Problem...prosze o pomoc!!!!

IP: *.lama.net.pl / *.lama.net.pl 03.05.05, 23:21
Wiem, ze zlapalam jakiegos paskudnego wirusa ale poniewaz jestem typowa baba
co ma 2 lewe rece do kompow to nie mam pojecia co z tym zrobic. Pomozcie
dobrzy ludzie...plizzz:)

Logfile of HijackThis v1.99.1
Scan saved at 23:13:23, on 2005-05-03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ntar32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\sysqs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\User\USTAWI~1\Temp\Rar$EX00.469\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {35C0FF68-6128-87C7-7BA9-C238C4376233} -
C:\WINDOWS\system32\syspw32.dll
O2 - BHO: (no name) - {789FEB82-8DED-7AC4-9DDA-995AC51398B1} -
C:\WINDOWS\system32\atloc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP
Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet
Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [ntar32.exe] C:\WINDOWS\system32\ntar32.exe
O4 - HKLM\..\RunOnce: [netkp32.exe] C:\WINDOWS\system32\netkp32.exe
O4 - HKLM\..\RunOnce: [wintb32.exe] C:\WINDOWS\system32\wintb32.exe
O4 - HKLM\..\RunOnce: [sysei32.exe] C:\WINDOWS\sysei32.exe
O4 - HKLM\..\RunOnce: [javalm.exe] C:\WINDOWS\system32\javalm.exe
O4 - HKLM\..\RunOnce: [atlcw32.exe] C:\WINDOWS\system32\atlcw32.exe
O4 - HKLM\..\RunOnce: [ntip32.exe] C:\WINDOWS\ntip32.exe
O4 - HKLM\..\RunOnce: [sysqs.exe] C:\WINDOWS\system32\sysqs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -
FastScan
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
www.poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 - DPF: {92F05779-6D88-4958-8AD3-83C12D855D67} -
www.giantexplorer.com/toolbar/toolbar.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61C4B6B5-983F-479C-BEAF-
D751D6BCEF51}: NameServer = 194.204.152.34,194.204.159.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8E5AC4C-E637-489A-A751-
E883263A1CAD}: NameServer = 194.204.152.34,194.204.159.1
O23 - Service: Network Security Service ( 11Fßä#·şÄÖ`I) - Unknown owner -
C:\WINDOWS\iexg.exe (file missing)

    • Gość: Kolobos Re: Problem...prosze o pomoc!!!! IP: *.warszawa.sdi.tpnet.pl 03.05.05, 23:46
      Nie jednego ;-)

      Na poczatek uzyj tego:
      www.trojaner-info.de/files/SpSeHjfix112.exe
      W hijackthis wybierz scan only i zaznacz te wpisy:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
      R3 - Default URLSearchHook is missing
      O2 - BHO: (no name) - {35C0FF68-6128-87C7-7BA9-C238C4376233} -
      C:\WINDOWS\system32\syspw32.dll
      O2 - BHO: (no name) - {789FEB82-8DED-7AC4-9DDA-995AC51398B1} -
      C:\WINDOWS\system32\atloc.dll
      O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
      Networking.exe /AUTOSTART
      O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
      files\SearchUpgrader\SearchUpgrader.exe
      O4 - HKLM\..\Run: [ntar32.exe] C:\WINDOWS\system32\ntar32.exe
      O4 - HKLM\..\RunOnce: [netkp32.exe] C:\WINDOWS\system32\netkp32.exe
      O4 - HKLM\..\RunOnce: [wintb32.exe] C:\WINDOWS\system32\wintb32.exe
      O4 - HKLM\..\RunOnce: [sysei32.exe] C:\WINDOWS\sysei32.exe
      O4 - HKLM\..\RunOnce: [javalm.exe] C:\WINDOWS\system32\javalm.exe
      O4 - HKLM\..\RunOnce: [atlcw32.exe] C:\WINDOWS\system32\atlcw32.exe
      O4 - HKLM\..\RunOnce: [ntip32.exe] C:\WINDOWS\ntip32.exe
      O4 - HKLM\..\RunOnce: [sysqs.exe] C:\WINDOWS\system32\sysqs.exe
      O16 - DPF: {92F05779-6D88-4958-8AD3-83C12D855D67} -
      www.giantexplorer.com/toolbar/toolbar.cab
      O23 - Service: Network Security Service ( 11Fßä#·şÄÖ`I) - Unknown owner -
      C:\WINDOWS\iexg.exe (file missing)

