Log of HijackThis - prosze o pomoc :)

25.02.05, 10:11
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\kkonofal\Dane aplikacji\asam.exe
C:\WINDOWS\System32\??rss.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kkonofal\Ustawienia lokalne\Temp\Katalog tymczasowy
2 dla hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\kkonofal\USTAWI~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\kkonofal\USTAWI~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {B3FC9389-ADA6-441A-824E-0B41FF6B154A} -
C:\WINDOWS\System32\ijpi.dll (file missing)
O2 - BHO: (no name) - {E5134857-A29F-B64B-B468-FE7A97B75199} -
C:\WINDOWS\System32\ivqn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\kkonofal\USTAWI~1
\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Butb] C:\Documents and Settings\kkonofal\Dane
aplikacji\asam.exe
O4 - HKCU\..\Run: [Jzhr] C:\WINDOWS\System32\??rss.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program
Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -
iframedollars.biz/tb/loader2.ocx
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = men.edu.pl
O17 - HKLM\Software\..\Telephony: DomainName = men.edu.pl
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = men.edu.pl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = men.edu.pl
O18 - Filter: text/html - {4D9EE280-93EC-49CF-9680-3D629AC265F6} -
C:\WINDOWS\System32\ijpi.dll
O18 - Filter: text/plain - {4D9EE280-93EC-49CF-9680-3D629AC265F6} -
C:\WINDOWS\System32\ijpi.dll
    • Gość: piecyk gazowy Re: Log of HijackThis - prosze o pomoc :) IP: *.tpnet.pl / *.tpnet.pl 25.02.05, 11:56
      Do usunięcia:

      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      > res://C:\DOCUME~1\kkonofal\USTAWI~1\Temp\se.dll/sp.html
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      > res://C:\DOCUME~1\kkonofal\USTAWI~1\Temp\se.dll/sp.html
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
      > O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
      > O2 - BHO: (no name) - {B3FC9389-ADA6-441A-824E-0B41FF6B154A} -
      > C:\WINDOWS\System32\ijpi.dll (file missing)
      > O2 - BHO: (no name) - {E5134857-A29F-B64B-B468-FE7A97B75199} -
      > C:\WINDOWS\System32\ivqn.dll

      > O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\kkonofal\USTAWI~1
      > \Temp\se.dll,DllInstall

      > O4 - HKCU\..\Run: [Butb] C:\Documents and Settings\kkonofal\Dane
      > aplikacji\asam.exe
      > O4 - HKCU\..\Run: [Jzhr] C:\WINDOWS\System32\??rss.exe

      > O15 - Trusted Zone: *.iframedollars.biz
      > O15 - Trusted Zone: *.skoobidoo.com
      > O15 - Trusted Zone: *.slotchbar.com
      > O15 - Trusted Zone: *.windupdates.com
      > O15 - Trusted Zone: *.iframedollars.biz (HKLM)
      > O15 - Trusted Zone: *.skoobidoo.com (HKLM)
      > O15 - Trusted Zone: *.slotchbar.com (HKLM)
      > O15 - Trusted Zone: *.windupdates.com (HKLM)
      > O15 - Trusted IP range: 213.159.117.202
      > O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -
      > iframedollars.biz/tb/loader2.ocx

      > O18 - Filter: text/html - {4D9EE280-93EC-49CF-9680-3D629AC265F6} -
      > C:\WINDOWS\System32\ijpi.dll
      > O18 - Filter: text/plain - {4D9EE280-93EC-49CF-9680-3D629AC265F6} -
      > C:\WINDOWS\System32\ijpi.dll

      I wklej nowego, najlepiej kompletnego, loga.
      • agnulek Re: Log of HijackThis - prosze o pomoc :) 01.03.05, 11:56
        wywalilam, niestety nadal otwieraja mi sie jakies dziwne okienka :(

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\SOUNDMAN.EXE
        C:\WINDOWS\System32\rundll32.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
        C:\WINDOWS\System32\wuauclt.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Documents and Settings\kkonofal\Ustawienia lokalne\Temp\Katalog tymczasowy 6
        dla hijackthis.zip\HijackThis.exe

        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\kkonofal\USTAWI~1
        \Temp\se.dll,DllInstall
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program
        Files\Microsoft Firewall Client\ISATRAY.EXE
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office10\OSA.EXE
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = men.edu.pl
        O17 - HKLM\Software\..\Telephony: DomainName = men.edu.pl
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = men.edu.pl
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = men.edu.pl

        ps. dzieki piecyku
        • Gość: piecyk gazowy Re: Log of HijackThis - prosze o pomoc :) IP: *.tpnet.pl / *.tpnet.pl 02.03.05, 12:03
          Użyj CWShreddera cwshredder.net/bin/CWSInstall.exe
          (może też pomoże).

          W HT wywal jeszcze to:

          > O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\kkonofal\USTAWI~1
          > \Temp\se.dll,DllInstall

          > O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program
          > Files\Microsoft Firewall Client\ISATRAY.EXE
          • agnulek Re: Log of HijackThis - prosze o pomoc :) 02.03.05, 12:41
            uzylam wczesniej Shreddera, i Ad-aware..
            niby czysto a jednak nie.
            • Gość: piecyk gazowy Re: Log of HijackThis - prosze o pomoc :) IP: *.tpnet.pl / *.tpnet.pl 02.03.05, 13:32
              Wklej nowego loga.
              • agnulek Re: Log of HijackThis - prosze o pomoc :) 03.03.05, 10:27
                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\Explorer.EXE
                C:\WINDOWS\SOUNDMAN.EXE
                C:\WINDOWS\System32\rundll32.exe
                C:\WINDOWS\System32\ctfmon.exe
                C:\Program Files\Gadu-Gadu\gg.exe
                C:\Program Files\Internet Explorer\IEXPLORE.EXE
                C:\Program Files\Internet Explorer\IEXPLORE.EXE
                C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
                C:\Documents and Settings\kkonofal\Ustawienia lokalne\Temp\Katalog tymczasowy 9
                dla hijackthis.zip\HijackThis.exe

                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                C:\WINDOWS\System32\msdxm.ocx
                O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\kkonofal\USTAWI~1
                \Temp\se.dll,DllInstall
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                Office\Office10\OSA.EXE
                O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                C:\Program Files\Messenger\MSMSGS.EXE
                O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
                00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                skaner.mks.com.pl/SkanerOnline.cab
                O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = men.edu.pl
                O17 - HKLM\Software\..\Telephony: DomainName = men.edu.pl
                O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = men.edu.pl
                O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = men.edu.pl

                poza tym zauwazylam ze niby w koszu cos mam a tam pusto ;-)
                • Gość: piecyk gazowy Re: Log of HijackThis - prosze o pomoc :) IP: *.tpnet.pl / *.tpnet.pl 03.03.05, 10:30
                  Wyrzuć to:
                  > O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\kkonofal\USTAWI~1
                  > \Temp\se.dll,DllInstall

                  Jak to jest - wyrzucasz i wraca?

                  > poza tym zauwazylam ze niby w koszu cos mam a tam pusto ;-)

                  Tak czasem się zdarza nawet na "zdrowym" systemie.
                  • netsec Re: Piecyk i co dalej :) 03.03.05, 11:00
                    Piecyk, znam ten temat i wymaga więcej :D
                    Jeśli wykona dokładnie to:
                    forum.gazeta.pl/forum/72,2.html?f=23618&w=16130227&a=20763702
                    to będzie git :)
                    Kolejność czynności bardzo istotna.
                    • agnulek Re: Piecyk i co dalej :) 03.03.05, 15:04
                      łohohoho strasznie duzo roboty ;) nie moj komputer, do tego kogos kto i tak go
                      niedlugo zasmieci.. poczekam az system calkiem umrze ;))
      • koaa Re: Log of HijackThis - prosze o pomoc :) 01.03.05, 14:39
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        za co ten proces odpowiada?
        • agnulek Re: Log of HijackThis - prosze o pomoc :) 02.03.05, 11:35
          ctfmon.exe

          support.microsoft.com/kb/282599/pl#kb2
Pełna wersja