Chyba mam DUCHA w kompie!?

Dawno juz odinstalowalam Trojan Remover(byl to chyba Trial),do tej pory uruchamia sie z autostartem i nawet nie moge wywalic z rejestru bo mam zaraz akcje ze strony Startup Monitor Warning+WinPatrol aby go dodac.W przeciwnym wypadku bezustannie jest monit o wlaczenie!Security Task Manager podaje:program nieaktywny,uruchamia sie z autostartem,system nie moze odnalezc okreslonej sciezki! !!

przeskanuj dyski Pest Patrolem wersja Home - można go pobrać choćby z http://www.download.com a potem najlepiej będzie jak podasz log z Hijacka , może tam coś sie znajdzie :slight_smile:

Zainstaluj program JV16 PowerTools i wyczyść nim rejestr ze zbędnych wpisów.

zgłoś się do naszego forumowicza Ducha :wink:

a tak całkiem serio to daj log hijacka 8)

Chyba wytropilam dziada.Tools podaje w HKEY_USERS klucz(wartosci klucza)\Software\Microsoft\Windows\CurrentVersion\Explorer\Menu Order\faworites\trjscan.exe ROBAK-usuwanie w Tools nic nie daje bo sie odradza na nowo.Co mam teraz zrobic?Jakim programem go potraktowac?Jaki to ROBAK???wartosc jednego z 3 znalezionych kluczy byla 1,moze trzeba ustawic na 0?Czekam cierpliwie na pomoc,wierze,ze ja otrzymam!

Jagódka to trjscan.exe to nie żaden robak. Na wielu stronach pisze że ten plik jest uszkadzany przez wirusy:

i wśród tych procesów jest własnie wymieniany ów trjscanexe

Wpis (koncowka)trjscan.exe ROBAK-to nie moj dodatek,tylko taki odczytalam w calosci z Tools!Skad wiec sie tam wzial?Usilowalam cos wytropic szczepionka GDATA i byl tam (w systemie32) Backdoor.Surila(do tej pory szukam w necie i nie moge znalezc zadnego opisu),ale nie moge dalej skanowac bo wywala mi w polowie skanowanie akurat tym wlasnie programem, a Trojan remover jak byl tak jest dalej,chociaz ponoc go nie ma .Uzylam juz chyba ze 20 roznych skanerow i pomalu dostaje choroby nerwowej,przeciez jest niemozliwe zeby nie dalo sie niczym tego usunac z autostartu,mysle,ze siedzi tam jakas zaraza.HELP! !!

Skoro zapuszczasz się na poszukiwania w necie to co ci szkodzi w wyszukiwarkę wpisac:

trjscan.exe

i przekonać się na własnej skórze co to za plik Proponuję wchodzić tylko na strony specjalistyczne dotyczące ochrony antywirusowej.

męczysz i się i męczysz więc DUCH ci poradzi… :lol:

wklej loga z HiJackThis :smiley:

jeżeli faktycznie coś ci siedzi w komputerze to z loga się to wyczai i usunie…

RUN: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

-bardzo prosze o pomoc bo od dwoch miesiecy walcze z tym wpisem i zadnym programem ani usuwaniem w rejestrze nic nie da sie zrobic,ciagle sie odradza.Prosze o namiar na jakis program ktory to swinstwo usunie raz na zawsze!!!Przy okazji mam pytanie:zrobilam screen ale jak wyslac???

Screen zapodasz TU.

Tak apropoś. Koledzy proszą Cię o wklejenie logu z programy Hijack This :wink:

Więc tak. Pobierz najnowszą wersję Z TĄD, następnie wejdź na TA STRONKĘ i poczytaj o Hijacku. Teraz, kiedy wszystko wiesz o Hijacku wklej loga na to forum :wink:

Pozdrawiam.

Loga juz dawno wkleilam ale do dzialu z logami bo nie wiem czy tutaj tez moge?Skoro tak jednak radzisz to moge jeszcze raz wyslac go tutaj.Caly czas pozostaje aktualna sprawa tego dziadostwa i dotad nie uzyskalam zadnej konkretnej odpowiedzi jak sie pozbyc tych resztek po progsie.Probowalam wieloma programami i grzebaniem w rejestrze i nic z tego nie wynika.Ciagle go mam w autostarcie!

Logfile of HijackThis v1.99.0

Scan saved at 13:41:29, on 2005-03-02

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

C:\Program Files\Wanadoo\taskbaricon.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\MSI\Live Update 3\LMonitor.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Art Plus\Wallpaper5\wallpaper.exe

C:\Program Files\Free Download Manager\fdm.exe

F:\JAGA\Skype(Phone Online)\Skype.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Ajt Soft\Słownik\AP.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrator\Pulpit\SKANERY\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: - {CE1C8FA7-9B17-42E4-B550-FA45380C2322} - (no file)

O2 - BHO: - {FEB2EF67-AC96-4768-A084-2567DCF35F67} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [WinPatrol] “C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe”

O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe

O4 - HKLM…\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM…\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM…\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM…\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKCU…\Run: [Art Plus Wallpaper Calendar] “C:\Program Files\Art Plus\Wallpaper5\wallpaper.exe” /a

O4 - HKCU…\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto

O4 - HKCU…\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU…\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU…\Run: [skype] “F:\JAGA\Skype(Phone Online)\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRA~1\GADU-G~1\gg.exe” /tray

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Pobierz stronę WEB z Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Pobierz wszystko z Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Pobierz z Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Pobierz zaznaczenie z Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/10d36db844d … xIE601.cab

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 6751177107

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/pl/big/1 … gleNav.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 … scan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} -

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l … cfscan.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/se … loader.cab

O17 - HKLM\System\CCS\Services\Tcpip…{FCC56671-D2B5-4284-ADA9-C8D0C89447A0}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Usuń te wpisy:

Potem wykasuj z dysku zaznaczony niżej katalog:

C:\Program Files\Trojan Remover

BTW

Jeżeli nie będzie to możliwe (plik lub katalog w użyciu), wciśnij Ctrl+Alt+Del i w menagerze zadań zamknij proces Trjscan.exe i dopiero wtedy kasuj…

Usunelam zaznaczone wpisy w trybie awaryjnym,cholerny program dalej zyje!Pomozcie bo dostaje szalu!!!Nie wiem jak wyslac do Was screena,mimo w/w propozycji nie udaje mi sie,wobec tego podaje jakie mam info z HijachThis dot. tego problemu-"This part of the scan checks for several suspicious entries that autoload when Windows starts.Autoloading entries load a Registry script,VB script or Java Scriptfile,possibily causing the IE Start Page,Search Page,Search Bar an Search Assistant to revert back to hijacker’s page after a system reboot.Also,a DLL file can be loadedthat can into several parts your system.Infected examples:Kernel 32.VBS-C:\Windows\temp\install.js-rundll32 C:\Program Files\NewDotNet 4_5 dll,NewDotNet Startup–Action taken:Registry value is deleted-To tyle opisu,w manager nie ma sladu po tym progsie tzn nie ma go wcale w autostarcie.W Tools wyszukuje i usuwam ale wraca jak bumerang!Wysylam jeszcze raz log do sprawdzenia

Logfile of HijackThis v1.99.0

Scan saved at 00:22:56, on 2005-03-04

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\GADU-G~1\gg.exe

F:\JAGA\Skype(Phone Online)\Skype.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\Art Plus\Wallpaper5\wallpaper.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\taskbaricon.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrator\Pulpit\SKANERY\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {CE1C8FA7-9B17-42E4-B550-FA45380C2322} - (no file)

O2 - BHO: (no name) - {FEB2EF67-AC96-4768-A084-2567DCF35F67} - (no file)

O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM…\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM…\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM…\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [WinPatrol] “C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe”

O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe

O4 - HKCU…\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRA~1\GADU-G~1\gg.exe” /tray

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU…\Run: [skype] “F:\JAGA\Skype(Phone Online)\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU…\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto

O4 - HKCU…\Run: [Art Plus Wallpaper Calendar] “C:\Program Files\Art Plus\Wallpaper5\wallpaper.exe” /a

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Pobierz stronę WEB z Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Pobierz wszystko z Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Pobierz z Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Pobierz zaznaczenie z Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O16 - DPF: ppctlcab -

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} -

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} -

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} -

O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} -

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} -

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/se … loader.cab

O17 - HKLM\System\CCS\Services\Tcpip…{FCC56671-D2B5-4284-ADA9-C8D0C89447A0}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Okazuje sie,ze usuwane wpisy(no file)tez nie zniknely!Ratunku! !!

a wyłączyłaś przywracanie systemu i kasujesz w trybie awaryjnym ??

Przywracania systemu nie wylaczylam,chociaz wiem,ze trzeba, ale boje sie,ze jak cos schrzanie to po mnie!Mea culpa,sorry!Juz cos zle zrobilam w Hijack,chyba za duzo usunelam i padl mi net ale przywrocilam z backup i jest ok.Jak to wymog konieczny to sie zastosuje ale juz jutro bo na dzis mam dosc.Dzieki za odpowiedz.

Logfile of HijackThis v1.99.0

Scan saved at 01:07:02, on 2005-03-04

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\GADU-G~1\gg.exe

F:\JAGA\Skype(Phone Online)\Skype.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\Art Plus\Wallpaper5\wallpaper.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Wanadoo\taskbaricon.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Documents and Settings\Administrator\Pulpit\SKANERY\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {CE1C8FA7-9B17-42E4-B550-FA45380C2322} - (no file)

O2 - BHO: (no name) - {FEB2EF67-AC96-4768-A084-2567DCF35F67} - (no file)

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe

O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Skype] "F:\JAGA\Skype(Phone Online)\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto

O4 - HKCU\..\Run: [Art Plus Wallpaper Calendar] "C:\Program Files\Art Plus\Wallpaper5\wallpaper.exe" /a

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Pobierz stronę WEB z Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Pobierz wszystko z Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Pobierz z Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Pobierz zaznaczenie z Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O16 - DPF: ppctlcab - 

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - 

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - 

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - 

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} - 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - 

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - 

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - 

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - 

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - 

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - 

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - 

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - 

O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - 

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - 

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - 

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_beta/imloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC56671-D2B5-4284-ADA9-C8D0C89447A0}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Chyba sie udalo!!!Nie widze juz tego TrojanaRemovera ale zostaly te BHO(no file),to juz na jutro zostawie.Chyba cud? :slight_smile:

to nie cud :!: zawsze przy usuwaniu czego HiJackiem trzeba wyłączyć przywracanie systemu :slight_smile: inaczej to będzie Syzyfowa praca :-s