Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    prosze o sprawdzenie loga

    04.05.05, 18:26
    Cos mi sie zagniezdzilo kolo zegara :)i za nic nie daje sie usunac. Blagam o
    pomoc...

    Logfile of HijackThis v1.99.1
    Scan saved at 18:17:55, on 04/05/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\A4TECH\MOUSE\AWMMAIN.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
    C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\MYIE2\MYIE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\DOWNLOADS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.newgenlook.info/ad/ad0278/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = w3cache.pai.net.pl:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza
    R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} -
    C:\WINDOWS\SYSTEM32\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
    c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
    Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
    00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
    O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4tech\Mouse\AWMMAIN.EXE
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Spy Watcher] C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe -S
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program
    Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
    O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program
    Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\Object
    Desktop\WindowBlinds\wbload.exe auto
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE
    DOCTOR\SWDOCTOR.EXE" /Q
    O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP
    ARCHITECT\DATRAY.EXE" -S
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1
    \DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
    \DAP\dapextie2.htm
    O8 - Extra context menu item: Dodaj do filtra - res://C:\PROGRAM FILES\MYIE2
    \MyIE.exe/blacklist.htm
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
    FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
    file)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: 206.161.124.130 (HKLM)
    O16 - DPF: komentator - sport.onet.pl/komentator.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    software-dl.real.com/291e6043451322ca3605/netzip/RdxIE601.cab
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
    skaner.mks.com.pl/SkanerOnline.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = pai.net.pl
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 172.16.1.1,172.16.2.1
    Obserwuj wątek
      • Gość: Kolobos Re: prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 05.05.05, 08:15
        Odinstaluj:
        Spy Watcher

        Zaznacz w hijackthis te wpisy:

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.newgenlook.info/ad/ad0278/
        R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} -
        C:\WINDOWS\SYSTEM32\SEARCH~1.DLL
        O4 - HKLM\..\Run: [Spy Watcher] C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe -S
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
        file)
        O15 - Trusted Zone: *.frame.crazywinnings.com
        O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
        O15 - Trusted IP range: 206.161.125.149
        O15 - Trusted IP range: 206.161.124.130 (HKLM)

        Nic wiecej chyba nie ma, co dokladnie sie zagniezdzilo?
      • dorotta Re: prosze o sprawdzenie loga 05.05.05, 16:18
        Wyrzucilam to, co mowiles i NIC. Znow sie pojawilo w logu.
        Po pierwsze, zmienila mi sie strona glowna na www.newgenlook.info, co kilka
        minut wlaczaja sie reklamy z tym wlasnie adresem i do tego ostrzezenia, ze
        zainstalowal sie u mnie spywar virus i tylko programem antispy(reklamowanym)
        moge go usunac. Z raz sie pojawila nazwa winsterHJK v.2011 A w pasku kolo
        zegara jest ikona przypominajaca 'zatrzymaj' z przegladarki.

        Logfile of HijackThis v1.99.1
        Scan saved at 16:10:59, on 05/05/05
        Platform: Windows 98 SE (Win9x 4.10.2222A)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\SYSTEM\MSTASK.EXE
        C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
        C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\WINDOWS\TASKMON.EXE
        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
        C:\PROGRAM FILES\A4TECH\MOUSE\AWMMAIN.EXE
        C:\WINDOWS\SYSTEM\INTERNAT.EXE
        C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
        C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
        C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
        C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE
        C:\WINDOWS\SYSTEM\WMIEXE.EXE
        C:\WINDOWS\SYSTEM\SPOOL32.EXE
        C:\PROGRAM FILES\MYIE2\MYIE.EXE
        C:\WINDOWS\EXPLORER.EXE
        C:\WINDOWS\SYSTEM\PSTORES.EXE
        C:\DOWNLOADS\HIJACKTHIS.EXE

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.newgenlook.info/ad/ad0278/
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        Settings,ProxyServer = w3cache.pai.net.pl:8080
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
        c:\program files\google\googletoolbar1.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
        Files\Spybot - Search & Destroy\SDHelper.dll
        O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
        00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
        files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
        O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4tech\Mouse\AWMMAIN.EXE
        O4 - HKLM\..\Run: [internat.exe] internat.exe
        O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
        Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program
        Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
        O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
        O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
        O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
        O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program
        Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
        O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\Object
        Desktop\WindowBlinds\wbload.exe auto
        O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE
        DOCTOR\SWDOCTOR.EXE" /Q
        O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP
        ARCHITECT\DATRAY.EXE" -S
        O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
        O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
        \DAP\dapextie2.htm
        O8 - Extra context menu item: Dodaj do filtra - res://C:\PROGRAM FILES\MYIE2
        \MyIE.exe/blacklist.htm
        O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
        FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
        FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
        O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
        FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
        O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
        FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
        O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
        FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
        O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
        O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
        O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
        O15 - Trusted Zone: *.frame.crazywinnings.com
        O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
        O15 - Trusted IP range: 206.161.125.149
        O15 - Trusted IP range: 206.161.124.130 (HKLM)
        O16 - DPF: komentator - sport.onet.pl/komentator.cab
        O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
        software-dl.real.com/291e6043451322ca3605/netzip/RdxIE601.cab
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = pai.net.pl
        O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 172.16.1.1,172.16.2.1
        • Gość: Kolobos Re: prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 05.05.05, 16:31
          Uruchom windows w trybie awarynym i zrob log z tego:
          www.silentrunners.org/Silent%20Runners.vbs
          I wklej go na forum.
          • dorotta Re: prosze o sprawdzenie loga 05.05.05, 17:24
            uff, wreszcie

