prosze o sprawdzenie loga

**Posty:** 61 · przez **frycu** 21 Sie 2006, 22:05

Nagle w kompie wyskoczylo mi okno" your computer is infected"chcialem uruchomic w trybie awaryjnym ale sie nie dalo bo chyba te wirusy mi nie pozwalaja

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 21:54:43, on 2006-08-21 Platform: Windows XP (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe C:\WINDOWS\System32\javanet.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Winamp3.0\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\mshost32.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\GetRight\getright.exe C:\Program Files\GetRight\getright.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ZX752B~1.ZX-\USTAWI~1\Temp\Rar$EX00.077\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe F2 - REG:system.ini: Shell=Explorer.exe javanet.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,javanet.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp3.0\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [RealPlayer] "%APP_PATH::RealPlay.exe%\realplay.exe" /RunUPGToolCommandReBoot O4 - HKCU\..\Run: [mssp3] C:\WINDOWS\System32\mshost32.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6FBB4A-9AA2-4F02-ABCE-678A7AE4EBC0}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A5EB24-0451-4CB5-8735-77465BB79F35}: NameServer = 217.30.129.149,217.30.137.200 O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\system32\msc.cpl O21 - SSODL: msp.cpl - {E21B5E20-DE35-11CF-9C87-157900512701} - C:\WINDOWS\system32\msp.cpl O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

przez **jeff** 21 Sie 2006, 22:10

wyłącz przywracanie systemu, wejdź w tryb awaryjny i kasujesz wpisy w Hijacku

F2 - REG:system.ini: Shell=Explorer.exe javanet.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,javanet.exe
O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\Run: [mssp3] C:\WINDOWS\System32\mshost32.exe
O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\system32\msc.cpl
O21 - SSODL: msp.cpl - {E21B5E20-DE35-11CF-9C87-157900512701} - C:\WINDOWS\system32\msp.cpl

pliki pogrubine usuwasz dodatkowo ręcznie z dysku

**Posty:** 61 · przez **frycu** 21 Sie 2006, 22:20

detektyw napisał(a):wyłącz przywracanie systemu, wejdź w tryb awaryjny i kasujesz wpisy w Hijacku
F2 - REG:system.ini: Shell=Explorer.exe javanet.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,javanet.exe
O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\Run: [mssp3] C:\WINDOWS\System32\mshost32.exe
O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\system32\msc.cpl
O21 - SSODL: msp.cpl - {E21B5E20-DE35-11CF-9C87-157900512701} - C:\WINDOWS\system32\msp.cpl

pliki pogrubine usuwasz dodatkowo ręcznie z dysku

Nie moge odpalić trybu awaryjnego.wyskakuje błąd nigdy tak nie było!! pojawia sie tego swinstwa wiecej.najnowszy log

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 22:07:06, on 2006-08-21 Platform: Windows XP (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe C:\WINDOWS\System32\javanet.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Winamp3.0\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\mshost32.exe C:\Program Files\GetRight\getright.exe C:\Program Files\GetRight\getright.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\System32\msijavaup32.exe c:\ac3_0010.exe c:\oxaeddd.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\DOCUME~1\ZX752B~1.ZX-\USTAWI~1\Temp\Rar$EX40.805\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE c:\nwnmff_12.exe C:\WINDOWS\System32\stonedrv.exe C:\WINDOWS\System32\cmd.exe C:\WINDOWS\system32\cscript.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Network Monitor\netmon.exe C:\WINDOWS\eng\command.exe C:\WINDOWS\Explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\ZX752B~1.ZX-\USTAWI~1\Temp\Rar$EX87.004\HijackThis.exe F2 - REG:system.ini: Shell=Explorer.exe msijavaup32.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,msijavaup32.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp3.0\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ths58080] RUNDLL32.EXE w006efd5.dll,n 0035807d0000000a006efd5 O4 - HKLM\..\Run: [newname] c:\\nwnmff_12.exe O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [RealPlayer] "%APP_PATH::RealPlay.exe%\realplay.exe" /RunUPGToolCommandReBoot O4 - HKCU\..\Run: [mssp3] C:\WINDOWS\System32\mshost32.exe O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe" O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKCU\..\RunServices: [MS Java for Windows XP & NT] javanet.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6FBB4A-9AA2-4F02-ABCE-678A7AE4EBC0}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A5EB24-0451-4CB5-8735-77465BB79F35}: NameServer = 217.30.129.149,217.30.137.200 O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\DI210.dll O21 - SSODL: Folder powłoki dla nagrywania dysków CD - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\eng\command.exe O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

przez **jeff** 21 Sie 2006, 22:23

skąd ty tyle gówna łapiesz ??

przeskanuj www.ewido.com >> wywal wszystko
później odpal SmitfraudFix

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

opis >>

http://forum.programosy.pl/trudne-przypadki-i-metody-usuwania-vt41947.html

i przejedź nim dysk. Po zabiegach dajesz nowy log z Hijacka

**Posty:** 61 · przez **frycu** 21 Sie 2006, 23:15

detektyw napisał(a):skąd ty tyle gówna łapiesz ??

przeskanuj www.ewido.com >> wywal wszystko
później odpal SmitfraudFix

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

opis >>

http://forum.programosy.pl/trudne-przypadki-i-metody-usuwania-vt41947.html

i przejedź nim dysk. Po zabiegach dajesz nowy log z Hijacka

Niestety nie daje rady.z ewido mnie wyrzuca,ten Smitfraud.fix mi nie działa wyskakuje błąd a jeli chodzi o to gdzie lazilem to nie bylem na zadnych stronach porno,wpiepszylo mi sie cos przez mozzille jak czytalem wiadomości na wp! masakra nie wiem co z tym robic,awaryjny mi sie nie odpala

[ Dodano: Dzisiaj o 0:20 ]
Co mogłem to zrobiłem napewno ten log jest jeszcze brudny

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 00:08:35, on 2006-08-22 Platform: Windows XP (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\javanet.exe C:\WINDOWS\Explorer.exe C:\Program Files\Winamp3.0\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\windows\system32\stonedrv.exe C:\windows\system32\taskmgn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\mshost32.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\WinRAR\WinRAR.exe c:\javanet.exe C:\DOCUME~1\ZX752B~1.ZX-\USTAWI~1\Temp\Rar$EX00.887\HijackThis.exe F2 - REG:system.ini: Shell=Explorer.exe javanet.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,javanet.exe O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp3.0\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ths58080] RUNDLL32.EXE w006efd5.dll,n 0035807d0000000a006efd5 O4 - HKLM\..\Run: [newname] C:\\nwnmff_12.exe O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmgn.exe O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [RealPlayer] "%APP_PATH::RealPlay.exe%\realplay.exe" /RunUPGToolCommandReBoot O4 - HKCU\..\Run: [mssp3] C:\WINDOWS\System32\mshost32.exe O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00009.exe" O4 - HKCU\..\RunServices: [MS Java for Windows XP & NT] javanet.exe O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6FBB4A-9AA2-4F02-ABCE-678A7AE4EBC0}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A5EB24-0451-4CB5-8735-77465BB79F35}: NameServer = 217.30.129.149,217.30.137.200 O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\lv2809fue.dll O20 - Winlogon Notify: StillImage - C:\WINDOWS\ O21 - SSODL: Folder powłoki dla nagrywania dysków CD - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file) O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

przez **jeff** 22 Sie 2006, 08:36

najpierw kasujesz wpisy w Hijacku, które podam

F2 - REG:system.ini: Shell=Explorer.exe javanet.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,javanet.exe
O4 - HKLM\..\Run: [ths58080] RUNDLL32.EXE w006efd5.dll,n 0035807d0000000a006efd5
O4 - HKLM\..\Run: [newname] C:\\nwnmff_12.exe
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmgn.exe
O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [mssp3] C:\WINDOWS\System32\mshost32.exe
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00009.exe
O4 - HKCU\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\lv2809fue.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\

jak skasujesz wpisy to bez reseta spróbuj usunąć ręcznie pogrubione pliki

**Posty:** 61 · przez **frycu** 22 Sie 2006, 23:42

detektyw napisał(a):najpierw kasujesz wpisy w Hijacku, które podam

F2 - REG:system.ini: Shell=Explorer.exe javanet.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,javanet.exe
O4 - HKLM\..\Run: [ths58080] RUNDLL32.EXE w006efd5.dll,n 0035807d0000000a006efd5
O4 - HKLM\..\Run: [newname] C:\\nwnmff_12.exe
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmgn.exe
O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [mssp3] C:\WINDOWS\System32\mshost32.exe
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00009.exe
O4 - HKCU\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\lv2809fue.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\

jak skasujesz wpisy to bez reseta spróbuj usunąć ręcznie pogrubione pliki

Ok zrobiłem jak prosiłes mimo to powróciło wiec zrobilem jeszcze raz
Daje logi

Kod: Zaznacz wszystko: Platform: Windows XP (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Winamp3.0\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ZX752B~1.ZX-\USTAWI~1\Temp\Rar$EX00.288\HijackThis.exe F2 - REG:system.ini: Shell=Explorer.exe javanet.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,javanet.exe O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp3.0\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [RealPlayer] "%APP_PATH::RealPlay.exe%\realplay.exe" /RunUPGToolCommandReBoot O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9E6FBB4A-9AA2-4F02-ABCE-678A7AE4EBC0}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CCS\Services\Tcpip\..\{F4A5EB24-0451-4CB5-8735-77465BB79F35}: NameServer = 217.30.129.149,217.30.137.200 O21 - SSODL: Folder powłoki dla nagrywania dysków CD - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file) O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"] "RealPlayer" = ""%APP_PATH::RealPlay.exe%\realplay.exe" /RunUPGToolCommandReBoot" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NeroCheck" = "C:\WINDOWS\System32\\NeroCheck.exe" ["Ahead Software Gmbh"] "WinampAgent" = "C:\Program Files\Winamp3.0\winampa.exe" [null data] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks"] "{C1728FC8-0162-4827-85B0-8420B5B20263}" = "All Converter" -> {HKLM...CLSID} = "All Converter" \InProcServer32\(Default) = "C:\Program Files\1stbenison\All Converter\CMExt.dll" [null data] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ INFECTION WARNING! "Shell" = "Explorer.exe javanet.exe" [MS], [file not found] INFECTION WARNING! "Userinit" = "C:\WINDOWS\System32\userinit.exe,javanet.exe" [MS], [file not found] "System" = (value not set) HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\zx.ZX-377ATD05THBX\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "zx" & "All Users" startup folders: ---------------------------------------------------- C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "GetRight - Tray Icon" -> shortcut to: "C:\Program Files\GetRight\getright.exe" ["Headlight Software, Inc."] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "&FlashGet" "Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] Keyboard Driver Filters: ------------------------ HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\ "UpperFilters" = INFECTION WARNING! "DumaNT" ["Windows (R) 2000 DDK provider"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor i320\Driver = "CNMLM47.DLL" ["CANON INC."] PDFCreator\Driver = "pdfcmnnt.dll" [null data] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 81 seconds, including 4 seconds for message boxes)

przez **jeff** 23 Sie 2006, 06:50

pozostało

F2 - REG:system.ini: Shell=Explorer.exe javanet.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,javanet.exe
O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe

prosze o sprawdzenie loga

Prosze o sprawdzenie loga

Kto jest na forum