Coś mi dokucza <LOG FILE> !!!!

IP: *.echostar.pl 31.05.05, 22:38
Logfile of HijackThis v1.99.1
Scan saved at 22:35:30, on 2005-05-31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
c:\windows\system32\upxeiy.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\Sławek\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio]
HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ycmuna] c:\windows\system32\upxeiy.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner -
C:\WINDOWS\svcproc.exe (file missing)

    • Gość: neder Re: Coś mi dokucza <LOG FILE> !!!! IP: *.neoplus.adsl.tpnet.pl 31.05.05, 22:46
      do wywalenia

      > F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
      > O4 - HKLM\..\Run: [ycmuna] c:\windows\system32\upxeiy.exe
      > O23 - Service: System Startup Service (SvcProc) - Unknown owner -
      > C:\WINDOWS\svcproc.exe (file missing)


      usuwanie nail.exe (za tinyurl.com/acux4 )

      QUOTE
      Tryb awaryjny.

      Otwierasz HijackThis >>> ptaszkujesz podane wpisy

      Otwierasz sekcję Misc Tools w HijackThis >>> Delete NT Service >>> wklep SvcProc
      >>> zatwierdź kasację.

      Uruchamiasz program Pocket KillBox www.downloads.subratam.org/KillBox.zip
      i tam:

      - Najpierw Tools >>> Delete Temp folders >>> mignie ci czarne okno i tyle = tak
      ma być
      - Potem zaznaczasz w nim opcję Delete on reboot a w pustym polu po kolei
      wklejasz C:\WINDOWS\Nail.exe

      Potwierdzasz. No i reset.


      koniec cytatu :0)

      reset i wklej nowy log
      • Gość: neder jeszcze IP: *.neoplus.adsl.tpnet.pl 31.05.05, 22:47
        usun upxeiy.exe -> z c:\windows\system32\
        • Gość: Slawwek Re: jeszcze IP: *.echostar.pl 01.06.05, 00:08
          Ale jak.....? troche za szybko tłumaczysz :):):)
          • Gość: Kolobos Re: jeszcze IP: *.warszawa.sdi.tpnet.pl 01.06.05, 00:36
            Sciagnij to:
            users.pandora.be/bluepatchy/nailfix.zip
            Uruchom windows w trybie awaryjnym, uzyj nailfix

            W hijackthis usun ten wpis:
            O4 - HKLM\..\Run: [ycmuna] c:\windows\system32\upxeiy.exe
            Po resecie skasuj plik:
            c:\windows\system32\upxeiy.exe

            Zainstaluj i przeskanuj system tym:
            download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
    • Gość: Slawwek Re: Coś mi dokucza <LOG FILE> !!!! IP: *.echostar.pl 01.06.05, 16:16
      Logfile of HijackThis v1.99.1
      Scan saved at 16:14:15, on 2005-06-01
      Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
      C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      c:\windows\system32\mlyhhs.exe
      C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
      C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Sławek\Pulpit\hijackthis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.google.pl/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.google.pl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
      Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio]
      HDAudPropShortcut.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
      \bin\jusched.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program
      Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
      AntiSpyware\gcasServ.exe"
      O4 - HKLM\..\Run: [zanqkc] c:\windows\system32\mlyhhs.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
      00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
      00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
      tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
      \Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: System Startup Service (SvcProc) - Unknown owner -
      C:\WINDOWS\svcproc.exe

      • Gość: Kolobos Re: Coś mi dokucza <LOG FILE> !!!! IP: *.warszawa.sdi.tpnet.pl 01.06.05, 16:21
        Ciagle masz to samo, moze poczytaj wreszcie to co zostalo napisane w tym watku?
        Bo chyba nic nie zrobiles tak jak napisalismy i stad ciagle masz to co miales.
        • Gość: Slawwek Re: Coś mi dokucza <LOG FILE> !!!! IP: *.echostar.pl 01.06.05, 17:13
          Logfile of HijackThis v1.99.1
          Scan saved at 17:09:20, on 2005-06-01
          Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\System32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.exe
          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          C:\WINDOWS\system32\RunDll32.exe
          C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
          C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Messenger\msmsgs.exe
          c:\windows\system32\gjhpqcd.exe
          C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
          C:\Program Files\Gadu-Gadu\gg.exe
          C:\Documents and Settings\Sławek\Pulpit\KillBox.exe
          C:\Documents and Settings\Sławek\Pulpit\hijackthis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.google.pl/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.google.pl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
          C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
          Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio]
          HDAudPropShortcut.exe
          O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
          O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
          \bin\jusched.exe
          O4 - HKLM\..\Run: [RemoteControl] "C:\Program
          Files\CyberLink\PowerDVD\PDVDServ.exe"
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
          AntiSpyware\gcasServ.exe"
          O4 - HKLM\..\Run: [nvftvq] c:\windows\system32\gjhpqcd.exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
          C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
          00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
          C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
          00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
          O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
          tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab
          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
          skaner.mks.com.pl/SkanerOnline.cab
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
          \Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashMaiSv.exe" /service (file missing)
          O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashWebSv.exe" /service (file missing)

          • neder Re: Coś mi dokucza <LOG FILE> !!!! 01.06.05, 17:58
            masz nowego syfka :(
            usuń w awaryjnym albo najpierw zakończ ten proces poprzez menedźera zadań i
            usuwaj w normalnym:
            gjhpqcd.exe -> z c:\windows\system32\

            W HJ usuwasz wpis od tego:
            > O4 - HKLM\..\Run: [nvftvq] c:\windows\system32\gjhpqcd.exe

            Co do reszty to chyba jest już ok, Nail poszedł sobie już precz:)

            A co do tych śmieci w tempach to zrób tak: Start> uruchom> wpisujesz %temp% i
            czyścisz wszystko co tam jest.


            mam nadzieje, że tym razem nie mówię za szybko ;)
            • Gość: Slawwek Re: Coś mi dokucza <LOG FILE> !!!! IP: *.echostar.pl 01.06.05, 18:34
              Najpierw zajalem sie czyszczeniem tempa, usunal wszystko poza dwoma plikami,
              nie wiem ktora aplikacja moze ich uzwyam, jak to sprawdzic? a za hijackowanie
              sie zaraz biore :):)
        • Gość: Slawwek Jak teraz sprawa wyglada? juz jest dobrze? IP: *.echostar.pl 01.06.05, 17:16
          Teraz mi wyszlo, jak teraz sprawa wyglada?

          czy pliki trojanow drpmon.dll osiadły w tempie chyba, mlyhhs.exe
          (trojan.agent.cp), aurora.exe i trz5d.tmp (trojan.agent.Db) osiadły w
          windows\temp
          mają coś wspólnego z nailem??

          Zaraz sie wkurze na tych wirusowiczów skurkowanych!!

          Proszę, pomocy!!
          • Gość: Kolobos Re: Jak teraz sprawa wyglada? juz jest dobrze? IP: *.warszawa.sdi.tpnet.pl 01.06.05, 19:18
            aurora to nail.

            Sciagnij sobie:
            www.downloads.subratam.org/KillBox.zip
            Uruchom i wybierz z menu Tools -> Delete Temp Files i po resecie juz ich nie
            bedzie, a jak cos by zostalo to zaznacz delete file on reboot i wybierz dany
            plik w killbox'ie to go zabije ;-)
    • Gość: Slawwek A teraz???? IP: *.echostar.pl 01.06.05, 20:55
      Logfile of HijackThis v1.99.1
      Scan saved at 20:50:08, on 2005-06-01
      Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\explorer.exe
      C:\Documents and Settings\Sławek\Pulpit\hijackthis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.google.pl/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.google.pl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
      Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio]
      HDAudPropShortcut.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
      \bin\jusched.exe
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program
      Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
      AntiSpyware\gcasServ.exe"
      O4 - HKLM\..\Run: [okbcll] c:\windows\system32\fyyikn.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
      00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
      00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
      tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
      \Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashWebSv.exe" /service (file missing)

      • Gość: Kolobos Re: A teraz???? IP: *.warszawa.sdi.tpnet.pl 01.06.05, 21:13
        Sciagnij to:
        www.silentrunners.org/Silent%20Runners.vbs
        Uruchom windows w trybie awaryjnym, wlacz Silent Runners.vbs, a log, ktory sie
        utworzy wklej na forum bo dalej jakis syf jest:
        O4 - HKLM\..\Run: [okbcll] c:\windows\system32\fyyikn.exe
        • Gość: Slawwek Re: A teraz???? IP: *.echostar.pl 01.06.05, 21:35
          Logfile of HijackThis v1.99.1
          Scan saved at 21:35:38, on 2005-06-01
          Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\System32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\WINDOWS\Explorer.exe
          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          C:\WINDOWS\system32\RunDll32.exe
          C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
          C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
          C:\Program Files\Gadu-Gadu\gg.exe
          C:\Documents and Settings\Sławek\Pulpit\hijackthis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.google.pl/
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.google.pl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
          C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
          Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio]
          HDAudPropShortcut.exe
          O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
          O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
          \bin\jusched.exe
          O4 - HKLM\..\Run: [RemoteControl] "C:\Program
          Files\CyberLink\PowerDVD\PDVDServ.exe"
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
          AntiSpyware\gcasServ.exe"
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
          C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
          00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
          C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
          00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
          O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
          tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab
          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
          skaner.mks.com.pl/SkanerOnline.cab
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
          \Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashMaiSv.exe" /service (file missing)
          O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashWebSv.exe" /service (file missing)

          • Gość: Kolobos Re: A teraz???? IP: *.warszawa.sdi.tpnet.pl 01.06.05, 21:54
            Juz wyglada ok.
Pełna wersja