            "Silent Runners.vbs", revision 36, www.silentrunners.org/
            Operating System: Windows 98
            Output limited to non-default values, except where indicated by "{++}"


            Startup items buried in registry:
            ---------------------------------

            HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
            "AOL Instant Messenger (TM)" = "C:\Program
            Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl" [file not found]
            "WindowBlinds" = "C:\Program Files\Object Desktop\WindowBlinds\wbload.exe auto"
            [file not found]
            "Spyware Doctor" = ""C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q"
            ["PCTools"]
            "Desktop Architect" = ""C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE" -S"
            ["Ken Foster"]

            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
            "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
            "TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
            "SystemTray" = "SysTray.Exe" [MS]
            "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
            "Zasobnik systemowy" = "SysTray.Exe" [MS]
            "WheelMouse" = "C:\Program Files\A4tech\Mouse\AWMMAIN.EXE" ["A4Tech Co.,Ltd."]
            "internat.exe" = "internat.exe" [MS]
            "AVG_CC" = "C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP" ["GRISOFT s.r.o."]
            "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -
            osboot" ["RealNetworks, Inc."]

            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
            "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
            "RegisterDropHandler" = "C:\Program
            Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe" ["8"]
            "SchedulingAgent" = "mstask.exe" [MS]
            "Avgserv9.exe" = "C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe" ["GRISOFT, s.r.o"]
            "SmcService" = "C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE" ["Sygate Technologies,
            Inc."]

            HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
            {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from
            CLSID]
            -> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\ADOBE\ACROBAT 5.0
            CE\READER\ACTIVEX\ACROIEHELPER.OCX" ["("]
            {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper"
            [from CLSID]
            -> {CLSID}\InProcServer32\(Default) = "c:\program
            files\google\googletoolbar1.dll" ["Google Inc."]
            {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
            -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search &
            Destroy\SDHelper.dll" ["Safer Networking Limited"]

            HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
            "{2E9D3540-211C-11d0-A5F2-00A0248C37BE}" = "Nero Shell Extension Property Sheet"
            -> {CLSID}\InProcServer32\(Default) = "C:\Program
            Files\Ahead\Nero\neroshx.dll" ["ahead software gmbh im stoeckmaedle 6 76307
            karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@ahead.de"]
            "{1E2CDF40-419B-11D2-A5A1-002018648BA7}" = "AVG Shell Extension"
            -> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\GRISOFT\AVG6
            \AVGSE.DLL" ["GRISOFT(c)SOFTWARE s.r.o."]
            "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
            -> {CLSID}\InProcServer32\(Default) = "C:\PROGRAM FILES\REAL\REALONE
            PLAYER\RPSHELL.DLL" ["RealNetworks, Inc."]

            HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
            INFECTION WARNING! "{D56A1203-1452-EBA1-7294-EE3377770000}" = "Interlinking
            Memory Support"
            -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\param32.dll" [null
            data]


            Enabled Wallpaper and Active Desktop:
            -------------------------------------

            Active Desktop is disabled.

            HKCU\Control Panel\Desktop\
            "Wallpaper" = "C:\WINDOWS\Theme oem.bmp"


            Startup items in "Startup" & "All Users...Startup" folders:
            -----------------------------------------------------------

            C:\WINDOWS\Menu Start\Programy\Autostart
            "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft
            Office\Office\OSA9.EXE -b -l" [MS]


            Enabled Scheduled Tasks:
            ------------------------

            "Rozpoczęcie aplikacji dostrajania" -> launches: "walign" [MS]


            Winsock2 Service Provider DLLs:
            -------------------------------

            Namespace Service Providers

            HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5
            \Catalog_Entries\ {++}
            000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

            Transport Service Providers

            HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9
            \Catalog_Entries\ {++}
            00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
            C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1
            C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4
            C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6


            Toolbars, Explorer Bars, Extensions:
            ------------------------------------

            Toolbars

            HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
            "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
            -> {CLSID}\(Default) = "&Google"
            -> {CLSID}\InProcServer32\(Default) = "c:\program
            files\google\googletoolbar1.dll" ["Google Inc."]

            HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
            "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
            -> {CLSID}\(Default) = "&Google"
            -> {CLSID}\InProcServer32\(Default) = "c:\program
            files\google\googletoolbar1.dll" ["Google Inc."]

            HKLM\Software\Microsoft\Internet Explorer\Toolbar\
            "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
            -> {CLSID}\(Default) = "&Google"
            -> {CLSID}\InProcServer32\(Default) = "c:\program
            files\google\googletoolbar1.dll" ["Google Inc."]


            ----------
            This report excludes default entries except where indicated.
            To see *everywhere* the script checks and *everything* it finds,
            launch it from a command prompt or a shortcut with the -all parameter.
            ----------
            • Gość: Kolobos Re: prosze o sprawdzenie loga IP: *.icm.edu.pl / *.icm.edu.pl 05.05.05, 18:05
              Uruchom regedit:
              Start->Uruchom->regedit
              przejdz do klucza:
              HkeyLocalMachine\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskSc
              heduler\

              I tam usun to:
              "{D56A1203-1452-EBA1-7294-EE3377770000}" = "Interlinking Memory Support"

              W hijackthis usun wpis:
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              www.newgenlook.info/ad/ad0278/

              Sciagnij tez to:
              users.telenet.be/marcvn/regfiles/hotoffersfix.zip
              rozpakuj i uruchom.

              Nastepnie sciagnij KillBox:
              www.downloads.subratam.org/KillBox.zip
              Zaznacz delete file on reboot i wklej sciezke do:
              C:\WINDOWS\System32\param32.dll
              i nacisnij czerwony przycisk.

              Po resecie wklej nowy log z hijackthis.
              • dorotta nie ma go nie ma go!!!! 05.05.05, 18:32
                Dzieki!!!!

                Logfile of HijackThis v1.99.1
                Scan saved at 18:24:05, on 05/05/05
                Platform: Windows 98 SE (Win9x 4.10.2222A)
                MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                Running processes:
                C:\WINDOWS\SYSTEM\KERNEL32.DLL
                C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                C:\WINDOWS\SYSTEM\MPREXE.EXE
                C:\WINDOWS\SYSTEM\mmtask.tsk
                C:\WINDOWS\SYSTEM\MSTASK.EXE
                C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
                C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
                C:\WINDOWS\SYSTEM\DDHELP.EXE
                C:\WINDOWS\EXPLORER.EXE
                C:\WINDOWS\TASKMON.EXE
                C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                C:\PROGRAM FILES\A4TECH\MOUSE\AWMMAIN.EXE
                C:\WINDOWS\SYSTEM\INTERNAT.EXE
                C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
                C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
                C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
                C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE
                C:\WINDOWS\SYSTEM\WMIEXE.EXE
                C:\DOWNLOADS\HIJACKTHIS.EXE
                C:\PROGRAM FILES\MYIE2\MYIE.EXE

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                www.gazeta.pl/0,0.html
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
                Settings,ProxyServer = w3cache.pai.net.pl:8080
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
                O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
                c:\program files\google\googletoolbar1.dll
                O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
                Files\Spybot - Search & Destroy\SDHelper.dll
                O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
                00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
                files\google\googletoolbar1.dll
                O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
                powrprof.dll,LoadCurrentPwrScheme
                O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
                O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4tech\Mouse\AWMMAIN.EXE
                O4 - HKLM\..\Run: [internat.exe] internat.exe
                O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
                O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                Files\Real\Update_OB\realsched.exe" -osboot
                O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                powrprof.dll,LoadCurrentPwrScheme
                O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program
                Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
                O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
                O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
                O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program
                Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
                O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\Object
                Desktop\WindowBlinds\wbload.exe auto
                O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE
                DOCTOR\SWDOCTOR.EXE" /Q
                O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP
                ARCHITECT\DATRAY.EXE" -S
                O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                Office\Office\OSA9.EXE
                O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
                O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1
                \DAP\dapextie2.htm
                O8 - Extra context menu item: Dodaj do filtra - res://C:\PROGRAM FILES\MYIE2
                \MyIE.exe/blacklist.htm
                O8 - Extra context menu item: &Google Search - res://C:\PROGRAM
                FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
                O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM
                FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
                O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM
                FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
                O8 - Extra context menu item: Backward Links - res://C:\PROGRAM
                FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
                O8 - Extra context menu item: Translate into English - res://C:\PROGRAM
                FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
                O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
                O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
                O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
                O15 - Trusted Zone: *.frame.crazywinnings.com
                O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
                O15 - Trusted IP range: 206.161.125.149
                O15 - Trusted IP range: 206.161.124.130 (HKLM)
                O16 - DPF: komentator - sport.onet.pl/komentator.cab
                O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
                software-dl.real.com/291e6043451322ca3605/netzip/RdxIE601.cab
                O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                skaner.mks.com.pl/SkanerOnline.cab
                O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = pai.net.pl
                O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 172.16.1.1,172.16.2.1
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.
    Wybrane treści z serwisu Sport.pl są dostępne po wykupieniu płatnej subskrypcji