Pliki dmx w tempie help wymiekam :(

Witam.
Cos mi sie przykleilo do w98se nie mam pojecia co. Nic nie wykrywa badziewia (spyboot, ad–aware, microsoft antyspywere, kaspersku 4,5) w katalogu temp pojawiaja sie pliki dmx.tmp (dmx890ee.tmp itp) zapycha mi tempa momentalnie tymi plikami robi sie z tego gigantyczna ilosc. Nie mam pojecia jak sobie z tym dac rade...
Jesli ktos by cos wiedzial bylbym wdzieczny za pomoc.
Pozdrawiam.

chyle czola przed docentami porzadku :wink:
rowniez mialem dmx. posprzatalem swoje polki, czy mam jeszcze jakis problem :?: :?:

Logfile of HijackThis v1.99.1
Scan saved at 20:25:36, on 13/02/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WIN98\SYSTEM\KERNEL32.DLL
C:\WIN98\SYSTEM\MSGSRV32.EXE
C:\WIN98\SYSTEM\SPOOL32.EXE
C:\WIN98\SYSTEM\MPREXE.EXE
C:\WIN98\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WIN98\SYSTEM\LEXBCES.EXE
C:\WIN98\SYSTEM\RPCSS.EXE
C:\WIN98\SYSTEM\LEXPPS.EXE
C:\WIN98\SYSTEM\mmtask.tsk
C:\WIN98\EXPLORER.EXE
C:\WIN98\SYSTEM\INTERNAT.EXE
C:\WIN98\TASKMON.EXE
C:\WIN98\SYSTEM\SYSTRAY.EXE
C:\WIN98\SYSTEM\IGFXTRAY.EXE
C:\WIN98\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WIN98\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WIN98\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\PLAXO\2.6.2.7\PLAXOHELPER.EXE
C:\PROGRAM FILES\LG PC SUITE\LG PC SYNC\LGSYNCMANAGER.EXE
C:\WIN98\SYSTEM\WMIEXE.EXE
D:\PROGRAMY\SAMOOBRONA\HIJACKTHIS.EXE

O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 – Toolbar: @msdxmLC.dll,–1@1045,&Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WIN98\SYSTEM\MSDXM.OCX
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [ScanRegistry] C:\WIN98\scanregw.exe /autorun
O4 – HKLM\..\Run: [TaskMonitor] C:\WIN98\taskmon.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\Run: [IgfxTray] C:\WIN98\SYSTEM\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WIN98\SYSTEM\hkcmd.exe
O4 – HKLM\..\Run: [LexStart] lexstart.exe
O4 – HKLM\..\Run: [StillImageMonitor] C:\WIN98\SYSTEM\STIMON.EXE
O4 – HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 – HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 – HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 – HKLM\..\Run: [KodakCCS] C:\WIN98\System32\Drivers\KodakCCS.exe
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [TrueVector] C:\WIN98\SYSTEM\ZONELABS\VSMON.EXE –service
O4 – HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 – HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe –a
O4 – Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Startup: LG Sync Manager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 – Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 – Startup: PowerReg Scheduler.exe
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: MSN Messenger Service – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {A6916797–7ABD–4F07–93AE–098B6F543129} (CO2Player Class) – http://www.lemontv.pl/lmctrlp.cab
O16 – DPF: {7F8C8173–AD80–4807–AA75–5672F22B4582} (ICSScanner Class) – http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37380.cab
O16 – DPF: {08BEF711–06DA–48B2–9534–802ECAA2E4F9} (PlxInstall Class) – https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 – DPF: {1DB93715–3B60–43EE–93E6–279BB3E1DF76} (OCXDownloadChecker Control) – http://hillhouse.dipmap.com/cab/OCXChecker_6100.cab
O16 – DPF: {DBAFE6AD–DC14–45DF–A3F7–F8832289A1CD} (DownloadFile Control) – http://hillhouse.dipmap.com/cab/DownloadFile_6100.cab

lukijad

Dodano: 13.02.2006 22:45:35

barti_x – w tym dziale jest przyklejony temat autorstwa EL_NINO o logach i ich sprawdzaniu – skorzystaj z niego i sprawdź sobie loga sam. Po samodzielnym sprawdzeniu wrzuć loga jeszcze raz.

