Bardzo proszę o sprawdzenie loga

Dla specjalistów Bezpieczeństwo
#1

Logfile of HijackThis v1.99.0

Scan saved at 19:06:43, on 05-02-23

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\ABCD.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE

C:\WINDOWS\SYSTEM32\ADSL.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_MENU.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_MON.EXE

C:\WINDOWS\TBPANEL.EXE

C:\PROGRAM FILES\E-COLOR\REGISTRATION\SONNREG.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE

C:\TVVAGRW.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE

C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE

C:\PROGRAM FILES\E-COLOR\E-COLOR INDICATOR\TICICON.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_SCAN.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_VIRW.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F1 - win.ini: run=hpfsched

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM…\Run: [internat.exe] internat.exe

O4 - HKLM…\Run: [systemTray] SysTray.Exe

O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM…\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe

O4 - HKLM…\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM…\Run: [E-Color Registration] C:\PROGRAM FILES\E-COLOR\REGISTRATION\SONNREG.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM…\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM…\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM…\Run: [CpFRTkM] C:\TVVAGRW.EXE

O4 - HKLM…\Run: [˘‰¸ď04Ă4}¤Áś5]C:\Program Files\ISTsvc\istsvc.exe] C:\TVVAGRW.EXE

O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM…\RunServices: [MksMailService] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE

O4 - HKLM…\RunServices: [internet Proxy Access] C:\WINDOWS\SYSTEM32\adsl.exe /service

O4 - HKCU…\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE

O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray

O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN Adapter\WLANMON.exe

O4 - Startup: E-Color.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe

O4 - Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe

O4 - Startup: E-Color Indicator.lnk = C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares … egular.cab

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

Jeszcze jest jeden problem mks wykrył trojana bez możliwości usunięcia / Istabar.he/

Za pomoc serdeczne dzięki

#2

wejdz w tryb awaryjny f8 i za pomoca hijacka wywal te wpisy

C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL

O4 - HKLM…\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM…\Run: [˘‰¸ď04Ă4}¤Áś5]C:\Program Files\ISTsvc\istsvc.exe] C:\TVVAGRW.EXE

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares … egular.cab Nasty

jesli to znasz— F1 - win.ini: run=hpfsched zostawiasz jesli nie won

scan programamiantywirusowymi i dajesz raz jeszcze log

#3

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares … egular.cab

O4 - HKLM…\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM…\Run: [CpFRTkM] C:\TVVAGRW.EXE

O4 - HKLM…\Run: [˘‰¸ď04Ă4}¤Áś5]C:\Program Files\ISTsvc\istsvc.exe] C:\TVVAGRW.EXE

C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE

kasuj :wink:

#4

Dziękuje za sprawdzenie i porade

zamieszczam jeszcze raz loga po usunięciach

Logfile of HijackThis v1.99.0

Scan saved at 20:23:47, on 05-02-23

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\ABCD.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE

C:\WINDOWS\SYSTEM32\ADSL.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_MENU.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_MON.EXE

C:\WINDOWS\TBPANEL.EXE

C:\PROGRAM FILES\E-COLOR\REGISTRATION\SONNREG.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\TLEN.PL\TLEN.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE

C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE

C:\PROGRAM FILES\E-COLOR\E-COLOR INDICATOR\TICICON.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_SCAN.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F1 - win.ini: run=hpfsched

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM…\Run: [internat.exe] internat.exe

O4 - HKLM…\Run: [systemTray] SysTray.Exe

O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM…\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe

O4 - HKLM…\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM…\Run: [E-Color Registration] C:\PROGRAM FILES\E-COLOR\REGISTRATION\SONNREG.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM…\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM…\RunServices: [MksMailService] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE

O4 - HKLM…\RunServices: [internet Proxy Access] C:\WINDOWS\SYSTEM32\adsl.exe /service

O4 - HKCU…\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE

O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray

O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN Adapter\WLANMON.exe

O4 - Startup: E-Color.lnk = C:\Program Files\E-Color\Registration\SonnReg.exe

O4 - Startup: 3Deep.lnk = C:\Program Files\E-Color\3Deep\3Deepctl.exe

O4 - Startup: E-Color Indicator.lnk = C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

#5

Usuń w trybie awaryjnym [F8]

C:\WINDOWS\SYSTEM\ABCD.EXE

   	C:\WINDOWS\SYSTEM32\ADSL.EXE

   	O4 - HKLM\..\RunServices: [Internet Proxy Access] C:\WINDOWS\SYSTEM32\adsl.exe /service

Dodatkowo zainstaluj firewall.