wielka prośba o sprawdzenie loga

IP: *.toya.net.pl / *.toya.net.pl 18.10.05, 15:13
Logfile of HijackThis v1.99.1
Scan saved at 09:20:17, on 2005-10-18
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
searchmyrequest.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = best-
search.cc/search.php?v=6&aff=8208994
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = best-
search.cc/index.php?v=6&aff=8208994
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.idg.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
www.idg.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program
Microsoft Internet Explorer dostarczony przez IDG.pl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = proxy.toya.net.pl:6060
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Łącza
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} -
C:\WINDOWS\SYSTEM\WSTART.DLL (file missing)
O3 - Toolbar: SuperBar - {0A9FC720-4271-11D7-9CD8-00A0D213684E} - C:\PROGRAM
FILES\SUPERBAR\SUPERBAR.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
deskcp16.dll,QUICKRES_RUNDLLENTRY
O8 - Extra context menu item: Pobierz z &BitSpirit - D:\BITSPIRIT\bsurl.htm
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} -
www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-
0090276F843F} - www.net2phone.com/ (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL (file missing)
O14 - IERESET.INF: START_PAGE_URL=www.idg.pl
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) -
67.15.101.3/g_bin/pl/boards_2_0_0_21.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX
Control) - www.modgik.lodz.pl/Mapa/mgaxctrl.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire
Marbles&Diamonds&Runes) - 67.15.101.3/g_bin/pl/marbles_2_0_0_22.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) -
67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) -
security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)
    • Gość: Kolobos Re: wielka prośba o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 18.10.05, 18:41
      Do kasacji w hijackthis to:

      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
      searchmyrequest.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = best-
      search.cc/search.php?v=6&aff=8208994
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = best-
      search.cc/index.php?v=6&aff=8208994
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      www.idg.pl
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} -
      C:\WINDOWS\SYSTEM\WSTART.DLL (file missing)
      O3 - Toolbar: SuperBar - {0A9FC720-4271-11D7-9CD8-00A0D213684E} - C:\PROGRAM
      FILES\SUPERBAR\SUPERBAR.DLL (file missing)
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
      file)
      O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} -
      www.net2phone.com/ (file missing)
      O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-
      0090276F843F} - www.net2phone.com/ (file missing)
      O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
      C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL (file missing)
      O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
      static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab
      O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - (no file)

      Zainstaluj tez to:
      www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
      przeskanuj i wlacz ochrone przegladarki
      www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
      ochrone przegladarki
      www.wilderssecurity.net/spywareguard.html <- SpywareGuard
      uzyj tez tego:
      cwshredder.net/bin/CWShredder.exe

      Po wszystkim wklej nowy log.
      • Gość: anzelka Re: wielka prośba o sprawdzenie loga IP: *.toya.net.pl / *.toya.net.pl 19.10.05, 08:27
        oto kolejny, jeszcze ciepły log ;]]


        Logfile of HijackThis v1.99.1
        Scan saved at 08:28:09, on 2005-10-19
        Platform: Windows 98 SE (Win9x 4.10.2222A)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\EXPLORER.EXE
        C:\WINDOWS\TASKMON.EXE
        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
        C:\PROGRAM FILES\ANTIVIRENKIT\AVKWCTL9.EXE
        C:\WINDOWS\RunDLL.exe
        C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
        C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
        C:\WINDOWS\SYSTEM\WMIEXE.EXE
        C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.onet.pl/
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
        www.idg.pl/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program
        Microsoft Internet Explorer dostarczony przez IDG.pl
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        Settings,ProxyServer = proxy.toya.net.pl:6060
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
        Files\Norton AntiVirus\NavShExt.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
        Files\Spybot - Search & Destroy\SDHelper.dll
        O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-
        0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
        O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
        C:\Program Files\Norton AntiVirus\NavShExt.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\SYSTEM\MSDXM.OCX
        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\Run: [AVKWCtl] C:\PROGRA~1\ANTIVI~1\AVKWCTL9.EXE
        O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
        deskcp16.dll,QUICKRES_RUNDLLENTRY
        O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
        O8 - Extra context menu item: Pobierz z &BitSpirit - D:\BITSPIRIT\bsurl.htm
        O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
        C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
        O14 - IERESET.INF: START_PAGE_URL=www.idg.pl
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) -
        67.15.101.3/g_bin/pl/boards_2_0_0_21.cab
        O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX
        Control) - www.modgik.lodz.pl/Mapa/mgaxctrl.cab
        O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire
        Marbles&Diamonds&Runes) - 67.15.101.3/g_bin/pl/marbles_2_0_0_22.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
        acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) -
        67.15.101.3/g_bin/pl/words_2_0_0_36.cab
        O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
        Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
        O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
        security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

        • Gość: Kolobos Re: wielka prośba o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 19.10.05, 09:52
          Wszystko juz wyglada ok.
          • Gość: anzelka Re: wielka prośba o sprawdzenie loga IP: *.toya.net.pl / *.toya.net.pl 19.10.05, 09:56
            dzieki wielkie za pomoc

            nadal mam problem z plikiem ibm00001.exe tzn. przy starcie windowsa krzyczy ze
            go brakuje
            myslalam ze wystrczą te zabiegi ale nadal woła :((
            masz jakis pomysl co z tym zrobic, oczywiscie jakby ci sie jeszcze chcialo...

            pozdrawiam
Pełna wersja