bardzo proszę o sprawdzenie loga

IP: *.chello.pl 14.04.05, 20:39
Logfile of HijackThis v1.97.7
Scan saved at 20:34:57, on 05-04-14
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\QWINNTA.EXE
C:\WINDOWS\SYSTEM\SESMGR.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
www.richfind.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
www.richfind.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
www.richfind.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
www.richfind.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search - {14F600E3-AD22-11D9-9B65-000244089DEC} -
C:\WINDOWS\SYSTEM\Q302097.DLL
R3 - URLSearchHook: Search - {15866D03-AC51-11D9-9B65-000244089DEC} -
C:\WINDOWS\SYSTEM\Q486003.DLL
R3 - URLSearchHook: Search - {00000000-0000-0000-0000-000000000000} -
C:\WINDOWS\SYSTEM\Q486003.DLL
O2 - BHO: (no name) - {4C5F8DE0-AC1D-11D9-9B65-000244089DEC} -
C:\WINDOWS\SYSTEM\MSCKR.DLL
O2 - BHO: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} -
C:\WINDOWS\SYSTEM\IE2CLTR.DLL
O2 - BHO: (no name) - {50F4F480-AC1D-11D9-9B65-000244089DEC} -
C:\WINDOWS\SYSTEM\SPCLK.DLL
O2 - BHO: (no name) - {14F600E1-AD22-11D9-9B65-000244089DEC} -
C:\WINDOWS\SYSTEM\Q302097.DLL
O2 - BHO: (no name) - {15866D01-AC51-11D9-9B65-000244089DEC} -
C:\WINDOWS\SYSTEM\Q486003.DLL
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} -
C:\WINDOWS\SYSTEM\Q486003.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} -
C:\WINDOWS\SYSTEM\IE2CLTR.DLL
O3 - Toolbar: Search - {14F600E0-AD22-11D9-9B65-000244089DEC} -
C:\WINDOWS\SYSTEM\Q302097.DLL
O3 - Toolbar: Search - {15866D00-AC51-11D9-9B65-000244089DEC} -
C:\WINDOWS\SYSTEM\Q486003.DLL
O3 - Toolbar: Search - {00000000-0000-0000-0000-000000000000} -
C:\WINDOWS\SYSTEM\Q486003.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Search (HKLM)
O9 - Extra button: Search (HKLM)
O9 - Extra button: Search (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
download.macromedia.com/pub/shockwave/cabs/Flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    • Gość: Kolobos Re: bardzo proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 14.04.05, 20:52
      Odinstaluj:

      MEDIA ACCESS

      Po resecie wywal caly katalog:
      C:\PROGRAM FILES\MEDIA ACCESS\

      Przeskanuj tym:
      cwshredder.net/bin/CWShredder.exe <- CWS Shredder


      W hijackthis zaznacz te wpisy:

