Log


(Marcino) #1

Proszę o sprawdzenie...

Logfile of HijackThis v1.99.1

Scan saved at 13:10:56, on 05-09-30

Platform: Windows 98 SE (Win9x 4.10.1998, P)

MSIE: Internet Explorer v5.00 (5.00.2919.6304)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\SBPCI\CTMIX32.EXE

C:\WINDOWS\SYSTEM\EUSEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE

C:\X-GUARD\X-GUARD.EXE

C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE

C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\X-GUARD\LSASS.EXE

C:\WINDOWS\PROFILES\STUDENT3C\PULPIT\PROGRAMY\HIJACKTHIS\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://men01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://men01

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://men01:80

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [VortexTray] ASP4TRAY.EXE

O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM\..\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T

O4 - HKLM\..\Run: [ICH Synth] eusexe.exe

O4 - HKLM\..\Run: [MENSetup] \\MEN01\NETLOGON\MENLOGON98

O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min

O4 - HKLM\..\Run: [X-Guard] C:\X-Guard\X-GUARD.EXE

O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe

O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel.dll

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab

(Kuz5) #2

W Dodaj/Usuń odinstaluj MEDIA ACCESS

Usuń: (wszystko oczywiście robisz w trybie awaryjnym)

Znasz to? Jak nie to ciachnij:

Redlof plik jak i wpis leca

Lekturka do poczytania :

http://www.searchengines.pl/phpbb203/in … st&p=80455

http://www.searchengines.pl/phpbb203/in … &hl=kernel

Pliki na czerwono usuń ręcznie z dysku


(Marcino) #3

Zrobiłem, proszę sprawdzić jeszcze raz…

Logfile of HijackThis v1.99.1

Scan saved at 12:18:16, on 05-10-06

Platform: Windows 98 SE (Win9x 4.10.1998, P)

MSIE: Internet Explorer v5.00 (5.00.2919.6304)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\SBPCI\CTMIX32.EXE

C:\WINDOWS\SYSTEM\EUSEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE

C:\X-GUARD\X-GUARD.EXE

C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE

C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE

C:\X-GUARD\LSASS.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\PROFILES\STUDENT3C\PULPIT\PROGRAMY\HIJACKTHIS\HIJACKTHIS.EXE


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [VortexTray] ASP4TRAY.EXE

O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM\..\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T

O4 - HKLM\..\Run: [ICH Synth] eusexe.exe

O4 - HKLM\..\Run: [MENSetup] \\MEN01\NETLOGON\MENLOGON98

O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min

O4 - HKLM\..\Run: [X-Guard] C:\X-Guard\X-GUARD.EXE

O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon

O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab

(Kuz5) #4

Zostało do usunięcia: