Poprosze o sprawdzenie logu

IP: *.acn.waw.pl 08.06.05, 10:13
Ogolnie znajduje sie w kopie Trojan Agent.CP,jak mozecie pomozcie jak go
usunąc,z góry dziekuje za ewentulane rozwiązania
Logfile of HijackThis v1.99.1
Scan saved at 10:10:40, on 2005-06-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\qrjgax.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Slawko\Pulpit\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
www.blitzbox.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FlashGet\jccatch.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iybyau] c:\windows\system32\qrjgax.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\PowerGG.exe"
O8 - Extra context menu item: Download All by FlashGet -
C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet -
C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
67.15.101.3/g_bin/pl/cards_2_0_0_62.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) -
secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies,
Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -
C:\WINDOWS\svcproc.exe

    • neder Re: Poprosze o sprawdzenie logu 08.06.05, 10:33
      start w awaryjny, w HJ zaznaczasz (wybierasz 'do a system scan only i
      "ptaszkujesz"):

      > F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
      > O4 - HKLM\..\Run: [iybyau] c:\windows\system32\qrjgax.exe
      > O23 - Service: System Startup Service (SvcProc) - Unknown owner -
      > C:\WINDOWS\svcproc.exe


      ściągasz KillBox
      www.downloads.subratam.org/KillBox.zip
      uruchamiasz, zaznaczasz Delete file on reboot, wklejasz scieżkę do pliku
      C:\WINDOWS\Nail.exe
      C:\WINDOWS\svcproc.exe
      będzie pytał Cię o reset po każdym pliku, zaznaczasz nie i usuwasz drugi,
      dopiero potem reset i wklejasz nowy log.
      • Gość: Slawko Re: Poprosze o sprawdzenie logu IP: *.acn.waw.pl 08.06.05, 12:03
        Log nr 2 po skasowaniu
        Logfile of HijackThis v1.99.1
        Scan saved at 12:01:11, on 2005-06-08
        Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Sygate\SPF\smc.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\inetsrv\inetinfo.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\System32\snmp.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\SOUNDMAN.EXE
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        c:\windows\system32\fumafma.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Documents and Settings\Slawko\Pulpit\hijack\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
        www.blitzbox.de/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
        C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
        C:\PROGRA~1\FlashGet\jccatch.dll
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
        O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
        Files\Java\jre1.5.0_02\bin\jusched.exe
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [nmfbka] c:\windows\system32\fumafma.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O8 - Extra context menu item: Download All by FlashGet -
        C:\PROGRA~1\FlashGet\jc_all.htm
        O8 - Extra context menu item: Download using FlashGet -
        C:\PROGRA~1\FlashGet\jc_link.htm
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console -
        {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
        Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
        O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
        C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
        C:\PROGRA~1\FlashGet\flashget.exe
        O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
        - C:\PROGRA~1\FlashGet\flashget.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger -
        {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
        67.15.101.3/g_bin/pl/cards_2_0_0_62.cab
        O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) -
        secure2.comned.com/signuptemplates/securelogin-devel.cab
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
        67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab
        O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
        67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
        C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc.
        - C:\Program Files\Sygate\SPF\smc.exe
        O23 - Service: System Startup Service (SvcProc) - Unknown owner -
        C:\WINDOWS\svcproc.exe (file missing)

    • neder Re: Poprosze o sprawdzenie logu 08.06.05, 10:34
      i byłabym zapomniała - na drugi raz nie wrzucaj dwóch taklich samych wątków bo
      sie robi zamęt.

      pzdr.
      • Gość: Kolobos Re: Poprosze o sprawdzenie logu IP: *.warszawa.sdi.tpnet.pl 08.06.05, 11:15
        Na naila dobry jest:
        users.pandora.be/bluepatchy/nailfix.zip
        Wszystko sam naprawia :-)
        • Gość: Slawek Re: Poprosze o sprawdzenie logu IP: *.acn.waw.pl 08.06.05, 11:46
          users.pandora.be/bluepatchy/nailfix.zip nie działa skrot ,nie moge z niego nic
          sciagnac
          • Gość: Kolobos Re: Poprosze o sprawdzenie logu IP: *.warszawa.sdi.tpnet.pl 08.06.05, 11:55
            Faktycznie ktos popsul ;-)

            Tutaj masz inny link:
            free.of.pl/k/kolobos/nailfix.zip
    • Gość: Slawek Re: Poprosze o sprawdzenie logu +dodatkowy wir IP: *.acn.waw.pl 08.06.05, 12:14
      jest jeszcze jakis wir wykrywany przez avasta DrPMon.dll w tym pliku win 32
      Trojano 1375
      • Gość: Kolobos Re: Poprosze o sprawdzenie logu +dodatkowy wir IP: *.warszawa.sdi.tpnet.pl 08.06.05, 12:17
        To tez kawalek Nail'a (aurory)
        Uruchom tryb awaryjny i uzyj programu, ktory podalem on wszystko usunie :-)
        • Gość: Slawko ostatni log IP: *.acn.waw.pl 08.06.05, 12:38
          Zrobiłem jak napisałes chyba sie udało załaczam ostatni log z hijackhis,dzieki
          za pomoc jeszcze raz