Żółty

Dodano: 26.01.2006 20:03:49

cześć
ja mam ten sam problem :( pomuszcie mi (help) prosze i czy coś moge zrobić źe by szybciej chodził
:D :D :D :D :D :D :D :D :D :lol: :!: :!: :!: :!: :!: :!: :!: :!: :!: :!: :!: :!:

Logfile of HijackThis v1.99.1
Scan saved at 18:41:49, on 2006–01–14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Bartek\Moje dokumenty\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\admin\USTAWI~1\Temp\Rar$EX00.531\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
F2 – REG:system.ini: Shell=
F3 – REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 – BHO: NavErrRedir Class – {00D6A7E7–4A97–456f–848A–3B75BF7554D7} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\programy\adobe reader\ActiveX\AcroIEHelper.dll
O2 – BHO: HBO Class – {5321E378–FFAD–4999–8C62–03CA8155F0B3} – C:\WINDOWS\inet20003\3.00.13.dll
O2 – BHO: MPEG Support Dll – {57A70350–87D9–4EA2–B3AC–C1C1B5296035} – C:\WINDOWS\system32\mpegcore.dll (file missing)
O2 – BHO: RXResultTracker Class – {59879FA4–4790–461c–A1CC–4EC4DE4CA483} – C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Documents and Settings\Bartek\Moje dokumenty\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O8 – Extra context menu item: &Download with &DAP – D:\DAP\dapextie.htm
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZHxdm034YYPL
O8 – Extra context menu item: Download &all with DAP – D:\DAP\dapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Pobierz uźywając Download &Express'a – D:\Download Express\Add_Url.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O14 – IERESET.INF: START_PAGE_URL=www.google.com.pl
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110816596906
O16 – DPF: {8FCDF9D9–A28B–480F–8C3D–581F119A8AB8} (MediaGatewayX) – http://static.zangocash.com/cab/Zango/ie/bridge–c46.cab
O16 – DPF: {EE8B6D5F–FEF2–11D0–B13F–00A024798EF3} (Microsoft Search Settings Control) – http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O18 – Filter: text/html – (no CLSID) – (no file)
O18 – Filter: text/html – {2AB289AE–4B90–4281–B2AE–1F4BB034B647} – C:\PROGRA~1\RXTOOL~1\sfcont.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

barti_x

Dodano: 26.01.2006 19:46:18

Dzieki serdeczne :)

Remmirath

Dodano: 12.01.2006 12:17:13

Jest ok :D

Wiewia

Dodano: 12.01.2006 11:55:45

Nowy log mam nadzieje ze juz wszystko jest OK :)

Logfile of HijackThis v1.99.1
Scan saved at 10:48:27, on 06–01–12
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\GADU–GADU\GG.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\ANTIVIRAL TOOLKIT PRO\AVPM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\TOTALCMD\TOTALCMD.EXE
C:\HIJACK\HIJACKTHIS.EXE

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 – BHO: Solid Converter PDF – {259F616C–A300–44F5–B04A–ED001A26C85C} – C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 – Toolbar: Solid Converter PDF – {259F616C–A300–44F5–B04A–ED001A26C85C} – C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 – HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 – HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" –atboottime
O4 – HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRAM FILES\GADU–GADU\GG.EXE" /tray
O4 – HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" –turbo
O4 – Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 – Startup: AVP Monitor.lnk = C:\Program Files\AntiViral Toolkit Pro\avpm.exe
O12 – Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=

Remmirath

Dodano: 12.01.2006 11:50:57

Napisałem ci wyłacz przywracanie systemu sorki w 98 nie ma tego. Wejdz tylko w tryb awaryjny.(podczas startu systemu wciskaj F8 )

Znajdz plik na dysku pościeźce np:C:\WINDOWS\SYSTEM\paytime.exe

i plik na czerwono lub katalog usuń.

