Wielki problem!!! Prosze o sprawdzenie loga

IP: *.lama.net.pl / *.lama.net.pl 26.05.05, 18:45
atakuja mnie nie powiem jakie strony HELP!!

Logfile of HijackThis v1.99.1
Scan saved at 18:42:29, on 2005-05-26
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\Services\{9D310A34-9B34-46E8-89E7-56F13DF08C3D}
\SVCHOST.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\User\Dane aplikacji\rsue.exe
C:\Program Files\SpywareNo\SpywareNo.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\n?lookup.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\DOCUME~1\User\USTAWI~1\Temp\Rar$EX01.922\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
info.local.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
81.222.131.49/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
81.222.131.49/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet
Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{9D310A34-9B34-
46E8-89E7-56F13DF08C3D}\SVCHOST.EXE
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [stnzby] c:\windows\system32\mssteri.exe
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{9D310A34-9B34-
46E8-89E7-56F13DF08C3D}\SECURITY.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Rbrn] C:\Documents and Settings\User\Dane
aplikacji\rsue.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpywareNo] C:\Program Files\SpywareNo\SpywareNo.exe
O4 - HKCU\..\Run: [Owyrbu] C:\WINDOWS\System32\n?lookup.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} -
www.emusic.com?fref=149133 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 81.222.131.59
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
www.poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61C4B6B5-983F-479C-BEAF-
D751D6BCEF51}: NameServer = 194.204.152.34,194.204.159.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8E5AC4C-E637-489A-A751-
E883263A1CAD}: NameServer = 194.204.152.34,194.204.159.1
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} -
C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - S
    • Gość: Kolobos Re: Wielki problem!!! Prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 26.05.05, 20:27
      To po co masz zainstalowany XP? Jak nie masz nawet aktualizacji, zaraz bedzie
      to samo, do tego pewnie klikasz na wszystko co zobaczysz na www :(

      Jak zwykle to samo:
      iSearch "Desktop Search":
      www.searchengines.pl/phpbb203/index.php?
      showtopic=12510&st=0&p=109496&#entry135478

      Backdoor.Haxdoor
      www.searchengines.pl/phpbb203/index.php?showtopic=12510&st=0&p=109496&#entry132561

      Nie uruchamiaj programow (hijackthis) z zip'a/rar'a!

      Uruchamiasz windows w trybie awaryjnym i w hijackthis to:

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      info.local.pl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      81.222.131.49/index.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      81.222.131.49/index.php
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
      O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{9D310A34-9B34-
      46E8-89E7-56F13DF08C3D}\SVCHOST.EXE
      O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
      O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
      O4 - HKLM\..\Run: [stnzby] c:\windows\system32\mssteri.exe
      O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{9D310A34-9B34-
      46E8-89E7-56F13DF08C3D}\SECURITY.EXE
      O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
      O4 - HKCU\..\Run: [Rbrn] C:\Documents and Settings\User\Dane
      aplikacji\rsue.exe
      O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
      O4 - HKCU\..\Run: [SpywareNo] C:\Program Files\SpywareNo\SpywareNo.exe
      O4 - HKCU\..\Run: [Owyrbu] C:\WINDOWS\System32\n?lookup.exe
      O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} -
      www.emusic.com?fref=149133 (file missing)
      O15 - Trusted Zone: *.blazefind.com
      O15 - Trusted Zone: *.clickspring.net
      O15 - Trusted Zone: *.flingstone.com
      O15 - Trusted Zone: *.mt-download.com
      O15 - Trusted Zone: *.my-internet.info
      O15 - Trusted Zone: *.searchbarcash.com
      O15 - Trusted Zone: *.searchmiracle.com
      O15 - Trusted Zone: *.skoobidoo.com
      O15 - Trusted Zone: *.slotch.com
      O15 - Trusted Zone: *.slotchbar.com
      O15 - Trusted Zone: *.windupdates.com
      O15 - Trusted Zone: *.xxxtoolbar.com
      O15 - Trusted Zone: *.ysbweb.com
      O15 - Trusted Zone: *.blazefind.com (HKLM)
      O15 - Trusted Zone: *.clickspring.net (HKLM)
      O15 - Trusted Zone: *.flingstone.com (HKLM)
      O15 - Trusted Zone: *.mt-download.com (HKLM)
      O15 - Trusted Zone: *.my-internet.info (HKLM)
      O15 - Trusted Zone: *.searchbarcash.com (HKLM)
      O15 - Trusted Zone: *.searchmiracle.com (HKLM)
      O15 - Trusted Zone: *.skoobidoo.com (HKLM)
      O15 - Trusted Zone: *.slotch.com (HKLM)
      O15 - Trusted Zone: *.slotchbar.com (HKLM)
      O15 - Trusted Zone: *.windupdates.com (HKLM)
      O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
      O15 - Trusted Zone: *.ysbweb.com (HKLM)
      O15 - Trusted IP range: 81.222.131.59
      O15 - Trusted IP range: 81.222.131.59 (HKLM)
      O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
      Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
      O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} -
      C:\WINDOWS\isrvs\mfiltis.dll
      O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll

      Nastepnie uruchamiasz to:
      www.boomspeed.com/anniefriday/fixnail.bat
      A reszte kasujesz tak jak zwykle killbox'em za jednym razem.

      Ale jak nie zainstalujesz aktualizacji -> www.windowsupdate.com to mozesz
      zostawic jak jest, usuwanie tego to strata czasu.
    • neder Re: Wielki problem!!! Prosze o sprawdzenie loga 26.05.05, 20:27
      Zanim zaczniesz cokolwiek robić zapoznaj się z tą stroną
      www.mgregor.republika.pl i zobacz jak prawidłowo powinno uruchamiać się
      HJ -> Ty robisz to z folderu Temp. Zrób tak jak jest napisane w linku.

      start w awaryjny i usuwasz:
      > Services -> C:\WINDOWS\System32\
      > rsue.exe -> z C:\Documents and Settings\User\Dane aplikacji
      > isrvs -> z C:\WINDOWS\
      > mssteri.exe -> z c:\windows\system32\
      > paytime.exe -> C:\WINDOWS\System32\


      poprzez dodaj/usuń programy
      > SpywareNo

      uruchamiasz Hj wybierasz "do a system scan only" i zaznaczasz
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      81.222.131.49/index.php
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      81.222.131.49/index.php
      > F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
      > O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
      \spool\drivers\w32x86\3\hpztsb08.exe
      > O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital
      Imaging\bin\hpotdd01.exe
      > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
      atboottime
      > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
      Files\Real\Update_OB\realsched.exe" -osboot -> to i 4 w góę jest niepotrzebne w
      autostarcie
      > O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet
      Explorer\IEXPLORE.EXE
      > O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      > O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{9D310A34-9B34-
      > 46E8-89E7-56F13DF08C3D}\SVCHOST.EXE
      > O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
      > O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
      > O4 - HKLM\..\Run: [stnzby] c:\windows\system32\mssteri.exe
      > O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{9D310A34-9B34-
      > 46E8-89E7-56F13DF08C3D}\SECURITY.EXE
      > O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
      > O4 - HKCU\..\Run: [Rbrn] C:\Documents and Settings\User\Dane
      > aplikacji\rsue.exe
      > O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
      > O4 - HKCU\..\Run: [SpywareNo] C:\Program Files\SpywareNo\SpywareNo.exe
      > O4 - HKCU\..\Run: [Owyrbu] C:\WINDOWS\System32\n?lookup.exe
      > > O15 - Trusted Zone: *.blazefind.com
      > O15 - Trusted Zone: *.clickspring.net
      > O15 - Trusted Zone: *.flingstone.com
      > O15 - Trusted Zone: *.mt-download.com
      > O15 - Trusted Zone: *.my-internet.info
      > O15 - Trusted Zone: *.searchbarcash.com
      > O15 - Trusted Zone: *.searchmiracle.com
      > O15 - Trusted Zone: *.skoobidoo.com
      > O15 - Trusted Zone: *.slotch.com
      > O15 - Trusted Zone: *.slotchbar.com
      > O15 - Trusted Zone: *.windupdates.com
      > O15 - Trusted Zone: *.xxxtoolbar.com
      > O15 - Trusted Zone: *.ysbweb.com
      > O15 - Trusted Zone: *.blazefind.com (HKLM)
      > O15 - Trusted Zone: *.clickspring.net (HKLM)
      > O15 - Trusted Zone: *.flingstone.com (HKLM)
      > O15 - Trusted Zone: *.mt-download.com (HKLM)
      > O15 - Trusted Zone: *.my-internet.info (HKLM)
      > O15 - Trusted Zone: *.searchbarcash.com (HKLM)
      > O15 - Trusted Zone: *.searchmiracle.com (HKLM)
      > O15 - Trusted Zone: *.skoobidoo.com (HKLM)
      > O15 - Trusted Zone: *.slotch.com (HKLM)
      > O15 - Trusted Zone: *.slotchbar.com (HKLM)
      > O15 - Trusted Zone: *.windupdates.com (HKLM)
      > O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
      > O15 - Trusted Zone: *.ysbweb.com (HKLM)
      > O15 - Trusted IP range: 81.222.131.59
      > O15 - Trusted IP range: 81.222.131.59 (HKLM)
      i Fix Checked


      restart i nowy log
    • Gość: lili Re: Wielki problem!!! Prosze o sprawdzenie loga IP: *.lama.net.pl / *.lama.net.pl 26.05.05, 21:26
      wklejam loga i zaraz biore sie za aktualizacje:) dziekuje za pomoc!

      Logfile of HijackThis v1.99.1
      Scan saved at 21:25:04, on 2005-05-26
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\SpywareGuard\sgmain.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\SpywareGuard\sgbhp.exe
      C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\User\Pulpit\hijakthis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      info.local.pl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
      c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
      files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{9D310A34-9B34-
      46E8-89E7-56F13DF08C3D}\SVCHOST.EXE
      O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{9D310A34-9B34-
      46E8-89E7-56F13DF08C3D}\SECURITY.EXE
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Google Search - res://c:\program
      files\google\GoogleToolbar2.dll/cmsearch.html
      O8 - Extra context menu item: Backward Links - res://c:\program
      files\google\GoogleToolbar2.dll/cmbacklinks.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
      files\google\GoogleToolbar2.dll/cmcache.html
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Similar Pages - res://c:\program
      files\google\GoogleToolbar2.dll/cmsimilar.html
      O8 - Extra context menu item: Translate into English - res://c:\program
      files\google\GoogleToolbar2.dll/cmtrans.html
      O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} -
      www.emusic.com?fref=149133 (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
      00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
      www.poczta.wp.pl/autoryzacja/mailcfg.ocx
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{61C4B6B5-983F-479C-BEAF-D751D6BCEF51}:
      NameServer = 194.204.152.34,194.204.159.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{E8E5AC4C-E637-489A-A751-E883263A1CAD}:
      NameServer = 194.204.152.34,194.204.159.1
      O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
      C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

      • Gość: Kolobos Re: Wielki problem!!! Prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 26.05.05, 21:31
        Jest tak samo jak bylo wiec po wklejasz log? :>
        Zrob to co napisalem inaczej caly czas tak bedzie i nie wklejaj nowych logow
        jak nie zrobisz tego co napisalem bo to sie mija z celem.
        • Gość: lili Re: Wielki problem!!! Prosze o sprawdzenie loga IP: *.lama.net.pl / *.lama.net.pl 26.05.05, 21:55
          aha przepraszam, faktycznie nie wszystko sie usunelo chociaz zrobilam jak
          kazales. nie moge tylko otworzyc tych dwoch pierwszych linkow, ktore podales i
          nie wiem co usunac killboxem:(
          wiem juz za to dlaczego nie mam uaktualnionego windowsa...za kazdym razem jak
          chce go uaktualnic to wyskakuje jakis blad, ze klucz produktu uzywany do
          instalacji moze byc nieprawidlowy..cokolwiek to znaczy..ehh:(
          • Gość: Kolobos Re: Wielki problem!!! Prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 26.05.05, 22:56
            Otworz sobie tak:
            216.239.59.104/search?sourceid=navclient-menuext&ie=UTF-8&oe=UTF-
            8&q=cache:http%3A%2F%2Fwww.searchengines.pl%2Fphpbb203%2Findex.php%3Fshowtopic%
            3D12510%26st%3D0%26p%3D109496%26%23entry132561

            Odszukaj oba, ktore podalem i zrob to co tam jest napisane.
            • Gość: Kolobos Re: Wielki problem!!! Prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 26.05.05, 23:17
              Link sie polamal ale to ma byc w jednej linijce cale.
              A co do windowsupdate to nie instaluje sie bo masz piracki windows.
              Albo zmienisz sobie klucz na "dobry" albo zainstalujesz inny windows lub tez
              kupisz oryginal, ale to juz nie rozmowa na to forum.
              • Gość: lili Re: Wielki problem!!! Prosze o sprawdzenie loga IP: *.lama.net.pl / *.lama.net.pl 27.05.05, 16:16
                poczytalam co kazales, zrobilam co moglam i wiekszosci tego syfu chyba udalo mi
                sie pozbyc..niestety cos jeszcze zostalo:( wlasciwie jedyny problem jaki mi
                zostal to podmieniona tapeta...jest cala niebieska a moja tapetka pojawia sie
                tylko na chwile przy odpalaniu kompa:( znalazlam juz post z identycznym
                problemem ale niestety moj problem nie pasuje do zadnej z opisanych tam metod:/
                wklejam jeszcze kontrolnie loga

                Logfile of HijackThis v1.99.1
                Scan saved at 16:03:25, on 2005-05-27
                Platform: Windows XP (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\Explorer.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                C:\Program Files\Alwil Software\Avast4\ashServ.exe
                C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
                C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
                C:\Program Files\Winamp\winampa.exe
                C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                C:\Program Files\Messenger\msmsgs.exe
                C:\WINDOWS\System32\ctfmon.exe
                C:\Program Files\SpywareGuard\sgmain.exe
                C:\Program Files\SpywareGuard\sgbhp.exe
                C:\WINDOWS\System32\wuauclt.exe
                C:\Program Files\Gadu-Gadu\gg.exe
                C:\Program Files\Internet Explorer\IEXPLORE.EXE
                C:\Documents and Settings\User\Pulpit\hijakthis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                info.local.pl/
                F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                C:\WINDOWS\System32\msdxm.ocx
                O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
                Files\Real\Update_OB\realsched.exe" -osboot
                O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
                O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                Office\Office10\OSA.EXE
                O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
                res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                C:\Program Files\Messenger\MSMSGS.EXE
                O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
                00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
                www.poczta.wp.pl/autoryzacja/mailcfg.ocx
                O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) -
                www.windowsecurity.com/trojanscan/axscan.cab
                O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                skaner.mks.com.pl/SkanerOnline.cab
                O17 - HKLM\System\CCS\Services\Tcpip\..\{61C4B6B5-983F-479C-BEAF-D751D6BCEF51}:
                NameServer = 194.204.152.34,194.204.159.1
                O17 - HKLM\System\CCS\Services\Tcpip\..\{E8E5AC4C-E637-489A-A751-E883263A1CAD}:
                NameServer = 194.204.152.34,194.204.159.1
                O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashServ.exe
                O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashMaiSv.exe" /service (file missing)
                O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashWebSv.exe" /service (file missing)
                O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
                C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

                • Gość: Kolobos Re: Wielki problem!!! Prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 27.05.05, 16:32
                  Pasuje, tylko tapety masz w innym watku ;-)
                  O tutaj:
                  www.searchengines.pl/phpbb203/index.php?showtopic=31936
                  Moze juz Ci sie otworzy?
                  A jak nie to:
                  216.239.59.104/search?sourceid=navclient-menuext&ie=UTF-8&oe=UTF-
                  8&q=cache:http%3A%2F%2Fwww.searchengines.pl%2Fphpbb203%2Findex.php%3Fshowtopic%
                  3D31936

                  Tutaj masz link do uaktualnienia do IE:
                  download.microsoft.com/download/ie6sp1/finrel/6_sp1/W98NT42KMeXP/PL/ie6setup.exe

                  Log juz bardzo ladnie wyglada zostal tylko Nail:
                  F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
                  To tylko wpis czy jeszcze go nie usunelas?

                  Sciagnij sobie:
                  www.boomspeed.com/anniefriday/fixnail.bat
                  Jezeli jeszcze jest to uruchom windows w trybie awaryjnym (F5 lub F8 przy
                  starcie systemu) to wazne bo inaczej go nie usuniesz.

                  I usuchom fixnail.bat

                  Albo sama dodaj do killbox'a pliki, ktore juz podalem wczesniej
                  Nail.exe
                  svcproc.exe
                  DrPMon.dll

Pełna wersja