bardzo proszę o sprawdzenie loga

IP: *.neoplus.adsl.tpnet.pl 11.05.05, 16:25
problem jest taki, że nie działają mi niektóre strony w internecie. znaczy
prawie połowa stron. może przez przypadek wykasowałam jakis plik? prosze o
pomoc, a jesli bedzie trzeba to i kontakt na gg: 2595879. z góry dziekuję :)

Logfile of HijackThis v1.99.0
Scan saved at 16:22:11, on 05-05-11
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\YDPDICT\WATCH.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
D:\PROGRAMY\NA WIRUSY\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: load=C:\YDPDict\watch.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P
NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points
Manager\Points Manager.exe -s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - Startup: Watchdog.lnk = C:\WINDOWS\TWAIN\A4s2\Watchdog.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

    • Gość: Kolobos Re: bardzo proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 11.05.05, 16:37
      W hijackthis usun to:
      O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P
      NETWORKING.EXE /AUTOSTART
      O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
      O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

      Nastepnie usun pliki:
      C:\Program Files\Common Files\GMT\GMT.exe
      C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
      C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE

      I katalogi P2P NETWORKING
      i GMT oraz CMEII

      Jakby pliki nie chcialy sie skasowac w hijackthis -> open misc tools i delete
      file on reboot i wklejasz tam:
      C:\Program Files\Common Files\GMT\GMT.exe
      oraz:
      C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
      i:
      C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE

      Zainstaluj sobie np. FireFox'a i zobacz czy w nim strony beda sie otwierac.
      • Gość: ysabell Re: bardzo proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 11.05.05, 16:59
        dzieki za odpowiedź :)

        pliki wykasowałam, wpisy w hijack też.
        zainstalowałam firefoxa. strony nadal nie działają. mam wrażenie, że
        przypadkiem usunęłam jakis wazny plik systemowy. nie wiesz czego może w tym
        logu brakować? dodam, że mam system win98.
        • Gość: Kolobos Re: bardzo proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 11.05.05, 17:25
          Jezeli weczesniej cos skasowalas w hijackthis to wejdz w Hijackthis->Open Misc
          Tools-> Backups i odzyskaj wszystkie wpisy, a nastepnie wklej caly log na forum.
          Ale moze na poczatek zobacz czy nie skasowalas wpisu z NameServer = w nazwie
          jak masz taki to go odzyskaj, uruchom ponownie komputer i zobacz czy cos sie
          zmienilo, napisz tez jaka strona Ci sie nie otwiera.
          • Gość: ysabell Re: bardzo proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 11.05.05, 19:23
            ok, wklejam loga. uzupełnionego. ostrzegam, bardzo długi. a nie otwierają mi
            się rózne strony np. www.gazeta.pl/avanti. albo mój blog :
            www.ysabell1987.blog.pl

            Logfile of HijackThis v1.99.0
            Scan saved at 19:20:23, on 05-05-11
            Platform: Windows 98 SE (Win9x 4.10.2222A)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

            Running processes:
            C:\WINDOWS\SYSTEM\KERNEL32.DLL
            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
            C:\WINDOWS\SYSTEM\MPREXE.EXE
            C:\WINDOWS\SYSTEM\MSTASK.EXE
            C:\WINDOWS\SYSTEM\mmtask.tsk
            C:\WINDOWS\EXPLORER.EXE
            C:\YDPDICT\WATCH.EXE
            C:\WINDOWS\TASKMON.EXE
            C:\WINDOWS\SYSTEM\INTERNAT.EXE
            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
            C:\WINDOWS\SYSTEM\STIMON.EXE
            C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
            C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
            C:\WINDOWS\RunDLL.exe
            C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
            C:\WINDOWS\SYSTEM\WMIEXE.EXE
            C:\WINDOWS\SYSTEM\DDHELP.EXE
            C:\PROGRAM FILES\GADU-GADU\GG.EXE
            D:\PROGRAMY\NA WIRUSY\HIJACKTHIS\HIJACKTHIS.EXE

