mam loga z Hijack co i jak usunąć??

IP: *.neoplus.adsl.tpnet.pl 06.03.05, 15:32
Logfile of HijackThis v1.99.1
Scan saved at 15:30:13, on 05-03-06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/SYSTEM/KERNEL32.DLL
C:/WINDOWS/SYSTEM/MSGSRV32.EXE
C:/WINDOWS/SYSTEM/MPREXE.EXE
C:/WINDOWS/SYSTEM/mmtask.tsk
C:/WINDOWS/SYSTEM/MSTASK.EXE
C:/WINDOWS/SYSTEM/MDM.EXE
C:/PROGRAM FILES/TREND MICRO/PC-CILLIN 2002/PCCPFW.EXE
C:/PROGRAM FILES/TREND MICRO/PC-CILLIN 2002/PCCIOMON.EXE
C:/WINDOWS/SYSTEM/ATI2EVXX.EXE
C:/WINDOWS/EXPLORER.EXE
C:/PROGRAM FILES/WINAMP/WINAMPA.EXE
C:/PROGRAM FILES/SLYSOFT/CLONECD/CLONECDTRAY.EXE
C:/WINDOWS/SYSTEM/STIMON.EXE
C:/PROGRAM FILES/TREND MICRO/PC-CILLIN 2002/POP3TRAP.EXE
C:/PROGRAM FILES/TREND MICRO/PC-CILLIN 2002/PCCCLIENT.EXE
C:/PROGRAM FILES/TREND MICRO/PC-CILLIN 2002/PCCGUIDE.EXE
C:/PROGRAM FILES/ATI TECHNOLOGIES/ATI CONTROL PANEL/ATIPTAXX.EXE
C:/WINDOWS/SYSTEM/SYSTRAY.EXE
C:/PROGRAM FILES/NEOSTRADA TP/TASKBARICON.EXE
C:/PROGRAM FILES/NEOSTRADA TP/CNXMON.EXE
C:/WINDOWS/SYSTEM/LEXBCES.EXE
C:/WINDOWS/RUNDLL32.EXE
C:/PROGRAM FILES/GADU-GADU/GG.EXE
C:/WINDOWS/RunDLL.exe
C:/WINDOWS/SYSTEM/RPCSS.EXE
C:/PROGRAM FILES/SAGEM/SAGEM F@ST 800-840/DSLMON.EXE
C:/WINDOWS/SYSTEM/DDHELP.EXE
C:/WINDOWS/SYSTEM/LEXPPS.EXE
C:/WINDOWS/SYSTEM/WMIEXE.EXE
C:/PROGRAM FILES/WINRAR/WINRAR.EXE
C:/WINDOWS/TEMP/RAR$EX0N.F43/HIJACKTHIS.EXE

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = about:blank
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar =
res://C:/WINDOWS/TEMP/se.dll/sp.html
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = about:blank
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page = about:blank
R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant =
about:blank
R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant =
about:blank
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,HomeOldSP = about:blank
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,HomeOldSP = about:blank
R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet
Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {361FB9C3-8E35-11D9-B4CE-4445D3874978} -
C:/WINDOWS/SYSTEM/HCKOHDA.DLL
O4 - HKLM/../Run: [WinampAgent] C:/Program Files/Winamp/winampa.exe
O4 - HKLM/../Run: [CloneCDTray] "C:/Program
Files/SlySoft/CloneCD/CloneCDTray.exe" /s
O4 - HKLM/../Run: [StillImageMonitor] C:/WINDOWS/SYSTEM/STIMON.EXE
O4 - HKLM/../Run: [Pop3trap.exe] "C:/Program Files/Trend Micro/PC-cillin
2002/Pop3trap.exe"
O4 - HKLM/../Run: [PCCClient.exe] "C:/Program Files/Trend Micro/PC-cillin
2002/PCCClient.exe"
O4 - HKLM/../Run: [PCCIOMON.exe] "C:/Program Files/Trend Micro/PC-cillin
2002/PCCIOMON.exe"
O4 - HKLM/../Run: [pccguide.exe] "C:/Program Files/Trend Micro/PC-cillin
2002/pccguide.exe"
O4 - HKLM/../Run: [LexStart] lexstart.exe
O4 - HKLM/../Run: [ATIPTA] C:/Program Files/ATI Technologies/ATI Control
Panel/atiptaxx.exe
O4 - HKLM/../Run: [SystemTray] SysTray.Exe
O4 - HKLM/../Run: [WOOTASKBARICON] C:/PROGRAM FILES/NEOSTRADA
TP/taskbaricon.exe
O4 - HKLM/../Run: [WOOWATCH] C:/PROGRA~1/NEOSTR~1/Watch.exe
O4 - HKLM/../Run: [WooCnxMon] C:/PROGRA~1/NEOSTR~1/CnxMon.exe
O4 - HKLM/../Run: [sp] rundll32 C:/WINDOWS/TEMP/SE.DLL,DllInstall
O4 - HKLM/../RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM/../RunServices: [Machine Debug Manager] C:/WINDOWS/SYSTEM/MDM.EXE
O4 - HKLM/../RunServices: [PCCPFW] C:/Program Files/Trend Micro/PC-cillin
2002/PCCPFW.exe
O4 - HKLM/../RunServices: [PCCIOMON.exe] "C:/Program Files/Trend Micro/PC-
cillin 2002/PCCIOMON.exe"
O4 - HKLM/../RunServices: [ATISmart] C:/WINDOWS/SYSTEM/ati2s9ag.exe
O4 - HKLM/../RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKCU/../Run: [Gadu-Gadu] "C:/PROGRAM FILES/GADU-GADU/GG.EXE" /tray
O4 - HKCU/../Run: [Taskbar Display Controls] RunDLL
deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: DSLMON.lnk = C:/Program Files/SAGEM/SAGEM F@st 800-
840/dslmon.exe
O4 - Startup: Microsoft Office.lnk = C:/Program Files/Microsoft
Office/Office/OSA9.EXE
O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel present
O18 - Filter: text/html - {2483D93E-8DC3-11D9-B4CE-4445D1FBF2A3} -
C:/WINDOWS/SYSTEM/HCKOHDA.DLL
O18 - Filter: text/plain - {2483D93E-8DC3-11D9-B4CE-4445D1FBF2A3} -
C:/WINDOWS/SYSTEM/HCKOHDA.DLL

