Bardzo proszę o sprawdzenie loga!!!

01.05.05, 22:31
Logfile of HijackThis v1.99.1
Scan saved at 22:37:29, on 05-05-01
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\POWERS.EXE
C:\WINDOWS\DSLAUNCH.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MICROSTAR\WLANUTILITY\WLANUTILITY.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\PROGRAM FILES\MICROSTAR\WLANUTILITY\WLAN_SERVICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\UPDATES\IMMUFIX.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {13A0D908-BA87-11D9-8EF8-000CE4D8AA52} -
C:\WINDOWS\SYSTEM\JOAD.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [PowerS] "C:\WINDOWS\PowerS.EXE"
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINDOWS\dslaunch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo
Express 2 SE\ChkFont.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - Startup: WlanUtility.lnk = C:\Program
Files\MicroStar\WLANUtility\WlanUtility.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead
Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM
FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM
FILES\FLASHGET\jc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
194.204.152.34,194.204.159.1
O18 - Filter: text/html - {13A0D907-BA87-11D9-8EF8-000C95473E20} -
C:\WINDOWS\SYSTEM\JOAD.DLL
O18 - Filter: text/plain - {13A0D907-BA87-11D9-8EF8-000C95473E20} -
C:\WINDOWS\SYSTEM\JOAD.DLL

I proszę żeby ktoś mi w prosty sposób wytłumaczył co zrobić bo jestem
kompletną laiczką jeśli chodzi o usuwanie wirusów ;)
Z góry wielkie dzięki
    • Gość: Kolobos Re: Bardzo proszę o sprawdzenie loga!!! IP: *.warszawa.sdi.tpnet.pl 01.05.05, 23:07
      Uzyj tego:
      www.trojaner-info.de/files/SpSeHjfix112.exe
      Czy to jakas plaga? Pisalem to juz dzis wiecej niz pare razy ;-)
      Wszyscy tylko z tym AutoBlank (se.dll) do tego to ten nowy wariant, na jakie
      strony trzeba wchodzic zeby to zlapac? Bo samo napewno sie nie zainstalowalo.

      Zainstaluj sobie tez:
      www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
      przeskanuj i wlacz ochrone przegladarki
      www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
      ochrone przegladarki
      www.wilderssecurity.net/spywareguard.html <- SpywareGuard

      Po resecie wklej nowy log z hijackthis.

      Ps. przydalby sie jakis automat, ktory by to pisal :P
      • liessa Re: Bardzo proszę o sprawdzenie loga!!! 02.05.05, 21:45
        Dzieki bardzo!!! Jaki człowiek jest ciemny wystarczyło jednego programu
        przecież użyć a ja się męczyłam z 4 godziny :) A tu log:

        Logfile of HijackThis v1.99.1
        Scan saved at 21:51:50, on 05-05-02
        Platform: Windows 98 SE (Win9x 4.10.2222A)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\SYSTEM\MSTASK.EXE
        C:\WINDOWS\EXPLORER.EXE
        C:\WINDOWS\SYSTEM\INTERNAT.EXE
        C:\WINDOWS\TASKMON.EXE
        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
        C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
        C:\WINDOWS\POWERS.EXE
        C:\WINDOWS\DSLAUNCH.EXE
        C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
        C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
        C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
        C:\PROGRAM FILES\MICROSTAR\WLANUTILITY\WLANUTILITY.EXE
        C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
        C:\PROGRAM FILES\MICROSTAR\WLANUTILITY\WLAN_SERVICE.EXE
        C:\WINDOWS\SYSTEM\WMIEXE.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\WINDOWS\PULPIT\RóżNE\HIJACKTHIS.EXE

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        res://C:\WINDOWS\TEMP\se.dll/spage.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.google.pl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
        res://C:\WINDOWS\TEMP\se.dll/spage.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        about:blank
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        about:blank
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM
        FILES\FLASHGET\JCCATCH.DLL
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
        \SPYBOT~1\SDHELPER.DLL
        O2 - BHO: (no name) - {4DB007AE-BB50-11D9-8EF8-000C1C65D9AF} -
        C:\WINDOWS\SYSTEM\JOAD.DLL (file missing)
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\SYSTEM\MSDXM.OCX
        O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
        C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
        O4 - HKLM\..\Run: [internat.exe] internat.exe
        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
        O4 - HKLM\..\Run: [PowerS] "C:\WINDOWS\PowerS.EXE"
        O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINDOWS\dslaunch.exe
        O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
        O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
        O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
        O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo
        Express 2 SE\ChkFont.exe
        O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
        O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
        O4 - Startup: WlanUtility.lnk = C:\Program
        Files\MicroStar\WLANUtility\WlanUtility.exe
        O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead
        Systems\Ulead Photo Express 2 SE\CalCheck.exe
        O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM
        FILES\FLASHGET\jc_link.htm
        O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM
        FILES\FLASHGET\jc_all.htm
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
        C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
        O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
        0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
        O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
        194.204.152.34,194.204.159.1
        O18 - Filter: text/html - {4DB007AD-BB50-11D9-8EF8-000CECB747D8} -
        C:\WINDOWS\SYSTEM\JOAD.DLL
        O18 - Filter: text/plain - {4DB007AD-BB50-11D9-8EF8-000CECB747D8} -
        C:\WINDOWS\SYSTEM\JOAD.DLL

        P.S. Jeśli chodzi o pisanie tego samego po kilka razy dziennie to sobie zrób
        szablon i wklejaj tylko odpowiedzi :)
        • Gość: Kolobos Re: Bardzo proszę o sprawdzenie loga!!! IP: *.warszawa.sdi.tpnet.pl 02.05.05, 22:07
          Nie zobaczylem ze masz Windows 98, a ten fix co podalem jest pod XP/W2k, musisz
          uzyc innej wersji, o tej:
          www.trojaner-info.de/files/SpSeHjfix_Beta9.exe
          Jak juz nacisniesz start disinfect to pojawi sie nowy maly pszycisk log,
          nacisnij go i zostanie utworzony plik SPSeHjFix.log, wklej jego zawartosc na
          forum :-)
          • liessa Re: Bardzo proszę o sprawdzenie loga!!! 02.05.05, 22:21
            Z tymże tamta wersja usunęła tego trojana. Mimo wszystko mam to zrobić?
            • Gość: Kolobos Re: Bardzo proszę o sprawdzenie loga!!! IP: *.warszawa.sdi.tpnet.pl 02.05.05, 22:38
              W logu z hijackthis dalej go widze wiec uzyj jeszcze raz tego co podalem,
              nastepnie reset i wklej log z hijackthis oraz ten z SpSeHfix.
              • liessa Re: Bardzo proszę o sprawdzenie loga!!! 03.05.05, 12:56
                Jeden log

                (5-2-05 21:24:40) SPSeHjFix started v1.1.2
                (5-2-05 21:24:40) OS: Win98SE A (4.10.2222)
                (5-2-05 21:24:40) Language: polski
                (5-2-05 21:24:40) Win-Path: C:\WINDOWS
                (5-2-05 21:24:40) System-Path: C:\WINDOWS\SYSTEM
                (5-2-05 21:24:40) Temp-Path: C:\WINDOWS\TEMP\
                (5-2-05 21:24:42) Disinfection started
                (5-2-05 21:24:42) Bad-Dll(IEP): c:\windows\temp\se.dll
                (5-2-05 21:24:42) Searchassistant Uninstaller found: regsvr32 /s /u
                C:\WINDOWS\SYSTEM\JOAD.DLL
                (5-2-05 21:24:42) Searchassistant Uninstaller - Keys Deleted
                (5-2-05 21:24:42) UBF: 6 - UBB: 2 - UBR: 14
                (5-2-05 21:24:42) FilterKey: HKCR\text/html (deleted)
                (5-2-05 21:24:42) FilterKey: HKCR\CLSID\{13A0D907-BA87-11D9-8EF8-000C95473E20}
                (deleted)
                (5-2-05 21:24:42) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while
                deleting)
                (5-2-05 21:24:42) FilterKey: HKCR\text/plain (deleted)
                (5-2-05 21:24:42) FilterKey: HKCR\CLSID\{13A0D907-BA87-11D9-8EF8-000C95473E20}
                (error while deleting)
                (5-2-05 21:24:42) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while
                deleting)
                (5-2-05 21:24:42) BHO-Key:
                HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
                Objects\{13A0D908-BA87-11D9-8EF8-000CE4D8AA52} (deleted)
                (5-2-05 21:24:42) BHO-Key: HKCR\CLSID\{13A0D908-BA87-11D9-8EF8-000CE4D8AA52}
                (deleted)
                (5-2-05 21:24:42) UBF: 4 - UBB: 1 - UBR: 14
                (5-2-05 21:24:42) Bad IE-pages:
                deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
                res://c:\windows\temp\se.dll/spage.html
                deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page:
                about:blank
                deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page:
                about:blank
                deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
                deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant:
                about:blank
                deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
                res://c:\windows\temp\se.dll/spage.html
                deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page:
                about:blank
                deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page:
                about:blank
                deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
                deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant:
                about:blank
                (5-2-05 21:24:42) Stealth-String not found
                (5-2-05 21:24:42) File added to delete: c:\windows\system\joad.dll
                (5-2-05 21:24:42) Reboot
                (5-2-05 21:26:16) SPSeHjFix 2nd Step
                (5-2-05 21:26:17) Stealth-String not present. Disinfection succesfully
                (5-2-05 21:26:23) Cleaned


                (5-3-05 12:54:42) SPSeHjFix started v1.09
                (5-3-05 12:54:42) OS: Win98SE A (4.10.67766446)
                (5-3-05 12:54:42) Language: polski
                (5-3-05 12:54:45) Disinfect started
                (5-3-05 12:54:45) Bad-Dll(IEP): (not found)
                (5-3-05 12:54:45) Bad-Dll(IEP) in BHO: (not found)
                (5-3-05 12:54:45) Searchassistant Uninstaller found: regsvr32 /s /u
                C:\WINDOWS\SYSTEM\JOAD.DLL
                (5-3-05 12:54:45) Searchassistant Uninstaller - Keys Deleted
                (5-3-05 12:54:45) UBF: 6
                (5-3-05 12:54:45) UBB: 2
                (5-3-05 12:54:45) FilterKey: HKCR\text/html (deleted)
                (5-3-05 12:54:45) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while
                deleting)
                (5-3-05 12:54:45) FilterKey: HKCR\CLSID\{4DB007AD-BB50-11D9-8EF8-000CECB747D8}
                (deleted)
                (5-3-05 12:54:45) FilterKey: HKCR\text/plain (deleted)
                (5-3-05 12:54:45) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while
                deleting)
                (5-3-05 12:54:45) FilterKey: HKCR\CLSID\{4DB007AD-BB50-11D9-8EF8-000CECB747D8}
                (error while deleting)
                (5-3-05 12:54:45) BHO-Key:
                HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
                Objects\{4DB007AE-BB50-11D9-8EF8-000C1C65D9AF} (deleted)
                (5-3-05 12:54:45) BHO-Key: HKCR\CLSID\{4DB007AE-BB50-11D9-8EF8-000C1C65D9AF}
                (deleted)
                (5-3-05 12:54:45) UBR: 15
                (5-3-05 12:54:45) Bad IE-pages:
                deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page:
                about:blank
                deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
                deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant:
                about:blank
                deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page:
                about:blank
                deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page:
                about:blank
                deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
                deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant:
                about:blank
                (5-3-05 12:54:45) Stealth-String not found:
                (5-3-05 12:54:45) File added to delete: c:\windows\system\joad.dll
                (5-3-05 12:54:45) File added to delete: c:\windows\system\joad.dll
                (5-3-05 12:54:45) Reboot
                (5-3-05 12:55:48) SPSeHjFix 2nd Step
                (5-3-05 12:55:48) RunServicesOnce-Key: (edited)
                (5-3-05 12:55:54) Cleaned

                ...i drugi log ;)

                Logfile of HijackThis v1.99.1
                Scan saved at 13:04:13, on 05-05-03
                Platform: Windows 98 SE (Win9x 4.10.2222A)
                MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                Running processes:
                C:\WINDOWS\SYSTEM\KERNEL32.DLL
                C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                C:\WINDOWS\SYSTEM\MPREXE.EXE
                C:\WINDOWS\SYSTEM\mmtask.tsk
                C:\WINDOWS\SYSTEM\MSTASK.EXE
                C:\WINDOWS\EXPLORER.EXE
                C:\WINDOWS\SYSTEM\INTERNAT.EXE
                C:\WINDOWS\TASKMON.EXE
                C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
                C:\WINDOWS\POWERS.EXE
                C:\WINDOWS\DSLAUNCH.EXE
                C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
                C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
                C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
                C:\PROGRAM FILES\MICROSTAR\WLANUTILITY\WLANUTILITY.EXE
                C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
                C:\PROGRAM FILES\MICROSTAR\WLANUTILITY\WLAN_SERVICE.EXE
                C:\WINDOWS\SYSTEM\WMIEXE.EXE
                C:\WINDOWS\SYSTEM\DDHELP.EXE
                C:\PROGRAM FILES\GADU-GADU\GG.EXE
                C:\WINDOWS\SYSTEM\RNAAPP.EXE
                C:\WINDOWS\SYSTEM\TAPISRV.EXE
                C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                C:\WINDOWS\PULPIT\RóżNE\HIJACKTHIS.EXE

                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
                res://C:\WINDOWS\TEMP\se.dll/spage.html
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                www.google.pl/
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
                res://C:\WINDOWS\TEMP\se.dll/spage.html
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM
                FILES\FLASHGET\JCCATCH.DLL
                O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
                \SPYBOT~1\SDHELPER.DLL
                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                C:\WINDOWS\SYSTEM\MSDXM.OCX
                O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
                C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
                O4 - HKLM\..\Run: [internat.exe] internat.exe
                O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
                powrprof.dll,LoadCurrentPwrScheme
                O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
                O4 - HKLM\..\Run: [PowerS] "C:\WINDOWS\PowerS.EXE"
                O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINDOWS\dslaunch.exe
                O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
                O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
                O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
                O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo
                Express 2 SE\ChkFont.exe
                O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                powrprof.dll,LoadCurrentPwrScheme
                O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
                O4 - Startup: WlanUtility.lnk = C:\Program
                Files\MicroStar\WLANUtility\WlanUtility.exe
                O4 - Startup: Photo Express Cale
                • Gość: Kolobos Re: Bardzo proszę o sprawdzenie loga!!! IP: *.warszawa.sdi.tpnet.pl 03.05.05, 13:29
                  Zrob tak:
                  Podczas startu windows na samym poczataku nacisnij F8 i wybierz tryb msdos tam
                  wpisz:

                  del c:\windows\temp\se.dll
                  oraz:
                  del c:\windows\system\joad.dll

                  Nastepnie uruchom system normalnie i w hijackthis usun te wpisy:
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
                  res://C:\WINDOWS\TEMP\se.dll/spage.html
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
                  res://C:\WINDOWS\TEMP\se.dll/spage.html
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                  about:blank
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                  about:blank
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
                  O2 - BHO: (no name) - {13A0D908-BA87-11D9-8EF8-000CE4D8AA52} -
                  C:\WINDOWS\SYSTEM\JOAD.DLL
                  O18 - Filter: text/html - {13A0D907-BA87-11D9-8EF8-000C95473E20} -
                  C:\WINDOWS\SYSTEM\JOAD.DLL
                  O18 - Filter: text/plain - {13A0D907-BA87-11D9-8EF8-000C95473E20} -
                  C:\WINDOWS\SYSTEM\JOAD.DLL

                  Dla pewnosci znowu reset i wklej nowy log z hijackthis :-)
                  • liessa Re: Bardzo proszę o sprawdzenie loga!!! 03.05.05, 16:57
                    Eee... niebardzo wiem jak te wpisy usunąć, poza tym części z tych co napisałeś
                    nie ma. A pliku JOAD.DLL nie ma wiec go nie usunę :)
                    • Gość: Kolobos Re: Bardzo proszę o sprawdzenie loga!!! IP: *.warszawa.sdi.tpnet.pl 03.05.05, 17:04
                      Uruchom hijackthis wybierz scan only przy wpisach, ktore podalem
                      zanacz "ptaszki" nastepnie nacisnij Fix Checked i zresetuj komputer, po resecie
                      wklej nowy log z hijackthis.
                      • liessa Re: Bardzo proszę o sprawdzenie loga!!! 03.05.05, 17:15
                        Logfile of HijackThis v1.99.1
                        Scan saved at 17:21:07, on 05-05-03
                        Platform: Windows 98 SE (Win9x 4.10.2222A)
                        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

                        Running processes:
                        C:\WINDOWS\SYSTEM\KERNEL32.DLL
                        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                        C:\WINDOWS\SYSTEM\MPREXE.EXE
                        C:\WINDOWS\SYSTEM\mmtask.tsk
                        C:\WINDOWS\SYSTEM\MSTASK.EXE
                        C:\WINDOWS\EXPLORER.EXE
                        C:\WINDOWS\SYSTEM\INTERNAT.EXE
                        C:\WINDOWS\TASKMON.EXE
                        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                        C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
                        C:\WINDOWS\POWERS.EXE
                        C:\WINDOWS\DSLAUNCH.EXE
                        C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
                        C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
                        C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
                        C:\PROGRAM FILES\MICROSTAR\WLANUTILITY\WLANUTILITY.EXE
                        C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
                        C:\PROGRAM FILES\MICROSTAR\WLANUTILITY\WLAN_SERVICE.EXE
                        C:\WINDOWS\SYSTEM\WMIEXE.EXE
                        C:\WINDOWS\PULPIT\RóżNE\HIJACKTHIS.EXE

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                        www.google.pl/
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                        O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM
                        FILES\FLASHGET\JCCATCH.DLL
                        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                        C:\WINDOWS\SYSTEM\MSDXM.OCX
                        O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
                        C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
                        O4 - HKLM\..\Run: [internat.exe] internat.exe
                        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
                        powrprof.dll,LoadCurrentPwrScheme
                        O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
                        O4 - HKLM\..\Run: [PowerS] "C:\WINDOWS\PowerS.EXE"
                        O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINDOWS\dslaunch.exe
                        O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
                        O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
                        O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
                        O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo
                        Express 2 SE\ChkFont.exe
                        O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                        powrprof.dll,LoadCurrentPwrScheme
                        O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                        O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
                        O4 - Startup: WlanUtility.lnk = C:\Program
                        Files\MicroStar\WLANUtility\WlanUtility.exe
                        O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead
                        Systems\Ulead Photo Express 2 SE\CalCheck.exe
                        O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM
                        FILES\FLASHGET\jc_link.htm
                        O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM
                        FILES\FLASHGET\jc_all.htm
                        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                        C:\WINDOWS\web\related.htm
                        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                        00aa003c157a} - C:\WINDOWS\web\related.htm
                        O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
                        C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
                        O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
                        0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
                        O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
                        194.204.152.34,194.204.159.1

                        Kurcze, mam nadzieję, że teraz będzie już ok :/
                        • Gość: Kolobos Re: Bardzo proszę o sprawdzenie loga!!! IP: *.warszawa.sdi.tpnet.pl 03.05.05, 17:34
                          Tak, jest ok :-)


                          Pamietaj, zeby zainstalowac te programy:
                          Zainstaluj sobie tez:
                          www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D
                          przeskanuj i wlacz ochrone przegladarki
                          www.javacoolsoftware.com/spywareblaster.html <-
                          SpywareBlaster -> wlacz ochrone przegladarki
                          www.wilderssecurity.net/spywareguard.html <- SpywareGuard

                          Podlaem Ci je juz dawno, a w logu ich nie widze.

                          Zainstaluj tez najnowszy IE:
                          download.microsoft.com/download/ie6sp1/finrel/6_sp1/W98NT42KMeXP/PL/ie6setup.exe

                          Albo sama poprawke, ktora powinna byc na www.windowsupdate.com (tyle, ze nie
                          wiem czy do 98 tez)
                          • liessa Re: Bardzo proszę o sprawdzenie loga!!! 04.05.05, 13:07
                            Aktualizację Explorera zrobiłam zainstalowałam Spyware Blaster i Spybota no i
                            śmiga ;)
                            I jeszcze log na koniec:

                            Logfile of HijackThis v1.99.1
                            Scan saved at 13:11:39, on 05-05-04
                            Platform: Windows 98 SE (Win9x 4.10.2222A)
                            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                            Running processes:
                            C:\WINDOWS\SYSTEM\KERNEL32.DLL
                            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                            C:\WINDOWS\SYSTEM\MPREXE.EXE
                            C:\WINDOWS\SYSTEM\mmtask.tsk
                            C:\WINDOWS\SYSTEM\MSTASK.EXE
                            C:\WINDOWS\EXPLORER.EXE
                            C:\WINDOWS\SYSTEM\INTERNAT.EXE
                            C:\WINDOWS\TASKMON.EXE
                            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                            C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
                            C:\WINDOWS\POWERS.EXE
                            C:\WINDOWS\DSLAUNCH.EXE
                            C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
                            C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
                            C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
                            C:\PROGRAM FILES\MICROSTAR\WLANUTILITY\WLANUTILITY.EXE
                            C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
                            C:\PROGRAM FILES\MICROSTAR\WLANUTILITY\WLAN_SERVICE.EXE
                            C:\WINDOWS\SYSTEM\WMIEXE.EXE
                            C:\WINDOWS\PULPIT\RóżNE\HIJACK THIS\HIJACKTHIS.EXE

                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                            www.google.pl/
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                            O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM
                            FILES\FLASHGET\JCCATCH.DLL
                            O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
                            C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
                            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                            C:\WINDOWS\SYSTEM\MSDXM.OCX
                            O4 - HKLM\..\Run: [internat.exe] internat.exe
                            O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                            O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                            O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
                            powrprof.dll,LoadCurrentPwrScheme
                            O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
                            O4 - HKLM\..\Run: [PowerS] "C:\WINDOWS\PowerS.EXE"
                            O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINDOWS\dslaunch.exe
                            O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
                            O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
                            O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
                            O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo
                            Express 2 SE\ChkFont.exe
                            O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                            powrprof.dll,LoadCurrentPwrScheme
                            O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                            O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
                            O4 - Startup: WlanUtility.lnk = C:\Program
                            Files\MicroStar\WLANUtility\WlanUtility.exe
                            O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead
                            Systems\Ulead Photo Express 2 SE\CalCheck.exe
                            O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM
                            FILES\FLASHGET\jc_link.htm
                            O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM
                            FILES\FLASHGET\jc_all.htm
                            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                            C:\WINDOWS\web\related.htm
                            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                            00aa003c157a} - C:\WINDOWS\web\related.htm
                            O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
                            C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
                            O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
                            0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
                            O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
                            194.204.152.34,194.204.159.1

                            Dziękuje bardzo!!!
                            • Gość: Kolobos Re: Bardzo proszę o sprawdzenie loga!!! IP: *.warszawa.sdi.tpnet.pl 04.05.05, 13:23
                              Log jest ok :-)
                              • liessa Re: Bardzo proszę o sprawdzenie loga!!! 04.05.05, 19:50
                                Dzięki dzięki dzięki dzięki!!!!! ;)
Pełna wersja