aina
(Moira6)
9 Grudzień 2005 23:13
#1
Proszę bardzo o sprawdzenie loga:
Logfile of HijackThis v1.99.1 Scan saved at 23:57:46, on 05-12-09 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.50 (5.50.4134.0600) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE D:\PROGRAM FILES\CYBERLINK DVD SOLUTION\POWERDVD\PDVDSERV.EXE D:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\WINDOWS\RUNDLL32.EXE D:\PROGRAM FILES\RALINK\RT2500 WIRELESS LAN CARD\INSTALLER\WIN9X\RACONFIG2500.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE D:\PROGRAM FILES\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRAM FILES\FLASHGET\JCCATCH.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: @msdxmLC.dll ,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\Run: [avast! Web Scanner] D:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM…\Run: [RemoteControl] “D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM…\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe O4 - HKLM…\RunServices: [avast!] D:\Program Files\Alwil Software\Avast4\ashServ.exe O4 - HKLM…\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - Startup: RaConfig2500.lnk = D:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WIN9X\RaConfig2500.exe O8 - Extra context menu item: Download using FlashGet - D:\PROGRAM FILES\FLASHGET\jc_link.htm O8 - Extra context menu item: Download All by FlashGet - D:\PROGRAM FILES\FLASHGET\jc_all.htm O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRAM FILES\FLASHGET\JETCAR.EXE O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRAM FILES\FLASHGET\JETCAR.EXE O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\SYSTEM\OLINE.DLL O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL O9 - Extra ‘Tools’ menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL O9 - Extra ‘Tools’ menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O15 - Trusted Zone: http://skaner.mks.com.pl O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://pestpatrol.com/pestscan/pestscan.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc … oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l … cfscan.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34 O18 - Filter: text/html - {A6343F20-5DFA-11DA-8D89-000E9413EA97} - C:\WINDOWS\SYSTEM\JDKN.DLL O18 - Filter: text/plain - {A6343F20-5DFA-11DA-8D89-000E9413EA97} - C:\WINDOWS\SYSTEM\JDKN.DLL
Komp jest ogólnie przymulony i wyskakują jakieś niechciane okienka explorera. Strona startowa jest normalna i w autostarcie też nic nienormalnego nie ma. Spybot znalazł kilku szpiegów, jeszcze zone alarmem sparwdzam. Czy widać coś może w logu, bo mimo spybota wciąż są te same problemy. TIA
Gutek
(Gutek)
10 Grudzień 2005 17:12
#2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O4 - HKLM…\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm O18 - Filter: text/html - {A6343F20-5DFA-11DA-8D89-000E9413EA97} - C:\WINDOWS\SYSTEM\JDKN.DLL O18 - Filter: text/plain - {A6343F20-5DFA-11DA-8D89-000E9413EA97} - C:\WINDOWS\SYSTEM\JDKN.DLL
W trybie awaryjnym usuń wpisy hijackeim a pliki ręcznie
Zrób tak w trybie awaryjnym Start >>> Uruchom >>> %temp% >>> kasujesz wszystko ze środka.
aina
(Moira6)
10 Grudzień 2005 21:15
#3
Dzięki za pomoc. Zanim jednak przeczytałam tego posta przywróciłam już wcześnie obraz partycji ghostem Rzucam jeszcze log tak dla sprawdzenia, ale sądzę, że nie powinno być większych problemów. TIA
Logfile of HijackThis v1.99.1 Scan saved at 22:10:34, on 05-12-10 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.50 (5.50.4134.0600) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE D:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE D:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE D:\PROGRAM FILES\CYBERLINK DVD SOLUTION\POWERDVD\PDVDSERV.EXE D:\PROGRAM FILES\RALINK\RT2500 WIRELESS LAN CARD\INSTALLER\WIN9X\RACONFIG2500.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE D:\PROGRAM FILES\WINAMP\WINAMP.EXE D:\PROGRAM FILES\GADU-GADU\GG.EXE D:\PROGRAM FILES\PWN\WSPWNOUP2004\SPWNOUP.EXE D:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE D:\PROGRAM FILES\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRAM FILES\FLASHGET\JCCATCH.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: @msdxmLC.dll ,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe O4 - HKLM…\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe O4 - HKLM…\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM…\Run: [avast! Web Scanner] D:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM…\Run: [RemoteControl] “D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe O4 - HKLM…\RunServices: [avast!] D:\Program Files\Alwil Software\Avast4\ashServ.exe O4 - HKLM…\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - Startup: RaConfig2500.lnk = D:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WIN9X\RaConfig2500.exe O8 - Extra context menu item: Download using FlashGet - D:\PROGRAM FILES\FLASHGET\jc_link.htm O8 - Extra context menu item: Download All by FlashGet - D:\PROGRAM FILES\FLASHGET\jc_all.htm O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRAM FILES\FLASHGET\JETCAR.EXE O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRAM FILES\FLASHGET\JETCAR.EXE O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\SYSTEM\OLINE.DLL O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL O9 - Extra ‘Tools’ menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL O9 - Extra ‘Tools’ menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\SYSTEM\WEBZONE.DLL O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34