po skanowaniu spybotem pojawia mi sie problem allcybersearch
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\sp
jak tego wirusa usunac??
pozdrawiam
:roll: dziwne, że Twój Spybot nie usuwa go…
spróbuj zatem pobrać najnowszą wersję tej aplikacji i ponów skanowanie
podaję link do wersji 1.3:
Daj log HijackThis ! 
http://forum.dobreprogramy.pl/viewtopic.php?t=17728 to ci troszke ulatwi -w sprawie loga
a stad mozesz go pobrac: http://www.searchengines.pl/phpbb203/pl … is1.99.zip
Mam ten sam problem: ‘allcybersearch’…spybot wykrywa tez 'common hijacker’
…dodam, ze wyskakuje mi natrętny komunikat internet explorer, ze jestem zagrozony roznymi szpiegami,spamem albo ze moj system jest narazony na jakies inne niebezbieczenstwa…pod spodem pisze ‘advertisement’
…uzywam gł. Opery, mam Win98SE…
oto moj log:
Logfile of HijackThis v1.99.1
Scan saved at 01:43:08, on 05-02-18
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\WINDOWS\DANE APLIKACJI\CLEA.EXE
C:\PROGRAM FILES\MICROTEK\SCANWIZARD 5\SCANNERFINDER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
D:\DAMIAN\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://hot-search.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://hot-search.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://hot-search.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://hot-search.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS_h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS_s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS_h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS_h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS_s.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://hot-search.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS_s.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://hot-search.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS_s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS_h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS_h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearcher.com/?a=2&b=encry1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://bigbr.cc (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - (no file)
O2 - BHO: TSCOM Class - {62160EEF-9D84-4C19-B7B8-6AC2526CD726} - C:\WINDOWS\SYSTEM\ICIYEDI.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
O2 - BHO: (no name) - {69AA635D-B318-2CB3-8753-60550DA82C4A} - (no file)
O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - (no file)
O2 - BHO: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: sr - {FC2593E3-3E5A-410F-AF3D-82613CCE58E5} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {1BF03411-FDFD-A55F-80BE-F40A7208A6C9} - C:\WINDOWS\SYSTEM\HOXKHR.DLL
O2 - BHO: (no name) - {A04BF0E2-800A-11D9-84B2-000283271782} - C:\WINDOWS\SYSTEM\OPPHBA.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
O4 - HKLM…\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM…\Run: [Windows Shell Library Loader] loading shell32.dll /c /set
O4 - HKLM…\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM…\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM…\Run: [KAVPersonal50] “d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” /minimize
O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe
O4 - HKLM…\RunServices: [DkService] D:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O4 - HKLM…\RunServices: [kavsvc] “d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe”
O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray
O4 - HKCU…\Run: [Tweu] C:\WINDOWS\Dane aplikacji\clea.exe
O4 - Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O8 - Extra context menu item: Pobierz przez Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Pobierz wszystko przez Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Microsoft® JavaScript® Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX
O9 - Extra ‘Tools’ menuitem: JavaScript Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Microsoft® JavaScript® Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)
O9 - Extra ‘Tools’ menuitem: JavaScript Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix: http://www.heretofind.com/show.php?id=3&q=
O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=3&q=
O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=3&q=
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: 213.159.117.133 (HKLM)
O15 - ProtocolDefaults: ‘http’ protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: ‘https’ protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: ‘http’ protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: ‘https’ protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht! http://69.50.187.109/winsearchie32.chm::/winsearchie32.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht! http://www.search-and-more.com/clk/145.chm::/file.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht! http://195.225.177.13/551/online.chm::/on-line.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT! http://69.50.179.61///search/1/user.chm::/user.exe
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.advnt01.com/dialer/russia.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games4.cab
O16 - DPF: {11010101-1001-1111-1000-115676576811} - ms-its:mhtml:file://c:\nosuch.mht! http://www.ustimerz.com/pm11115/var1.chm::/var.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. … ed54699be7
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht! http://213.159.117.133/dl/adv87/x.chm::/load.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://207.234.185.217/ABoxInst.exe
O16 - DPF: {11010101-1001-1111-1000-115676576822} - ms-its:mhtml:file://c:\nosuch.mht! http://www.ustimerz.com/tm11111/par2.chm::/par2.exe
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
O18 - Filter: text/plain - {A04BF0E1-800A-11D9-84B2-000273F589F5} - C:\WINDOWS\SYSTEM\OPPHBA.DLL
O18 - Filter: text/html - {A04BF0E1-800A-11D9-84B2-000273F589F5} - C:\WINDOWS\SYSTEM\OPPHBA.DLL
O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)
:twisted: :twisted: :twisted: :twisted:
Ojojoj poleciał OT :lol: :lol: :lol:
Jak nie masz nic to powiedzenia to nie pisz.