          Logfile of HijackThis v1.99.1
          Scan saved at 12:34:35, on 2005-06-08
          Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\System32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Sygate\SPF\smc.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.exe
          C:\WINDOWS\SOUNDMAN.EXE
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
          C:\Program Files\Winamp\winampa.exe
          C:\WINDOWS\system32\ctfmon.exe
          c:\windows\system32\carvui.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Gadu-Gadu\gg.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\system32\inetsrv\inetinfo.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\System32\snmp.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\Documents and Settings\Slawko\Pulpit\hijack\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
          www.blitzbox.de/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
          C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
          C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
          C:\PROGRA~1\FlashGet\jccatch.dll
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
          O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
          Files\Java\jre1.5.0_02\bin\jusched.exe
          O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
          O4 - HKLM\..\Run: [fuaffjl] c:\windows\system32\carvui.exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
          O8 - Extra context menu item: Download All by FlashGet -
          C:\PROGRA~1\FlashGet\jc_all.htm
          O8 - Extra context menu item: Download using FlashGet -
          C:\PROGRA~1\FlashGet\jc_link.htm
          O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
          res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
          C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console -
          {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
          Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
          O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
          C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
          C:\PROGRA~1\FlashGet\flashget.exe
          O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
          - C:\PROGRA~1\FlashGet\flashget.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
          C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger -
          {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
          67.15.101.3/g_bin/pl/cards_2_0_0_62.cab
          O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) -
          secure2.comned.com/signuptemplates/securelogin-devel.cab
          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
          skaner.mks.com.pl/SkanerOnline.cab
          O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
          67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab
          O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
          67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
          C:\WINDOWS\System32\Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashMaiSv.exe" /service (file missing)
          O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashWebSv.exe" /service (file missing)
          O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc.
          - C:\Program Files\Sygate\SPF\smc.exe

          • Gość: Kolobos Re: ostatni log IP: *.warszawa.sdi.tpnet.pl 08.06.05, 12:45
            W hijackthis to:

            F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
            O4 - HKLM\..\Run: [fuaffjl] c:\windows\system32\carvui.exe

            I oba pliki killbox'em o ile jeszcze nail.exe jest.
    • Gość: Slawek Re:nie wiem do konca czy juz wszystko IP: *.acn.waw.pl 08.06.05, 13:15
      sorry ze tak to długo trwa,jeszcze jak mozecie zobaczyc co skasowac jeszcze
      Logfile of HijackThis v1.99.1
      Scan saved at 13:12:51, on 2005-06-08
      Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Sygate\SPF\smc.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\system32\ctfmon.exe
      c:\windows\system32\pupclwr.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\snmp.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Slawko\Pulpit\hijack\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
      www.blitzbox.de/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
      C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
      C:\PROGRA~1\FlashGet\jccatch.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
      O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
      Files\Java\jre1.5.0_02\bin\jusched.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [eknksn] c:\windows\system32\pupclwr.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O8 - Extra context menu item: Download All by FlashGet -
      C:\PROGRA~1\FlashGet\jc_all.htm
      O8 - Extra context menu item: Download using FlashGet -
      C:\PROGRA~1\FlashGet\jc_link.htm
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console -
      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
      Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
      C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
      C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
      - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger -
      {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
      67.15.101.3/g_bin/pl/cards_2_0_0_62.cab
      O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) -
      secure2.comned.com/signuptemplates/securelogin-devel.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
      67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab
      O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
      67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
      C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc.
      - C:\Program Files\Sygate\SPF\smc.exe

      • neder Re:nie wiem do konca czy juz wszystko 08.06.05, 13:45
        wygląda na to, że wszystko już ok;)
        • Gość: Sławek wielkie dzieki : -) IP: *.acn.waw.pl 08.06.05, 14:18
          Dziekuje ,za pomoc neder,Kolobos pozdrawiam
          • Gość: Sławek ,ale jeszcze siedzi ten wir IP: *.acn.waw.pl 08.06.05, 14:25
            jeszcze nie usunoł sie do konca kawalek Nail'a (aurory)
            sproboje jeszcze raz w tryb awaryjny skasowac go nailfix ,moze sie w koncu go
            pozbede
    • Gość: Sławek ostatni log i nail siedzi dalej IP: *.acn.waw.pl 08.06.05, 14:59
      po uruchomieniu systemu pojawia sie :
      system windows ,nie moze odnalesc pliku c:\WINDOWS\Nail.exe ,upewnij sie ,ze
      wpisana nazwa jest poprawna i sporobuj ponownie ,aby wyszukac plik kliknij Start
      ,a nastepnie Wyszukiwanie.
      ostatni log
      Logfile of HijackThis v1.99.1
      Scan saved at 14:48:57, on 2005-06-08
      Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Sygate\SPF\smc.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      c:\windows\system32\tcqhfl.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\System32\snmp.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Slawko\Pulpit\hijack\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
      www.blitzbox.de/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
      C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
      C:\PROGRA~1\FlashGet\jccatch.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
      O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
      Files\Java\jre1.5.0_02\bin\jusched.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [srhyhy] c:\windows\system32\tcqhfl.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O8 - Extra context menu item: Download All by FlashGet -
      C:\PROGRA~1\FlashGet\jc_all.htm
      O8 - Extra context menu item: Download using FlashGet -
      C:\PROGRA~1\FlashGet\jc_link.htm
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console -
      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
      Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
      C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
      C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
      - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger -
      {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
      67.15.101.3/g_bin/pl/cards_2_0_0_62.cab
      O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) -
      secure2.comned.com/signuptemplates/securelogin-devel.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
      67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab
      O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
      67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
      C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc.
      - C:\Program Files\Sygate\SPF\smc.exe

      jak widac nadal jest nail.exe,w trybie awaryjnym usuwa go ,ale pewnie cos
      zrobiłem nie tak jezeli jeszcze jest ,jak uruchamiam windowsa
      • Gość: Kolobos Re: ostatni log i nail siedzi dalej IP: *.warszawa.sdi.tpnet.pl 08.06.05, 15:52
        Zrob tak, uruchom windows w trybie awaryjnym.

        W hijackthis usun to:

        F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
        O4 - HKLM\..\Run: [srhyhy] c:\windows\system32\tcqhfl.exe

        Nastepnie dodaj do killbox'a:

        C:\Windows\system32\DrPMon.dll
        C:\Windows\Nail.exe
        C:\Windows\svcproc.exe
        c:\windows\system32\tcqhfl.exe

        O ile masz, ktorys z tych plikow.

        Przeskanuj tez system tym:
        download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
        I usun co znajdzie.

        Oraz nie zaszkodzi jak wkleisz log zrobiony tym:
        www.silentrunners.org/Silent%20Runners.vbs
        zrob go w trybie awaryjnym.

        Ale jak sam piszesz, to juz tylko wpis po nailu i tyle bo pliku nie ma.
        • Gość: Sławek usunołem ,i chyba juz jest ok ost log IP: *.acn.waw.pl 08.06.05, 18:38
          Załaczam ostani log ,dzieki za pomoc
          Logfile of HijackThis v1.99.1
          Scan saved at 18:34:59, on 2005-06-08
          Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\System32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Sygate\SPF\smc.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\system32\inetsrv\inetinfo.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\System32\snmp.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\WINDOWS\SOUNDMAN.EXE
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Gadu-Gadu\gg.exe
          C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
          H:\Program Files\BitComet\BitComet.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Program Files\BT Engine\btengine.exe
          C:\Documents and Settings\Slawko\Pulpit\Nowy folder\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/
          R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
          www.blitzbox.de/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
          C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
          C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
          C:\PROGRA~1\FlashGet\jccatch.dll
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
          O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
          O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
          Files\Java\jre1.5.0_02\bin\jusched.exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
          O8 - Extra context menu item: Download All by FlashGet -
          C:\PROGRA~1\FlashGet\jc_all.htm
          O8 - Extra context menu item: Download using FlashGet -
          C:\PROGRA~1\FlashGet\jc_link.htm
          O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
          res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
          C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console -
          {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
          Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
          O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
          C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
          C:\PROGRA~1\FlashGet\flashget.exe
          O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
          - C:\PROGRA~1\FlashGet\flashget.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
          C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger -
          {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) -
          67.15.101.3/g_bin/pl/cards_2_0_0_62.cab
          O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) -
          secure2.comned.com/signuptemplates/securelogin-devel.cab
          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
          skaner.mks.com.pl/SkanerOnline.cab
          O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
          67.15.101.3/g_bin/pl/billard8_2_0_0_22.cab
          O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
          67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
          C:\WINDOWS\System32\Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashMaiSv.exe" /service (file missing)
          O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashWebSv.exe" /service (file missing)
          O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc.
          - C:\Program Files\Sygate\SPF\smc.exe
          O23 - Service: System Startup Service (SvcProc) - Unknown owner -
          C:\WINDOWS\svcproc.exe (file missing)
          • Gość: Kolobos Re: usunołem ,i chyba juz jest ok ost log IP: *.warszawa.sdi.tpnet.pl 08.06.05, 18:44
            Start->Uruchom->services.msc
            odszukaj:
            System Startup Service (SvcProc)
            Wejdz we wlasciowsci, zatrzymaj zmien tryb uruchomienia na wylaczony

            W hijackthis->Open misc tools->delte NT service i wpisz tam:
            SvcProc

            I bedzie ok.
Pełna wersja