Bardzo prosze o sprawdzenie Log


(Robertos777) #1

Logfile of HijackThis v1.98.2

Scan saved at 19:08:06, on 05-05-13

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_MENU.EXE

C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\802.11 WIRELESS LAN\WLAN CARDBUS\RTLWAKE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_VIRW.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_SCAN.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\TEMP\RAR$EX00.069\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\win98\tour\whatsnew\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [internat.exe] internat.exe

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

O4 - HKLM..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe

O4 - HKLM..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe

O4 - HKLM..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE

O4 - HKLM..\RunServices: [schedulingAgent] mstask.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - HKCU..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O4 - HKCU..\RunServices: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU..\RunServices: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - HKCU..\RunServices: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O4 - Startup: WLAN Cardbus.lnk = C:\Program Files\802.11 Wireless LAN\WLAN Cardbus\RtlWake.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\PROGRAM FILES\FLASHGET\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\PROGRAM FILES\FLASHGET\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34


(Musg) #2

po pierwsze daj log z nowej wersji:

http://www.richardthelionhearted.com/~m ... loads.html

i sprawdz czy wysylasz na forum pelny log

czy nie jest obciety


(Gutek) #3

usuń folder NEWDOT~1 po usunięciu z dodaj\usuń, LSP-Fix usuniesz wpisy 010 TU opis działania :stuck_out_tongue:


(Robertos777) #4

Log z nowszej wersji----prosze o pisanie mi co i jak mam zrobić :roll: ------

Logfile of HijackThis v1.99.1

Scan saved at 12:07:57, on 05-05-14

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_MENU.EXE

C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE

C:\PROGRAM FILES\802.11 WIRELESS LAN\WLAN CARDBUS\RTLWAKE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

C:\PROGRAM FILES\WINRAR\WINRAR.EXE

C:\WINDOWS\TEMP\RAR$EX00.419\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\win98\tour\whatsnew\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [internat.exe] internat.exe

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

O4 - HKLM..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe

O4 - HKLM..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe

O4 - HKLM..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE

O4 - HKLM..\RunServices: [schedulingAgent] mstask.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - HKCU..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O4 - Startup: WLAN Cardbus.lnk = C:\Program Files\802.11 Wireless LAN\WLAN Cardbus\RtlWake.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\PROGRAM FILES\FLASHGET\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\PROGRAM FILES\FLASHGET\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34


(Gutek) #5

No ja zwarjuje opis masz wyżej :stuck_out_tongue:


(Musg) #6

moze i tak ale warto sprawdzac log dokladnie ,a to?:

rowniez usun :slight_smile:


(Gutek) #7

A powidź mi dlaczego ta stronę chcesz usunąc? :smiley:


(Musg) #8

jaja sobie robisz czy spamujesz?


(Gutek) #9

Nie pytam czy znasz c:\win98\tour\whatsnew takie rozszerzenie :stuck_out_tongue:

Usunąć może ale powód przykład proszę, dlaczego ma usunąć ciekawość


(Musg) #10

ciekawosc to bardzo pozytywna cecha

a teraz luknij i sie popraw

luk


(Gutek) #11

Sorki nie przekonałeś mnie, widzisz to 26-06-2004 datę :stuck_out_tongue: Ja lukałem wcześniej na tą stronkę znam to foum dosyć dobrze(widzisz jakieś wpisy od trojana) :stuck_out_tongue: Ok niech usunie jest Main,Local Page = ...blank.htm


(Musg) #12

:o

ok-ma usunac obowiazkowo