Bardzo proszę o sprawdzenie loga


(załamany) #1

Proszę o sprawdzenie loga i dość łopatologiczne wytłumaczenie co i jak mam pousuwać. Strasznie dużo tu tego syfu (tak mi się wydaje przynajmniej). Z góry przeogromnie dziękuję.

Logfile of HijackThis v1.99.1

Scan saved at 19:43:19, on 06-12-2005

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE

C:\WINDOWS\SYSTEM\PAYTIME.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\WINDOWS\SYSTEM\PAYTIME.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\WINDOWS\SYSTEM\W98EJECT.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://www.searchnow.ws/search/

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.pagesubmit.com/search/side.shtml

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-1.net/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-1.net/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-1.net/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.1stpagehere.com/s.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-1.net/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F1 - win.ini: run=hpfsched

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)

O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)

O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\DREXINIT.DLL (file missing)

O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL (file missing)

O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\GameDeviceDriver\RFPIcon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth

O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe

O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe

O4 - HKLM\..\Run: [Microsoft Tray] C:\DOWNLOADS\VIDEO STRIP POKER 2002.EXE

O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\PROGRAM FILES\ABBYY FINEREADER 7.0 PROFESSIONAL EDITION\ABBYYNEWSREADER.EXE"

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL

O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe

O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\SYSTEM\gah95on6.exe

O4 - HKLM\..\Run: [xynmjkb] C:\WINDOWS\xynmjkb.exe

O4 - HKLM\..\Run: [saap] c:\program files\180search assistant\saap.exe

O4 - HKLM\..\Run: [hmfav] C:\WINDOWS\hmfav.exe

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe

O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe

O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

O4 - HKLM\..\Run: [wpjfbgsb] c:\windows\system\wpjfbgsb.exe

O4 - HKLM\..\Run: [_Cat3] C:\WINDOWS\msmsgrxp.exe

O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE

O4 - HKLM\..\Run: [AdTools Service] C:\PROGRAM FILES\ADTOOLS SERVICE\ADTOOLS.EXE

O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [AVX Communicator] C:\WINDOWS\SYSTEM\XCOMMSVR.EXE

O4 - HKLM\..\RunServices: [AvxIni] c:\program files\softwin\antivirus expert professional\avxinit.exe

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKCU\..\Run: [Ouad] C:\Program Files\ttea\crem.exe

O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe

O4 - HKCU\..\Run: [WindowsFY] C:\BSW.EXE

O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download with GetRight - C:\PROGRA~1\GETRIGHT\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\PROGRA~1\GETRIGHT\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra button: Microsoft AntiSpyware helper - {600E98E0-D364-11D9-BD95-002040C579DB} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {600E98E0-D364-11D9-BD95-002040C579DB} - (no file) (HKCU)

O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted IP range: 81.222.131.59

O15 - Trusted IP range: 81.222.131.59 (HKLM)

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

O16 - DPF: {8BC4B4C3-2CA2-44B0-9A36-495EF3946E22} (Flo2_L1 Control) - http://www.nokiagame.com/games/1fpO934H6RyteU8j62jfl/flo2_l1.cab

O16 - DPF: {83B67220-025C-416C-8049-398E12764B36} (Flo2_L2 Control) - http://www.nokiagame.com/games/2K1E4R5Vem5ui1Sw1Wyas/flo2_l2.cab

O16 - DPF: {970D1F38-542B-471C-9574-72E1AE852EA1} (Flo2_L4 Control) - http://www.nokiagame.com/games/4eQo0tyh3Gldg2En371h3/flo2_l4.cab

O16 - DPF: {B47CD421-1AA8-4FE6-A25A-5824BDADC307} (Flo2_L3 Control) - http://www.nokiagame.com/games/3Uyti4JKfpumjn246j8HI/flo2_l3.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://cashsearch.biz/legal/x.chm::/load.exe

O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GINCHESS Class) - http://gryonline.wp.pl/files/chess_2_0_0_6.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosuxxxc.mht!http://kazaalite.pl/stats/script/loud.chm::/Bridge-c139.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_20.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_62.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - ms-its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/mt.chm::/MediaTicketsInstaller.cab

O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\thun32.dll (file missing)

(Gutek) #2
  1. Zastartować do trybu awaryjnego bez internetu(opis TU).

  2. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. Dodatkowo O15 może będzie stawiać opór więc ściągnij KillTrusted 0.7

  3. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  4. Dokończyć skanerami online - Scanery do wyboru

  5. Pokazać nowy log :stuck_out_tongue:

Użyj FxIstbar.exe.


(załamany) #3
Logfile of HijackThis v1.99.1

Scan saved at 23:06:38, on 06-12-2005

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\WINDOWS\SYSTEM\W98EJECT.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F1 - win.ini: run=hpfsched

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\GameDeviceDriver\RFPIcon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth

O4 - HKLM\..\Run: [Microsoft Tray] C:\DOWNLOADS\VIDEO STRIP POKER 2002.EXE

O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\PROGRAM FILES\ABBYY FINEREADER 7.0 PROFESSIONAL EDITION\ABBYYNEWSREADER.EXE"

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL

O4 - HKLM\..\Run: [saap] c:\program files\180search assistant\saap.exe

O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [AVX Communicator] C:\WINDOWS\SYSTEM\XCOMMSVR.EXE

O4 - HKLM\..\RunServices: [AvxIni] c:\program files\softwin\antivirus expert professional\avxinit.exe

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKCU\..\Run: [Ouad] C:\Program Files\ttea\crem.exe

O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download with GetRight - C:\PROGRA~1\GETRIGHT\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\PROGRA~1\GETRIGHT\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted IP range: 81.222.131.59

O15 - Trusted IP range: 81.222.131.59 (HKLM)

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GINCHESS Class) - http://gryonline.wp.pl/files/chess_2_0_0_6.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_20.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_62.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

(Gutek) #4

do usuniecia foldery w trybie awaryjnym, użyłeś KillTrusted 0.7


(załamany) #5

Przepraszam, nie bardzo rozumiem. Nie mogę w ogóle znaleźć tych folderów (i w trybie normalnym i w awaryjnym), a tego programu jakby nie mogę odpalić

(w okienku, na czarnym tle pojawia się napis:

WARNING! : This tool will remove your HOSTS FILE ! If you have specifical HOSTS with adblocks\DNS Redirects, please backup IT !

Press any key to continue…

-> i po wciskaniu klawiszy, nic się nie dzieje)


(Gutek) #6

W trybie awaryjnym?

A masz zaznaczone: Narzędzia >>> Opcje folderów >>> Widok

Zaznaczone Pokaż ukryte pliki i foldery + odznaczone Ukryj chronione pliki systemu operacyjnego…


(załamany) #7

Taa, w awaryjnym, w widoku mam tak zaznaczone opcje jak napisałeś…

Logfile of HijackThis v1.99.1

Scan saved at 17:54:50, on 07-12-2005

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\WINDOWS\SYSTEM\W98EJECT.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F1 - win.ini: run=hpfsched

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\GameDeviceDriver\RFPIcon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth

O4 - HKLM\..\Run: [Microsoft Tray] C:\DOWNLOADS\VIDEO STRIP POKER 2002.EXE

O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\PROGRAM FILES\ABBYY FINEREADER 7.0 PROFESSIONAL EDITION\ABBYYNEWSREADER.EXE"

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL

O4 - HKLM\..\Run: [saap] c:\program files\180search assistant\saap.exe

O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [AVX Communicator] C:\WINDOWS\SYSTEM\XCOMMSVR.EXE

O4 - HKLM\..\RunServices: [AvxIni] c:\program files\softwin\antivirus expert professional\avxinit.exe

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKCU\..\Run: [Ouad] C:\Program Files\ttea\crem.exe

O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download with GetRight - C:\PROGRA~1\GETRIGHT\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\PROGRA~1\GETRIGHT\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GINCHESS Class) - http://gryonline.wp.pl/files/chess_2_0_0_6.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_20.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_62.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

(Gutek) #8

Ok użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot i w polu Full Path of File to Delete wklejasz ścieżki

C:\Program Files\ttea\crem.exe

C:\Program Files\ttea\crem.exe i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.


(załamany) #9
Logfile of HijackThis v1.99.1

Scan saved at 20:26:14, on 08-12-2005

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\WINDOWS\SYSTEM\W98EJECT.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\WINAMP\WINAMP.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F1 - win.ini: run=hpfsched

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe

O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\GameDeviceDriver\RFPIcon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth

O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\PROGRAM FILES\ABBYY FINEREADER 7.0 PROFESSIONAL EDITION\ABBYYNEWSREADER.EXE"

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [AVX Communicator] C:\WINDOWS\SYSTEM\XCOMMSVR.EXE

O4 - HKLM\..\RunServices: [AvxIni] c:\program files\softwin\antivirus expert professional\avxinit.exe

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Download with GetRight - C:\PROGRA~1\GETRIGHT\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\PROGRA~1\GETRIGHT\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O12 - Plugin for .avi: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {DCB16E44-D6DB-473E-A251-F6FBB381C1C3} (GINCHESS Class) - http://gryonline.wp.pl/files/chess_2_0_0_6.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_20.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_62.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.pl/resources/virusscanner/kavwebscan_ansi.cab

Poza tym cały czas po włączeniu kompa, wyskakuje okienko z komunikatem o braku pliku “ibm00001.exe”.


(Gutek) #10

Ok log

Co do błedu:

Start >>> Uruchom>>> sysedit

Wybierasz okno z plikiem system.ini i w sekcji [boot] jest po shell = explorer.exe ibm00001.exe" [MS], usunąć stamtąd ibm00001.exe (ma zostać shell=explorer.exe) :wink: