Prosze o sprawdzenie loga

To log mojej kumpeli ktora nie ma zielonego pojecia o komputerach :stuck_out_tongue: dzieki z gory dzieki za pomoc;

Logfile of HijackThis v1.99.1

Scan saved at 14:36:44, on 05-11-24

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 (5.00.2919.6304)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\HPZTSB08.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\RTF32.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

D:\WAREZ P2P CLIENT\WAREZ.EXE

C:\WINSTALL.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\RACONFIG.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

D:\GADU-GADU\GG.EXE

C:\WINDOWS\SYSTEM\MDMS.EXE

C:\PROGRAM FILES\WINAMP\WINAMP.EXE

C:\PROGRAM FILES\AD BLOCKER\BLOCKER.EXE

C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = £¹cza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL

O2 - BHO: (no name) - {6B5EFD78-E083-F141-348C-48FFD347357E} - C:\WINDOWS\DANE APLIKACJI\MPEG MAGS CLOCK\SOFTWARE PROXY.EXE

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_98.dll

O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\PROGRA~1\ADBLOC~1\NAMESP~1.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb08.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Daleplan64mfcd] C:\WINDOWS\Dane aplikacji\meow locks dale plan\softtrust.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [AVMON] C:\Program Files\ArcaVir\Bin\AVMon.exe

O4 - HKLM\..\Run: [rtf32.exe] rtf32.exe

O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system\mdms.exe

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [Ad Blocker] C:\Program Files\Ad Blocker\blocker.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\GADU-GADU\GG.EXE" /tray

O4 - HKCU\..\Run: [warez] "D:\WAREZ P2P CLIENT\WAREZ.EXE" -h

O4 - HKCU\..\Run: [Balmtick] C:\WINDOWS\DANEAP~1\ONEPART\Coal plus.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00003.exe"

O4 - HKCU\..\Run: [SpySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe

O4 - HKCU\..\RunServices: [Gadu-Gadu] "D:\GADU-GADU\GG.EXE" /tray

O4 - HKCU\..\RunServices: [warez] "D:\WAREZ P2P CLIENT\WAREZ.EXE" -h

O4 - HKCU\..\RunServices: [Balmtick] C:\WINDOWS\DANEAP~1\ONEPART\Coal plus.exe

O4 - HKCU\..\RunServices: [Windows installer] C:\winstall.exe

O4 - HKCU\..\RunServices: [Shell] "C:\WINDOWS\SYSTEM\ibm00003.exe"

O4 - HKCU\..\RunServices: [SpySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe

O4 - Startup: RaConfig.lnk = C:\WINDOWS\SYSTEM\RaConfig.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: (no name) - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe

O9 - Extra 'Tools' menuitem: &Ad Blocker - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O14 - IERESET.INF: START_PAGE_URL=http://www.encyklopedia.pl/

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.eu.microsoft.com/poland/

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5

  1. Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).

  2. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. D

  3. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  4. Dokończyć skanerami online - Scanery do wyboru

  5. Pokazać nowy log :stuck_out_tongue:

LSP-Fix usuniesz wpisy 010 TU - Odpal LSP-Fix zaznacz “I know what I’m doing” następnie w okienku Keep zaznacz plik który chcesz usunąć newdotnet6_98.dll i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish

Usuwanie poczytaj SpySheriff oraz Usuwanie Trojan.Repsamo