spr. loga

IP: *.chello.pl 19.06.05, 17:06
prosze o spr. loga , z gory dziekuje za ewentualna pomoc


Logfile of HijackThis v1.99.1
Scan saved at 16:52:18, on 2005-06-19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Save\Save.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\gglib.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\?hkdsk.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Koło\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis1.99.1.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KOŁO\USTAWI~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\KOŁO\USTAWI~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {8933349C-98A7-4738-AC0C-008A6E56C7D3} - C:\WINDOWS\System32\aojl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "d:\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Bqhv] C:\WINDOWS\System32\?hkdsk.exe
O4 - HKCU\..\Run: [Aupa] C:\Program Files\tcow\ceoo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht!http://tdt.org.pl/popup/tdt.chm::/bridge-c18.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - ms-its:mhtml:file://c:\nosuxxx.mht!http://tdt.org.pl/popup/mt.chm::/MediaTicketsInstaller.cab
O18 - Filter: text/html - {EBB63687-92FD-40BD-9C3C-354FB9CD2C85} - C:\WINDOWS\System32\aojl.dll
O18 - Filter: text/plain - {EBB63687-92FD-40BD-9C3C-354FB9CD2C85} - C:\WINDOWS\System32\aojl.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    • Gość: Kolobos Re: spr. loga IP: *.warszawa.sdi.tpnet.pl 19.06.05, 21:51
      Od takich logow mozna dostac wstretu do sprawdzania.
      Szkoda, ze nie wiesz co to sa aktualizacje systemowe (i/lub legalny system) ten
      log to jeden wielki syf i nie mam zamiaru go sprawdzac bo to nie ma żadnego
      sensu.

      Uzyj/przeskanu/zainstaluj:
      www.trojaner-info.de/files/SpSeHjfix112.exe
      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-
      fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe (usuwasz co znajdzie)
      www.firewallleaktester.com/tools/wwdc.exe (zamykasz wszystko)
      housecall.trendmicro.com/housecall/start_corp.asp
      www.windowsecurity.com/trojanscan/
      www.pandasoftware.com/activescan/pol/activescan_principal.htm
      www.cexx.org/LSPFix.exe (kasujesz tylko new.net)

      Po tym mozesz wkleic nowy log.
      • Gość: kolor Re: spr. loga IP: *.chello.pl 20.06.05, 12:44
        jesli chodzi o download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35- to nie otwiera mi sie
        rowniez nic nie zdzialalem : housecall.trendmicro.com/housecall/start_corp.asp ale jestem poczatkujacy wiec prosze o wyrozumialosc
        natomiast : www.windowsecurity.com/trojanscan/checksystem.asp mie mozna rozpoczac skanowania
        reszte udalo sie przeprowadzic i log teraz wyglada tak


        Logfile of HijackThis v1.99.1
        Scan saved at 12:41:12, on 2005-06-20
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\WINDOWS\htpatch.exe
        C:\WINDOWS\System32\RunDll32.exe
        C:\Program Files\Save\Save.exe
        C:\WINDOWS\System32\rundll32.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
        C:\WINDOWS\System32\gglib.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\WINDOWS\System32\?hkdsk.exe
        C:\Program Files\tcow\ceoo.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\Program Files\BitComet\BitComet.exe
        C:\WINDOWS\Explorer.exe
        C:\Program Files\Opera\Opera.exe
        C:\Documents and Settings\Koło\Ustawienia lokalne\Temp\Katalog tymczasowy 3 dla hijackthis1.99.1.zip\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
        O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [WinampAgent] "d:\Winamp3\winampa.exe"
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
        O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
        O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
        O4 - HKLM\..\Run: [vmtuner] gglib.exe
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [Bqhv] C:\WINDOWS\System32\?hkdsk.exe
        O4 - HKCU\..\Run: [Aupa] C:\Program Files\tcow\ceoo.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxx.mht!http://tdt.org.pl/popup/tdt.chm::/bridge-c18.cab
        O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - ms-its:mhtml:file://c:\nosuxxx.mht!http://tdt.org.pl/popup/mt.chm::/MediaTicketsInstaller.cab
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

        bede wdzieczny za wszelka pomoc
        • Gość: Kolobos Re: spr. loga IP: *.warszawa.sdi.tpnet.pl 20.06.05, 13:11
          Link dziala bo sprawdzalem.

          W hijackthis usun:

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
          O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
          Files\NewDotNet\newdotnet6_38.dll
          O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
          O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1
          \NEWDOT~1.DLL,NewDotNetStartup -s
          O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
          O4 - HKLM\..\Run: [vmtuner] gglib.exe
          O4 - HKCU\..\Run: [Bqhv] C:\WINDOWS\System32\?hkdsk.exe
          O4 - HKCU\..\Run: [Aupa] C:\Program Files\tcow\ceoo.exe
          O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:
          href="file://c:\nosuxxx.mht!http://tdt.org.pl/popup/tdt.chm::/bridge-c18.cab"
          target="_blank">file://c:\nosuxxx.mht!http://tdt.org.pl/popup/tdt.chm::/bridge-
          c18.cab
          O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
          Control) - ms-its:mhtml: href="file://c:\nosuxxx.mht!
          tdt.org.pl/popup/mt.chm::/MediaTicketsInstaller.cab"
          target="_blank">file://c:\nosuxxx.mht!
          tdt.org.pl/popup/mt.chm::/MediaTicketsInstaller.cab
          www.downloads.subratam.org/KillBox.zip
          Killbox'em z zaznaczona opcje delete on reboot kasujesz te pliki:

          C:\Program Files\NewDotNet\newdotnet6_38.dll
          C:\Program Files\Save\Save.exe
          C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
          C:\Program Files\Media Access\MediaAccK.exe
          C:\windows\system32\gglib.exe
          C:\WINDOWS\System32\?hkdsk.exe
          C:\Program Files\tcow\ceoo.exe

          Po resecie kasujesz katalogi:
          C:\Program Files\tcow\
          C:\Program Files\Media Access\
          C:\Program Files\NewDotNet\
          C:\Program Files\Save\

          Uzyles wwdc i zamknales wszystkie porty?
          Jezeli nie to zaraz bedziesz mial to samo, jak w ogole mozesz uzywac takiego
          systemu? Nie majac aktualizacji nie ma sesnu podlaczac go do netu.
          • Gość: kolor Re: spr. loga IP: *.chello.pl 21.06.05, 19:36
            dzieki za pomoc , staralem sie wykonac wszystko tak jak napisales ale nie
            wiem czy wszystko dobrze zrobilem - byly klopoty z kill boxem , udalo sie z tym :
            download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe ( usunalem co znalazl ) , i skorzystalem z windows update , jesli chodzi o wwdc to sytuacje mam taka :
            1 - disable dcom
            2- close 445
            3- close 137:139
            4- close 5000
            5- enable msg

            aktualnie moj log wyglada tak :


            ogfile of HijackThis v1.99.1
            Scan saved at 19:17:14, on 2005-06-21
            Platform: Windows XP (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 (6.00.2600.0000)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            C:\WINDOWS\Explorer.exe
            C:\Program Files\Alwil Software\Avast4\ashServ.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\WINDOWS\htpatch.exe
            C:\WINDOWS\System32\RunDll32.exe
            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
            C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
            C:\Program Files\Opera\Opera.exe
            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            C:\WINDOWS\System32\wuauclt.exe
            C:\WINDOWS\System32\wuauclt.exe
            C:\Documents and Settings\Koło\Ustawienia lokalne\Temp\Katalog tymczasowy 4 dla hijackthis1.99.1.zip\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
            O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
            O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
            O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
            O4 - HKLM\..\Run: [WinampAgent] "d:\Winamp3\winampa.exe"
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
            O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
            O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
            O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
            O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
            O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
            O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
            O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
            • Gość: Kolobos Re: spr. loga IP: *.warszawa.sdi.tpnet.pl 21.06.05, 19:46
              W wwdc masz miec przy wszystkich zielone "ptaszki" jedynie close 137:139 mozesz
              zostawic jezeli masz siec lokalna i cos udostepniasz, jezeli nie masz to tez
              zamknij.

              Nie uruchamiaj hijackthis z zipa tylko rozpakuj gdzies na dysku i dopiero
              uruchom.

              W hijackrhis skasuj to:
              F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
              O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1
              \NEWDOT~1.DLL,NewDotNetStartup -s

              Mam nadzieje, ze to tylo wpisy i plikow juz nie ma?

              Killbox jest prosty w obsludze, wklejasz do niego po jednej sciezce do pliku,
              zaznaczasz delete on reboot i naciskasz czerwony przycisk, co w tym trudnego?

              killbox'em te pliki o ile jeszcze sa:
              C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL
              C:\WINDOWS\Nail.exe
              C:\WINDOWS\svcproc.exe
              C:\Windows\system32\DrPMon.dll

              Dla pewnosci uruchom windows w trybie awaryjnym i uzyj:
              free.of.pl/k/kolobos/nailfix.zip
              • Gość: kolor Re: spr. loga IP: *.chello.pl 22.06.05, 00:17
                wielkie dzieki , w wwdc mam obecnie 4 zielone , a ten trzeci ma trojkat zolty
                wiec nie wiem czy na 100% jest dobrze , chociaz po wykonaniu operacji pojawilo sie okienko z wymownym slowem : congratulations - wiec chyba jest ok
                dla sprawdzenia jak sugeruje www.mgregor.republika.pl daje jeszcze raz log do kontroli :

                Logfile of HijackThis v1.99.1
                Scan saved at 00:09:12, on 2005-06-22
                Platform: Windows XP (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\WINDOWS\Explorer.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                C:\Program Files\Alwil Software\Avast4\ashServ.exe
                C:\WINDOWS\System32\nvsvc32.exe
                C:\WINDOWS\htpatch.exe
                C:\WINDOWS\System32\RunDll32.exe
                C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
                C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                C:\Program Files\Gadu-Gadu\gg.exe
                C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
                C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
                C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                C:\Program Files\BitComet\BitComet.exe
                C:\Program Files\Opera\Opera.exe
                C:\Documents and Settings\Koło\Pulpit\hujackthis\HijackThis.exe

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
                O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
                O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
                O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
                O4 - HKLM\..\Run: [WinampAgent] "d:\Winamp3\winampa.exe"
                O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
                O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
                O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
                O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
                O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
                O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
                O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
                O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
                O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
                O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
                O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
                O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
                O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

                • Gość: Kolobos Re: spr. loga IP: *.warszawa.sdi.tpnet.pl 22.06.05, 00:20
                  Wszystko ok i postaraj sie zeby tak zostalo.
                  • Gość: kolor Re: spr. loga IP: *.chello.pl 22.06.05, 00:26
                    bede sie staral i jeszcze raz wielkie dzieki
Pełna wersja