    • Gość: piecyk gazowy Re: mam loga z Hijack co i jak usunąć?? IP: *.tpnet.pl / *.tpnet.pl 06.03.05, 16:11
      Odpal HT, wybierz Do a system scan only, zaznacz poniższe pozycje i wciśnij Fix
      Checked:

      > R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = about:blank
      > R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar =
      > res://C:/WINDOWS/TEMP/se.dll/sp.html
      > R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = about:blank
      > R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page = about:blank
      > R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant =
      > about:blank
      > R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant =
      > about:blank
      > R1 - HKCU/Software/Microsoft/Internet Explorer/Main,HomeOldSP = about:blank
      > R1 - HKLM/Software/Microsoft/Internet Explorer/Main,HomeOldSP = about:blank

      > O2 - BHO: (no name) - {361FB9C3-8E35-11D9-B4CE-4445D3874978} -
      > C:/WINDOWS/SYSTEM/HCKOHDA.DLL

      > O4 - HKLM/../Run: [sp] rundll32 C:/WINDOWS/TEMP/SE.DLL,DllInstall

      > O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel present
      > O18 - Filter: text/html - {2483D93E-8DC3-11D9-B4CE-4445D1FBF2A3} -
      > C:/WINDOWS/SYSTEM/HCKOHDA.DLL
      > O18 - Filter: text/plain - {2483D93E-8DC3-11D9-B4CE-4445D1FBF2A3} -
      > C:/WINDOWS/SYSTEM/HCKOHDA.DLL

      Zrestartuj system, przeskanuj system <a
      href="ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe">Ad-
      Aware'em</a> i wklej nowego loga.
      • Gość: piecyk gazowy Re: mam loga z Hijack co i jak usunąć?? IP: *.tpnet.pl / *.tpnet.pl 06.03.05, 16:12
        Zrestartuj system, przeskanuj system <a
        href="ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe">Ad-
        Aware'em</a> i wklej nowego loga.

        Jak nie wyjdzie, to tutaj link:
        ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe
    • Gość: czajna Re: mam loga z Hijack co i jak usunąć?? IP: *.neoplus.adsl.tpnet.pl 06.03.05, 17:19
      Logfile of HijackThis v1.99.1
      Scan saved at 17:20:31, on 05-03-06
      Platform: Windows 98 SE (Win9x 4.10.2222A)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\SYSTEM\KERNEL32.DLL
      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
      C:\WINDOWS\SYSTEM\MPREXE.EXE
      C:\WINDOWS\SYSTEM\mmtask.tsk
      C:\WINDOWS\SYSTEM\MSTASK.EXE
      C:\WINDOWS\SYSTEM\MDM.EXE
      C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
      C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
      C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
      C:\WINDOWS\EXPLORER.EXE
      C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
      C:\PROGRAM FILES\SLYSOFT\CLONECD\CLONECDTRAY.EXE
      C:\WINDOWS\SYSTEM\STIMON.EXE
      C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
      C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
      C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
      C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
      C:\WINDOWS\SYSTEM\SYSTRAY.EXE
      C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE
      C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE
      C:\WINDOWS\RUNDLL32.EXE
      C:\PROGRAM FILES\GADU-GADU\GG.EXE
      C:\WINDOWS\RunDLL.exe
      C:\WINDOWS\SYSTEM\LEXBCES.EXE
      C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
      C:\WINDOWS\SYSTEM\RPCSS.EXE
      C:\WINDOWS\SYSTEM\DDHELP.EXE
      C:\WINDOWS\SYSTEM\LEXPPS.EXE
      C:\WINDOWS\SYSTEM\WMIEXE.EXE
      C:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE
      C:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE
      C:\WINDOWS\SYSTEM\TAPISRV.EXE
      C:\WINDOWS\SYSTEM\RNAAPP.EXE
      C:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE
      C:\PROGRAM FILES\WINRAR\WINRAR.EXE
      C:\WINDOWS\TEMP\RAR$EX0R.VKE\HIJACKTHIS.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      szukaj.wp.pl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      res://C:\WINDOWS\TEMP\se.dll/sp.html
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program
      Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
      O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002
      \Pop3trap.exe"
      O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002
      \PCCClient.exe"
      O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002
      \PCCIOMON.exe"
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002
      \pccguide.exe"
      O4 - HKLM\..\Run: [LexStart] lexstart.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
      Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
      O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
      O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
      O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
      O4 - HKLM\..\RunServices: [PCCPFW] C:\Program Files\Trend Micro\PC-cillin 2002
      \PCCPFW.exe
      O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-
      cillin 2002\PCCIOMON.exe"
      O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
      O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
      O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
      deskcp16.dll,QUICKRES_RUNDLLENTRY
      O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office\OSA9.EXE


      I jak??
      • Gość: piecyk gazowy Re: mam loga z Hijack co i jak usunąć?? IP: *.tpnet.pl / *.tpnet.pl 06.03.05, 17:28
        Do usunięcia (spróbuj może w trybie awaryjnym; podczas startu systemu przed
        pojawieniem się niebieskiej planszy z logo Windows, trzeba wcisnąć F8):

        > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
        > res://C:\WINDOWS\TEMP\se.dll/sp.html

        > O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    • Gość: czajna Re: mam loga z Hijack co i jak usunąć?? IP: *.neoplus.adsl.tpnet.pl 06.03.05, 17:44
      Logfile of HijackThis v1.99.1
      Scan saved at 17:46:22, on 05-03-06
      Platform: Windows 98 SE (Win9x 4.10.2222A)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\SYSTEM\KERNEL32.DLL
      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
      C:\WINDOWS\SYSTEM\MPREXE.EXE
      C:\WINDOWS\SYSTEM\mmtask.tsk
      C:\WINDOWS\SYSTEM\MSTASK.EXE
      C:\WINDOWS\SYSTEM\MDM.EXE
      C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
      C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
      C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
      C:\WINDOWS\EXPLORER.EXE
      C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
      C:\PROGRAM FILES\SLYSOFT\CLONECD\CLONECDTRAY.EXE
      C:\WINDOWS\SYSTEM\STIMON.EXE
      C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
      C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
      C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
      C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
      C:\WINDOWS\SYSTEM\SYSTRAY.EXE
      C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE
      C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE
      C:\PROGRAM FILES\GADU-GADU\GG.EXE
      C:\WINDOWS\RunDLL.exe
      C:\WINDOWS\SYSTEM\LEXBCES.EXE
      C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
      C:\WINDOWS\SYSTEM\RPCSS.EXE
      C:\WINDOWS\SYSTEM\WMIEXE.EXE
      C:\WINDOWS\SYSTEM\DDHELP.EXE
      C:\WINDOWS\SYSTEM\LEXPPS.EXE
      C:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE
      C:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE
      C:\WINDOWS\SYSTEM\TAPISRV.EXE
      C:\WINDOWS\SYSTEM\RNAAPP.EXE
      C:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE
      C:\PROGRAM FILES\WINRAR\WINRAR.EXE
      C:\WINDOWS\TEMP\RAR$EX0H.MJD\HIJACKTHIS.EXE

      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program
      Files\SlySoft\CloneCD\CloneCDTray.exe" /s
      O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
      O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002
      \Pop3trap.exe"
      O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002
      \PCCClient.exe"
      O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002
      \PCCIOMON.exe"
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002
      \pccguide.exe"
      O4 - HKLM\..\Run: [LexStart] lexstart.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
      Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
      O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
      O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
      O4 - HKLM\..\RunServices: [PCCPFW] C:\Program Files\Trend Micro\PC-cillin 2002
      \PCCPFW.exe
      O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-
      cillin 2002\PCCIOMON.exe"
      O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
      O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
      O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
      deskcp16.dll,QUICKRES_RUNDLLENTRY
      O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office\OSA9.EXE

Pełna wersja