      I Fix Checked, nastepnie sciagnij:
      www.downloads.subratam.org/KillBox.zip
      Rozpakuj, zaznacz Delete file on reboot wklej sciezke do pliku (sam/a nie
      szukaj tylko wklejaj gotowa) i naciskaj czerwony przycik ale na pytanie o reset
      odpowiadaj nie i tak zrob z tymi plikami:

      C:\WINDOWS\system32\dyptm.dll
      C:\WINDOWS\system32\syspw32.dll
      C:\WINDOWS\system32\atloc.dll
      C:\WINDOWS\System32\P2P Networking\P2P Networking.exe <- po resecie usun
      katalog P2P Networking
      C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
      C:\WINDOWS\system32\ntar32.exe
      C:\WINDOWS\system32\netkp32.exe
      C:\WINDOWS\system32\wintb32.exe
      C:\WINDOWS\sysei32.exe
      C:\WINDOWS\system32\javalm.exe
      C:\WINDOWS\system32\atlcw32.exe
      C:\WINDOWS\ntip32.exe
      C:\WINDOWS\system32\sysqs.exe

      Zainstaluj tez:
      www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
      przeskanuj i wlacz ochrone przegladarki
      www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
      ochrone przegladarki
      www.wilderssecurity.net/spywareguard.html <- SpywareGuard


      Po resecie wklej nowy log z hijackthis.
      • Gość: lili Re: Problem...prosze o pomoc!!!! IP: *.lama.net.pl / *.lama.net.pl 04.05.05, 00:37
        wielkie dzieki za pomoc:)) ale chyba dalej cos jest nie tak:(

        Logfile of HijackThis v1.99.1
        Scan saved at 00:35:44, on 2005-05-04
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\crsk32.exe
        C:\Program Files\Winamp\winampa.exe
        C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\WINDOWS\system32\addlh.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\SpywareGuard\sgmain.exe
        C:\Program Files\SpywareGuard\sgbhp.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\Program Files\WinRAR\WinRAR.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Program Files\WinRAR\WinRAR.exe
        C:\DOCUME~1\User\USTAWI~1\Temp\Rar$EX00.969\HijackThis.exe
        C:\DOCUME~1\User\USTAWI~1\Temp\Rar$EX00.094\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        res://C:\WINDOWS\system32\lgwud.dll/sp.html#45052
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
        res://C:\WINDOWS\system32\lgwud.dll/sp.html#45052
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        res://C:\WINDOWS\system32\lgwud.dll/sp.html#45052
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
        res://C:\WINDOWS\system32\lgwud.dll/sp.html#45052
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
        res://C:\WINDOWS\system32\lgwud.dll/sp.html#45052
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        res://C:\WINDOWS\system32\lgwud.dll/sp.html#45052
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        res://C:\WINDOWS\system32\lgwud.dll/sp.html#45052
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        R3 - Default URLSearchHook is missing
        O2 - BHO: (no name) - {5A1B061E-B088-9A88-3986-A4314318D27D} -
        C:\WINDOWS\sdknd32.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
        c:\program files\google\googletoolbar2.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
        files\google\googletoolbar2.dll
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
        \spool\drivers\w32x86\3\hpztsb08.exe
        O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
        Imaging\bin\hpotdd01.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
        atboottime
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
        Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP
        Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
        O4 - HKLM\..\Run: [addlh.exe] C:\WINDOWS\system32\addlh.exe
        O4 - HKLM\..\RunOnce: [crsk32.exe] C:\WINDOWS\system32\crsk32.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -
        FastScan
        O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office10\OSA.EXE
        O8 - Extra context menu item: &Google Search - res://c:\program
        files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: Backward Links - res://c:\program
        files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
        files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Similar Pages - res://c:\program
        files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate into English - res://c:\program
        files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
        www.poczta.wp.pl/autoryzacja/mailcfg.ocx
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{61C4B6B5-983F-479C-BEAF-D751D6BCEF51}:
        NameServer = 194.204.152.34,194.204.159.1
        O17 - HKLM\System\CCS\Services\Tcpip\..\{E8E5AC4C-E637-489A-A751-E883263A1CAD}:
        NameServer = 194.204.152.34,194.204.159.1
        O23 - Service: Network Security Service ( 11Fßä#·şÄÖ`I) - Unknown owner -
        C:\WINDOWS\iexg.exe (file missing)