Oj nazbierałeś tego chłopie :?
Wyłączasz przywracanie systemu i usuwasz w trybie awaryjnym:
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\DANE APLIKACJI\CLEA.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://hot-search.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://hot-search.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://hot-search.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://hot-search.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_h.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\_h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://hot-search.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://hot-search.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_h.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_h.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearcher.com/?a=2&b=encry1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://bigbr.cc (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - (no file)
O2 - BHO: TSCOM Class - {62160EEF-9D84-4C19-B7B8-6AC2526CD726} - C:\WINDOWS\SYSTEM\ICIYEDI.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
O2 - BHO: (no name) - {69AA635D-B318-2CB3-8753-60550DA82C4A} - (no file)
O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - (no file)
O2 - BHO: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: sr - {FC2593E3-3E5A-410F-AF3D-82613CCE58E5} - (no file)
O2 - BHO: (no name) - {1BF03411-FDFD-A55F-80BE-F40A7208A6C9} - C:\WINDOWS\SYSTEM\HOXKHR.DLL
O2 - BHO: (no name) - {A04BF0E2-800A-11D9-84B2-000283271782} - C:\WINDOWS\SYSTEM\OPPHBA.DLL (file missing)
O3 - Toolbar: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
O4 - HKLM\..\Run: [Windows Shell Library Loader] loading shell32.dll /c /set
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKCU\..\Run: [Tweu] C:\WINDOWS\Dane aplikacji\clea.exe
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix: http://www.heretofind.com/show.php?id=3&q=
O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=3&q=
O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=3&q=
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: 213.159.117.133 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.187.109/winsearchie32.chm::/winsearchie32.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.search-and-more.com/clk/145.chm::/file.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/551/online.chm::/on-line.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT!http://69.50.179.61///search/1/user.chm::/user.exe
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.advnt01.com/dialer/russia.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games4.cab
O16 - DPF: {11010101-1001-1111-1000-115676576811} - ms-its:mhtml:file://c:\nosuch.mht!http://www.ustimerz.com/pm11115/var1.chm::/var.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=714b9e99bb1ec51fadc828f5983e23109b906c2b320d9f1b39ed54699be7e97f4caf42694383070009646062296ff92e68cfba8c:eb8a1fb09d00c5943edceabcca450006
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv87/x.chm::/load.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://207.234.185.217/ABoxInst.exe
O16 - DPF: {11010101-1001-1111-1000-115676576822} - ms-its:mhtml:file://c:\nosuch.mht!http://www.ustimerz.com/tm11111/par2.chm::/par2.exe
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
O18 - Filter: text/plain - {A04BF0E1-800A-11D9-84B2-000273F589F5} - C:\WINDOWS\SYSTEM\OPPHBA.DLL
O18 - Filter: text/html - {A04BF0E1-800A-11D9-84B2-000273F589F5} - C:\WINDOWS\SYSTEM\OPPHBA.DLL
O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)
Potem przejedź skanerami:
CWShredder 2.13
wejdz w tryb awaryjny klawisz f8 podczas odpalania kompa.Odpal raz jeszcze hijacka i nastepujace wpisy usun za pomocą fix:
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://hot-search.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://hot-search.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://hot-search.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://hot-search.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://hot-search.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://hot-search.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearcher.com/?a=2&b=encry1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://bigbr.cc (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - (no file)
O2 - BHO: TSCOM Class - {62160EEF-9D84-4C19-B7B8-6AC2526CD726} - C:\WINDOWS\SYSTEM\ICIYEDI.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
O2 - BHO: (no name) - {69AA635D-B318-2CB3-8753-60550DA82C4A} - (no file)
O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - (no file)
O2 - BHO: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: sr - {FC2593E3-3E5A-410F-AF3D-82613CCE58E5} - (no file)
O2 - BHO: (no name) - {1BF03411-FDFD-A55F-80BE-F40A7208A6C9} - C:\WINDOWS\SYSTEM\HOXKHR.DLL
O2 - BHO: (no name) - {1BF03411-FDFD-A55F-80BE-F40A7208A6C9} - C:\WINDOWS\SYSTEM\HOXKHR.DLL
O3 - Toolbar: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
O4 - HKLM…\Run: [Windows Shell Library Loader] loading shell32.dll /c /set
O4 - HKLM…\Run: [Windows Shell Library Loader] loading shell32.dll /c /set
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix: http://www.heretofind.com/show.php?id=3&q=
O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=3&q=
O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=3&q=
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - ProtocolDefaults: ‘http’ protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: ‘https’ protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht! http://69.50.187.109/winsearchie32.chm::/winse archie32.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht! http://www.search-and-more.com/clk/145.chm::/f ile.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht! http://195.225.177.13/551/online.chm::/on-line.ex e
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT! http://69.50.179.61///search/1/user.chm::/user.ex e
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.advnt01.com/dialer/russia.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games4.cab
O16 - DPF: {11010101-1001-1111-1000-115676576811} - ms-its:mhtml:file://c:\nosuch.mht! http://www.ustimerz.com/pm11115/var1.chm::/var .exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. … 828f5983e2 3109b906c2b320d9f1b39ed54699be7e97f4caf42694383070009646062296ff92e68cfba8c:eb8a 1fb09d00c5943edceabcca450006
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht! http://213.159.117.133/dl/adv87/x.chm::/load.e xe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://207.234.185.217/ABoxInst.exe
O16 - DPF: {11010101-1001-1111-1000-115676576822} - ms-its:mhtml:file://c:\nosuch.mht! http://www.ustimerz.com/tm11111/par2.chm::/par 2.exe
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
O18 - Filter: text/plain - {A04BF0E1-800A-11D9-84B2-000273F589F5} - C:\WINDOWS\SYSTEM\OPPHBA.DLL
O18 - Filter: text/html - {A04BF0E1-800A-11D9-84B2-000273F589F5} - C:\WINDOWS\SYSTEM\OPPHBA.DLL
O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)
uff–ale masz robactwa,dialery i tp
nastepnie przeskanuj system tymi programami
http://forum.dobreprogramy.pl/viewtopic.php?t=17671
i dajesz raz jeszcze log
dzięki wielkie chłopaki…
usunałem to co podaliście, przeskanowałem tymi programami…
wklejam nowego loga:
Logfile of HijackThis v1.99.1
Scan saved at 18:02:53, on 05-02-18
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\PROGRAM FILES\MICROTEK\SCANWIZARD 5\SCANNERFINDER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
D:\DAMIAN\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM…\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM…\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM…\Run: [KAVPersonal50] “d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” /minimize
O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe
O4 - HKLM…\RunServices: [DkService] D:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O4 - HKLM…\RunServices: [kavsvc] “d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe”
O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray
O4 - Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Pobierz przez Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Pobierz wszystko przez Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: Microsoft® JavaScript® Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX
O9 - Extra ‘Tools’ menuitem: JavaScript Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Microsoft® JavaScript® Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)
O9 - Extra ‘Tools’ menuitem: JavaScript Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted IP range: 213.159.117.133
…czy teraz log jest ok…??
P.S. to co zaznaczone skasowałem ale mam to znowu…robić coś z tym…??
już jest czysty , ale nazbierało ci się tego w tym poprzednim logu 
jeszcze zaintaluj sobie najnowsza wersje IE v.6.0 , 5.0 troche stara jest