Prosiłbym o sprawdzenie log


(Muzzy84) #1

Z góry dzienks

Logfile of HijackThis v1.99.1

Scan saved at 16:57:44, on 05-03-06

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMTRAY.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAMS\WINAMP\WINAMPA.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAMS\GADU-GADU\GG.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAMS\EMULE\EMULE.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAMS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {81BB4CC1-8D0C-11D9-9320-0007C64764D9} - C:\WINDOWS\SYSTEM\HAFG.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM..\Run: [internat.exe] internat.exe

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM..\Run: [WinampAgent] C:\Programs\Winamp\winampa.exe

O4 - HKLM..\Run: [scvhost] C:\WINDOWS\scvhost.exe

O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\RunServices: [schedulingAgent] mstask.exe

O4 - HKCU..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU..\Run: [Gadu-Gadu] "C:\PROGRAMS\GADU-GADU\GG.EXE" /tray

O4 - HKCU..\Run: [scvhost] C:\WINDOWS\scvhost.exe

O4 - HKCU..\Run: [eMuleAutoStart] C:\PROGRAMS\EMULE\EMULE.EXE -AutoStart

O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O15 - Trusted Zone: *.bestsearch.cc

O15 - Trusted Zone: *.dapsol.com

O15 - Trusted Zone: *.bestsearch.cc (HKLM)

O15 - Trusted Zone: *.dapsol.com (HKLM)

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O18 - Filter: text/html - {877A9240-8E5D-11D9-9320-000724522C33} - C:\WINDOWS\SYSTEM\HAFG.DLL

O18 - Filter: text/plain - {877A9240-8E5D-11D9-9320-000724522C33} - C:\WINDOWS\SYSTEM\HAFG.DLL


(Qbek50) #2

syf:

1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O15 - Trusted Zone: *.bestsearch.cc

O15 - Trusted Zone: *.dapsol.com

O15 - Trusted Zone: *.bestsearch.cc (HKLM)

O15 - Trusted Zone: *.dapsol.com (HKLM)

8) 8) 8)


(boczi) #3

Najpierw poskanuj skanerami online, oraz cwshredderem.

Uruchamiasz kompa do trybu awaryjnyego bez sieci i uswasz:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

   	R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

   	R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

   	R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

   	R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

   	R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

   	R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

   	R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

   	O2 - BHO: (no name) - {81BB4CC1-8D0C-11D9-9320-0007C64764D9} - C:\WINDOWS\SYSTEM\HAFG.DLL

   	O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe

   	O4 - HKLM\..\Run: [WinampAgent] C:\Programs\Winamp\winampa.exe

   	O4 - HKLM\..\Run: [scvhost] C:\WINDOWS\scvhost.exe

O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

   	O4 - HKCU\..\Run: [scvhost] C:\WINDOWS\scvhost.exe

 	O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

   	O15 - Trusted Zone: *.bestsearch.cc

O15 - Trusted Zone: *.dapsol.com

O15 - Trusted Zone: *.bestsearch.cc (HKLM)

   	O15 - Trusted Zone: *.dapsol.com (HKLM)

   	O18 - Filter: text/html - {877A9240-8E5D-11D9-9320-000724522C33} - C:\WINDOWS\SYSTEM\HAFG.DLL

   	O18 - Filter: text/plain - {877A9240-8E5D-11D9-9320-000724522C33} - C:\WINDOWS\SYSTEM\HAFG.DLL

Potem na nowo LOG.


(Qbek50) #4

My Way Speedbar, Search Bar, MySearch

otworz zakladke /Dodaj lub usun programy/

w Panelu sterowania

usun/odinstaluj te progsy

‘My Search Bar’ (MySearch variant), ‘MyWay Speed Bar’ (MyWay) or ‘My Web Search Bar’ (MyWeb), ‘Fun Web Products Easy Installer’.

dalej

resetujesz strone domowa IE

Narzedzia/Opcje internetowe/Ogolne

i dajesz (uzyj pustej) - about:blank

w Narzedzia/Opcje internetowe/Programy/

dajesz Resetuj ustawienia sieci Web..

(Tak)

ps.

[kasacja]

caly katalog TEMP wywal

skanery AV, narzedzia ,ktore masz uzyc zawsze


(Muzzy84) #5

Wielki dzięki póki co wszystko jest ok:)

Teraz mam jeszcze jedno pytanko skąd wiadomo co należy usuwać,a co nie. Kiedyś jak zacząłem sam bawić sie w usuwanie to zakonczyło się to na tym że musialem formatować twardziela.


(boczi) #6

Mogę polecić Ci np. ten artykuł: http://www.searchengines.pl/phpbb203/in ... opic=12510

http://www.searchengines.pl/phpbb203/in ... opic=15989

Trzeba mieć jako takie rozeznanie w temacie, znać procesy szkodników.


(Kuz5) #7

Start=>Uruchom=>%temp%=>I usuń wszystko co sie tam znajduje