Dla Piecyka

IP: 81.210.88.* 23.03.05, 23:16
Logfile of HijackThis v1.99.0
Scan saved at 23:15:31, on 05-03-23
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WIN98SE\SYSTEM\KERNEL32.DLL
C:\WIN98SE\SYSTEM\MSGSRV32.EXE
C:\WIN98SE\SYSTEM\SPOOL32.EXE
C:\WIN98SE\SYSTEM\mmtask.tsk
C:\WIN98SE\EXPLORER.EXE
C:\WIN98SE\SYSTEM\DDHELP.EXE
C:\WIN98SE\TASKMON.EXE
C:\WIN98SE\SYSTEM\SYSTRAY.EXE
C:\WIN98SE\SOUNDMAN.EXE
C:\WIN98SE\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WIN98SE\RUNDLL32.EXE
C:\PROGRAM FILES\A4TECH\KEYBOARD\IKEYMAIN.EXE
C:\WIN98SE\SYSTEM\SYSTIME.EXE
C:\WIN98SE\MSCSVC.EXE
C:\WIN98SE\SAAP.EXE
C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE
C:\WIN98SE\SYSTEM\AP9H4QMO.EXE
C:\PROGRAM FILES\MEDIA PASS\MEDIAPASS.EXE
C:\WIN98SE\SYSTEM\SYSTIME.EXE
C:\WIN98SE\DANE APLIKACJI\SPEM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MEDIA PASS\MEDIAPASSK.EXE
C:\WIN98SE\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\DYKS C\GADU-GADU\GG.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MOJE DOKUMENTY\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
O1 - Hosts: 213.159.117.203/dkprogs/hosts.txt
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} -
C:\WIN98SE\SYSTEM\porynt.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WIN98SE\NEM220.DLL
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
C:\WIN98SE\SYSTEM\MSBE.DLL
O2 - BHO: (no name) - {F83165F3-DB39-AEC4-10D1-F33A95411490} -
C:\WIN98SE\SYSTEM\JOXC.DLL
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} -
C:\WIN98SE\CERBMOD.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN98SE\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WIN98SE\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WIN98SE\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1
\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4TECH\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [SysTime] C:\WIN98SE\SYSTEM\systime.exe
O4 - HKLM\..\Run: [mscsvc.exe] C:\WIN98SE\mscsvc.exe
O4 - HKLM\..\Run: [ntddetect] SE\SYSTEM\ntddetect.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize313.exe"
O4 - HKLM\..\Run: [saap] c:\win98se\saap.exe
O4 - HKLM\..\Run: [tgdqf] C:\WINDOWS\tgdqf.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
Network\bin\bargains.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WIN98SE\SYSTEM\ap9h4qmo.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ntddetect] SE\SYSTEM\ntddetect.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\DYKS C\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [SysTime] C:\WIN98SE\SYSTEM\systime.exe
O4 - HKCU\..\Run: [ntddetect] SE\SYSTEM\ntddetect.exe
O4 - HKCU\..\Run: [Uddu] C:\WIN98SE\Dane aplikacji\spem.exe
O4 - HKCU\..\Run: [Otaddf] C:\WIN98SE\SYSTEM\qnjs.exe
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/tw/win/QuickTimeFullInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
software-dl.real.com/114c141fe36f059c6821/netzip/RdxIE601.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
iframedollars.biz/tb/loader2.ocx
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-
its:mhtml:file://C:\nosuch.mht!
213.159.117.203/dl/adv407/x.chm::/load.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} -
C:\WIN98SE\SYSTEM\porynt.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} -
C:\WIN98SE\SYSTEM\porynt.dll
O21 - SSODL: eplrr - {15C65AC0-6609-11D9-8C9C-00024435D29F} -
C:\WIN98SE\SYSTEM\eplrr3.dll

    • Gość: Kolobos Re: Dla Piecyka IP: *.warszawa.sdi.tpnet.pl 23.03.05, 23:31
      Co prawda nie jestem Piecykiem ale i tak pomoge :-)
      Uruchom hijackthis i zaznacz wszystkie wpisy Nasty i Possibly nasty oraz
      Unknown stad:
      www.hijackthis.de/logfiles/9303456d4635e6b6f402792f32778ff1.html
      I Fix Checked, odwiedz tez www.windowsupdate.com i sciagnij najnowsza wersje IE
      itd. nastepnie uruchom ponownie komputer i wklej nowy log.
      • Gość: Tereska Re: Dla Piecyka IP: 81.210.88.* 23.03.05, 23:52
        Logfile of HijackThis v1.99.0
        Scan saved at 23:53:34, on 05-03-23
        Platform: Windows 98 SE (Win9x 4.10.2222A)
        MSIE: Internet Explorer v5.00 (5.00.2614.3500)

        Running processes:
        C:\WIN98SE\SYSTEM\KERNEL32.DLL
        C:\WIN98SE\SYSTEM\MSGSRV32.EXE
        C:\WIN98SE\SYSTEM\SPOOL32.EXE
        C:\WIN98SE\SYSTEM\mmtask.tsk
        C:\WIN98SE\SYSTEM\PSTORES.EXE
        C:\WIN98SE\EXPLORER.EXE
        C:\WIN98SE\SYSTEM\DDHELP.EXE
        C:\WIN98SE\TASKMON.EXE
        C:\WIN98SE\SYSTEM\SYSTRAY.EXE
        C:\WIN98SE\SOUNDMAN.EXE
        C:\WIN98SE\SYSTEM\QTTASK.EXE
        C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
        C:\WIN98SE\RUNDLL32.EXE
        C:\PROGRAM FILES\A4TECH\KEYBOARD\IKEYMAIN.EXE
        C:\WIN98SE\SYSTEM\SYSTIME.EXE
        C:\WIN98SE\MSCSVC.EXE
        C:\WIN98SE\SAAP.EXE
        C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE
        C:\WIN98SE\SYSTEM\AP9H4QMO.EXE
        C:\PROGRAM FILES\MEDIA PASS\MEDIAPASS.EXE
        C:\WIN98SE\SYSTEM\SYSTIME.EXE
        C:\WIN98SE\DANE APLIKACJI\SPEM.EXE
        C:\WIN98SE\SYSTEM\QNJS.EXE
        C:\PROGRAM FILES\MEDIA PASS\MEDIAPASSK.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\WIN98SE\SYSTEM\WMIEXE.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        D:\DYKS C\GADU-GADU\GG.EXE
        C:\MOJE DOKUMENTY\HIJACKTHIS.EXE

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        213.159.117.134/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        213.159.117.134/index.php
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        213.159.117.134/index.php
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        213.159.117.134/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        213.159.117.134/index.php
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        213.159.117.134/index.php
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
        O4 - HKLM\..\Run: [ScanRegistry] C:\WIN98SE\scanregw.exe /autorun
        O4 - HKLM\..\Run: [TaskMonitor] C:\WIN98SE\taskmon.exe
        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [QuickTime Task] "C:\WIN98SE\SYSTEM\QTTASK.EXE" -atboottime
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4TECH\KEYBOARD\IKEYMAIN.EXE
        O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe
        O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1
        \NEWDOT~1.DLL,NewDotNetStartup -s
        O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
        O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
        O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
        O15 - Trusted IP range: 213.159.117.202
        O15 - Trusted IP range: 213.159.117.202 (HKLM)
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
        www.pandasoftware.com/activescan/as5/asinst.cab
        O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
        a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/tw/win/QuickTimeFullInstaller.exe
        O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
        software-dl.real.com/114c141fe36f059c6821/netzip/RdxIE601.cab
        • Gość: piecyk gazowy Re: Dla Piecyka IP: *.tpnet.pl / *.tpnet.pl 24.03.05, 00:11
          Ściągnij to: www.cexx.org/LSPFix.exe
          Wybierz I know what I'm doing (czy jakoś ta), wybierz osmim.dll, wciśnij Remove
          i Finish.

          Ściągnij to: www.mvps.org/winhelp2002/DelDomains.inf
          Zapisz np. na puplpicie, kliknij prawym, wybierz Zainstaluj.

          Wklej nowego loga z HT.

          Ja chyba idę spać. ;-)
        • Gość: piecyk gazowy PS IP: *.tpnet.pl / *.tpnet.pl 24.03.05, 00:12
          To w HT usuń:

          > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          > 213.159.117.134/index.php
          > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          > 213.159.117.134/index.php
          > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          > 213.159.117.134/index.php
          > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
          > 213.159.117.134/index.php
          > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          > 213.159.117.134/index.php
          > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          > 213.159.117.134/index.php

          I potem wklej nowego loga.
      • Gość: Kolobos Re: Dla Piecyka IP: *.warszawa.sdi.tpnet.pl 24.03.05, 00:27
        eh dalem link nie do tego log'a ;-)
        ale to nie zmienia faktu, ze gg bylo z zielona ikonka wiec nie mialo zostac
        usuniete.
    • Gość: Tereska Re: Dla Piecyka IP: 81.210.88.* 24.03.05, 00:05
      a po restarcie zniknęło mi gg, ręce opadają...
Pełna wersja