      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      > www.richfind.com/ie/
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      > www.richfind.com/ie/
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      > www.richfind.com/ie/
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      > www.richfind.com/ie/
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      > www.richfind.com/ie/
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      > www.richfind.com/ie/
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      > R3 - URLSearchHook: Search - {14F600E3-AD22-11D9-9B65-000244089DEC} -
      > C:\WINDOWS\SYSTEM\Q302097.DLL
      > R3 - URLSearchHook: Search - {15866D03-AC51-11D9-9B65-000244089DEC} -
      > C:\WINDOWS\SYSTEM\Q486003.DLL
      > R3 - URLSearchHook: Search - {00000000-0000-0000-0000-000000000000} -
      > C:\WINDOWS\SYSTEM\Q486003.DLL
      > O2 - BHO: (no name) - {4C5F8DE0-AC1D-11D9-9B65-000244089DEC} -
      > C:\WINDOWS\SYSTEM\MSCKR.DLL
      > O2 - BHO: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} -
      > C:\WINDOWS\SYSTEM\IE2CLTR.DLL
      > O2 - BHO: (no name) - {50F4F480-AC1D-11D9-9B65-000244089DEC} -
      > C:\WINDOWS\SYSTEM\SPCLK.DLL
      > O2 - BHO: (no name) - {14F600E1-AD22-11D9-9B65-000244089DEC} -
      > C:\WINDOWS\SYSTEM\Q302097.DLL
      > O2 - BHO: (no name) - {15866D01-AC51-11D9-9B65-000244089DEC} -
      > C:\WINDOWS\SYSTEM\Q486003.DLL
      > O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} -
      > C:\WINDOWS\SYSTEM\Q486003.DLL
      > O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} -
      > C:\WINDOWS\SYSTEM\IE2CLTR.DLL
      > O3 - Toolbar: Search - {14F600E0-AD22-11D9-9B65-000244089DEC} -
      > C:\WINDOWS\SYSTEM\Q302097.DLL
      > O3 - Toolbar: Search - {15866D00-AC51-11D9-9B65-000244089DEC} -
      > C:\WINDOWS\SYSTEM\Q486003.DLL
      > O3 - Toolbar: Search - {00000000-0000-0000-0000-000000000000} -
      > C:\WINDOWS\SYSTEM\Q486003.DLL
      > O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
      > O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      > O9 - Extra button: Search (HKLM)
      > O9 - Extra button: Search (HKLM)
      > O9 - Extra button: Search (HKLM)

      Fix Checked, nastepnie uruchom ponownie komputer, wywal te wszystkie dll, ktore
      wymienilem i przeskanuj tymi trzema:

      housecall.trendmicro.com/housecall/start_corp.asp
      www.windowsecurity.com/trojanscan/
      www.pandasoftware.com/activescan/pol/activescan_principal.htm
      Zainstaluj tez:
      www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D
      www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster
      W obu wlacz ochrone przegladarki.

      A na koniec wklej nowy log z hijackthis.
      • Gość: wilk Re: bardzo proszę o sprawdzenie loga IP: *.chello.pl 15.04.05, 00:14
        wielkie dzieki! akcja chyba zakonczyła sie sukcesem.
        pozdrawiam
        • Gość: Kolobos Re: bardzo proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 15.04.05, 10:34
          Wklej nowy log zeby sie upewnic.
          • Gość: Wilk Re: bardzo proszę o sprawdzenie loga IP: *.chello.pl 15.04.05, 20:22
            Logfile of HijackThis v1.97.7
            Scan saved at 20:16:59, on 05-04-15
            Platform: Windows 98 SE (Win9x 4.10.2222A)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

            Running processes:
            C:\WINDOWS\SYSTEM\KERNEL32.DLL
            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
            C:\WINDOWS\SYSTEM\MPREXE.EXE
            C:\WINDOWS\SYSTEM\mmtask.tsk
            C:\WINDOWS\EXPLORER.EXE
            C:\PROGRAM FILES\GADU-GADU\GG.EXE
            C:\WINDOWS\SYSTEM\RNAAPP.EXE
            C:\WINDOWS\SYSTEM\TAPISRV.EXE
            C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
            O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
            download.macromedia.com/pub/shockwave/cabs/Flash/swflash.cab
            O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
            download.macromedia.com/pub/shockwave/cabs/director/sw.cab
            p.s w program files nie ma folderu media acces, tylko media pass. to on jest do
            wyrzucenia?
            • Gość: Kolobos Re: bardzo proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 15.04.05, 21:16
              Ale Ci sie log zmniejszyl, miales zainstalowac chyba antyvirus itd i gdzie to
              masz? Zaraz bedziesz mial jeszcze wiekszy syf.

              Masz usunac to:
              C:\PROGRAM FILES\MEDIA ACCESS\ co do Media Pass to pewnie tez od tego zobacz
              czy sa tam te pliki, ktore wymienilem wczesniej jak tak to wywal.
Pełna wersja