadu-
    gadu??!!
  • Gość: MAGDA IP: *.neoplus.adsl.tpnet.pl 12.04.05, 20:50
    zainstalowało mi sie jakies cholerstwo z xxx praktycznie uniemozliwia
    korzystanie z sieci, uruchamia mnostwo roznych stroniczek
    oto moj log
    Logfile of HijackThis v1.99.1
    Scan saved at 20:49:34, on 2005-04-12
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\logon.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\TV\moretv353pl\MoreTV.exe
    C:\TV\wilma21\Wilma.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\FlashGet\flashget.exe
    C:\WINDOWS\System32\winsys32.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\magda\Ustawienia lokalne\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.jimbutt.com/stuffs/
    O4 - HKLM\..\Run: [Microsoft Update] winsys32.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05
    \bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1
    \NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Update] winsys32.exe
    O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -
    FastScan
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
    \dslmon.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone
    Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program
    Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program
    Files\FlashGet\jc_link.htm
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O17 - HKLM\System\CCS\Services\Tcpip\..\{872DE33C-3A18-4A44-A0C5-CCC9E8D3BF96}:
    NameServer = 194.204.152.34 217.98.63.164
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program
    Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

    probowalam usunac r0 ale nie moge
    co robiC?
    dzieki magda
  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 12.04.05, 21:10
    Odinstaluj New.Net oraz Spyware Vanisher, uzyj tez tego:
    www.cexx.org/LSPFix.exe
    W hijackthis usun to:

    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > www.jimbutt.com/stuffs/
    > O4 - HKLM\..\Run: [Microsoft Update] winsys32.exe
    > O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1
    > \NEWDOT~1.DLL,NewDotNetStartup -s
    > O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe
    > O4 - HKCU\..\Run: [Microsoft Update] winsys32.exe
    > O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -
    > FastScan

    I Fix Checked.

    A co do jimbutt to tutaj jest opis jak usunac:
    www.searchengines.pl/phpbb203/index.php?showtopic=12510&st=0&#entry58793
  • m.gregor 12.04.05, 21:16
    1.) Na poczatku zrob loga tak jak opisano tutaj:
    republika.pl/mgregor
    2.) Zdeinstaluj New.net, SpywareVanisher, (Start -> Panel sterowania ->
    Dodaj/usun programy)
    3.) A potem wykasuj nastepujace linie:
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > www.jimbutt.com/stuffs/
    > O4 - HKLM\..\Run: [Microsoft Update] winsys32.exe
    > O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
    > O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1
    > \NEWDOT~1.DLL,NewDotNetStartup -s
    > O4 - HKCU\..\Run: [Microsoft Update] winsys32.exe
    > O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -
    > FastScan
    > O10 - Hijacked Internet access by New.Net
    > O10 - Hijacked Internet access by New.Net
    > O10 - Hijacked Internet access by New.Net
    > O10 - Hijacked Internet access by New.Net
    4.) Jak juz wywalisz to:
    - aktualizacje z windows update
    - przestan korzystac z IE - zainstauj bezpieczna przegladarke: FireFox'a,
    Mozille, Opere
    - zainstaluj np. Kerio albo Sygate zamiast Zone Alarm
    - zainstaluj program antywirusowy (np. darmowego Avast'a)
    - przestan korzystac z neostradowego Wanadoo (odinstaluj je) i stworz polaczenie
    tak jak opisano to tutaj:
    forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=15680440
    - robisz i wklejasz loga po zrobieniu tego wszystkiego

    Linki i instrukcje:
    forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=19472430 +POSTY
    NASTEPNE GDZIE SA ERRATY DO LINKOW I LINKI DO NOWSZYCH WERSJI (NP. DO JAVA SUN).
    --
    "And the man in the rain picked up his bag of secrets,
    and journeyed up the mountainside, far above the clouds,
    and nothing was ever heard from him again,
    except for the sound of Tubular Bells..."
  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 12.04.05, 21:30
    jimbutt'a sie tak latwo nie da usunac, w C:\Windows\system\ tworzy on plik
    systr.dll oraz drugi o losowej nazwie ale tej samej dacie utworzenia co ulatwia
    usuniecie w DllCompare.exe powinno go byc widac, trzeb oba pliki wywalic i
    bedzie ok :-)
    Zreszta jeden ze sposobow usuniecia jest w linku, ktory podalem w innym poscie.

  • Gość: magda IP: *.neoplus.adsl.tpnet.pl 12.04.05, 21:44
    mgregor - postąpiła zgodnie z twoimi instr.
    nie usunęlo jimbutta i tych o10 - byl komunikat ze ich nie moze
    oto log po fix checked
    Logfile of HijackThis v1.99.1
    Scan saved at 21:42:04, on 2005-04-12
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\rundll32.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\TV\moretv353pl\MoreTV.exe
    C:\TV\wilma21\Wilma.exe
    C:\Program Files\FlashGet\flashget.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Downloads\Różne dziwne\hijackthisnew\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.jimbutt.com/stuffs/
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05
    \bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1
    \NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
    \dslmon.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone
    Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program
    Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program
    Files\FlashGet\jc_link.htm
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program
    Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

    nie jest lepiej niestety
    magda
  • m.gregor 12.04.05, 21:47
    Co do strony startowej: zastosuj sie do rad Kolobosa. Facet wie co pisze. Odwala
    tu kawal dobrej roboty :-)
    A co do Wanadoo: to nie odistalowalas go i nadal sie przez niego laczysz?
    A co do New.net: odinstalowalas go w Panel sterowania -> Dodaj/usun programy?
    --
    "And the man in the rain picked up his bag of secrets,
    and journeyed up the mountainside, far above the clouds,
    and nothing was ever heard from him again,
    except for the sound of Tubular Bells..."
  • Gość: magda IP: *.neoplus.adsl.tpnet.pl 12.04.05, 21:53
    new net - nie mam tego w programach
    jak wchodze w dodaj/ usun to tego nie ma
    myslalam ze nie laczyc sie przez wanadoo w przyszlości ale skoro to urgent to
    zaraz zmieniam

  • m.gregor 12.04.05, 22:24
    Odinstalowujesz aplikacje neostrady (wanadoo) i tworzysz polaczenie w sposob
    opisany na stronie jaka Ci podalem i na przyszlosc laczysz sie przez to
    utworzone polaczenie.
    --
    "And the man in the rain picked up his bag of secrets,
    and journeyed up the mountainside, far above the clouds,
    and nothing was ever heard from him again,
    except for the sound of Tubular Bells..."
  • Gość: magda IP: *.neoplus.adsl.tpnet.pl 12.04.05, 21:47
    > jimbutt'a sie tak latwo nie da usunac, w C:\Windows\system\ tworzy on plik
    > systr.dll oraz drugi o losowej nazwie ale tej samej dacie utworzenia co
    ulatwia
    >
    > usuniecie w DllCompare.exe powinno go byc widac, trzeb oba pliki wywalic i
    > bedzie ok :-)
    > Zreszta jeden ze sposobow usuniecia jest w linku, ktory podalem w innym
    poscie.
    >
    A podasz linka, bo moja wyszukiwarka milczy:-((
    sprawa paląca naprawde
  • m.gregor 12.04.05, 21:48
    Przecie podał:
    forum.gazeta.pl/forum/72,2.html?f=430&w=22586454&a=22661433
    --
    "And the man in the rain picked up his bag of secrets,
    and journeyed up the mountainside, far above the clouds,
    and nothing was ever heard from him again,
    except for the sound of Tubular Bells..."
  • Gość: magda IP: *.neoplus.adsl.tpnet.pl 12.04.05, 22:26
    przepraszam, pewnie myslicie ze ciezko mysle ale te gowienka ciagle mi sie
    wlączaj ze po 2-3min musze wychodzic z neta i dlatego
    skonfigurowalam polaczenie, wyrzucilam new neta - jednak był:-)))
    sciagnelam ten programik zeby wywalic jimbutta, ale pokazaly sie tylko takie
    pliki
    mswsock.dll
    winrnr.dll
    rsvpsp.dll
    wiec nie wiem czy cos z tego usunac
    podaje nowego loga - jimbutt nadal siedzi

    Logfile of HijackThis v1.99.1
    Scan saved at 22:23:06, on 2005-04-12
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\FlashGet\flashget.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Downloads\Różne dziwne\hijackthisnew\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.jimbutt.com/stuffs/
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05
    \bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
    \dslmon.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone
    Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program
    Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program
    Files\FlashGet\jc_link.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{872DE33C-3A18-4A44-A0C5-CCC9E8D3BF96}:
    NameServer = 194.204.152.34 217.98.63.164
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program
    Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

  • Gość: magda IP: *.neoplus.adsl.tpnet.pl 12.04.05, 22:54
    czekam niecierpliwie na wskazówki
    tymczasem sciągam juz antywirusa i opere, niestety link do kerio nie dziala
    magda
  • m.gregor 12.04.05, 22:58
    Bo jak 99% czytajacych nie czyta tego co napisalem DUZYMI LITERAMI: ZOBACZ DO
    POSTOW NASTEPNYCH GDZIE SA ERRATY DO LINKOW I LINKI DO NOWSZYCH WERSJI!

    I zdeinstaluj wreszcie to cholerne WANADOO...
    --
    "And the man in the rain picked up his bag of secrets,
    and journeyed up the mountainside, far above the clouds,
    and nothing was ever heard from him again,
    except for the sound of Tubular Bells..."
  • m.gregor 12.04.05, 22:57
    W linku podanym przez kolobos'a jest dokladnie, krok po kroku podane jak usunac
    jimbutt'a:
    www.searchengines.pl/phpbb203/index.php?showtopic=12510&st=0&#entry58793
    --
    "And the man in the rain picked up his bag of secrets,
    and journeyed up the mountainside, far above the clouds,
    and nothing was ever heard from him again,
    except for the sound of Tubular Bells..."
  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 12.04.05, 23:02
    Musisz usunac ten plik:
    C:\WINDOWS\System32\systr.dll

    Otworz notatnik i wklej go nie go:

    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12345678-0000-0010-8000-
    00AAFF6D2EA4}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTas
    kScheduler]
    "{12345678-0000-0010-8000-00AAFF6D2EA4}"=-

    Zapisz jako fix.reg i kliknij dwa razy, nastepnie w Start->Uruchom
    wpisz: regsvr32 /u systr.dll
    nastepnie wpisz w uruchom:
    Start->Uruchom->cmd i wpisz:
    del C:\WINDOWS\System32\systr.dll

    Nastepnie w hijack usun wpis:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.jimbutt.com/stuffs/

    Po skasowaniu, uruchom ponownie komputer i sprawdz czy jimbutt zniknal czy tez
    dalej jest :-)
  • Gość: MAGDA IP: *.neoplus.adsl.tpnet.pl 12.04.05, 23:55
    chyba mi się udało:-)))))
    zresetowałam i nic na razie nie wyskakuje
    wklejam loga
    nie wiem czy cos jeszcze usunac
    wanadoo wywalilam
    ogfile of HijackThis v1.99.1
    Scan saved at 23:49:37, on 2005-04-12
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\ias.exe
    C:\WINDOWS\ibz.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Downloads\Różne dziwne\hijackthisnew\HijackThis.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\wuauclt.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05
    \bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
    \dslmon.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone
    Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program
    Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program
    Files\FlashGet\jc_link.htm
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program
    Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

    jeszcze tylko jedno:-))
    nadal pojawia mi sie komunikat ze twoj system został zawirusowany, osobite
    porty 8080 i 3128 i zeby uzyc free spyvirus czy cuś takiego
    mam nadzieje ze jak uruchomie avasta to zniknie

    magda
  • Gość: magda IP: *.neoplus.adsl.tpnet.pl 13.04.05, 17:20
    no tak, a mowili nie chwal dnia i tak dalej...
    krótko po napisaniu posta avast wykryl trojana
    czesc usunal ale pewnie nie wszystko chociaz nic sie nie otwiera
    ale w logu widze ibz.exe i ias. exe - tego chyba nie powinno być?
    magda

    "Silent Runners.vbs", revision 34, www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
    "Ias" = "C:\WINDOWS\ias.exe" [null data]
    "Ibz" = "C:\WINDOWS\ibz.exe" [null data]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
    "SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
    [null data]
    "NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
    "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    {306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
    \StubPath = ""C:\WINDOWS\System32
    \rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 13.04.05, 17:37
    To chyba nie caly log z silentrunners? Bo cos krotki strasznie.


    A co do tego:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
    "Ias" = "C:\WINDOWS\ias.exe" [null data]
    "Ibz" = "C:\WINDOWS\ibz.exe" [null data]

    To jakis keylogger, zrob tak:

    Start->Uruchom->regedit przejdz do:
  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 13.04.05, 17:40
    przejdz do:
    HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

    i tam usun te dwa wpisy:

    "Ias" = "C:\WINDOWS\ias.exe" [null data]
    "Ibz" = "C:\WINDOWS\ibz.exe" [null data]

    Nastepnie w hijackthis wybierz Open Misc Tools i delte file on reboot i wklej
    sciezke do:

    C:\WINDOWS\ias.exe a nastepnie do C:\WINDOWS\ibz.exe i po resecie juz ich nie
    powinno byc.

    Doklej tez reszte log'a z silentrunners.
  • Gość: magda IP: *.neoplus.adsl.tpnet.pl 13.04.05, 17:58
    "Silent Runners.vbs", revision 34, www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
    "SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe"
    [null data]
    "NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
    "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

    HKLM\Software\Microsoft\Active Setup\Installed Components\
    {306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
    \StubPath = ""C:\WINDOWS\System32
    \rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
    wyświetlania"
    -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll"
    ["Hilgraeve, Inc."]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Eksplorator pulpitu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll"
    ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll"
    ["NVIDIA Corporation"]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon
    Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2
    \Office\OLKFSTUB.DLL" [MS]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
    [null data]
    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL"
    ["WinZip Computing, Inc."]
    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL"
    ["WinZip Computing, Inc."]
    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL"
    ["WinZip Computing, Inc."]
    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL"
    ["WinZip Computing, Inc."]
    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4
    \ashShell.dll" ["ALWIL Software"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
    INFECTION WARNING! "{12345678-0000-0010-8000-00AAFF6D2EA4}" = "Sysctl Desktop
    Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\systr.dll" [file
    not found]


    Enabled Wallpaper and Active Desktop:
    -------------------------------------

    Active Desktop is disabled.

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\magda\Ustawienia lokalne\Dane
    aplikacji\Microsoft\Wallpaper1.bmp"


    Startup items in "magda" & "All Users" startup folders:
    -------------------------------------------------------

    C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
    "DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840
    \dslmon.exe /W" [empty string]
    "hp psc 1000 series" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital
    Imaging\bin\hpohmr08.exe" ["Hewlett-Packard Co."]
    "hpoddt01.exe" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital
    Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]
    "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft
    Office\Office\OSA9.EXE -b -l" [MS]
    "ZoneAlarm Pro" -> shortcut to: "C:\Program Files\Zone
    Labs\ZoneAlarm\zapro.exe -nopopup" ["Zone Labs Inc."]


    Enabled Scheduled Tasks:
    ------------------------

    "FRU Task #Hewlett-Packard#hp psc 1100 series#1090148201" ->
    launches: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -
    I "#Hewlett-Packard#hp psc 1100 series#1090148201"" [empty string]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5
    \Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9
    \Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
    -> {CLSID}\(Default) = "Yahoo! Toolbar"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!
    \Companion\Installs\cpn\ycomp5_3_16_0.dll" [file not found]

    "{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}"
    -> {CLSID}\(Default) = "My &Search Bar"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program
    Files\MyWay\myBar\1.bin\MYBAR.DLL" [file not found]

    "{014DA6C9-189F-421A-88CD-07CFE51CFF10}"
    -> {CLSID}\(Default) = "iMesh Bar"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program
    Files\MySearch\bar\1.bin\S4BAR.DLL" [file not found]

    Dormant Explorer Bars in "View, Explorer Bar" menu

    HKLM\Software\Classes\CLSID\{014DA6CE-189F-421A-88CD-07CFE51CFF10}\
    (Default) = "iMesh Bar Quick View"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    HKLM\Software\Classes\CLSID\{0494D0DE-F8E0-41AD-92A3-14154ECE70AC}\
    (Default) = "My Search Bar Quick View"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\
    (Default) = "My Web Search Quick View"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]

    HKLM\Software\Classes\CLSID\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}\
    (Default) = "&Dyskusja"
    Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
    InProcServer32\(Default) = "shdocvw.dll" [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4
    \ashServ.exe"" [null data]
    avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4
    \aswUpdSv.exe"" [null data]
    avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
    avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4
    \ashWebSv.exe" /service" ["ALWIL Software"]
    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe"
    ["NVIDIA Corpor
  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 13.04.05, 18:05
    Doklej reszte co sie nie zmiescil caly.

    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\systr.dll" [file
    not found] <- tego pliku juz nie ma (chyba), a wiec nie powinno juz wyskakiwac
    to okienko z numerami 8080 itp i juz chyba nie wyskakuje mam racje?

    Na koniec wklej tez log z hijackthis.
  • Gość: magda IP: *.neoplus.adsl.tpnet.pl 13.04.05, 18:09
    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4
    \ashServ.exe"" [null data]
    avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4
    \aswUpdSv.exe"" [null data]
    avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
    avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4
    \ashWebSv.exe" /service" ["ALWIL Software"]
    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe"
    ["NVIDIA Corporation"]
    TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -
    service" ["Zone Labs Inc."]
    VNC Server Version 4, WinVNC4, ""C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -
    service" ["RealVNC Ltd."]
    masz racje nie wyskakuje juz ten blad z 8080:-)))
    wklejam ostatnia czesc

    zaraz wrzuce z hijacka
    mgd
    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4
    \ashServ.exe"" [null data]
    avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4
    \aswUpdSv.exe"" [null data]
    avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
    avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4
    \ashWebSv.exe" /service" ["ALWIL Software"]
    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe"
    ["NVIDIA Corporation"]
    TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -
    service" ["Zone Labs Inc."]
    VNC Server Version 4, WinVNC4, ""C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -
    service" ["RealVNC Ltd."]


    ----------
    This report excludes default entries except where indicated.
    To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    ----------
  • Gość: magda IP: *.neoplus.adsl.tpnet.pl 13.04.05, 18:10
    Logfile of HijackThis v1.99.1
    Scan saved at 18:09:40, on 2005-04-13
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\TV\moretv353pl\MoreTV.exe
    C:\TV\wilma21\Wilma.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Downloads\Różne dziwne\hijackthisnew\HijackThis.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
    \NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05
    \bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
    \dslmon.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone
    Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program
    Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program
    Files\FlashGet\jc_link.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{872DE33C-3A18-4A44-A0C5-CCC9E8D3BF96}:
    NameServer = 194.204.152.34 217.98.63.164
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
    Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program
    Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

  • Gość: Kolobos IP: *.warszawa.sdi.tpnet.pl 13.04.05, 18:17
    Uruchom menadzer zadan (kliknij prawym przyciskiem na pasku start i wybierz
    menadzera) odszukaj proces -> winsys32.exe i zakoncz go, nastepnie w
    Start->Uruchom->cmd wpisz:

    del C:\WINDOWS\System32\winsys32.exe

    i w hijackthis skasuj ten wpis:
    O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe

    Upewnij sie ze po resecie nie ma go juz w hijackthis.

    Zainstaluj tez:
    www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D
    www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster
    I w obu zaznacz ochrone przegladarki (nie wiem czy juz tego nie pisalem ;-))

    Na koniec przeskanuj system tymi skanerami:
    housecall.trendmicro.com/housecall/start_corp.asp
    www.windowsecurity.com/trojanscan/
    www.pandasoftware.com/activescan/
    I to juz wszystko :-)
  • Gość: magda IP: *.neoplus.adsl.tpnet.pl 13.04.05, 18:27
    nie ma w procesach tego pliku, tylko taki
    nvsvc32
    ale tego nie kasować?
    skasowałam winsys32 w hijacku
    zabieram sie za instalowanie programikow z linków - spro tego;-))

    Jeszcze raz WIELKIE DZIĘKI!!!!!
    magda

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka