Proszę o sprawdzenie tego loga

IP: *.mnc.pl 13.09.05, 01:16
    • Gość: Kolobos Re: Proszę o sprawdzenie tego loga IP: *.warszawa.sdi.tpnet.pl 13.09.05, 01:32
      Masz tyle syfu, ze log sie nie zmiescil..

      MSIE: Internet Explorer v6.00 (6.00.2600.0000) <- zaktualizuj IE jak juz sie
      odrobaczysz -> www.windowsupdate.com

      W hijackthis usun:
      R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
      www.roughsearch.com
      R1 - HKLM\Software\Microsoft\Internet Explorer,Search =
      www.roughsearch.com
      R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
      www.roughsearch.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      www.roughsearch.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      www.roughsearch.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      www.roughsearch.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      www.roughsearch.com
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -
      C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
      O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
      C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
      O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel.dll <- usun plik
      O4 - HKLM\..\Run: [lssas] C:\WINDOWS\SYSTEM\lssas.exe <- usun plik
      O4 - HKLM\..\Run: [win32.exe] C:\WINDOWS\win32.exe <- usun plik
      O4 - HKLM\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
      O4 - HKLM\..\Run: [InteliSys] C:\WINDOWS\SMSS.exe <- usun plik
      O4 - HKLM\..\Run: [Conguration Loader] EXPLORER.EXE
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O9 - Extra button: Search and Remove Spyware - {CDB280E8-BE43-4128-8A5A-
      3FCD094E2D88} - C:\PROGRAM FILES\REGFREEZE\RFSEARCHHANDLER.DLL
      O9 - Extra 'Tools' menuitem: Search and Remove Spyware - {CDB280E8-BE43-4128-
      8A5A-3FCD094E2D88} - C:\PROGRAM FILES\REGFREEZE\RFSEARCHHANDLER.DLL
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %
      windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
      {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file
      missing)
      O16 - DPF: {11111111-1111-1111-1111-111111111111} - ms-
      its:mhtml:<a href="

      I jeszcze skan tym:
      www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
      przeskanuj i wlacz ochrone przegladarki
      www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
      ochrone przegladarki
      I tym, ale nie wiem czy dziala pod 98:
      download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
      przeskanowaniu odinstaluj.

      Jak juz to wszystko zrobisz to wklej nowy log.
      • Gość: Bart Re: Proszę o sprawdzenie tego loga IP: *.mnc.pl 13.09.05, 12:25
        do tych porad zastosuję sie później:

        I jeszcze skan tym:
        www.safer-networking.org/pl/mirrors/index.html <-
        SpyBot S&D ->
        przeskanuj i wlacz ochrone przegladarki
        www.javacoolsoftware.com/spywareblaster.html <-
        SpywareBlaster -> wlacz
        ochrone przegladarki
        I tym, ale nie wiem czy dziala pod 98:
        download.ewido.net/ewido-setup.exe <- zrob update przed
        skanowaniem, po
        przeskanowaniu odinstaluj.


        jak na razie mój problem (link w pierwszym poscie) jest rozwiązany. Serdecznie
        dziękuję i pozdrawiam!
        • Gość: Kolobos Re: Proszę o sprawdzenie tego loga IP: *.warszawa.sdi.tpnet.pl 13.09.05, 12:37
          Ale jescze nie wszystko usuniete! Log sie nie zmiescil wiec wklej nowy.
          • Gość: Bart Re: Proszę o sprawdzenie tego loga IP: *.mnc.pl 13.09.05, 20:37
            Logfile of HijackThis v1.99.1
            Scan saved at 20:38:37, on 05-09-13
            Platform: Windows 98 SE (Win9x 4.10.2222A)
            MSIE: Internet Explorer v6.00 (6.00.2600.0000)

            Running processes:
            C:\WINDOWS\SYSTEM\KERNEL32.DLL
            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
            C:\WINDOWS\SYSTEM\SPOOL32.EXE
            C:\WINDOWS\SYSTEM\MPREXE.EXE
            C:\WINDOWS\SYSTEM\MSTASK.EXE
            C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
            C:\WINDOWS\SYSTEM\mmtask.tsk
            C:\WINDOWS\EXPLORER.EXE
            C:\WINDOWS\SYSTEM\RPCSS.EXE
            C:\WINDOWS\TASKMON.EXE
            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
            C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
            C:\WINDOWS\SYSTEM\STIMON.EXE
            C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
            C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
            C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
            C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
            C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
            C:\WINDOWS\TCLOCK\TCLOCK.EXE
            C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
            C:\PROGRAM FILES\SETI@HOME\SETISPY.EXE
            C:\WINDOWS\SYSTEM\WMIEXE.EXE
            C:\WINDOWS\SYSTEM\DDHELP.EXE
            C:\PROGRAM FILES\SETI@HOME\SETIATHOMELINE.EXE
            C:\WINDOWS\SYSTEM\WINOA386.MOD
            D:\PROGRAM FILES\GADU-GADU\GG.EXE
            C:\PROGRAM FILES\ACD SYSTEMS\ACDSEE\ACDSEE.EXE
            C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

            R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} -
            C:\PROGRA~1\COPERN~1\COPERN~1.DLL
            F1 - win.ini: run=hpfsched
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\SYSTEM\MSDXM.OCX
            O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} -
            C:\PROGRA~1\COPERN~1\COPERN~1.DLL
            O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
            O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
            O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
            powrprof.dll,LoadCurrentPwrScheme
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
            C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
            O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
            O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
            O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
            O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
            O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital
            Imaging\\Unload\hpqcmon.exe
            O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
            Packard\HP Share-to-Web\hpgs2wnd.exe
            O4 - HKLM\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
            O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
            Labs\ZoneAlarm\zlclient.exe
            O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
            O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
            O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP 2.81\WINAMPa.exe"
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
            C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
            powrprof.dll,LoadCurrentPwrScheme
            O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
            O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -
            service
            O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0
            \BIN\REGIST~1.EXE
            O4 - Startup: TClock.lnk = C:\WINDOWS\tclock\tclock.exe
            O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
            Files\Adobe\Calibration\Adobe Gamma Loader.exe
            O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office\OSA9.EXE
            O4 - Startup: SetiSpy.lnk = C:\Program Files\SETI@home\SetiSpy.exe
            O8 - Extra context menu item: Nagłówek EXIF - C:\Program Files\Photo Broffsee
            Tools\ie_integ.htm
            O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program
            Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
            O8 - Extra context menu item: Pobierz przez Net Transport - C:\Program
            Files\Xi\NetTransport 2\NTAddLink.html
            O8 - Extra context menu item: Pobierz wszystko przez Net Transport - C:\Program
            Files\Xi\NetTransport 2\NTAddList.html
            O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} -
            C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
            O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-
            8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
            O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} -
            C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE
            O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX
            Control) - www.mapa.lodz.pl/VIEWERS/CAB/mgaxctrl.cab
            O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
            skaner.mks.com.pl/SkanerOnline.cab
            O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
            194.117.7.147/activex/AxisCamControl.cab
            O16 - DPF: {11111111-1111-1111-1111-111111111111} - ms-
            its:mhtml:file://C:\x.mht!http://64.237.47.178/chm.chm::/1/e.exe
            O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
            www.pandasoftware.com/activescan/as5free/asinst.cab
            O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:
            oo.mhtml!81.9.3.86//scripts//dw//chm.chm?id=dp::/win.exe
            O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer
            Diagnostics) -
            ispe.sdc.hp.com/awebui/jsp/answerweb/applets/HPISWebManager.CAB
            O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) -
            67.15.101.3/g_bin/pl/mahjong_2_0_0_18.cab
            O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
            www.bitdefender.com/scan8/oscan8.cab
            O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
            components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?
            url=www.iwankulik.com/img/galerie/folwark/ThumbnailFrame.html
            O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = ***.pl
            O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = **********
            O19 - User stylesheet: C:\WINDOWS\win32.bmp (file missing)
            O21 - SSODL: System - {13236940-D746-11D8-826D-000ACD00A739} -
            C:\WINDOWS\system32\system32.dll

            • Gość: Kolobos Re: Proszę o sprawdzenie tego loga IP: *.warszawa.sdi.tpnet.pl 13.09.05, 21:06
              Usun jeszcze:

              O16 - DPF: {11111111-1111-1111-1111-111111111111} - ms-
              its:mhtml:file://C:\x.mht!http://64.237.47.178/chm.chm::/1/e.exe
              O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:
              oo.mhtml!81.9.3.86//scripts//dw//chm.chm?id=dp::/win.exe
              O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
              components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab?
              url=www.iwankulik.com/img/galerie/folwark/ThumbnailFrame.html
              O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = ***.pl
              O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = ********** <- jak nie
              masz co wpisac to nie wpisuj nic!
              O19 - User stylesheet: C:\WINDOWS\win32.bmp (file missing)
              O21 - SSODL: System - {13236940-D746-11D8-826D-000ACD00A739} -
              C:\WINDOWS\system32\system32.dll <- usun plik.
Pełna wersja