Hijack-prosba o sprawdzenie loga


(Biedronka01) #1

Prosze rzucic na to okiem i powiedziec co mi miesza w ustawieniach.

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\MSDTCW.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\TEMP\ICSUPP95.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOMAU08.EXE

C:\PROGRAM FILES\OPENOFFICE.ORG1.1.0\PROGRAM\SOFFICE.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE

C:\WINDOWS\SYSTEM\HPZIPM12.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOFXM08.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\TLEN.PL\TLEN.EXE

C:\WINDOWS\MSXMIDI.EXE

C:\PROGRAM FILES\SOPHOS SWEEP\SWEEP95.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\MOJE DOKUMENTY\INSTALKI\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\DPE.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\SYSTEM\GREENMK.exe

O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [InterCheckMonitor] "C:\PROGRAM FILES\SOPHOS SWEEP\ICMON.EXE" -minimised

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start

O4 - HKLM\..\RunServices: [Sweep95] C:\Program Files\Sophos SWEEP\ICLOAD95.EXE

O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" "+b1"

O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1014.dll,InstantAccess

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\RunServices: [Instant Access] rundll32.exe p2esocks_1014.dll,InstantAccess

O4 - HKCU\..\RunServices: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - Startup: hp officejet 4100 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe

O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe

O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?

O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/autoryzacja/mailcfg.ocx

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx

O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN.cab

O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

(Adarek) #2

unuń:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated) 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated) 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) 

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated) 

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated

O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/? 

O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/? 

O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1014.dll,InstantAccess

Sprawdz sys. programem CWShredder


(Biedronka01) #3

PHYLBY! !!