Proszę o sprawdzenie loga


(I Kar) #1

Logfile of HijackThis v1.99.1

Scan saved at 14:37:52, on 05-03-23

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PAVFNSVR.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PSIMSVC.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\FIREWALL\PAVFIRES.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PAVPROT9.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PREVSRV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\STARTER.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\APVXDWIN.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\WEBPROXY.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fantex.pl:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {B6C26361-9B97-11D9-B9EE-00024A8ACAA6} - C:\WINDOWS\SYSTEM\ENNG.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [systemTray] SysTray.ExE

O4 - HKLM..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKLM..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM..\RunServices: [PavProc] "C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe"

O4 - HKLM..\RunServices: [PAVFNSVR] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe"

O4 - HKLM..\RunServices: [PSIMSVC] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSIMSVC.exe"

O4 - HKLM..\RunServices: [PAVFIRES] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe"

O4 - HKLM..\RunServices: [Pavprot9] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavprot9.exe"

O4 - HKLM..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PREVSRV.EXE"

O4 - HKCU..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe /tray

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O18 - Filter: text/html - {8B9D7660-9BA2-11D9-B9EE-0002F50982B8} - C:\WINDOWS\SYSTEM\ENNG.DLL

O18 - Filter: text/plain - {8B9D7660-9BA2-11D9-B9EE-0002F50982B8} - C:\WINDOWS\SYSTEM\ENNG.DLL

proszę o informację dla osobnika z niewielkimi umiejętnościami


(Calina 723) #2

Log czysty (CHYBA) ale podaj w czym lezy problem :!:

  1. Zasada: Nie rób z siebie ciula wiekszego niz jestes... :lol:

(Musg) #3

tryb awaryjny i usuwasz

za pomoca hijacka

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

to trojan cws

hijack powinien go wywalic jesli nie to przeskanuj jeszcze kompa tym

http://www.download.com/CWShredder/3000 ... ag=lst-0-1

nastepnie wywalasz

O2 - BHO: (no name) - {B6C26361-9B97-11D9-B9EE-00024A8ACAA6} - C:\WINDOWS\SYSTEM\ENNG.DLL

O18 - Filter: text/html - {8B9D7660-9BA2-11D9-B9EE-0002F50982B8} - C:\WINDOWS\SYSTEM\ENNG.DLL

O18 - Filter: text/plain - {8B9D7660-9BA2-11D9-B9EE-0002F50982B8} - C:\WINDOWS\SYSTEM\ENNG.DLL

wszystko wywalasz w trybie awaryjnym

nastepnie dajesz log raz jeszcze


(Damian) #4

Nie wiem czy taki czysty...

Tryb awaryjny i kasacja.

Ręcznie:

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

W Hijacku:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

O2 - BHO: (no name) - {B6C26361-9B97-11D9-B9EE-00024A8ACAA6} - C:\WINDOWS\SYSTEM\ENNG.DLL

O4 - HKLM..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKLM..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O18 - Filter: text/html - {8B9D7660-9BA2-11D9-B9EE-0002F50982B8} - C:\WINDOWS\SYSTEM\ENNG.DLL

O18 - Filter: text/plain - {8B9D7660-9BA2-11D9-B9EE-0002F50982B8} - C:\WINDOWS\SYSTEM\ENNG.DLL

Ten chyba też do wywalenia, ale niech koledzy powiedzą:

O4 - HKCU..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY


(Musg) #5

to zostawiasz-prawidlowy wpis windowsa

to rowniez zostaje:

natomiast wyczysc calkowicie katalog

temp


(I Kar) #6

dzięki za szybką podpowiedz, to log po czyszczeniu

Logfile of HijackThis v1.99.1

Scan saved at 16:39:07, on 05-03-23

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PAVFNSVR.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PSIMSVC.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\FIREWALL\PAVFIRES.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PAVPROT9.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PREVSRV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\STARTER.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\APVXDWIN.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\WINDOWS\RunDLL.exe

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\WEBPROXY.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fantex.pl:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [systemTray] SysTray.ExE

O4 - HKLM..\Run: [EnsoniqMixer] starter.exe

O4 - HKLM..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM..\RunServices: [PavProc] "C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe"

O4 - HKLM..\RunServices: [PAVFNSVR] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe"

O4 - HKLM..\RunServices: [PSIMSVC] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSIMSVC.exe"

O4 - HKLM..\RunServices: [PAVFIRES] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe"

O4 - HKLM..\RunServices: [Pavprot9] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavprot9.exe"

O4 - HKLM..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PREVSRV.EXE"

O4 - HKCU..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe /tray

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

proszę o dalsze uwagi, a naprawdę jestem początkujący i z 60-tką prawie na karku :oops: ale się staram :smiley:


(boczi) #7

Moim zdaniem, jest już czysto! :smiley:

Ew. możesz usunąć:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

:wink:


(Musg) #8

oj jest jest :slight_smile:


(Kuz5) #9

Toszke przesadziłeś widać jak byk że ikar ma Trojana CWS about:blank: a ty piszesz że log jest chyba czysty jeżeli nie masz żadnego pojęcia na temat loga HijackThis to proponuje ci na te tematy nic nie pisać bo możesz naprawde kiedyś narobić komuś kłopotu.


(Musg) #10

oczywiscie -miał :slight_smile:


(Damian) #11

Fachowcy na Mks-Vir każą usuwać ten wpis także nie wiem... :?


(lazikar) #12

Oczywiście.

Z uprzejmości kasuje całą zbędną dyskusje. :smiley: