Gość: Kolobos Re: Proszę o sprawdzenie tego loga IP: *.warszawa.sdi.tpnet.pl 13.09.05, 01:32 Masz tyle syfu, ze log sie nie zmiescil.. MSIE: Internet Explorer v6.00 (6.00.2600.0000) <- zaktualizuj IE jak juz sie odrobaczysz -> www.windowsupdate.com W hijackthis usun: R1 - HKCU\Software\Microsoft\Internet Explorer,Search = www.roughsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer,Search = www.roughsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = www.roughsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.roughsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.roughsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.roughsearch.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.roughsearch.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel.dll <- usun plik O4 - HKLM\..\Run: [lssas] C:\WINDOWS\SYSTEM\lssas.exe <- usun plik O4 - HKLM\..\Run: [win32.exe] C:\WINDOWS\win32.exe <- usun plik O4 - HKLM\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min O4 - HKLM\..\Run: [InteliSys] C:\WINDOWS\SMSS.exe <- usun plik O4 - HKLM\..\Run: [Conguration Loader] EXPLORER.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Search and Remove Spyware - {CDB280E8-BE43-4128-8A5A- 3FCD094E2D88} - C:\PROGRAM FILES\REGFREEZE\RFSEARCHHANDLER.DLL O9 - Extra 'Tools' menuitem: Search and Remove Spyware - {CDB280E8-BE43-4128- 8A5A-3FCD094E2D88} - C:\PROGRAM FILES\REGFREEZE\RFSEARCHHANDLER.DLL O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - % windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {11111111-1111-1111-1111-111111111111} - ms- its:mhtml:<a href=" I jeszcze skan tym: www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D -> przeskanuj i wlacz ochrone przegladarki www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz ochrone przegladarki I tym, ale nie wiem czy dziala pod 98: download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po przeskanowaniu odinstaluj. Jak juz to wszystko zrobisz to wklej nowy log. Odpowiedz Link Zgłoś
Gość: Bart Re: Proszę o sprawdzenie tego loga IP: *.mnc.pl 13.09.05, 12:25 do tych porad zastosuję sie później: I jeszcze skan tym: www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D -> przeskanuj i wlacz ochrone przegladarki www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz ochrone przegladarki I tym, ale nie wiem czy dziala pod 98: download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po przeskanowaniu odinstaluj. jak na razie mój problem (link w pierwszym poscie) jest rozwiązany. Serdecznie dziękuję i pozdrawiam! Odpowiedz Link Zgłoś
Gość: Kolobos Re: Proszę o sprawdzenie tego loga IP: *.warszawa.sdi.tpnet.pl 13.09.05, 12:37 Ale jescze nie wszystko usuniete! Log sie nie zmiescil wiec wklej nowy. Odpowiedz Link Zgłoś
Gość: Bart Re: Proszę o sprawdzenie tego loga IP: *.mnc.pl 13.09.05, 20:37 Logfile of HijackThis v1.99.1 Scan saved at 20:38:37, on 05-09-13 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\WINDOWS\TCLOCK\TCLOCK.EXE C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE C:\PROGRAM FILES\SETI@HOME\SETISPY.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\SETI@HOME\SETIATHOMELINE.EXE C:\WINDOWS\SYSTEM\WINOA386.MOD D:\PROGRAM FILES\GADU-GADU\GG.EXE C:\PROGRAM FILES\ACD SYSTEMS\ACDSEE\ACDSEE.EXE C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL F1 - win.ini: run=hpfsched O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett- Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP 2.81\WINAMPa.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE - service O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0 \BIN\REGIST~1.EXE O4 - Startup: TClock.lnk = C:\WINDOWS\tclock\tclock.exe O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: SetiSpy.lnk = C:\Program Files\SETI@home\SetiSpy.exe O8 - Extra context menu item: Nagłówek EXIF - C:\Program Files\Photo Broffsee Tools\ie_integ.htm O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: Pobierz przez Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Pobierz wszystko przez Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB- 8D3605EFC084} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRAM FILES\COPERNIC AGENT\COPERNICAGENT.EXE O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - www.mapa.lodz.pl/VIEWERS/CAB/mgaxctrl.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - skaner.mks.com.pl/SkanerOnline.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - 194.117.7.147/activex/AxisCamControl.cab O16 - DPF: {11111111-1111-1111-1111-111111111111} - ms- its:mhtml:file://C:\x.mht!http://64.237.47.178/chm.chm::/1/e.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - www.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C: oo.mhtml!81.9.3.86//scripts//dw//chm.chm?id=dp::/win.exe O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - ispe.sdc.hp.com/awebui/jsp/answerweb/applets/HPISWebManager.CAB O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - 67.15.101.3/g_bin/pl/mahjong_2_0_0_18.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab? url=www.iwankulik.com/img/galerie/folwark/ThumbnailFrame.html O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = ***.pl O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = ********** O19 - User stylesheet: C:\WINDOWS\win32.bmp (file missing) O21 - SSODL: System - {13236940-D746-11D8-826D-000ACD00A739} - C:\WINDOWS\system32\system32.dll Odpowiedz Link Zgłoś
Gość: Kolobos Re: Proszę o sprawdzenie tego loga IP: *.warszawa.sdi.tpnet.pl 13.09.05, 21:06 Usun jeszcze: O16 - DPF: {11111111-1111-1111-1111-111111111111} - ms- its:mhtml:file://C:\x.mht!http://64.237.47.178/chm.chm::/1/e.exe O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C: oo.mhtml!81.9.3.86//scripts//dw//chm.chm?id=dp::/win.exe O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - components.viewpoint.com/adobe/MTSInstallers/MetaStream3.cab? url=www.iwankulik.com/img/galerie/folwark/ThumbnailFrame.html O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = ***.pl O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = ********** <- jak nie masz co wpisac to nie wpisuj nic! O19 - User stylesheet: C:\WINDOWS\win32.bmp (file missing) O21 - SSODL: System - {13236940-D746-11D8-826D-000ACD00A739} - C:\WINDOWS\system32\system32.dll <- usun plik. Odpowiedz Link Zgłoś