        • Gość: Kolobos Re: Problem...prosze o pomoc!!!! IP: *.warszawa.sdi.tpnet.pl 04.05.05, 00:53
          Uruchom windows w trybie awaryjnym (F5 podczas startu systemu lub F8) i uruchom
          to:
          www.silentrunners.org/Silent%20Runners.vbs
          I wklej na forum log z tego.

          Nie zaszkodzi tez uzyc tego:
          cwshredder.net/bin/CWShredder.exe

          Do tego usun killboxem jeszcze te pliki:
          C:\WINDOWS\system32\addlh.exe
          C:\WINDOWS\system32\crsk32.exe

          W hijackthis wejdz w Open Misc Tools i tam Delete NT Service i wklej tam to:
          Network Security Service
          i ok
          • Gość: Kolobos Re: Problem...prosze o pomoc!!!! IP: *.warszawa.sdi.tpnet.pl 04.05.05, 01:00
            Zapomnialem o jeszcze jednym:
            www.atribune.org/downloads/AboutBuster.zip
            :-)
            • Gość: lili Re: Problem...prosze o pomoc!!!! IP: *.lama.net.pl / *.lama.net.pl 04.05.05, 11:18
              Wklejam loga z silentrunners...mam nadzieje, ze wszystko zrobilam dobrze:)

              "Silent Runners.vbs", revision 36, www.silentrunners.org/
              Operating System: Windows XP
              Output limited to non-default values, except where indicated by "{++}"


              Startup items buried in registry:
              ---------------------------------

              HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
              "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
              "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
              "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]
              "Spyware Vanisher" = "c:\spywarevanisher-free\FreeScanner.exe -FastScan" [file
              not found]

              HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
              "NeroCheck" = "C:\WINDOWS\System32\\NeroCheck.exe" ["Ahead Software Gmbh"]
              "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
              "windows auto update" = (no data)
              "HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3
              \hpztsb08.exe" ["HP"]
              "DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital
              Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]
              "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime"
              ["Apple Computer, Inc."]
              "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -
              osboot" ["RealNetworks, Inc."]
              "HP Software Update" = "C:\Program Files\Hewlett-Packard\HP Software
              Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
              "IEXPLORE.EXE" = "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [MS]
              "addlh.exe" = "C:\WINDOWS\system32\addlh.exe" [file not found]

              HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
              {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper"
              [from CLSID]
              -> {CLSID}\InProcServer32\(Default) = "c:\program
              files\google\googletoolbar2.dll" ["Google Inc."]

              HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
              "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania
              wyświetlania"
              -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
              "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
              -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll"
              ["Hilgraeve, Inc."]
              "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon
              Handler"
              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft
              Office\Office10\OLKFSTUB.DLL" [MS]
              "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft
              Office\Office10\msohev.dll" [MS]
              "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
              -> {CLSID}\InProcServer32\(Default) = "C:\Program
              Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
              "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
              -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll"
              [null data]
              "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard.Handler" [from CLSID]
              -> {CLSID}\InProcServer32\(Default) = "C:\Program
              Files\SpywareGuard\spywareguard.dll" [null data]

              HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
              INFECTION WARNING! "{81559C35-8464-49F7-BB0E-07A383BEF910}"
              = "SpywareGuard.Handler" [from CLSID]
              -> {CLSID}\InProcServer32\(Default) = "C:\Program
              Files\SpywareGuard\spywareguard.dll" [null data]

              HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
              "WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
              -> {CLSID}\InProcServer32\(Default) = (value not set)


              Enabled Screen Saver:
              ---------------------

              HKCU\Control Panel\Desktop\
              "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


              Enabled Wallpaper and Active Desktop:
              -------------------------------------

              Active Desktop is disabled.

              HKCU\Control Panel\Desktop\
              "Wallpaper" = "C:\Documents and Settings\User\Ustawienia lokalne\Dane
              aplikacji\Microsoft\Wallpaper1.bmp"


              Startup items in "User" & "All Users" startup folders:
              ------------------------------------------------------

              C:\Documents and Settings\User\Menu Start\Programy\Autostart
              "SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null
              data]

              C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
              "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10
              \OSA.EXE -b -l" [MS]


              Winsock2 Service Provider DLLs:
              -------------------------------

              Namespace Service Providers

              HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5
              \Catalog_Entries\ {++}
              000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
              000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
              000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

              Transport Service Providers

              HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9
              \Catalog_Entries\ {++}
              0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
              %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
              %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


              Toolbars, Explorer Bars, Extensions:
              ------------------------------------

              Toolbars

              HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
              "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
              -> {CLSID}\(Default) = "&Google"
              -> {CLSID}\InProcServer32\(Default) = "c:\program
              files\google\googletoolbar2.dll" ["Google Inc."]

              HKLM\Software\Microsoft\Internet Explorer\Toolbar\
              "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
              -> {CLSID}\(Default) = "&Google"
              -> {CLSID}\InProcServer32\(Default) = "c:\program
              files\google\googletoolbar2.dll" ["Google Inc."]

              Extensions (Tools menu items, main toolbar menu buttons)

              HKLM\Software\Microsoft\Internet Explorer\Extensions\
              {FB5F1910-F110-11D2-BB9E-00C04F795683}\
              "ButtonText" = "Messenger"
              "MenuText" = "Windows Messenger"
              "Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


              All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
              ---------------------------------------------------------------------------

              Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]
              Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft
              Shared\VS7Debug\mdm.exe"" [MS]
              Usługa administracyjna Menedżera dysków logicznych,
              dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas
              Software"]


              ----------
              This report excludes default entries except where indicated.
              To see *everywhere* the script checks and *everything* it finds,
              launch it from a command prompt or a shortcut with the -all parameter.
              ----------
          • Gość: lili Re: Problem...prosze o pomoc!!!! IP: *.lama.net.pl / *.lama.net.pl 04.05.05, 11:22
            hmm..hijack mi mowi, ze nie znaleziono czegos takiego jak Network Security
            Service:(
            • Gość: lili Re: Problem...prosze o pomoc!!!! IP: *.lama.net.pl / *.lama.net.pl 04.05.05, 11:45
              jupiii strona startowa jest juz ok:)))
              jeszcze tylko gadugadu nawala. pokazuje mi sie jakis error7:(
              w kazdym razie wklejam jeszcze loga z hijacka i slicznie prosze o sprawdzenie.

