Chyba mam DUCHA w kompie!?


(Lammermoor) #1

Dawno juz odinstalowalam Trojan Remover(byl to chyba Trial),do tej pory uruchamia sie z autostartem i nawet nie moge wywalic z rejestru bo mam zaraz akcje ze strony Startup Monitor Warning+WinPatrol aby go dodac.W przeciwnym wypadku bezustannie jest monit o wlaczenie!Security Task Manager podaje:program nieaktywny,uruchamia sie z autostartem,system nie moze odnalezc okreslonej sciezki! !!


(123448) #2

przeskanuj dyski Pest Patrolem wersja Home - można go pobrać choćby z http://www.download.com a potem najlepiej będzie jak podasz log z Hijacka , może tam coś sie znajdzie :slight_smile:


(Damian) #3

Zainstaluj program JV16 PowerTools i wyczyść nim rejestr ze zbędnych wpisów.


(Jablek 88) #4

zgłoś się do naszego forumowicza Ducha :wink:

a tak całkiem serio to daj log hijacka 8)


(Lackymen5) #5

(Lammermoor) #6

Chyba wytropilam dziada.Tools podaje w HKEY_USERS klucz(wartosci klucza)\Software\Microsoft\Windows\CurrentVersion\Explorer\Menu Order\faworites\trjscan.exe ROBAK-usuwanie w Tools nic nie daje bo sie odradza na nowo.Co mam teraz zrobic?Jakim programem go potraktowac?Jaki to ROBAK???wartosc jednego z 3 znalezionych kluczy byla 1,moze trzeba ustawic na 0?Czekam cierpliwie na pomoc,wierze,ze ja otrzymam!


(fiesta) #7

Jagódka to trjscan.exe to nie żaden robak. Na wielu stronach pisze że ten plik jest uszkadzany przez wirusy:

i wśród tych procesów jest własnie wymieniany ów trjscanexe


(Lammermoor) #8

Wpis (koncowka)trjscan.exe ROBAK-to nie moj dodatek,tylko taki odczytalam w calosci z Tools!Skad wiec sie tam wzial?Usilowalam cos wytropic szczepionka GDATA i byl tam (w systemie32) Backdoor.Surila(do tej pory szukam w necie i nie moge znalezc zadnego opisu),ale nie moge dalej skanowac bo wywala mi w polowie skanowanie akurat tym wlasnie programem, a Trojan remover jak byl tak jest dalej,chociaz ponoc go nie ma .Uzylam juz chyba ze 20 roznych skanerow i pomalu dostaje choroby nerwowej,przeciez jest niemozliwe zeby nie dalo sie niczym tego usunac z autostartu,mysle,ze siedzi tam jakas zaraza.HELP! !!


(fiesta) #9

Skoro zapuszczasz się na poszukiwania w necie to co ci szkodzi w wyszukiwarkę wpisac:

trjscan.exe

i przekonać się na własnej skórze co to za plik Proponuję wchodzić tylko na strony specjalistyczne dotyczące ochrony antywirusowej.


(Duch) #10

męczysz i się i męczysz więc DUCH ci poradzi... :lol:

wklej loga z HiJackThis :smiley:

jeżeli faktycznie coś ci siedzi w komputerze to z loga się to wyczai i usunie...


(Lammermoor) #11

RUN: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

-bardzo prosze o pomoc bo od dwoch miesiecy walcze z tym wpisem i zadnym programem ani usuwaniem w rejestrze nic nie da sie zrobic,ciagle sie odradza.Prosze o namiar na jakis program ktory to swinstwo usunie raz na zawsze!!!Przy okazji mam pytanie:zrobilam screen ale jak wyslac???


(Krzysieknd2) #12

Screen zapodasz TU.

Tak apropoś. Koledzy proszą Cię o wklejenie logu z programy Hijack This :wink:

Więc tak. Pobierz najnowszą wersję Z TĄD, następnie wejdź na TA STRONKĘ i poczytaj o Hijacku. Teraz, kiedy wszystko wiesz o Hijacku wklej loga na to forum :wink:

Pozdrawiam.


(Lammermoor) #13

Loga juz dawno wkleilam ale do dzialu z logami bo nie wiem czy tutaj tez moge?Skoro tak jednak radzisz to moge jeszcze raz wyslac go tutaj.Caly czas pozostaje aktualna sprawa tego dziadostwa i dotad nie uzyskalam zadnej konkretnej odpowiedzi jak sie pozbyc tych resztek po progsie.Probowalam wieloma programami i grzebaniem w rejestrze i nic z tego nie wynika.Ciagle go mam w autostarcie!

Logfile of HijackThis v1.99.0

Scan saved at 13:41:29, on 2005-03-02

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

C:\Program Files\Wanadoo\taskbaricon.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\MSI\Live Update 3\LMonitor.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\Art Plus\Wallpaper5\wallpaper.exe

C:\Program Files\Free Download Manager\fdm.exe

F:\JAGA\Skype(Phone Online)\Skype.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Ajt Soft\Słownik\AP.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrator\Pulpit\SKANERY\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: - {CE1C8FA7-9B17-42E4-B550-FA45380C2322} - (no file)

O2 - BHO: - {FEB2EF67-AC96-4768-A084-2567DCF35F67} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"

O4 - HKLM..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe

O4 - HKLM..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKCU..\Run: [Art Plus Wallpaper Calendar] "C:\Program Files\Art Plus\Wallpaper5\wallpaper.exe" /a

O4 - HKCU..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto

O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU..\Run: [skype] "F:\JAGA\Skype(Phone Online)\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Pobierz stronę WEB z Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Pobierz wszystko z Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Pobierz z Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Pobierz zaznaczenie z Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/10d36db844d ... xIE601.cab

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 6751177107

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/pl/big/1 ... gleNav.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} -

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/se ... loader.cab

O17 - HKLM\System\CCS\Services\Tcpip..{FCC56671-D2B5-4284-ADA9-C8D0C89447A0}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe


(adpawl) #14

Usuń te wpisy:

Potem wykasuj z dysku zaznaczony niżej katalog:

C:\Program Files\Trojan Remover

BTW

Jeżeli nie będzie to możliwe (plik lub katalog w użyciu), wciśnij Ctrl+Alt+Del i w menagerze zadań zamknij proces Trjscan.exe i dopiero wtedy kasuj...


(Lammermoor) #15

Usunelam zaznaczone wpisy w trybie awaryjnym,cholerny program dalej zyje!Pomozcie bo dostaje szalu!!!Nie wiem jak wyslac do Was screena,mimo w/w propozycji nie udaje mi sie,wobec tego podaje jakie mam info z HijachThis dot. tego problemu-"This part of the scan checks for several suspicious entries that autoload when Windows starts.Autoloading entries load a Registry script,VB script or Java Scriptfile,possibily causing the IE Start Page,Search Page,Search Bar an Search Assistant to revert back to hijacker's page after a system reboot.Also,a DLL file can be loadedthat can into several parts your system.Infected examples:Kernel 32.VBS-C:\Windows\temp\install.js-rundll32 C:\Program Files\NewDotNet 4_5 dll,NewDotNet Startup--Action taken:Registry value is deleted-To tyle opisu,w manager nie ma sladu po tym progsie tzn nie ma go wcale w autostarcie.W Tools wyszukuje i usuwam ale wraca jak bumerang!Wysylam jeszcze raz log do sprawdzenia


(Lammermoor) #16

Logfile of HijackThis v1.99.0

Scan saved at 00:22:56, on 2005-03-04

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\GADU-G~1\gg.exe

F:\JAGA\Skype(Phone Online)\Skype.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\Art Plus\Wallpaper5\wallpaper.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\taskbaricon.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Administrator\Pulpit\SKANERY\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {CE1C8FA7-9B17-42E4-B550-FA45380C2322} - (no file)

O2 - BHO: (no name) - {FEB2EF67-AC96-4768-A084-2567DCF35F67} - (no file)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"

O4 - HKLM..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe

O4 - HKCU..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU..\Run: [skype] "F:\JAGA\Skype(Phone Online)\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto

O4 - HKCU..\Run: [Art Plus Wallpaper Calendar] "C:\Program Files\Art Plus\Wallpaper5\wallpaper.exe" /a

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Pobierz stronę WEB z Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Pobierz wszystko z Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Pobierz z Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Pobierz zaznaczenie z Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O16 - DPF: ppctlcab -

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} -

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} -

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} -

O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} -

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} -

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/se ... loader.cab

O17 - HKLM\System\CCS\Services\Tcpip..{FCC56671-D2B5-4284-ADA9-C8D0C89447A0}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Okazuje sie,ze usuwane wpisy(no file)tez nie zniknely!Ratunku! !!


(fiesta) #17

a wyłączyłaś przywracanie systemu i kasujesz w trybie awaryjnym ??


(Lammermoor) #18

Przywracania systemu nie wylaczylam,chociaz wiem,ze trzeba, ale boje sie,ze jak cos schrzanie to po mnie!Mea culpa,sorry!Juz cos zle zrobilam w Hijack,chyba za duzo usunelam i padl mi net ale przywrocilam z backup i jest ok.Jak to wymog konieczny to sie zastosuje ale juz jutro bo na dzis mam dosc.Dzieki za odpowiedz.

Logfile of HijackThis v1.99.0

Scan saved at 01:07:02, on 2005-03-04

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\GADU-G~1\gg.exe

F:\JAGA\Skype(Phone Online)\Skype.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\Art Plus\Wallpaper5\wallpaper.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Wanadoo\taskbaricon.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Documents and Settings\Administrator\Pulpit\SKANERY\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {CE1C8FA7-9B17-42E4-B550-FA45380C2322} - (no file)

O2 - BHO: (no name) - {FEB2EF67-AC96-4768-A084-2567DCF35F67} - (no file)

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe

O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Skype] "F:\JAGA\Skype(Phone Online)\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto

O4 - HKCU\..\Run: [Art Plus Wallpaper Calendar] "C:\Program Files\Art Plus\Wallpaper5\wallpaper.exe" /a

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Pobierz stronę WEB z Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Pobierz wszystko z Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Pobierz z Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Pobierz zaznaczenie z Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O16 - DPF: ppctlcab - 

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - 

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - 

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} - 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - 

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} - 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - 

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - 

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - 

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - 

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - 

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - 

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - 

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} - 

O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - 

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - 

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - 

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_beta/imloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC56671-D2B5-4284-ADA9-C8D0C89447A0}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Chyba sie udalo!!!Nie widze juz tego TrojanaRemovera ale zostaly te BHO(no file),to juz na jutro zostawie.Chyba cud? :slight_smile:


(Duch) #19

to nie cud :!: zawsze przy usuwaniu czego HiJackiem trzeba wyłączyć przywracanie systemu :slight_smile: inaczej to będzie Syzyfowa praca :-s