prosze o spr loga

29.03.06, 18:08
z gory dzieki za odp
Logfile of HijackThis v1.99.1
Scan saved at 18:03:35, on 06-03-29
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WIN98\SYSTEM\KERNEL32.DLL
C:\WIN98\SYSTEM\MSGSRV32.EXE
C:\WIN98\SYSTEM\MPREXE.EXE
C:\WIN98\SYSTEM\mmtask.tsk
C:\WIN98\SYSTEM\MSTASK.EXE
C:\WIN98\SYSTEM\SHELLBN.EXE
C:\WIN98\EXPLORER.EXE
C:\WIN98\TASKMON.EXE
C:\WIN98\SYSTEM\INTERNAT.EXE
C:\WIN98\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WIN98\RUNDLL32.EXE
C:\WIN98\SYSTEM\PAYTIME.EXE
C:\WINSTALL.EXE
C:\WIN98\SYSTEM\TASKDIR.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\WIN98\SYSTEM\RNAAPP.EXE
C:\WIN98\SYSTEM\TAPISRV.EXE
C:\WIN98\SYSTEM\DDHELP.EXE
C:\WIN98\PULPIT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} -
C:\WIN98\SYSTEM32\IASADA.DLL
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
Files\NewDotNet\newdotnet3_88.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WIN98\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WIN98\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [eDonkey2000] "C:\PROGRAM FILES\EDONKEY2000\EDONKEY2000.EXE" -t
O4 - HKLM\..\Run: [New.net Startup] rundll32
C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [PayTime] C:\WIN98\SYSTEM\paytime.exe
O4 - HKLM\..\Run: [shellbn] C:\WIN98\SYSTEM\shellbn.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT
SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [shellbn] C:\WIN98\SYSTEM\shellbn.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [eMuleAutoStart] C:\PROGRAM FILES\EMULE\EMULE.EXE -AutoStart
O4 - HKCU\..\Run: [Shell] "C:\WIN98\SYSTEM\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [taskdir] C:\WIN98\SYSTEM\taskdir.exe
O4 - HKCU\..\Run: [shellbn] C:\WIN98\SYSTEM\shellbn.exe
O4 - HKCU\..\RunServices: [taskdir] C:\WIN98\SYSTEM\taskdir.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -
www.azebar.com/install/azesearch.cab
    • barracuda7110 Re: prosze o spr loga 29.03.06, 18:26
      Zamknij w menadżerze zadań następujące procesy, usuń pliki programem killbox
      (opcja delete on reboot) później skasuj wpisy w hijackthis:
      > O4 - HKLM\..\Run: [PayTime] C:\WIN98\SYSTEM\paytime.exe
      > O4 - HKCU\..\Run: [Shell] "C:\WIN98\SYSTEM\ibm00001.exe"
      > O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
      > O4 - HKCU\..\Run: [taskdir] C:\WIN98\SYSTEM\taskdir.exe

      Skasuj wpis w hijackthis i usuń plik z dysku:
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > c:\secure32.html
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.ht
      > ml
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > c:\secure32.html
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.ht
      > ml
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.ht
      > ml
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.ht
      > ml
      Wpisy 010 naprawisz programem lspfix. Do znalezienia na google.

      Masz straszliwy śmietnik w kompie. Zainstaluj poprawki do explorera i firewalla.
      • Gość: k Re: prosze o spr loga IP: *.warszawa.sdi.tpnet.pl 29.03.06, 19:19
        a reszta? przeciez w logu jest duzo wiecej do usuniecia :>
        • barracuda7110 Re: prosze o spr loga 29.03.06, 19:27
          Tam jest tyle śmiecia, że lepiej napisać co ma_nie_usunąć :D.
          • Gość: k Re: prosze o spr loga IP: *.warszawa.sdi.tpnet.pl 29.03.06, 19:56
            Ale jak juz wymieniasz to wszystko, a nie pare i zostawiasz :>

            alt+ctrl+del i zakonczyc:
            C:\WIN98\SYSTEM\SHELLBN.EXE
            C:\WIN98\SYSTEM\PAYTIME.EXE
            C:\WINSTALL.EXE
            C:\WIN98\SYSTEM\TASKDIR.EXE

            W hijackthis:
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
            c:\secure32.html
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            c:\secure32.html
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
            c:\secure32.html <- plik do kasacji.
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
            c:\secure32.html
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            c:\secure32.html
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
            c:\secure32.html
            O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} -
            C:\WIN98\SYSTEM32\IASADA.DLL <- plik do kasacji
            O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
            Files\NewDotNet\newdotnet3_88.dll
            O4 - HKLM\..\Run: [BearShare] "C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE" /pause
            <- tez najlepiej odinstaluj ten syf.
            O4 - HKLM\..\Run: [eDonkey2000] "C:\PROGRAM FILES\EDONKEY2000\EDONKEY2000.EXE" -
            t <- odinstalowac skoro masz juz eMule..
            O4 - HKLM\..\Run: [New.net Startup] rundll32
            C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup <- odinstalowac newdotnet
            Usunac z dysku te pliki exe:
            O4 - HKLM\..\Run: [PayTime] C:\WIN98\SYSTEM\paytime.exe
            O4 - HKLM\..\Run: [shellbn] C:\WIN98\SYSTEM\shellbn.exe
            O4 - HKLM\..\RunServices: [shellbn] C:\WIN98\SYSTEM\shellbn.exe
            O4 - HKCU\..\Run: [Shell] "C:\WIN98\SYSTEM\ibm00001.exe"
            O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
            O4 - HKCU\..\Run: [taskdir] C:\WIN98\SYSTEM\taskdir.exe
            O4 - HKCU\..\Run: [shellbn] C:\WIN98\SYSTEM\shellbn.exe
            O4 - HKCU\..\RunServices: [taskdir] C:\WIN98\SYSTEM\taskdir.exe
            O10 - Hijacked Internet access by New.Net <- usunac newdotnet przy pomocy
            lspfix, link w przyklejonym.
            O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} -
            www.azebar.com/install/azesearch.cab

            Do tego skan SpyBot S&D
            • barracuda7110 Re: prosze o spr loga 29.03.06, 19:58
              > C:\WIN98\SYSTEM\SHELLBN.EXE

              Na temat tego nie mogłem wygooglać nic sensownego.
Pełna wersja