              Logfile of HijackThis v1.99.1
              Scan saved at 11:42:38, on 2005-05-04
              Platform: Windows XP (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 (6.00.2600.0000)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Winamp\winampa.exe
              C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
              C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
              C:\Program Files\QuickTime\qttask.exe
              C:\Program Files\Common Files\Real\Update_OB\realsched.exe
              C:\WINDOWS\System32\ctfmon.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\Program Files\SpywareGuard\sgmain.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\SpywareGuard\sgbhp.exe
              C:\WINDOWS\System32\wuauclt.exe
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\Gadu-Gadu\gg.exe
              C:\Program Files\WinRAR\WinRAR.exe
              C:\DOCUME~1\User\USTAWI~1\Temp\Rar$EX00.735\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              info.local.pl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
              res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
              R3 - Default URLSearchHook is missing
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
              c:\program files\google\googletoolbar2.dll
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
              C:\WINDOWS\System32\msdxm.ocx
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
              files\google\googletoolbar2.dll
              O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
              O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
              \spool\drivers\w32x86\3\hpztsb08.exe
              O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
              Imaging\bin\hpotdd01.exe
              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
              atboottime
              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
              Files\Real\Update_OB\realsched.exe" -osboot
              O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
              O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -
              FastScan
              O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
              Office\Office10\OSA.EXE
              O8 - Extra context menu item: &Google Search - res://c:\program
              files\google\GoogleToolbar2.dll/cmsearch.html
              O8 - Extra context menu item: Backward Links - res://c:\program
              files\google\GoogleToolbar2.dll/cmbacklinks.html
              O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
              files\google\GoogleToolbar2.dll/cmcache.html
              O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
              res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
              O8 - Extra context menu item: Similar Pages - res://c:\program
              files\google\GoogleToolbar2.dll/cmsimilar.html
              O8 - Extra context menu item: Translate into English - res://c:\program
              files\google\GoogleToolbar2.dll/cmtrans.html
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
              C:\Program Files\Messenger\MSMSGS.EXE
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
              00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
              O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
              www.poczta.wp.pl/autoryzacja/mailcfg.ocx
              O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
              skaner.mks.com.pl/SkanerOnline.cab
              O17 - HKLM\System\CCS\Services\Tcpip\..\{61C4B6B5-983F-479C-BEAF-D751D6BCEF51}:
              NameServer = 194.204.152.34,194.204.159.1
              O17 - HKLM\System\CCS\Services\Tcpip\..\{E8E5AC4C-E637-489A-A751-E883263A1CAD}:
              NameServer = 194.204.152.34,194.204.159.1

              • Gość: Kolobos Re: Problem...prosze o pomoc!!!! IP: *.warszawa.sdi.tpnet.pl 04.05.05, 13:22
                Usun jeszcze te wpisy:
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
                res://C:\WINDOWS\system32\dyptm.dll/sp.html#45052
                R3 - Default URLSearchHook is missing
                Ten spywarevanisher, chyba w ogole nie dziala? wiec jego tez zaznacz
                O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -
                FastScan

                Do tego w silentrunners widze to:
                HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
                "addlh.exe" = "C:\WINDOWS\system32\addlh.exe" [file not found]

                Wiec jak chcesz to usun to tez:
                Start->Uruchom->regedit przejdz do
                HkeyLocalMachine\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
                i tam usun:
                "addlh.exe" = "C:\WINDOWS\system32\addlh.exe"
                o ile tam jest bo w hijackthis tego nie widdac.

                • Gość: lili Re: Problem...prosze o pomoc!!!! IP: *.lama.net.pl / *.lama.net.pl 04.05.05, 22:19
                  Nie znalazlam tego z silent runners ale cala reszte usunelam. WIELKIE
                  DZIEKI!!!! Uratowales mi zycie:)
    • Gość: lili Re: Problem...prosze o pomoc!!!! IP: *.lama.net.pl / *.lama.net.pl 04.05.05, 22:26


      Nie znalazlam tego z silent runners ale cala reszte usunelam. WIELKIE
      DZIEKI!!!! Uratowales mi zycie:)

Pełna wersja