Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    Hijackthis pomocy!!!

    24.04.05, 15:20
    Prosze bardzo o sprawdzenie, bo komputer mi wariuje:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:19:12, on 05-04-24
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPZTSB08.EXE
    C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\PL-PL\MSNAPPAU.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
    C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\CREATIVE\SHARED FILES\CAMTRAY.EXE
    C:\MOJE DOKUMENTY\AGATA\PHONE\SKYPE.EXE
    C:\PROGRAM FILES\GADU-GADU\GADU-GADU\GG.EXE
    C:\WINDOWS\SYSTEM\PYUMIIO.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\WINRAR\WINRAR.EXE
    C:\WINDOWS\TEMP\RAR$EX14.089\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.onet.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {DCA1F8C3-4277-64A2-5003-3F26215A6090} -
    C:\WINDOWS\SYSTEM\IKD.DLL (file missing)
    O2 - BHO: (no name) - {5335EC1A-5BF5-217E-8E7E-2827B0E4BCC3} -
    C:\WINDOWS\SYSTEM\BJOMJC.DLL
    O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} -
    C:\WINDOWS\SYSTEM\DSMANA~1.DLL
    O2 - BHO: (no name) - {82DA97A1-7790-11D9-AF93-00C0D083241A} -
    C:\WINDOWS\SYSTEM\EIIEBAA.DLL (file missing)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
    C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\PL-PL\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN
    APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
    O2 - BHO: (no name) - {2435E86C-5BF0-2479-8E09-2A27B0EDBCB5} -
    C:\WINDOWS\SYSTEM\BJOMJC.DLL
    O2 - BHO: (no name) - {5168E812-0DAC-7279-8E7E-2827B0E4BCC2} -
    C:\WINDOWS\SYSTEM\BJOMJC.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
    FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\PL-PL\MSNTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb08.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky
    Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN
    Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared
    Files\CAMTRAY.EXE
    O4 - HKLM\..\RunServices: [kavsvc] "C:\Program Files\Kaspersky Lab\Kaspersky
    Anti-Virus Personal\kavsvc.exe"
    O4 - HKCU\..\Run: [Skype] "C:\MOJE
    DOKUMENTY\AGATA\PHONE\SKYPE.EXE" /nosplash /minimized
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GADU-
    GADU\GG.EXE" /tray
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.skoobidoo.com
    O15 - Trusted Zone: *.slotchbar.com
    O15 - Trusted Zone: *.iframedollars.biz
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.skoobidoo.com (HKLM)
    O15 - Trusted Zone: *.slotchbar.com (HKLM)
    O15 - Trusted Zone: *.iframedollars.biz (HKLM)
    O15 - Trusted IP range: 213.159.117.202
    O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) -
    www9.advnt01.com/dialer/win98_P.CAB
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
    67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    Class) -
    messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} -
    (no file)

    Obserwuj wątek
      • Gość: Kolobos Re: Hijackthis pomocy!!! IP: *.warszawa.sdi.tpnet.pl 24.04.05, 15:34
        Odinstaluj:
        MediaAccess

        C:\WINDOWS\SYSTEM\PYUMIIO.EXE <- wiesz co to jest? Jak nie to zamknij ten
        proces w menadzerze i przegraj gdzies ten plik na wypadek gdyby byl potrzebny.

        W hijackthis zaznacz te wpisy:

        O2 - BHO: (no name) - {DCA1F8C3-4277-64A2-5003-3F26215A6090} -
        C:\WINDOWS\SYSTEM\IKD.DLL (file missing)
        O2 - BHO: (no name) - {5335EC1A-5BF5-217E-8E7E-2827B0E4BCC3} -
        C:\WINDOWS\SYSTEM\BJOMJC.DLL
        O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} -
        C:\WINDOWS\SYSTEM\DSMANA~1.DLL
        O2 - BHO: (no name) - {82DA97A1-7790-11D9-AF93-00C0D083241A} -
        C:\WINDOWS\SYSTEM\EIIEBAA.DLL (file missing)
        O2 - BHO: (no name) - {2435E86C-5BF0-2479-8E09-2A27B0EDBCB5} -
        C:\WINDOWS\SYSTEM\BJOMJC.DLL
        O2 - BHO: (no name) - {5168E812-0DAC-7279-8E7E-2827B0E4BCC2} -
        C:\WINDOWS\SYSTEM\BJOMJC.DLL
        O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
        O15 - Trusted Zone: *.windupdates.com
        O15 - Trusted Zone: *.skoobidoo.com
        O15 - Trusted Zone: *.slotchbar.com
        O15 - Trusted Zone: *.iframedollars.biz
        O15 - Trusted Zone: *.windupdates.com (HKLM)
        O15 - Trusted Zone: *.skoobidoo.com (HKLM)
        O15 - Trusted Zone: *.slotchbar.com (HKLM)
        O15 - Trusted Zone: *.iframedollars.biz (HKLM)
        O15 - Trusted IP range: 213.159.117.202
        O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) -
        www9.advnt01.com/dialer/win98_P.CAB
        O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} -
        (no file)

        I Fix Checked, po resecie wklej nowy log ale najpierw przeskanuj system tym:
        housecall.trendmicro.com/housecall/start_corp.asp
        www.windowsecurity.com/trojanscan/
        www.pandasoftware.com/activescan/pol/activescan_principal.htm
        Zainstaluj to:
        www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D
        www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster
        www.wilderssecurity.net/spywareguard.html <- SpywareGuard
        • ziyi Re: Hijackthis pomocy!!! 24.04.05, 17:42
          Reraz sprawa wyglada tak:

          Logfile of HijackThis v1.99.1
          Scan saved at 17:40:48, on 05-04-24
          Platform: Windows 98 SE (Win9x 4.10.2222A)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\SYSTEM\KERNEL32.DLL
          C:\WINDOWS\SYSTEM\MSGSRV32.EXE
          C:\WINDOWS\SYSTEM\SPOOL32.EXE
          C:\WINDOWS\SYSTEM\MPREXE.EXE
          C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
          C:\WINDOWS\SYSTEM\mmtask.tsk
          C:\WINDOWS\EXPLORER.EXE
          C:\WINDOWS\TASKMON.EXE
          C:\WINDOWS\SYSTEM\INTERNAT.EXE
          C:\WINDOWS\SYSTEM\SYSTRAY.EXE
          C:\WINDOWS\SYSTEM\HPZTSB08.EXE
          C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE
          C:\WINDOWS\LOADQM.EXE
          C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\PL-PL\MSNAPPAU.EXE
          C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
          C:\WINDOWS\SYSTEM\STIMON.EXE
          C:\PROGRAM FILES\CREATIVE\SHARED FILES\CAMTRAY.EXE
          C:\MOJE DOKUMENTY\AGATA\PHONE\SKYPE.EXE
          C:\PROGRAM FILES\GADU-GADU\GADU-GADU\GG.EXE
          C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
          C:\WINDOWS\SYSTEM\DDHELP.EXE
          C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
          C:\PROGRAM FILES\WINRAR\WINRAR.EXE
          C:\WINDOWS\TEMP\RAR$EX09.340\HIJACKTHIS.EXE

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
          g.msn.com/0SEENUS/SAOS01
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.onet.pl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
          C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
          O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
          FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\PL-PL\MSNTB.DLL
          O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN
          APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
          C:\WINDOWS\SYSTEM\MSDXM.OCX
          O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM
          FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\PL-PL\MSNTB.DLL
          O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
          O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
          O4 - HKLM\..\Run: [internat.exe] internat.exe
          O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb08.exe
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky
          Anti-Virus Personal\kav.exe" /minimize
          O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
          O4 - HKLM\..\Run: [LoadQM] loadqm.exe
          O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001
          \pl-pl\msnappau.exe"
          O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
          O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
          O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared
          Files\CAMTRAY.EXE
          O4 - HKLM\..\RunServices: [kavsvc] "C:\Program Files\Kaspersky Lab\Kaspersky
          Anti-Virus Personal\kavsvc.exe"
          O4 - HKCU\..\Run: [Skype] "C:\MOJE
          DOKUMENTY\AGATA\PHONE\SKYPE.EXE" /nosplash /minimized
          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GADU-
          GADU\GG.EXE" /tray
          O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
          Sweeper\SPYSWEEPER.EXE" /0
          O15 - Trusted IP range: 213.159.117.202
          O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
          67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
          O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
          messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

          Uzylam programu Spy Sweeper
          • Gość: Kolobos Re: Hijackthis pomocy!!! IP: *.warszawa.sdi.tpnet.pl 24.04.05, 17:46
            Log jest juz ok.
            • ziyi Re: Hijackthis pomocy!!! 24.04.05, 17:52
              Dzieki dzieki dzieki!!!!!!!!!!
              :-*
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.