Skocz do zawartości


Close Open
Close Open
- - - - -

Pomożcie! Wie ktos co odstrzelić w Hijack This?


  • Please log in to reply
17 replies to this topic

#1

  • Goście

Napisany 06 listopad 2006 - 19:34

Jakis wirus na gadu padl i trzeba to jakos usnac tylko nie mam pojecia ktore to :D

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://dami-rz.pl/daminet.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Uninstall.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

#2 Bieniol

Bieniol

    Only Bieniol :)

  • Forumowicze
  • PipPipPipPipPip
  • 283 Postów:

Napisany 06 listopad 2006 - 19:44

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):

O4 - Global Startup: Uninstall.exe

O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

Po zabiegach nowy log z Hijacka + log z Silent Runners

IE sluży do przeglądania internetu z twojego komputera i na odwrót !!

"...Everybody's going to the party have a real good time..."

REGULAMIN || SZUKAJKA || POMOC || ETYKIETA || GOOGLUJ

|| Intel Celeron, 1700 MHz || NVIDIA GeForce2 MX/MX 400 (64 MB) || 256 MB (PC 2700 DDR SDRAM) || Maxtor 6Y120P0 (120 GB, 7200 RPM, Ultra-ATA/133) + Samsung SC0842D (8GB, 5400 RPM, Ultra-ATA\66) || HL-DT-ST CD-ROM GCR-8520B (52x CD-ROM) + HL-DT-ST RW/DVD GCC-4320B (DVD:16x, CD:32x\10x\40x DVD-ROM\CD-RW) || Acer AL1714 [17'' LCD] ||

|| Windows XP Professional || Service Pack 2 || Mks_vir 2005 || Opera 8.5 || Mozilla FireFox || BadzIEwie || Ad_aware 1,06 Prof. || Winamp || The Bat! ||
|| Gadu-Gadu || Skype || Mozilla Thunderbird || Spybot - Search & Destroy || Spy Sweeper || Alcohol 120% || PowerDVD || Vista Transformation Pack 3.0 ||
|| Desktop Sidebar || WindowBlinds 5 || IconPackager || Konnekt || StyleXP || Nero || Windows Vista || BitComet || BitSpirit || Azureus || nVIDIA ||

|| FIFA 2006 || Counter-Strike 1.6 || Diablo II Lord of Destuction || Quake 3 Arena || Wolfenstein - Enemy Territory || Need For Speed ||


#3

  • Goście

Napisany 06 listopad 2006 - 20:27

Logfile of HijackThis v1.99.1
Scan saved at 20:20:39, on 2006-11-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WScript.exe
C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://dami-rz.pl/daminet.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe



"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroCheck" = "C:\WINDOWS\System32\\NeroCheck.exe" ["Ahead Software Gmbh"]
"HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
"DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" ["Sun Microsystems, Inc."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]


jeszcze chwila i ten komputer poleci przez okno... :<

#4

  • Goście

Napisany 06 listopad 2006 - 20:58

przy tworzeniu loga w silent runner cos sie wiesza i zero rezultatu :(

#5 Bieniol

Bieniol

    Only Bieniol :)

  • Forumowicze
  • PipPipPipPipPip
  • 283 Postów:

Napisany 06 listopad 2006 - 21:07

Otwórz notatnik i wklej w nim to:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc]

Plik -> zapisz jako -> zmień rozszerzenie na wszystkie pliki -> zapisz pod nazwą FIX.REG

Uruchamiasz narzędzie KillBox, zaznaczasz Delete on reboot i All Files, w polu full path of file wklej ścieżkę:
C:\WINDOWS\System32\rpcc.dll
Klikasz X i restart kompa :)

Odpal plik FIX.REG i potwierdź dodanie do rejestru i reset kompa :)

Po zabiegach nowe logi :)

IE sluży do przeglądania internetu z twojego komputera i na odwrót !!

"...Everybody's going to the party have a real good time..."

REGULAMIN || SZUKAJKA || POMOC || ETYKIETA || GOOGLUJ

|| Intel Celeron, 1700 MHz || NVIDIA GeForce2 MX/MX 400 (64 MB) || 256 MB (PC 2700 DDR SDRAM) || Maxtor 6Y120P0 (120 GB, 7200 RPM, Ultra-ATA/133) + Samsung SC0842D (8GB, 5400 RPM, Ultra-ATA\66) || HL-DT-ST CD-ROM GCR-8520B (52x CD-ROM) + HL-DT-ST RW/DVD GCC-4320B (DVD:16x, CD:32x\10x\40x DVD-ROM\CD-RW) || Acer AL1714 [17'' LCD] ||

|| Windows XP Professional || Service Pack 2 || Mks_vir 2005 || Opera 8.5 || Mozilla FireFox || BadzIEwie || Ad_aware 1,06 Prof. || Winamp || The Bat! ||
|| Gadu-Gadu || Skype || Mozilla Thunderbird || Spybot - Search & Destroy || Spy Sweeper || Alcohol 120% || PowerDVD || Vista Transformation Pack 3.0 ||
|| Desktop Sidebar || WindowBlinds 5 || IconPackager || Konnekt || StyleXP || Nero || Windows Vista || BitComet || BitSpirit || Azureus || nVIDIA ||

|| FIFA 2006 || Counter-Strike 1.6 || Diablo II Lord of Destuction || Quake 3 Arena || Wolfenstein - Enemy Territory || Need For Speed ||


#6

  • Goście

Napisany 06 listopad 2006 - 22:09

Logfile of HijackThis v1.99.1
Scan saved at 21:50:40, on 2006-11-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://dami-rz.pl/daminet.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe



nadal problem uzyskania logu z silent runner...

#7

  • Goście

Napisany 06 listopad 2006 - 22:16

aha i jeszcze to.. C:\WINDOWS\System32\rpcc.dll - file could not be deleted

#8 Bieniol

Bieniol

    Only Bieniol :)

  • Forumowicze
  • PipPipPipPipPip
  • 283 Postów:

Napisany 06 listopad 2006 - 22:28

Robiłeś wszystko tak, jak napisałem wyżej?

IE sluży do przeglądania internetu z twojego komputera i na odwrót !!

"...Everybody's going to the party have a real good time..."

REGULAMIN || SZUKAJKA || POMOC || ETYKIETA || GOOGLUJ

|| Intel Celeron, 1700 MHz || NVIDIA GeForce2 MX/MX 400 (64 MB) || 256 MB (PC 2700 DDR SDRAM) || Maxtor 6Y120P0 (120 GB, 7200 RPM, Ultra-ATA/133) + Samsung SC0842D (8GB, 5400 RPM, Ultra-ATA\66) || HL-DT-ST CD-ROM GCR-8520B (52x CD-ROM) + HL-DT-ST RW/DVD GCC-4320B (DVD:16x, CD:32x\10x\40x DVD-ROM\CD-RW) || Acer AL1714 [17'' LCD] ||

|| Windows XP Professional || Service Pack 2 || Mks_vir 2005 || Opera 8.5 || Mozilla FireFox || BadzIEwie || Ad_aware 1,06 Prof. || Winamp || The Bat! ||
|| Gadu-Gadu || Skype || Mozilla Thunderbird || Spybot - Search & Destroy || Spy Sweeper || Alcohol 120% || PowerDVD || Vista Transformation Pack 3.0 ||
|| Desktop Sidebar || WindowBlinds 5 || IconPackager || Konnekt || StyleXP || Nero || Windows Vista || BitComet || BitSpirit || Azureus || nVIDIA ||

|| FIFA 2006 || Counter-Strike 1.6 || Diablo II Lord of Destuction || Quake 3 Arena || Wolfenstein - Enemy Territory || Need For Speed ||


#9

  • Goście

Napisany 06 listopad 2006 - 23:04

ups. moj pomylkas teraz juz zrobilem poprawnie... ale z logiem z silent dalej problem.. robi sie i robi i zrobic nie moze..

Logfile of HijackThis v1.99.1
Scan saved at 22:51:11, on 2006-11-06
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://dami-rz.pl/daminet.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/sk...kanerOnline.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

#10 Bieniol

Bieniol

    Only Bieniol :)

  • Forumowicze
  • PipPipPipPipPip
  • 283 Postów:

Napisany 06 listopad 2006 - 23:24

Czysto :)
Proponuję zainstalować SP2 :)

IE sluży do przeglądania internetu z twojego komputera i na odwrót !!

"...Everybody's going to the party have a real good time..."

REGULAMIN || SZUKAJKA || POMOC || ETYKIETA || GOOGLUJ

|| Intel Celeron, 1700 MHz || NVIDIA GeForce2 MX/MX 400 (64 MB) || 256 MB (PC 2700 DDR SDRAM) || Maxtor 6Y120P0 (120 GB, 7200 RPM, Ultra-ATA/133) + Samsung SC0842D (8GB, 5400 RPM, Ultra-ATA\66) || HL-DT-ST CD-ROM GCR-8520B (52x CD-ROM) + HL-DT-ST RW/DVD GCC-4320B (DVD:16x, CD:32x\10x\40x DVD-ROM\CD-RW) || Acer AL1714 [17'' LCD] ||

|| Windows XP Professional || Service Pack 2 || Mks_vir 2005 || Opera 8.5 || Mozilla FireFox || BadzIEwie || Ad_aware 1,06 Prof. || Winamp || The Bat! ||
|| Gadu-Gadu || Skype || Mozilla Thunderbird || Spybot - Search & Destroy || Spy Sweeper || Alcohol 120% || PowerDVD || Vista Transformation Pack 3.0 ||
|| Desktop Sidebar || WindowBlinds 5 || IconPackager || Konnekt || StyleXP || Nero || Windows Vista || BitComet || BitSpirit || Azureus || nVIDIA ||

|| FIFA 2006 || Counter-Strike 1.6 || Diablo II Lord of Destuction || Quake 3 Arena || Wolfenstein - Enemy Territory || Need For Speed ||


#11

  • Goście

Napisany 07 listopad 2006 - 08:53

dzieki. no niby czysto.. ale gadu jak bylo zablokowane tak dalej jest zablokowane. dziala tylko w jedna strone.. tzn pisza do mnie a ja nie moge odpisywac. to po otwarciu jakiegos linka przez wspollokatorek :D

#12

  • Goście

Napisany 07 listopad 2006 - 16:07

wszystko gra i buczy dzieki wielkie!!! jestes czarodziej :D

#13 Taxons

Taxons

    Początkujący

  • Forumowicze
  • PipPipPip
  • 64 Postów:

Napisany 10 listopad 2006 - 23:42

Naprzyszlosc nie klikaj w niepewne linki na gg
skrypt zarazil ci kompa
a pozatym za rozsylanie na gg linkow dalej (nieswiadome) dostalaes na gg czasowego bana
There are only 10 types of people in the world.
Those who understand binary and who don't.

#14

  • Goście

Napisany 11 listopad 2006 - 11:07

mam problem sprawdzi mi ktos loga, co mam odstrzelic? dzięki

Logfile of HijackThis v1.99.1
Scan saved at 10:48:29, on 2006-11-11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\KEPISZ\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtek Sound Manager] dsitmbo.exe
O4 - HKLM\..\RunServices: [Realtek Sound Manager] dsitmbo.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DB8493F-4C17-48C5-93E4-A7C8DAFA9F3F}: NameServer = 10.0.0.1,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DB8493F-4C17-48C5-93E4-A7C8DAFA9F3F}: NameServer = 10.0.0.1,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DB8493F-4C17-48C5-93E4-A7C8DAFA9F3F}: NameServer = 10.0.0.1,0.0.0.0
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

to tez jakis wirus na gadu.

#15 repylek

repylek

    Very Lazy Cat

  • Forumowicze
  • PipPipPipPipPipPipPipPip
  • 40292 Postów:
  • Płeć:Mężczyzna

Napisany 11 listopad 2006 - 11:53

zaznacz w logu i użyj FIX'a:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DB8493F-4C17-48C5-93E4-A7C8DAFA9F3F}: NameServer = 10.0.0.1,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DB8493F-4C17-48C5-93E4-A7C8DAFA9F3F}: NameServer = 10.0.0.1,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DB8493F-4C17-48C5-93E4-A7C8DAFA9F3F}: NameServer = 10.0.0.1,0.0.0.0

Linkman M-24


#16 Bieniol

Bieniol

    Only Bieniol :)

  • Forumowicze
  • PipPipPipPipPip
  • 283 Postów:

Napisany 11 listopad 2006 - 11:55

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):

O4 - HKLM\..\Run: [Realtek Sound Manager] dsitmbo.exe
O4 - HKLM\..\RunServices: [Realtek Sound Manager] dsitmbo.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Po zabiegach nowy log z Hijacka + log z Silent Runners

IE sluży do przeglądania internetu z twojego komputera i na odwrót !!

"...Everybody's going to the party have a real good time..."

REGULAMIN || SZUKAJKA || POMOC || ETYKIETA || GOOGLUJ

|| Intel Celeron, 1700 MHz || NVIDIA GeForce2 MX/MX 400 (64 MB) || 256 MB (PC 2700 DDR SDRAM) || Maxtor 6Y120P0 (120 GB, 7200 RPM, Ultra-ATA/133) + Samsung SC0842D (8GB, 5400 RPM, Ultra-ATA\66) || HL-DT-ST CD-ROM GCR-8520B (52x CD-ROM) + HL-DT-ST RW/DVD GCC-4320B (DVD:16x, CD:32x\10x\40x DVD-ROM\CD-RW) || Acer AL1714 [17'' LCD] ||

|| Windows XP Professional || Service Pack 2 || Mks_vir 2005 || Opera 8.5 || Mozilla FireFox || BadzIEwie || Ad_aware 1,06 Prof. || Winamp || The Bat! ||
|| Gadu-Gadu || Skype || Mozilla Thunderbird || Spybot - Search & Destroy || Spy Sweeper || Alcohol 120% || PowerDVD || Vista Transformation Pack 3.0 ||
|| Desktop Sidebar || WindowBlinds 5 || IconPackager || Konnekt || StyleXP || Nero || Windows Vista || BitComet || BitSpirit || Azureus || nVIDIA ||

|| FIFA 2006 || Counter-Strike 1.6 || Diablo II Lord of Destuction || Quake 3 Arena || Wolfenstein - Enemy Territory || Need For Speed ||


#17 Bieniol

Bieniol

    Only Bieniol :)

  • Forumowicze
  • PipPipPipPipPip
  • 283 Postów:

Napisany 11 listopad 2006 - 11:57

O17 - HKLM\System\CCS\Services\Tcpip\..\{0DB8493F-4C17-48C5-93E4-A7C8DAFA9F3F}: NameServer = 10.0.0.1,0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DB8493F-4C17-48C5-93E4-A7C8DAFA9F3F}: NameServer = 10.0.0.1,0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DB8493F-4C17-48C5-93E4-A7C8DAFA9F3F}: NameServer = 10.0.0.1,0.0.0.0

Te wpisy zostają !!

Instrukcję usuwania masz tutaj -> http://forum.idg.pl/...12

IE sluży do przeglądania internetu z twojego komputera i na odwrót !!

"...Everybody's going to the party have a real good time..."

REGULAMIN || SZUKAJKA || POMOC || ETYKIETA || GOOGLUJ

|| Intel Celeron, 1700 MHz || NVIDIA GeForce2 MX/MX 400 (64 MB) || 256 MB (PC 2700 DDR SDRAM) || Maxtor 6Y120P0 (120 GB, 7200 RPM, Ultra-ATA/133) + Samsung SC0842D (8GB, 5400 RPM, Ultra-ATA\66) || HL-DT-ST CD-ROM GCR-8520B (52x CD-ROM) + HL-DT-ST RW/DVD GCC-4320B (DVD:16x, CD:32x\10x\40x DVD-ROM\CD-RW) || Acer AL1714 [17'' LCD] ||

|| Windows XP Professional || Service Pack 2 || Mks_vir 2005 || Opera 8.5 || Mozilla FireFox || BadzIEwie || Ad_aware 1,06 Prof. || Winamp || The Bat! ||
|| Gadu-Gadu || Skype || Mozilla Thunderbird || Spybot - Search & Destroy || Spy Sweeper || Alcohol 120% || PowerDVD || Vista Transformation Pack 3.0 ||
|| Desktop Sidebar || WindowBlinds 5 || IconPackager || Konnekt || StyleXP || Nero || Windows Vista || BitComet || BitSpirit || Azureus || nVIDIA ||

|| FIFA 2006 || Counter-Strike 1.6 || Diablo II Lord of Destuction || Quake 3 Arena || Wolfenstein - Enemy Territory || Need For Speed ||


#18

  • Goście

Napisany 11 listopad 2006 - 19:28

artuuurs kontynuuj rozwiązywanie swoich problemów w tym jednym wątku




0 Użytkowników czyta ten temat

0 użytkowników, 0 gości, 0 anonimowych użytkowników