Prosze o sprawdzenie logów :)

go_iaczek · 11 Maj 2006 16:31

Witam! Prosiłabym o sprawdzenie loga, poniewaz od pewnego czasu po uruchomieniu komuptera samoistnie instaluje mi się program “freeprodtb” i wciąż wyskakują mi jakies okienka z reklamami. Jestem całkowicie “zielona” w tych sprawch i nie wiem za bardzo co mam zrobic…

Prosze o pomoc i z góry dziekuję

Logfile of HijackThis v1.99.1

Scan saved at 14:19:05, on 2006-05-11

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\gosia\Nowy folder\Cain\Abel.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\rundll32.exe

C:\windows\system32\rlvknlg.exe

C:\Program Files\outlook\outlook.exe

C:\windows\defender1.exe

C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

C:\PROGRA~1\COMMON~1\kqoo\kqoom.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\WINDOWS\Wg\command.exe

C:\Program Files\Network Monitor\netmon.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\WinPcap\wNetMonInstaller.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\`\Pulpit\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

F2 - REG:system.ini: Shell=explorer.exe "c:\program files\common files\microsoft shared\web folders\ibm00003.exe" 

O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [autoclk] autoclk.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\kaqawc.exe reg_run

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

O4 - HKLM\..\Run: [winlog] winlog.exe

O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard18.exe

O4 - HKLM\..\Run: [defender] C:\windows\defender1.exe

O4 - HKLM\..\Run: [newname] C:\\newname18.exe

O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe

O4 - HKLM\..\RunServices: [winlog] winlog.exe

O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc

O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"

O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [Komunikator] C:\Documents and Settings\`\Pulpit\Nowy folder\tlen.exe

O4 - HKCU\..\Run: [AQQ] C:\DOCUME~1\`\Pulpit\NOWYFO~1\AQQ\AQQ.exe

O4 - HKCU\..\Run: [kqoo] C:\PROGRA~1\COMMON~1\kqoo\kqoom.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O17 - HKLM\System\CCS\Services\Tcpip\..\{320BD288-C9DF-40E2-8BF0-ACA77F8F7B23}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\enlol1331.dll

O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\jt4o07h3e.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Abel - oxid.it - C:\gosia\Nowy folder\Cain\Abel.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Wg\command.exe

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

ZRobiłam wszystko jak było w temacie o HijackThis.

Gutek · 11 Maj 2006 16:40

Zmień tytuł tematu na konkretny

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank F2 - REG:system.ini: Shell=explorer.exe “c:\program files\common files\microsoft shared\web folders\ibm00003.exe” O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll O4 - HKLM…\Run: [winsync] C:\WINDOWS\system32\kaqawc.exe reg_run O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM…\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot O4 - HKLM…\Run: [winlog] winlog.exe O4 - HKLM…\Run: [keyboard] C:\windows\keyboard18.exe O4 - HKLM…\Run: [defender] C:\windows\defender1.exe O4 - HKLM…\Run: [newname] C:\newname18.exe O4 - HKLM…\Run: [ipWins] C:\Program Files\ipwins\ipwins.exe O4 - HKLM…\RunServices: [winlog] winlog.exe O4 - HKCU…\Run: [shell] “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe” O4 - HKCU…\Run: [PayTime] C:\WINDOWS\system32\paytime.exe O4 - HKCU…\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU…\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU…\Run: [kqoo] C:\PROGRA~1\COMMON~1\kqoo\kqoom.exe O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\enlol1331.dll O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\jt4o07h3e.dll (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Wg\command.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz Network Monitor i Command Service

Wyłączyć Przywracanie systemu w XP TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log

Użyj Look2Me-Destroyer.exe

Odpal LSP-Fix zaznacz “I know what I’m doing” następnie w okienku Keep zaznacz plik który chcesz usunąć i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish

To moze być plik:

Find-Qoologic rozpakuj i uruchom Find-Qoologic.bat , pokaze sie taki screen:

i wpisz w nim z klawiatury 1 i potwierdź za pomocą ENTER-em. I jak będzie log wklej

Bieniol · 11 Maj 2006 16:43

Tego wpisu nie usuwaj - to strona startowa pajacyka

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable. Po użyciu tego narzędzia wymagany jest reset sysa.

go_iaczek · 11 Maj 2006 18:51

Nie mogę wyłączyc Command Service nie wiem dlaczego…

adam9870 · 11 Maj 2006 19:29

Jak to nie możesz. Robisz tak:

Start >>> Uruchom >>> services.msc >>> Znajdujesz Command Service i klikasz na niego prawym klawiszem myszki i wybierasz “Właściwości”. Przechodzisz na zakładke “ogólne”. i klikasz na “Zatrzymaj”. I w polu “Typ uruchamiania” ustawisz na “Wyłączony”.

Potem tylko potweirdzasz ustawienia

go_iaczek · 11 Maj 2006 20:51

Tak jak napisałeś robię: Start >>> Uruchom >>> services.msc >>> Command Service, dalej wchodzę we właściwości i zakładke ogólne ale tam nie mam wogole aktywnych tych opcji: uruchom, zatrzymaj, wstrzymaj, wznów… :roll:

A “Typ uruchamiania” caly czas jest na “Wyłączony”. :?

Bieniol · 11 Maj 2006 20:53

W takim razie rób dalej to co napisał Gutek2222

go_iaczek · 11 Maj 2006 20:58

Typ uruchomienia- “Wyłączony”

Ale stan- “Uruchomiono”

Więc nie rozumiem mam robic dalej wszytsko jak pisał Gutek2222 :?:

Bieniol · 11 Maj 2006 21:08

W takim razie usługi Command Service i Network Monitor wyłączysz w ten sposób:

Start --> uruchom --> cmd i wpisujesz:

To powinno zadziałać

kuz5 · 11 Maj 2006 21:29

To, nie zadzaiła, zreszta nie Network Monitor dotyczy pytanie

go$iaczek nie przejmuj się, tym wpisem zajmiemy sie najwyżej na końcu

Ty masz na kompie o wiele poważniejszy syf niż Command Service

Zrób to co kazał gutek i wklej logi o które zostałaś poproszona

go_iaczek · 12 Maj 2006 20:53

A co do punktu 3. ->Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked.

To rozumiem ze mam zaznaczyc te strony co są na niebiesko zaznaczone? Pytam, bo wogóle się w tym nie orientuję :roll:

Bieniol · 12 Maj 2006 20:56

Zaznaczasz wszystkie zacytowane wpisy (stawiasz przy nich ptaszki)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank F2 - REG:system.ini: Shell=explorer.exe “c:\program files\common files\microsoft shared\web folders\ibm00003.exe” O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll O4 - HKLM…\Run: [winsync] C:\WINDOWS\system32\kaqawc.exe reg_run O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM…\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot O4 - HKLM…\Run: [winlog] winlog.exe O4 - HKLM…\Run: [keyboard] C:\windows\keyboard18.exe O4 - HKLM…\Run: [defender] C:\windows\defender1.exe O4 - HKLM…\Run: [newname] C:\newname18.exe O4 - HKLM…\Run: [ipWins] C:\Program Files\ipwins\ipwins.exe O4 - HKLM…\RunServices: [winlog] winlog.exe O4 - HKCU…\Run: [shell] “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe” O4 - HKCU…\Run: [PayTime] C:\WINDOWS\system32\paytime.exe O4 - HKCU…\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU…\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU…\Run: [kqoo] C:\PROGRA~1\COMMON~1\kqoo\kqoom.exe O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\enlol1331.dll O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\jt4o07h3e.dll (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Wg\command.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

I klikasz na dole “fix checked”

Gutek · 12 Maj 2006 21:06

pomyliłem się, ty zauważyłeś a teraz powtarzasz?

bez tego wpisu ptaszkujesz wszystko w hijacku co jest wskazane

go_iaczek · 12 Maj 2006 21:34

Zrobiłam wszytsko, ale okienka z reklamami wciąż wyskakują

Logfile of HijackThis v1.99.1

Scan saved at 23:33:26, on 2006-05-12

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\gosia\Nowy folder\Cain\Abel.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\AVPersonal\AVGUARD.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\outlook\outlook.exe

C:\Program Files\AVPersonal\AVGNT.EXE

C:\WINDOWS\defender1.exe

C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Weather\Weather.exe

C:\Program Files\Snowball Wars\License.exe

C:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\Documents and Settings\`\Pulpit\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [autoclk] autoclk.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [adiras] adiras.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min

O4 - HKLM\..\Run: [defender] C:\WINDOWS\defender1.exe

O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc

O4 - HKCU\..\Run: [Komunikator] C:\Documents and Settings\`\Pulpit\Nowy folder\tlen.exe

O4 - HKCU\..\Run: [AQQ] C:\DOCUME~1\`\Pulpit\NOWYFO~1\AQQ\AQQ.exe

O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wyslij SMS'a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\m0640ajqedoe0.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Abel - oxid.it - C:\gosia\Nowy folder\Cain\Abel.exe

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

To też przpadkowo zaznaczyłam

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/

Czy zrobiłam wszystko dobrze?

Bieniol · 12 Maj 2006 21:37

Ściągnij i odpal LSP-Fix zaznacz “I know what I’m doing” następnie w okienku Keep zaznacz plik newdotnet*_** i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish i restart kompa

W trybie awaryjnym z wyłącząnym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku (w razie problemów z usuwaniem plików użyj narzędzia KillBox ):

Co do tego wpisu:

Użyj narzędzia Look2Me-Destroyer, następnie wrzuć log z programu l2mfix (wybierasz opcje 1)

go_iaczek · 12 Maj 2006 22:06

Usunełam te wpisy

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe 

O4 - HKLM\..\Run: [defender] C:\WINDOWS\defender1.exe

Ale nie mogę uruchomic programu Look2Me-Destroyer.

kuz5 · 12 Maj 2006 22:09

A co wyskakuje za komunikat

go_iaczek · 12 Maj 2006 22:15

Ok, uruchomiło się, ale nie było tam wpisu

O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\m0640ajqedoe0.dll

kuz5 · 12 Maj 2006 22:19

Jak uruchmiłeś to przeskanuj system Tutaj na samym dole masz opis

Do tego wklej log, nr 1 z narzedzia L2Mfix

go_iaczek · 12 Maj 2006 22:38

Przeskanowałam, wklejam to co wyszło:

Look2Me-Destroyer V1.0.12


Scanning for infected files.....

Scan started at 2006-05-13 00:29:03


Infected! C:\WINDOWS\system32\lv2u09f9e.dll

Infected! C:\WINDOWS\system32\dmound3d.dll

Infected! C:\WINDOWS\system32\wxninet.dll

Infected! C:\WINDOWS\system32\mrc40.dll

Infected! C:\WINDOWS\system32\atcups.dll

Infected! C:\WINDOWS\system32\hr0o05d3e.dll

Infected! C:\WINDOWS\system32\dnju0119e.dll

Infected! C:\WINDOWS\system32\mvlsl9371.dll

Infected! C:\WINDOWS\system32\ktr6l79s1.dll

Infected! C:\WINDOWS\system32\hrr0059me.dll

Infected! C:\WINDOWS\system32\hr8s05l7e.dll

Infected! C:\WINDOWS\system32\j2n2lc5o1f.dll

Infected! C:\WINDOWS\system32\mvpml9711.dll

Infected! C:\WINDOWS\system32\k4260efseh260.dll

Infected! C:\WINDOWS\system32\n4p4le7q1h.dll

Infected! C:\WINDOWS\system32\gp06l3ds1.dll

Infected! C:\WINDOWS\system32\l6j80g1ue6.dll

Infected! C:\WINDOWS\system32\kfdro.dll

Infected! C:\WINDOWS\system32\whhpl.dll

Infected! C:\WINDOWS\system32\ragwizc.dll

Infected! C:\WINDOWS\system32\lfghours.dll

Infected! C:\WINDOWS\system32\en8ql1l51.dll

Infected! C:\WINDOWS\system32\it41_qcx.dll

Infected! C:\WINDOWS\system32\prtorsvc.dll

Infected! C:\WINDOWS\system32\lv2u09f9e.dll

Infected! C:\WINDOWS\system32\hr0205doe.dll

Infected! C:\WINDOWS\system32\jt6207joe.dll


Attempting to delete infected files...


Attempting to delete: C:\WINDOWS\system32\lv2u09f9e.dll

C:\WINDOWS\system32\lv2u09f9e.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\dmound3d.dll

C:\WINDOWS\system32\dmound3d.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\wxninet.dll

C:\WINDOWS\system32\wxninet.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\mrc40.dll

C:\WINDOWS\system32\mrc40.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\atcups.dll

C:\WINDOWS\system32\atcups.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\hr0o05d3e.dll

C:\WINDOWS\system32\hr0o05d3e.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\dnju0119e.dll

C:\WINDOWS\system32\dnju0119e.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\mvlsl9371.dll

C:\WINDOWS\system32\mvlsl9371.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\ktr6l79s1.dll

C:\WINDOWS\system32\ktr6l79s1.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\hrr0059me.dll

C:\WINDOWS\system32\hrr0059me.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\hr8s05l7e.dll

C:\WINDOWS\system32\hr8s05l7e.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\j2n2lc5o1f.dll

C:\WINDOWS\system32\j2n2lc5o1f.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\mvpml9711.dll

C:\WINDOWS\system32\mvpml9711.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\k4260efseh260.dll

C:\WINDOWS\system32\k4260efseh260.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\n4p4le7q1h.dll

C:\WINDOWS\system32\n4p4le7q1h.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\gp06l3ds1.dll

C:\WINDOWS\system32\gp06l3ds1.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\l6j80g1ue6.dll

C:\WINDOWS\system32\l6j80g1ue6.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\kfdro.dll

C:\WINDOWS\system32\kfdro.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\whhpl.dll

C:\WINDOWS\system32\whhpl.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\ragwizc.dll

C:\WINDOWS\system32\ragwizc.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\lfghours.dll

C:\WINDOWS\system32\lfghours.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\en8ql1l51.dll

C:\WINDOWS\system32\en8ql1l51.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\it41_qcx.dll

C:\WINDOWS\system32\it41_qcx.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\prtorsvc.dll

C:\WINDOWS\system32\prtorsvc.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\lv2u09f9e.dll

C:\WINDOWS\system32\lv2u09f9e.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\hr0205doe.dll

C:\WINDOWS\system32\hr0205doe.dll Deleted successfully!


Attempting to delete: C:\WINDOWS\system32\jt6207joe.dll

C:\WINDOWS\system32\jt6207joe.dll Deleted successfully!


Making registry repairs.


Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Setup


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{815BD60E-879F-4C8E-8715-09863BA12B97}"

HKCR\Clsid\{815BD60E-879F-4C8E-8715-09863BA12B97}


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0F06EAA7-E090-4443-9DEE-85943291CF12}"

HKCR\Clsid\{0F06EAA7-E090-4443-9DEE-85943291CF12}


Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{874BD8DE-30AE-47CE-8961-3B5398690433}"

HKCR\Clsid\{874BD8DE-30AE-47CE-8961-3B5398690433}


Restoring Windows certificates.


Replaced hosts file with default windows hosts file



Restoring SeDebugPrivilege for Administratorzy - Succeeded

Jednak nie wiem jak użyc narzędzie L2Mfix :roll: