Log koleżanki

Dla specjalistów Bezpieczeństwo
#1 
karolina (17:42)

Logfile of HijackThis v1.99.1

Scan saved at 17:41:22, on 05-12-17

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 (5.00.2614.3500)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SOINTGR.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\WINAMP3\WINAMPA.EXE

C:\PROGRAM FILES\PWN\DEFINICJE\BIN\STARTER.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\PROGRAM FILES\HBTOOLS\BIN\4.7.1.0\HBTOEADDON.EXE

C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\PROGRAM FILES\MEDIAGATEWAY\MEDIAGATEWAY.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE

C:\PROGRAM FILES\MKS_VIR\MKS_MON.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE

C:\PROGRAM FILES\MKS_VIR\MKS_MENU.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\WINZIP\WINZIP32.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

karolina (17:43)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F1 - win.ini: run=hpfsched

O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com

O1 - Hosts: 127.0.0.5 x.full-tgp.net

O1 - Hosts: 127.0.0.5 counter.sexmaniack.com

O1 - Hosts: 127.0.0.5 autoescrowpay.com

O1 - Hosts: 127.0.0.5 www.autoescrowpay.com

O1 - Hosts: 127.0.0.5 www.awmdabest.com

O1 - Hosts: 127.0.0.5 www.sexfiles.nu

O1 - Hosts: 127.0.0.5 awmdabest.com

O1 - Hosts: 127.0.0.5 sexfiles.nu

O1 - Hosts: 127.0.0.5 allforadult.com

O1 - Hosts: 127.0.0.5 www.allforadult.com

O1 - Hosts: 127.0.0.5 www.iframe.biz

O1 - Hosts: 127.0.0.5 iframe.biz

O1 - Hosts: 127.0.0.5 www.newiframe.biz

O1 - Hosts: 127.0.0.5 newiframe.biz

O1 - Hosts: 127.0.0.5 www.vesbiz.biz

O1 - Hosts: 127.0.0.5 vesbiz.biz

O1 - Hosts: 127.0.0.5 www.pizdato.biz

O1 - Hosts: 127.0.0.5 pizdato.biz

O1 - Hosts: 127.0.0.5 www.awmcash.biz

O1 - Hosts: 127.0.0.5 awmcash.biz

O1 - Hosts: 127.0.0.5 buldog-stats.com

O1 - Hosts: 127.0.0.5 www.buldog-stats.com

O1 - Hosts: 127.0.0.5 fregat.drocherway.com

O1 - Hosts: 127.0.0.5 slutmania.biz

O1 - Hosts: 127.0.0.5 www.slutmania.biz

O1 - Hosts: 127.0.0.5 toolbarpartner.com

O1 - Hosts: 127.0.0.5 www.toolbarpartner.com

O1 - Hosts: 127.0.0.5 www.megapornix.com

O1 - Hosts: 127.0.0.5 megapornix.com

O1 - Hosts: 127.0.0.5 www.sp2fucked.biz

O1 - Hosts: 127.0.0.5 sp2fucked.biz

O1 - Hosts: 127.0.0.5 greg-tut.com

O1 - Hosts: 127.0.0.5 www.greg-tut.com


karolina (17:45)

O1 - Hosts: 127.0.0.5 nylonsexy.com

O1 - Hosts: 127.0.0.5 www.nylonsexy.com

O1 - Hosts: 127.0.0.5 vparivalka.com

O1 - Hosts: 127.0.0.5 www.vparivalka.com

O1 - Hosts: 127.0.0.5 iframeprofit.com

O1 - Hosts: 127.0.0.5 www.iframeprofit.com

O1 - Hosts: 127.0.0.5 topsearch10.com

O1 - Hosts: 127.0.0.5 www.topsearch10.com

O1 - Hosts: 127.0.0.5 statscash.biz

O1 - Hosts: 127.0.0.5 www.statscash.biz

O1 - Hosts: 127.0.0.5 vxiframe.biz

O1 - Hosts: 127.0.0.5 www.vxiframe.biz

O1 - Hosts: 127.0.0.5 crazy-toolbar.com

O1 - Hosts: 127.0.0.5 www.crazy-toolbar.com

O1 - Hosts: 127.0.0.5 topcash.biz

O1 - Hosts: 127.0.0.5 www.topcash.biz

O1 - Hosts: 127.0.0.5 loadcash.biz

O1 - Hosts: 127.0.0.5 www.loadcash.biz

O1 - Hosts: 127.0.0.5 txiframe.biz

O1 - Hosts: 127.0.0.5 www.txiframe.biz

O1 - Hosts: 127.0.0.5 procounter.biz

O1 - Hosts: 127.0.0.5 www.procounter.biz

O1 - Hosts: 127.0.0.5 advadmin.biz

O1 - Hosts: 127.0.0.5 www.advadmin.biz

O1 - Hosts: 127.0.0.5 trafficbest.net

O1 - Hosts: 127.0.0.5 www.trafficbest.net

O1 - Hosts: 127.0.0.5 besthvac.com

O1 - Hosts: 127.0.0.5 www.besthvac.com

O1 - Hosts: 127.0.0.5 traff4.com

O1 - Hosts: 127.0.0.5 www.traff4.com

O1 - Hosts: 127.0.0.5 ambush-script.com

O1 - Hosts: 127.0.0.5 www.ambush-script.com

O1 - Hosts: 127.0.0.5 beehappyy.biz

O1 - Hosts: 127.0.0.5 www.beehappyy.biz

O1 - Hosts: 127.0.0.5 tracktraff.cc

O1 - Hosts: 127.0.0.5 www.tracktraff.cc

O1 - Hosts: 127.0.0.5 allcount.net

O1 - Hosts: 127.0.0.5 www.allcount.net

O1 - Hosts: 127.0.0.5 onedayoffer.biz

O1 - Hosts: 127.0.0.5 www.onedayoffer.bizf.cc

O1 - Hosts: 127.0.0.4 allcount.net

O1 - Hosts: 127.0.0.4 www.allcount.net

O1 - Hosts: 127.0.0.4 onedayoffer.biz

O1 - Hosts: 127.0.0.4 www.onedayoffer.biz

karolina (17:45)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}- C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB}- C:\PROGRAM FILES\HBTOOLS\BIN\4.7.1.0\HBTHOSTIE.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467}- C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB}- C:\PROGRAM FILES\HBTOOLS\BIN\4.7.1.0\HBTHOSTIE.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}- C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL

O3 - Toolbar: 180search Toolbar - {93CECBB2-6B1B-448D-91B9-72604EF70105}- C:\PROGRAM FILES\180SEARCH ASSISTANT PROGRAMS\180SEARCH TOOLBAR\180ST.DLL

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP3\\winampa.exe"

O4 - HKLM\..\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe

O4 - HKLM\..\Run: [Kernel32] SYSTEM\Kernel32.dll

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system\mdms.exe

O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe

O4 - HKLM\..\Run: [puoptogg] C:\WINDOWS\SYSTEM\jjdplmgj.exe

karolina (17:45)

O4 - HKLM\..\Run: [WeatherOnTray] C:\PROGRAM FILES\HBTOOLS\BIN\4.7.1.0\HBTWEATHERONTRAY.EXE

O4 - HKLM\..\Run: [iukhhvkp] C:\WINDOWS\SYSTEM\sdhflnha.exe

O4 - HKLM\..\Run: [timessquare] C:\WINDOWS\TIMESSQUARE.exe

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS\SOINTGR.EXE

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"

O4 - HKCU\..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE

O4 - Startup: MkS_Vir Monitor Antiwirusowy.lnk = C:\Program Files\MkS_Vir\mks_mon.exe

O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Menu MkS_Vir.lnk = C:\Program Files\MkS_Vir\mks_menu.exe

O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll

O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

karolina (17:45)

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3}(CamImage Class) - http://217.173.193.218/activex/AxisCamControl.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}(MediaGatewayX) - http://static.zangocash.com/cab/180solutions/ie/bridge-c567.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 217.197.76.1,217.197.77.1

O20 - Winlogon Notify: style2 - C:\WINDOWS\Q4254132.DLL (file missing)

O20 - Winlogon Notify: style32 - C:\WINDOWS\Q4251480.DLL (file missing)

O20 - Winlogon Notify: st3 - C:\WINDOWS\Q1939660.DLL (file missing)

jeśli można proszę o szybką odpowiedź - sam sobie nie poradzę z tym :confused:

#2

Pliki i foldery usuwasz w trybie awaryjnym, a wpisy hijakciem

Zastosuj usuwanie TROJAN STYDLER i Usuwanie tapety SpySheriff

#3

Tylko iż tapeta się nie zmieniła lecz komp strasznie muli ale ok.

#4

Na pewno ponieważ nie wykonałes dobrze instrukcji daj log z Silenta - Silent opis: http://www.searchengines.pl/phpbb203/in … opic=15989

#5

Qrcze nie sprecyzowałem posta chodziło mi o to iż nic się z tapetą nie stało można ją zmieniać itp.

ps. Ogólnie to już sobie poradziliśmy…

THX i plus