Walden
(Dam2005)
24 Lipiec 2006 08:35
#1
kumpel ma neta od wczoraj i sie obawiamy ze jakiegos syfa zlapal …komp dziwnie powoli chodzi i sie zwiesza …ma wina 98 i od 5 lat nic nie robil …defragmentacja nic …usuwanie plikow zbednych nic …czyszczenie rejestru nic …oto log …bardzo bym prosił o spr tego loga Smile
Cytat: Logfile of HijackThis v1.99.1 Scan saved at 21:29:11, on 06-07-23 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\LEXPPS.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\IRMON.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\ELABORATE BYTES\CLONECD\CLONECDTRAY.EXE C:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMGR.EXE C:\WINDOWS\WT\WCMDMGR.EXE C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE C:\PROGRAM FILES\LEXMARK X1100 SERIES\LXBKBMON.EXE C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDMCON.EXE C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\VSSERV.EXE C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDNAGENT.EXE C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE C:\PROGRAM FILES\GADU-GADU\GG.EXE D:\PROGRAMY\AUTOCONNECT\AUTOCONNECT.EXE C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\WINDOWS\PULPIT\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~2.DLL O2 - BHO: CrsHO Class - {5843A29E-1246-11D4-BA8C-0050DA707ACD} - C:\WINDOWS\SYSTEM\CRS32.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM…\Run: [internat.exe] internat.exe O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [setup] E:\REGSET\Demo\Demo.exe O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe” O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch O4 - HKLM…\Run: [Lexmark X1100 Series] “C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe” O4 - HKLM…\Run: [LexStart] lexstart.exe O4 - HKLM…\Run: [irMon] IrMon.exe O4 - HKLM…\Run: [autoclk] autoclk.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [Odkurzacz-MCD] D:\Programy\Odkurzacz 10.1 Pro\odk_mcd.exe O4 - HKLM…\Run: [bDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE O4 - HKLM…\Run: [bitDefender Virus Shield] “C:\Program Files\Softwin\BitDefender9\vsserv.exe” O4 - HKLM…\Run: [bDNewsAgent] “C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\bdnagent.exe” O4 - HKLM…\Run: [bitDefender Live Service] “C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe” O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe O4 - HKLM…\RunServices: [bitDefender Live! Init] “C:\Program Files\Softwin\BitDefender9\bdinit.exe” O4 - HKLM…\RunServices: [bitDefender Communicator] “C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe” O4 - HKLM…\RunServices: [bitDefender Scan Server] “C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray O4 - HKCU…\Run: [AutoConnect] D:\PROGRAMY\AUTOCONNECT\AUTOCONNECT.EXE O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer
Cytat: “Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray” [“Gadu-Gadu Sp. z oo”] “AutoConnect” = “D:\PROGRAMY\AUTOCONNECT\AUTOCONNECT.EXE” [“http://autoconnect.prv.pl ”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “ScanRegistry” = “C:\WINDOWS\scanregw.exe /autorun” [MS] “TaskMonitor” = “C:\WINDOWS\taskmon.exe” [MS] “internat.exe” = “internat.exe” [MS] “SystemTray” = “SysTray.Exe” [MS] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “Enable Device” = (empty string) “setup” = “E:\REGSET\Demo\Demo.exe” [file not found] “CloneCDTray” = ““C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe”” [“Elaborate Bytes AG”] “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data] “wcmdmgr” = “C:\WINDOWS\wt\wcmdmgrl.exe -launch” [“WildTangent, Inc.”] “Lexmark X1100 Series” = ““C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe”” [“Lexmark International, Inc.”] “LexStart” = “lexstart.exe” [“Lexmark International, Inc.”] “IrMon” = “IrMon.exe” [MS] “autoclk” = “autoclk.exe” [file not found] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [","] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “Odkurzacz-MCD” = “D:\Programy\Odkurzacz 10.1 Pro\odk_mcd.exe” [“FranmoSoft”] “BDMCon” = “C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE” [“SOFTWIN S.R.L.”] “BitDefender Virus Shield” = ““C:\Program Files\Softwin\BitDefender9\vsserv.exe”” [“SOFTWIN S.R.L.”] “BDNewsAgent” = ““C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\bdnagent.exe”” [“SOFTWIN S.R.L”] “BitDefender Live Service” = ““C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe”” [“SOFTWIN S.R.L.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++} “SchedulingAgent” = “mstask.exe” [MS] “BitDefender Live! Init” = ““C:\Program Files\Softwin\BitDefender9\bdinit.exe”” [null data] “BitDefender Communicator” = ““C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe”” [“Softwin”] “BitDefender Scan Server” = ““C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe”” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {5843A29E-1246-11D4-BA8C-0050DA707ACD}(Default) = (no title provided) -> {HKLM…CLSID} = “CrsHO Class” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\CRS32.DLL” ["$"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Eksplorator pulpitów” -> {HKLM…CLSID} = “Eksplorator pulpitów” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\NVSHELL.DLL” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\NVSHELL.DLL” [“NVIDIA Corporation”] “{2E9D3540-211C-11d0-A5F2-00A0248C37BE}” = “Nero Shell Extension Property Sheet” -> {HKLM…CLSID} = “Nero Shell Extension Property Sheet” \InProcServer32(Default) = “C:\Program Files\Ahead\nero\neroshx.dll” [“ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@ahead.de ] “{0E6C58A9-F592-4862-B35F-CA45E24003B3}” = “CloneCD” -> {HKLM…CLSID} = “CloneCD Shell Extension” \InProcServer32(Default) = “C:\Program Files\Elaborate Bytes\CloneCD\ElbyVCDShell.dll” [“Elaborate Bytes”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\WINRAR 2\rarext.dll” [null data] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\WINRAR 2\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\WINRAR 2\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\WINRAR 2\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\beachlife_3.bmp” WIN.INI & SYSTEM.INI launch points: ----------------------------------- SYSTEM.INI [boot] “SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\MARINE~1.SCR” (Marine Aquarium 2.scr) [null data] Startup items in “Startup” & “All Users…Startup” folders: ----------------------------------------------------------- C:\WINDOWS\Menu Start\Programy\Autostart “WinZip Quick Pick” -> shortcut to: “C:\Program Files\WinZip\WZQKPICK.EXE” [“WinZip Computing, Inc.”] “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe” [”,"] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] INFECTION WARNING! “PowerReg Scheduler V3.exe” [“Leader Technologies”] “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] Enabled Scheduled Tasks: ------------------------ “Rozpoczęcie aplikacji dostrajania” -> launches: “walign” [MS] “ScanDisk” -> launches: “C:\WINDOWS\SCANDSKW.EXE /SAGERUN:2” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “C:\WINDOWS\SYSTEM\rnr20.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\webhdll.dll [“webHancer Corporation”], 01 - 02 C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 03 - 06 C:\WINDOWS\SYSTEM\msafd.dll [MS], 07 - 09 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 10 - 11 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~2.DLL” [","] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ usbmon\Driver = “usbmon.dll” [MS] Lexmark Network Printer Monitor\Driver = “lexlmpm.dll” [“Lexmark International, Inc.”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 25 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 22 seconds. ---------- (total run time: 71 seconds)
W dodaj/usuń odinstaluj webhancer
Ściągnij LSP-Fix >>>uruchom>>>zaznacz “I know what im doing” , przenieś webhdll.dll do okienka “REMOVE” i kliknij Finish
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\blank.htm O2 - BHO: CrsHO Class - {5843A29E-1246-11D4-BA8C-0050DA707ACD} - C:\WINDOWS\SYSTEM\CRS32.DLL O4 - Startup: PowerReg Scheduler V3.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
skasuj pogrubione pliki ręcznie a wpisy hijackiem , wklej nowe logi.