prosze o sprawdzenie loga

IP: *.internetdsl.tpnet.pl 01.05.05, 14:27
z gory dzieki.




Logfile of HijackThis v1.99.1
Scan saved at 14:25:43, on 05-05-01
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM32\REGSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\AVP\AVPM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AVP\Gk95ctrl.dll
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\PROGRAM FILES\EMULE\EMULE.EXE
C:\PROGRAM FILES\BITCOMET\BITCOMET.EXE
C:\PROGRAM FILES\WINDOWS COMMANDER\WINCMD32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
D:\HIPHOP\ANTYWIRY\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} -
C:\PROGRA~1\TEXTWARE\QUICKF~1\PLUGINS\IEHELP.DLL
O2 - BHO: (no name) - {11380741-BA43-11D9-BCC3-000A00A0503B} -
C:\WINDOWS\SYSTEM\DGCD.DLL
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM
FILES\DAP\DAPIEBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P
NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [arbnxxh] "C:\WINDOWS\SYSTEM\ARBNXXH.exe"
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [regsrv.exe] regsrv.exe
O4 - Startup: Skrót do Avpm.lnk = C:\Program Files\AVP\AVPM.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP -
C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
C:\PROGRA~1\DAP\DAP.EXE
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: komentator - sport.onet.pl/komentator.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
www.bph.pl/pi/components/SignActivX.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = fdssf
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
194.204.159.1,194.204.152.34
O18 - Protocol: textwareilluminatorbase -
{CE5CD329-1650-414A-8DB0-4CBF72FAED87} -
C:\WINDOWS\SYSTEM\TEXTWAREILLUMINATORBASEPROTOCOL.DLL
O18 - Filter: text/html - {11380740-BA43-11D9-BCC3-000A6FECF5A0} -
C:\WINDOWS\SYSTEM\DGCD.DLL
O18 - Filter: text/plain - {11380740-BA43-11D9-BCC3-000A6FECF5A0} -
C:\WINDOWS\SYSTEM\DGCD.DLL
    • Gość: Kolobos Re: prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 01.05.05, 14:44
      Najpierw uzyj tego:
      www.trojaner-info.de/files/SpSeHjfix112.exe
      Jak juz uzyjesz to zapisz log z tego i wklej na forum.
      Jakby po tym nie chcial sie wlaczy IE to klikasz na jego ikonie i wybierasz
      otworz, a nastepnie ustawiasz strone startowa na jaka tam chcesz i juz bedzie
      normalnie startowal (to tak na wszelki wypadek :-))

      Odinstaluj P2P Networking

      W hijackthis usun to:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      res://C:\WINDOWS\TEMP\se.dll/spage.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      res://C:\WINDOWS\TEMP\se.dll/spage.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} -
      C:\PROGRA~1\TEXTWARE\QUICKF~1\PLUGINS\IEHELP.DLL
      O2 - BHO: (no name) - {11380741-BA43-11D9-BCC3-000A00A0503B} -
      C:\WINDOWS\SYSTEM\DGCD.DLL
      O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM
      FILES\DAP\DAPIEBAR.DLL (file missing)
      O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P
      NETWORKING.EXE /AUTOSTART
      O4 - HKLM\..\Run: [arbnxxh] "C:\WINDOWS\SYSTEM\ARBNXXH.exe"
      O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
      O4 - HKLM\..\RunServices: [regsrv.exe] regsrv.exe
      O9 - Extra 'Tools' menuitem: Show &Related Links -
      {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
      O18 - Protocol: textwareilluminatorbase -
      {CE5CD329-1650-414A-8DB0-4CBF72FAED87} -
      C:\WINDOWS\SYSTEM\TEXTWAREILLUMINATORBASEPROTOCOL.DLL
      O18 - Filter: text/html - {11380740-BA43-11D9-BCC3-000A6FECF5A0} -
      C:\WINDOWS\SYSTEM\DGCD.DLL
      O18 - Filter: text/plain - {11380740-BA43-11D9-BCC3-000A6FECF5A0} -
      C:\WINDOWS\SYSTEM\DGCD.DLL