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
            213.159.117.134/index.php
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
            res://C:\WINDOWS\TEMP\se.dll/sp.html
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            213.159.117.134/index.php
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
            213.159.117.134/index.php
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
            www.websearch.com/ie.aspx?tb_id=50162
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
            res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
            res://C:\WINDOWS\TEMP\se.dll/sp.html
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
            213.159.117.134/index.php
            R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
            about:blank
            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
            about:blank
            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
            res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            213.159.117.134/index.php
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
            213.159.117.134/index.php
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-
            11D0-99CB-00C04FD64497} - (no file)
            R3 - URLSearchHook: (no name) - - (no file)
            R3 - URLSearchHook: Popup Blocker - {E606052C-E26E-EA9D-835B-BABA8BA9F1F9} -
            C:\PROGRAM FILES\POPUP BLOCKER\POPUP_BLOCKER.DLL (file missing)
            F1 - win.ini: load=C:\YDPDict\watch.exe
            O1 - Hosts: 127.0.0.3 x.full-tgp.net
            O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
            O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
            O1 - Hosts: 213.159.117.203/dkprogs/hosts.txt
            O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1
            \INSTAF~1\INSTAF~1.DLL
            O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} -
            C:\PROGRAM FILES\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
            O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1
            \TOOLBAR\TOOLBAR.DLL (file missing)
            O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1
            \COMMON~1\WINTOOLS\WTOOLSB.DLL (file missing)
            O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
            C:\WINDOWS\SYSTEM\MSBE.DLL
            O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
            C:\WINDOWS\NEM220.DLL
            O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} -
            C:\WINDOWS\SYSTEM\DSMANA~1.DLL
            O2 - BHO: (no name) - {DFABF7E1-9882-11D9-95AF-00029AADFEEC} -
            C:\WINDOWS\SYSTEM\HPEK.DLL
            O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\PROGRAM
            FILES\RXTOOLBAR\RXTOOLBAR.DLL
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\SYSTEM\MSDXM.OCX
            O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
            O3 - Toolbar: (no name) - The Search Accelerator - {44BE0690-5429-47f0-85BB-
            3FFD8020233E} - (no file)
            O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
            O3 - Toolbar: Popup Blocker - {E606052C-E26E-EA9D-835B-BABA8BA9F1F9} -
            C:\PROGRAM FILES\POPUP BLOCKER\POPUP_BLOCKER.DLL (file missing)
            O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
            O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
            O4 - HKLM\..\Run: [internat.exe] internat.exe
            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
            O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
            powrprof.dll,LoadCurrentPwrScheme
            O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
            O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
            O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points
            Manager\Points Manager.exe -s
            O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P
            NETWORKING.EXE /AUTOSTART
            O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
            O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
            O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
            O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
            O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
            O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
            Network\bin\bargains.exe
            O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\SYSTEM\ap9h4qmo.exe
            O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\Services\{0B635D20-BA33-11D9-
            B393-000244487376}\SVCHOST.EXE
            O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
            Optimizer\optimize.exe"
            O4 - HKLM\..\Run:
            [AutoLoaderAproposClient] "C:\WINDOWS\CXTPLS_LOADER.EXE" /HideUninstall /HideDir
            /PC=CP.AMS /ShowLegalNote=nonbranded
            O4 - HKLM\..\Run: [Kvj] C:\WINDOWS\Ueu.exe
            O4 - HKLM\..\Run: [saap] c:\windows\saap.exe
            O4 - HKLM\..\Run: [loader32] C:\WINDOWS\LOADER32.EXE
            O4 - HKLM\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
            O4 - HKLM\..\Run: [Vpa] C:\WINDOWS\SYSTEM\Tqg.exe
            O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
            O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
            O4 - HKLM\..\Run: [AdTools Service] C:\PROGRAM FILES\ADTOOLS SERVICE\ADTOOLS.EXE
            O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\fsg_4203.exe"
            O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
            powrprof.dll,LoadCurrentPwrScheme
            O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
            O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
            O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
            O4 - HKLM\..\RunServices: [ntddetect] WS\SYSTEM\ntddetect.exe
            O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1
            \WINTOOLS\WTOOLSA.EXE /boot
            O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot
            O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
            deskcp16.dll,QUICKRES_RUNDLLENTRY
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILE
            • Gość: Kolobos Re: bardzo proszę o sprawdzenie loga IP: *.icm.edu.pl / *.icm.edu.pl 11.05.05, 21:03
              Caly log sie nie zmiescil.

              Uzyj tego:
              www.trojaner-info.de/cgi-bin/download.cgi?file=sphjfix109
              W hijackthis zaznacz te wpisy:

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
              213.159.117.134/index.php
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
              res://C:\WINDOWS\TEMP\se.dll/sp.html
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              213.159.117.134/index.php
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
              213.159.117.134/index.php
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
              www.websearch.com/ie.aspx?tb_id=50162
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
              res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
              res://C:\WINDOWS\TEMP\se.dll/sp.html
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
              213.159.117.134/index.php
              R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              about:blank
              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              about:blank
              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
              res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              213.159.117.134/index.php
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
              213.159.117.134/index.php
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
              R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-
              11D0-99CB-00C04FD64497} - (no file)
              R3 - URLSearchHook: (no name) - - (no file)
              R3 - URLSearchHook: Popup Blocker - {E606052C-E26E-EA9D-835B-BABA8BA9F1F9} -
              C:\PROGRAM FILES\POPUP BLOCKER\POPUP_BLOCKER.DLL (file missing)
              O1 - Hosts: 127.0.0.3 x.full-tgp.net
              O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
              O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
              O1 - Hosts: 213.159.117.203/dkprogs/hosts.txt
              O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1
              \INSTAF~1\INSTAF~1.DLL

              Usun ten plik i katalog:
              C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL


              O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} -
              C:\PROGRAM FILES\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL
              To samo tutaj

              O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1
              \TOOLBAR\TOOLBAR.DLL (file missing)
              O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1
              \COMMON~1\WINTOOLS\WTOOLSB.DLL (file missing)

              Usun caly katalog:
              C:\PROGRA~1\COMMON~1\WINTOOLS\
              oraz:
              C:\PROGRA~1\TOOLBAR\

              O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
              C:\WINDOWS\SYSTEM\MSBE.DLL
              Usun ten plik.

              O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
              C:\WINDOWS\NEM220.DLL
              Ten tez


              O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} -
              C:\WINDOWS\SYSTEM\DSMANA~1.DLL
              I ten ;-)

              O2 - BHO: (no name) - {DFABF7E1-9882-11D9-95AF-00029AADFEEC} -
              C:\WINDOWS\SYSTEM\HPEK.DLL
              ten tez

              O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\PROGRAM
              FILES\RXTOOLBAR\RXTOOLBAR.DLL
              Usun caly katalog:
              C:\PROGRAM FILES\RXTOOLBAR\

              O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
              O3 - Toolbar: (no name) - The Search Accelerator - {44BE0690-5429-47f0-85BB-
              3FFD8020233E} - (no file)
              O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
              O3 - Toolbar: Popup Blocker - {E606052C-E26E-EA9D-835B-BABA8BA9F1F9} -
              C:\PROGRAM FILES\POPUP BLOCKER\POPUP_BLOCKER.DLL (file missing)

              Usun caly katalog:
              C:\PROGRAM FILES\POPUP BLOCKER\


              O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P
              NETWORKING.EXE /AUTOSTART

              Usun caly katalog:
              C:\WINDOWS\SYSTEM\P2P NETWORKING\

              O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"

              Usun caly katalog CMEII


              O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
              O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
              O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye
              Network\bin\bargains.exe

              Usun caly katalog:
              BullsEye Network

              O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\SYSTEM\ap9h4qmo.exe
              Usun ten plik

              O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\Services\{0B635D20-BA33-11D9-
              B393-000244487376}\SVCHOST.EXE
              Usun ten plik

              O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
              Optimizer\optimize.exe"

              Usun caly katalog:
              Internet Optimizer

              O4 - HKLM\..\Run:
              [AutoLoaderAproposClient] "C:\WINDOWS\CXTPLS_LOADER.EXE" /HideUninstall /HideDir
              /PC=CP.AMS /ShowLegalNote=nonbranded

              Usun plik:
              C:\WINDOWS\CXTPLS_LOADER.EXE

              O4 - HKLM\..\Run: [Kvj] C:\WINDOWS\Ueu.exe
              O4 - HKLM\..\Run: [saap] c:\windows\saap.exe
              O4 - HKLM\..\Run: [loader32] C:\WINDOWS\LOADER32.EXE
              O4 - HKLM\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe
              O4 - HKLM\..\Run: [Vpa] C:\WINDOWS\SYSTEM\Tqg.exe
              O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
              Usun te pliki

              O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
              usun C:\WINDOWS\TEMP\SE.DLL

              O4 - HKLM\..\Run: [AdTools Service] C:\PROGRAM FILES\ADTOOLS SERVICE\ADTOOLS.EXE
              Usun katalog C:\PROGRAM FILES\ADTOOLS SERVICE

              O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\fsg_4203.exe"
              Usun wszystko z c:\windows\temp\

              O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
              O4 - HKLM\..\RunServices: [ntddetect] WS\SYSTEM\ntddetect.exe
              O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1
              \WINTOOLS\WTOOLSA.EXE /boot
              O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot

              I po resecie wklej nowy log z hijackthis.
              Jakby cos nie chcialo sie skasowac to uzyj Killbox'a:
              www.downloads.subratam.org/KillBox.zip
              I delete file on reboot.
          • Gość: ysabell Re: bardzo proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 11.05.05, 19:25
            i jeszcze ciagle mi sie pojawia komunikat o jakimś błędzie pliku rundll costam.
            • Gość: ysabell Re: bardzo proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 11.05.05, 19:54
              prosze proooosze o pomoc :(
              • Gość: ysabell Re: bardzo proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 11.05.05, 20:56
                up...
                • Gość: Kolobos Re: bardzo proszę o sprawdzenie loga IP: *.icm.edu.pl / *.icm.edu.pl 11.05.05, 21:04
                  Bez żadnych up prosze, to nie jest bar szybkiej obslugi ;-)
                  Trzeba czekac na swoja kolej i tyle.
                  Wszystko juz napisalem w poprzednim poscie :)
                  • Gość: ysabell Re: bardzo proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 11.05.05, 21:28
                    przepraszam za upa :P

                    wklejam loga.

                    Logfile of HijackThis v1.99.0
                    Scan saved at 21:23:02, on 05-05-11
                    Platform: Windows 98 SE (Win9x 4.10.2222A)
                    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                    Running processes:
                    C:\WINDOWS\SYSTEM\KERNEL32.DLL
                    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                    C:\WINDOWS\SYSTEM\MPREXE.EXE
                    C:\WINDOWS\SYSTEM\MSTASK.EXE
                    C:\WINDOWS\SYSTEM\mmtask.tsk
                    C:\WINDOWS\EXPLORER.EXE
                    C:\YDPDICT\WATCH.EXE
                    C:\WINDOWS\TASKMON.EXE
                    C:\WINDOWS\SYSTEM\INTERNAT.EXE
                    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
                    C:\WINDOWS\RunDLL.exe
                    C:\PROGRAM FILES\GADU-GADU\GG.EXE
                    C:\WINDOWS\SYSTEM\WMIEXE.EXE
                    C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
                    D:\PROGRAMY\NA WIRUSY\HIJACKTHIS\HIJACKTHIS.EXE

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                    R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) -
                    _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
                    F1 - win.ini: load=C:\YDPDict\watch.exe
                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
                    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
                    C:\WINDOWS\SYSTEM\MSBE.DLL
                    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} -
                    C:\PROGRAM FILES\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL (file missing)
                    O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} -
                    C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                    C:\WINDOWS\SYSTEM\MSDXM.OCX
                    O3 - Toolbar: (no name) - The Search Accelerator -
                    {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
                    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                    O4 - HKLM\..\Run: [internat.exe] internat.exe
                    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
                    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
                    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
                    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
                    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
                    deskcp16.dll,QUICKRES_RUNDLLENTRY
                    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
                    O4 - HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\STUBINSTALLER5356.EXE"
                    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
                    O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                    O4 - Startup: Watchdog.lnk = C:\WINDOWS\TWAIN\A4s2\Watchdog.exe
                    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                    Office\Office\OSA9.EXE
                    O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
                    O4 - Startup: Aktywacja Testera.lnk = C:\YDPDICT\Watch.exe
                    O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
                    C:\Program Files\IrfanView\Ebay\Ebay.htm
                    O9 - Extra button: Microsoft AntiSpyware helper -
                    {078FBFE0-BA33-11D9-B393-000244487376} - (no file)
                    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
                    {078FBFE0-BA33-11D9-B393-000244487376} - (no file)
                    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                    C:\WINDOWS\web\related.htm
                    O9 - Extra 'Tools' menuitem: Show &Related Links -
                    {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
                    O9 - Extra button: Popup Blocker - {E606052C-E26E-EA9D-835B-BABA8BA9F1F9} -
                    C:\PROGRAM FILES\POPUP BLOCKER\POPUP_BLOCKER.DLL (file missing)
                    O9 - Extra 'Tools' menuitem: Popup Blocker -
                    {E606052C-E26E-EA9D-835B-BABA8BA9F1F9} - C:\PROGRAM FILES\POPUP
                    BLOCKER\POPUP_BLOCKER.DLL (file missing)
                    O9 - Extra button: Microsoft AntiSpyware helper -
                    {078FBFE0-BA33-11D9-B393-000244487376} - (no file) (HKCU)
                    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
                    {078FBFE0-BA33-11D9-B393-000244487376} - (no file) (HKCU)
                    O14 - IERESET.INF: SEARCH_PAGE_URL=
                    O14 - IERESET.INF: START_PAGE_URL=
                    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
                    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
                    Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
                    O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
                    iframedollars.biz/tb/loader2.ocx
                    O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)
                    O18 - Filter: text/html - {158C6E33-C1E0-11D9-95B0-0002A8B7B24D} -
                    C:\WINDOWS\SYSTEM\HPEK.DLL
                    O18 - Filter: text/plain - {158C6E33-C1E0-11D9-95B0-0002A8B7B24D} -
                    C:\WINDOWS\SYSTEM\HPEK.DLL

                    chyba jest cos zle, bo mi sie nie chcą otwierac strony nadal. np ta strona
                    www.searchengines.pl/phpbb203/index.php?showtopic=34586
                    gdzie jest sposób na wirusa, który mam, nie chce mi sie otworzyc...
                    • Gość: Kolobos Re: bardzo proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 11.05.05, 21:59
                      Usun jeszcze to:

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                      R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) -
                      _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
                      O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
                      C:\WINDOWS\SYSTEM\MSBE.DLL
                      O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} -
                      C:\PROGRAM FILES\NEED2FIND\BAR\1.BIN\ND2FNBAR.DLL (file missing)
                      Usun katalog NEED2FIND
                      O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} -
                      C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
                      O3 - Toolbar: (no name) - The Search Accelerator -
                      {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
                      O4 - HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\STUBINSTALLER5356.EXE"
                      O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
                      O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                      O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
                      Te pliki killboxem i katalog GMT do usuniecia.

                      O9 - Extra button: Microsoft AntiSpyware helper -
                      {078FBFE0-BA33-11D9-B393-000244487376} - (no file)
                      O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
                      {078FBFE0-BA33-11D9-B393-000244487376} - (no file)
                      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                      C:\WINDOWS\web\related.htm
                      O9 - Extra 'Tools' menuitem: Show &Related Links -
                      {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
                      O9 - Extra button: Popup Blocker - {E606052C-E26E-EA9D-835B-BABA8BA9F1F9} -
                      C:\PROGRAM FILES\POPUP BLOCKER\POPUP_BLOCKER.DLL (file missing)
                      O9 - Extra 'Tools' menuitem: Popup Blocker -
                      {E606052C-E26E-EA9D-835B-BABA8BA9F1F9} - C:\PROGRAM FILES\POPUP
                      BLOCKER\POPUP_BLOCKER.DLL (file missing)
                      O9 - Extra button: Microsoft AntiSpyware helper -
                      {078FBFE0-BA33-11D9-B393-000244487376} - (no file) (HKCU)
                      O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
                      {078FBFE0-BA33-11D9-B393-000244487376} - (no file) (HKCU)
                      O14 - IERESET.INF: SEARCH_PAGE_URL=
                      O14 - IERESET.INF: START_PAGE_URL=
                      O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
                      O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
                      Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
                      O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
                      iframedollars.biz/tb/loader2.ocx
                      O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)
                      O18 - Filter: text/html - {158C6E33-C1E0-11D9-95B0-0002A8B7B24D} -
                      C:\WINDOWS\SYSTEM\HPEK.DLL
                      O18 - Filter: text/plain - {158C6E33-C1E0-11D9-95B0-0002A8B7B24D} -
                      C:\WINDOWS\SYSTEM\HPEK.DLL

                      I wklej nowy log z hijackthis po usunieciu.
                  • Gość: ysabell Re: bardzo proszę o sprawdzenie loga IP: *.neoplus.adsl.tpnet.pl 11.05.05, 21:29
                    i zadne skanery z tych
                    www.plikownia.odu.pl/infopage.php?id=18&PHPSESSID=f402070cd34fa6310cc8eeea2365cdd8
                    nie chca mi sie otworzyc.
                    • Gość: Basia Re: bardzo proszę o sprawdzenie loga IP: *.internetdsl.tpnet.pl 12.05.05, 09:16
                      sprobuj przeskanowac tym skaner.mks.com.pl/ i tym www.pestpatrol.com :)
                      • Gość: Basia Re: bardzo proszę o sprawdzenie loga IP: *.internetdsl.tpnet.pl 12.05.05, 09:17
                        oj sorki...nie zauwazylam mksa. sprobuj czy ten drugi skanuje.
                    • Gość: Basia Re: bardzo proszę o sprawdzenie loga IP: *.internetdsl.tpnet.pl 12.05.05, 09:21
                      Przepraszam ze pisze na raty ale wlasnie doczytalam ze pojawia ci sie jakis blad
                      rundll. Opisz to dokladniej. Mozliwe ze rzeczywiscie wykasowalas jakis plik
                      systemowy.
Pełna wersja