Jesli nie moźesz zlokalizować pliki. To w opcjach folderów zmien w zakładce widok źeby pokazywał wszytkie pliki (ukryte i systemowe)

Jeśli masz problem z usunięciem pliku

Uźyj KillBox Zaznaczasz opcję Delete on Reboot i w polu Full Path of File to Delete wklejasz ścieźki np: C:\WINDOWS\G60718.DLL

Wiewia

Dodano: 12.01.2006 11:40:49

OK zaraz to zrobie.
Tylko ze nie wiem jak usunac to recznie...

Remmirath

Dodano: 12.01.2006 10:49:00

Jeszcze do usunięcia

O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 – HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 – HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels64.exe
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS\INET20001\SERVICES.EXE
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O20 – Winlogon Notify: st3 – C:\WINDOWS\G60718.DLL (file missing)
O21 – SSODL: OLE Module – {203B1C4D9–BC71–8916–38AD–9DEA5D213614} – C:\WINDOWS\SYSTEM\bre.dll (file missing)
O21 – SSODL: fldrsys – {3AFFF1E0–80E1–11DA–9997–00055D6CDAA2} – fldrsys.dll (file missing)

. Uruchom kompa w trybie awaryjnym. Wpisy usun HJ a te na czerwono ręcznie z dysku.

Po tym nowy log.

Wiewia

Dodano: 10.01.2006 20:11:52

Dzieki serdeczne za pomoc to mnie bolalo :)

Remmirath

Dodano: 10.01.2006 14:28:59

Usuń wpisy:
C:\WINDOWS\SYSLDR32.EXE
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS\INET20001\SERVICES.EXE
O4 – HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe internat.dll,LoadKeyboardProfile
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS\INET20001\SERVICES.EXE
O4 – Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

sh@dow

Dodano: 10.01.2006 14:12:51

Wklejam log z hijacka moze ktos cos wymysli...

Logfile of HijackThis v1.99.1
Scan saved at 12:37:31, on 06–01–10
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSLDR32.EXE
C:\PROGRAM FILES\GADU–GADU\GG.EXE
C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\ANTIVIRAL TOOLKIT PRO\AVPM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\TOTALCMD\TOTALCMD.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\HIJACK\HIJACKTHIS.EXE

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F1 – win.ini: run=C:\WINDOWS\INET20001\SERVICES.EXE
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 – BHO: Solid Converter PDF – {259F616C–A300–44F5–B04A–ED001A26C85C} – C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 – Toolbar: Solid Converter PDF – {259F616C–A300–44F5–B04A–ED001A26C85C} – C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 – HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 – HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" –atboottime
O4 – HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 – HKLM\..\Run: [xp_system] C:\WINDOWS\INET20001\SERVICES.EXE
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 – HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 – HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe internat.dll,LoadKeyboardProfile
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 – HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels64.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRAM FILES\GADU–GADU\GG.EXE" /tray
O4 – HKCU\..\Run: [xp_system] C:\WINDOWS\INET20001\SERVICES.EXE
O4 – HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" –turbo
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 – HKCU\..\RunOnce: [vsdownloaderreboot] "D:\BHP\NOWE–PROGRAMY\PDF\CA8TYF01.EXE"
O4 – Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 – Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 – Startup: AVP Monitor.lnk = C:\Program Files\AntiViral Toolkit Pro\avpm.exe
O12 – Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O20 – Winlogon Notify: st3 – C:\WINDOWS\G60718.DLL (file missing)
O21 – SSODL: OLE Module – {203B1C4D9–BC71–8916–38AD–9DEA5D213614} – C:\WINDOWS\SYSTEM\bre.dll (file missing)
O21 – SSODL: fldrsys – {3AFFF1E0–80E1–11DA–9997–00055D6CDAA2} – fldrsys.dll (file missing)

Remmirath

Dodano: 10.01.2006 13:53:42

Zrób loga w HijackThis

sh@dow

Dodano: 10.01.2006 12:15:02

Pliki dmx w tempie help wymiekam :(

Odpowiedzi: 13