      I Fix Checked, sciagnij to:
      www.downloads.subratam.org/KillBox.zip
      Rozpakuj, zaznacz Delete file on reboot wklej sciezke do pliku (sam nie szukaj
      tylko wklejaj gotowa) i naciskaj czerwony przycik ale na pytanie o reset
      odpowiadaj nie i tak zrob z tymi plikami:
      C:\WINDOWS\SYSTEM\DGCD.DLL
      C:\WINDOWS\SYSTEM\TEXTWAREILLUMINATORBASEPROTOCOL.DLL
      C:\WINDOWS\TEMP\SE.DLL
      C:\WINDOWS\SYSTEM\ARBNXXH.exe
      C:\PROGRA~1\TEXTWARE\QUICKF~1\PLUGINS\IEHELP.DLL

      Po resecie usun katalogi:
      C:\PROGRA~1\TEXTWARE\
      C:\WINDOWS\SYSTEM\P2P NETWORKING\

      I wklej nowy log z hijackthis.
      • Gość: piotrek p Re: prosze o sprawdzenie loga IP: *.internetdsl.tpnet.pl 01.05.05, 15:02
        > Najpierw uzyj tego:
        > www.trojaner-info.de/files/SpSeHjfix112.exe
        > Jak juz uzyjesz to zapisz log z tego i wklej na forum.

        niestety po wlaczeniu start disinfection nic sie nie dzieje.
        zrobic reszte z pominieciem tego?
        • Gość: Kolobos Re: prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 01.05.05, 15:09
          Dzieje sie po nacisnieciu kasuje sie co trzeba i tyle, pozniej naciskasz log i
          w katalogu w ktorym masz spsefix pojawi sie plik SPSeHjFix.log, ktorego
          zawartosc masz wkleic, tyle ze teraz to juz chyba za pozno troche ale i tak
          wklej.
          Oczywiscie wszystko dalej rob.
          • Gość: piotrek p Re: prosze o sprawdzenie loga IP: *.internetdsl.tpnet.pl 01.05.05, 15:59
            robilem to chyba z 3 razy, ale dalej wraca.
            log:


            Logfile of HijackThis v1.99.1
            Scan saved at 15:58:39, on 05-05-01
            Platform: Windows 98 SE (Win9x 4.10.2222A)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

            Running processes:
            C:\WINDOWS\SYSTEM\KERNEL32.DLL
            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
            C:\WINDOWS\SYSTEM\MPREXE.EXE
            C:\WINDOWS\SYSTEM\mmtask.tsk
            C:\WINDOWS\EXPLORER.EXE
            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
            C:\PROGRAM FILES\AVP\AVPM.EXE
            C:\WINDOWS\SYSTEM\DDHELP.EXE
            C:\PROGRAM FILES\AVP\Gk95ctrl.dll
            C:\WINDOWS\SYSTEM\WMIEXE.EXE
            C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
            C:\PROGRAM FILES\WINDOWS COMMANDER\WINCMD32.EXE
            D:\HIPHOP\ANTYWIRY\HIJACKTHIS.EXE

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
            res://C:\WINDOWS\TEMP\se.dll/sp.html
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
            res://C:\WINDOWS\TEMP\se.dll/sp.html
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
            R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
            O2 - BHO: (no name) - {B327EE84-BA57-11D9-BCC3-000AFCDD294B} -
            C:\WINDOWS\SYSTEM\ICNOC.DLL
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\SYSTEM\MSDXM.OCX
            O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
            O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [SoundMan] soundman.exe
            O4 - Startup: Skrót do Avpm.lnk = C:\Program Files\AVP\AVPM.EXE
            O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
            O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
            O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
            C:\PROGRA~1\DAP\DAP.EXE
            O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
            skaner.mks.com.pl/SkanerOnline.cab
            O16 - DPF: komentator - sport.onet.pl/komentator.cab
            O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
            www.bph.pl/pi/components/SignActivX.cab
            O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = fdssf
            O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34
            O18 - Filter: text/html - {B327EE83-BA57-11D9-BCC3-000A7334B13F} -
            C:\WINDOWS\SYSTEM\ICNOC.DLL
            O18 - Filter: text/plain - {B327EE83-BA57-11D9-BCC3-000A7334B13F} -
            C:\WINDOWS\SYSTEM\ICNOC.DLL
            • Gość: Kolobos Re: prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 01.05.05, 16:59
              No to zrob to jeszcze raz i wklej log z SpSeHjfix112.exe naciskasz na przycisk
              Log w programie i wklej zawartosc pliku:
              SPSeHjFix.log


              W hijackthis to samo:

              > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
              > res://C:\WINDOWS\TEMP\se.dll/sp.html
              > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
              > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
              > res://C:\WINDOWS\TEMP\se.dll/sp.html
              > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
              > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              about:b
              > lank
              > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              about:b
              > lank
              > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
              > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
              > O2 - BHO: (no name) - {B327EE84-BA57-11D9-BCC3-000AFCDD294B} -
              > C:\WINDOWS\SYSTEM\ICNOC.DLL
              > O18 - Filter: text/html - {B327EE83-BA57-11D9-BCC3-000A7334B13F} -
              > C:\WINDOWS\SYSTEM\ICNOC.DLL
              > O18 - Filter: text/plain - {B327EE83-BA57-11D9-BCC3-000A7334B13F} -
              > C:\WINDOWS\SYSTEM\ICNOC.DLL

              Ale i tak wroci, dlatego wklej zawartosc SPSeHjFix.log
              • Gość: piotrek p Re: prosze o sprawdzenie loga IP: *.internetdsl.tpnet.pl 01.05.05, 17:05
                po kliknieciu start disinfection, obraz nie zmienia sie nic. nie mam zadnego
                przycisku log. mam tylko z lewej close, a z prawej start disinfection.
                • Gość: Kolobos Re: prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 01.05.05, 17:16
                  Naciskasz start disinfection, po tym pojawia Ci sie maly przycisk log po prawej
                  stronie nad start disingection i nie mow, ze sie nie pojawia.Wklej tez nowy log
                  z hijackthis.

              • Gość: piotrek p mam! IP: *.internetdsl.tpnet.pl 01.05.05, 17:14


                (5-1-05 17:09:21) SPSeHjFix started v1.1.2
                (5-1-05 17:09:21) OS: Win98SE A (4.10.2222)
                (5-1-05 17:09:21) Language: polski
                (5-1-05 17:09:21) Win-Path: C:\WINDOWS
                (5-1-05 17:09:21) System-Path: C:\WINDOWS\SYSTEM
                (5-1-05 17:09:21) Temp-Path: C:\WINDOWS\TEMP\
                (5-1-05 17:09:22) Disinfection started
                (5-1-05 17:09:22) Bad-Dll(IEP): c:\windows\temp\se.dll
                (5-1-05 17:09:22) Searchassistant Uninstaller found: regsvr32 /s /u
                C:\WINDOWS\SYSTEM\ICNOC.DLL
                (5-1-05 17:09:22) Searchassistant Uninstaller - Keys Deleted
                (5-1-05 17:09:22) UBF: 6 - UBB: 0 - UBR: 5
                (5-1-05 17:09:22) FilterKey: HKCR\text/html (deleted)
                (5-1-05 17:09:22) FilterKey: HKCR\CLSID\{B4A7ECFA-BA59-11D9-BCC3-000A2D40D049}
                (deleted)
                (5-1-05 17:09:22) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
                (5-1-05 17:09:22) FilterKey: HKCR\text/plain (deleted)
                (5-1-05 17:09:22) FilterKey: HKCR\CLSID\{B4A7ECFA-BA59-11D9-BCC3-000A2D40D049}
                (error while deleting)
                (5-1-05 17:09:22) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
                (5-1-05 17:09:22) BHO-Key:
                HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
                Objects\{B4A7ECFB-BA59-11D9-BCC3-000A420C75D2} (deleted)
                (5-1-05 17:09:22) BHO-Key: HKCR\CLSID\{B4A7ECFB-BA59-11D9-BCC3-000A420C75D2}
                (deleted)
                (5-1-05 17:09:22) Run-Key:
                HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32
                C:\WINDOWS\TEMP\SE.DLL,DllInstall (deleted)
                (5-1-05 17:09:22) UBF: 4 - UBB: 0 - UBR: 4
                (5-1-05 17:09:22) Bad IE-pages:
                deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
                res://c:\windows\temp\se.dll/sp.html
                deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
                deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
                deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
                deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant:
                about:blank
                deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
                res://c:\windows\temp\se.dll/sp.html
                deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
                deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
                deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
                deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant:
                about:blank
                (5-1-05 17:09:22) Stealth-String found: C:\WINDOWS\HLPVD.GIF
                (5-1-05 17:09:22) File added to delete: c:\windows\system\icnoc.dll
                (5-1-05 17:09:22) File added to delete: c:\windows\temp\se.dll
                (5-1-05 17:09:22) File added to delete: c:\windows\hlpvd.gif
                (5-1-05 17:09:22) Reboot
                (5-1-05 17:10:46) SPSeHjFix 2nd Step
                (5-1-05 17:10:46) Stealth-String not present. Disinfection succesfully
                (5-1-05 17:10:55) Cleaned
                • Gość: Kolobos Re: mam! IP: *.warszawa.sdi.tpnet.pl 01.05.05, 17:17
                  No i teraz zresetuj komputer, tylko nie pisz, ze Ci to wraca po resecie.
                  • Gość: piotrek p nowy log IP: *.internetdsl.tpnet.pl 01.05.05, 17:21
                    wyglada czysto.

                    Logfile of HijackThis v1.99.1
                    Scan saved at 17:19:58, on 05-05-01
                    Platform: Windows 98 SE (Win9x 4.10.2222A)
                    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                    Running processes:
                    C:\WINDOWS\SYSTEM\KERNEL32.DLL
                    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                    C:\WINDOWS\SYSTEM\MPREXE.EXE
                    C:\WINDOWS\SYSTEM\mmtask.tsk
                    C:\WINDOWS\EXPLORER.EXE
                    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                    C:\PROGRAM FILES\AVP\AVPM.EXE
                    C:\WINDOWS\SYSTEM\DDHELP.EXE
                    C:\PROGRAM FILES\AVP\Gk95ctrl.dll
                    C:\WINDOWS\SYSTEM\WMIEXE.EXE
                    C:\PROGRAM FILES\WINDOWS COMMANDER\WINCMD32.EXE
                    C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
                    D:\HIPHOP\ANTYWIRY\HIJACKTHIS.EXE

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/
                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                    C:\WINDOWS\SYSTEM\MSDXM.OCX
                    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                    O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
                    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                    O4 - HKLM\..\Run: [SoundMan] soundman.exe
                    O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
                    O4 - Startup: Skrót do Avpm.lnk = C:\Program Files\AVP\AVPM.EXE
                    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
                    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
                    O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
                    C:\PROGRA~1\DAP\DAP.EXE
                    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                    skaner.mks.com.pl/SkanerOnline.cab
                    O16 - DPF: komentator - sport.onet.pl/komentator.cab
                    O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
                    www.bph.pl/pi/components/SignActivX.cab
                    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = fdssf
                    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34


                    tylko przy resecie wyskoczylo, ze brakuje pliku c:/windows/temp/se.dll
                    usunac ten wpis?
                    >O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
                    • Gość: Kolobos Re: nowy log IP: *.warszawa.sdi.tpnet.pl 01.05.05, 17:24
                      Tak usun ten wpis to pozostalosc po tym CWS'ie.
                      Zainstaluj tez to co podalem tutaj:
                      forum.gazeta.pl/forum/72,2.html?f=430&w=23391622&a=23394592
                      I nie wchodz juz wiecej na te dziwne strony na, ktorych to jest, a tym bardziej
                      nie instaluj tego ;-)
                      • Gość: piotrek p dzieki IP: *.internetdsl.tpnet.pl 01.05.05, 17:28
                        z tym hijackiem to mi nie wychodzilo, bo normalnego hijacka i tego fixa mialem w
                        roznych katalogach :)

                        zainstaluje to co podales.
                        dzieki, za poswiecenie czasu.
                        pozdrawiam.
                  • Gość: Kolobos Re: mam! IP: *.warszawa.sdi.tpnet.pl 01.05.05, 17:22
                    Zainstaluj tez:
                    www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
                    przeskanuj i wlacz ochrone przegladarki
                    www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
                    ochrone przegladarki
                    www.wilderssecurity.net/spywareguard.html <- SpywareGuard
Pełna wersja