AllCyberSearch


(Kigen1) #1

po skanowaniu spybotem pojawia mi sie problem allcybersearch

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\sp

jak tego wirusa usunac??

pozdrawiam


(Stachan) #2

:roll: dziwne, że Twój Spybot nie usuwa go....

spróbuj zatem pobrać najnowszą wersję tej aplikacji i ponów skanowanie

podaję link do wersji 1.3:


(Dragonlnx) #3

:smiley:

Daj log HijackThis ! :wink:


(Musg) #4

http://forum.dobreprogramy.pl/viewtopic.php?t=17728 to ci troszke ulatwi -w sprawie loga

a stad mozesz go pobrac: http://www.searchengines.pl/phpbb203/pl ... is1.99.zip


(Nai Mad) #5

Mam ten sam problem: 'allcybersearch'...spybot wykrywa tez 'common hijacker'

..dodam, ze wyskakuje mi natrętny komunikat internet explorer, ze jestem zagrozony roznymi szpiegami,spamem albo ze moj system jest narazony na jakies inne niebezbieczenstwa...pod spodem pisze 'advertisement'

..uzywam gł. Opery, mam Win98SE..

oto moj log:

Logfile of HijackThis v1.99.1

Scan saved at 01:43:08, on 05-02-18

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

D:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE

D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\PRINTRAY.EXE

C:\WINDOWS\RUNDLL32.EXE

D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\WINDOWS\DANE APLIKACJI\CLEA.EXE

C:\PROGRAM FILES\MICROTEK\SCANWIZARD 5\SCANNERFINDER.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\LEXPPS.EXE

D:\DAMIAN\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://hot-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://hot-search.biz/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://hot-search.biz/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://hot-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS_h.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS_s.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS_h.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS_h.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS_s.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://hot-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS_s.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://hot-search.biz/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS_s.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS_h.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS_h.html

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearcher.com/?a=2&b=encry1

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://bigbr.cc (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - (no file)

O2 - BHO: TSCOM Class - {62160EEF-9D84-4C19-B7B8-6AC2526CD726} - C:\WINDOWS\SYSTEM\ICIYEDI.DLL

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL

O2 - BHO: (no name) - {69AA635D-B318-2CB3-8753-60550DA82C4A} - (no file)

O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - (no file)

O2 - BHO: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: sr - {FC2593E3-3E5A-410F-AF3D-82613CCE58E5} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {1BF03411-FDFD-A55F-80BE-F40A7208A6C9} - C:\WINDOWS\SYSTEM\HOXKHR.DLL

O2 - BHO: (no name) - {A04BF0E2-800A-11D9-84B2-000283271782} - C:\WINDOWS\SYSTEM\OPPHBA.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL

O4 - HKLM..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM..\Run: [Windows Shell Library Loader] loading shell32.dll /c /set

O4 - HKLM..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKLM..\Run: [eTrust PestPatrol Active Protection] none

O4 - HKLM..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM..\RunServices: [DkService] D:\Program Files\Executive Software\DiskeeperLite\DkService.exe

O4 - HKLM..\RunServices: [kavsvc] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"

O4 - HKCU..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU..\Run: [Tweu] C:\WINDOWS\Dane aplikacji\clea.exe

O4 - Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm

O8 - Extra context menu item: Pobierz przez Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: Pobierz wszystko przez Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: Microsoft® JavaScript® Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX

O9 - Extra 'Tools' menuitem: JavaScript Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra button: Microsoft® JavaScript® Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)

O13 - DefaultPrefix:

O13 - WWW Prefix:

O13 - Home Prefix: http://www.heretofind.com/show.php?id=3&q=

O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=3&q=

O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=3&q=

O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.blazefind.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 213.159.117.133

O15 - Trusted IP range: 213.159.117.133 (HKLM)

O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone

O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone

O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)

O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht! http://69.50.187.109/winsearchie32.chm::/winsearchie32.exe

O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht! http://www.search-and-more.com/clk/145.chm::/file.exe

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht! http://195.225.177.13/551/online.chm::/on-line.exe

O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT! http://69.50.179.61///search/1/user.chm::/user.exe

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.advnt01.com/dialer/russia.CAB

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games4.cab

O16 - DPF: {11010101-1001-1111-1000-115676576811} - ms-its:mhtml:file://c:\nosuch.mht! http://www.ustimerz.com/pm11115/var1.chm::/var.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... ed54699be7

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht! http://213.159.117.133/dl/adv87/x.chm::/load.exe

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://207.234.185.217/ABoxInst.exe

O16 - DPF: {11010101-1001-1111-1000-115676576822} - ms-its:mhtml:file://c:\nosuch.mht! http://www.ustimerz.com/tm11111/par2.chm::/par2.exe

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

O18 - Filter: text/plain - {A04BF0E1-800A-11D9-84B2-000273F589F5} - C:\WINDOWS\SYSTEM\OPPHBA.DLL

O18 - Filter: text/html - {A04BF0E1-800A-11D9-84B2-000273F589F5} - C:\WINDOWS\SYSTEM\OPPHBA.DLL

O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)


(fiesta) #6

:twisted: :twisted: :twisted: :twisted:

Ojojoj poleciał OT :lol: :lol: :lol:

Jak nie masz nic to powiedzenia to nie pisz.


(Damian) #7

Oj nazbierałeś tego chłopie :?

Wyłączasz przywracanie systemu i usuwasz w trybie awaryjnym:

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\DANE APLIKACJI\CLEA.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://hot-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://hot-search.biz/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://hot-search.biz/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://hot-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_h.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\_h.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_h.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\_s.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://hot-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://hot-search.biz/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_s.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_h.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_h.html

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearcher.com/?a=2&b=encry1

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://bigbr.cc (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - (no file)

O2 - BHO: TSCOM Class - {62160EEF-9D84-4C19-B7B8-6AC2526CD726} - C:\WINDOWS\SYSTEM\ICIYEDI.DLL

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL

O2 - BHO: (no name) - {69AA635D-B318-2CB3-8753-60550DA82C4A} - (no file)

O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - (no file)  	

O2 - BHO: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: sr - {FC2593E3-3E5A-410F-AF3D-82613CCE58E5} - (no file)

O2 - BHO: (no name) - {1BF03411-FDFD-A55F-80BE-F40A7208A6C9} - C:\WINDOWS\SYSTEM\HOXKHR.DLL

O2 - BHO: (no name) - {A04BF0E2-800A-11D9-84B2-000283271782} - C:\WINDOWS\SYSTEM\OPPHBA.DLL (file missing)

O3 - Toolbar: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL

O4 - HKLM\..\Run: [Windows Shell Library Loader] loading shell32.dll /c /set

O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKCU\..\Run: [Tweu] C:\WINDOWS\Dane aplikacji\clea.exe

O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)

O13 - DefaultPrefix:

O13 - WWW Prefix:

O13 - Home Prefix: http://www.heretofind.com/show.php?id=3&q=

O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=3&q=

O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=3&q=

O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.blazefind.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 213.159.117.133

O15 - Trusted IP range: 213.159.117.133 (HKLM)

O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone

O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone

O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)

O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.187.109/winsearchie32.chm::/winsearchie32.exe

O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.search-and-more.com/clk/145.chm::/file.exe

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/551/online.chm::/on-line.exe

O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT!http://69.50.179.61///search/1/user.chm::/user.exe

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.advnt01.com/dialer/russia.CAB

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games4.cab

O16 - DPF: {11010101-1001-1111-1000-115676576811} - ms-its:mhtml:file://c:\nosuch.mht!http://www.ustimerz.com/pm11115/var1.chm::/var.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=714b9e99bb1ec51fadc828f5983e23109b906c2b320d9f1b39ed54699be7e97f4caf42694383070009646062296ff92e68cfba8c:eb8a1fb09d00c5943edceabcca450006

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv87/x.chm::/load.exe

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://207.234.185.217/ABoxInst.exe

O16 - DPF: {11010101-1001-1111-1000-115676576822} - ms-its:mhtml:file://c:\nosuch.mht!http://www.ustimerz.com/tm11111/par2.chm::/par2.exe

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

O18 - Filter: text/plain - {A04BF0E1-800A-11D9-84B2-000273F589F5} - C:\WINDOWS\SYSTEM\OPPHBA.DLL

O18 - Filter: text/html - {A04BF0E1-800A-11D9-84B2-000273F589F5} - C:\WINDOWS\SYSTEM\OPPHBA.DLL

O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

Potem przejedź skanerami::arrow: CWShredder 2.13

:arrow: Spybot Search & Destroy 1.3

:arrow: Ad-aware SE Personal 1.05


(Musg) #8

wejdz w tryb awaryjny klawisz f8 podczas odpalania kompa.Odpal raz jeszcze hijacka i nastepujace wpisy usun za pomocą fix:

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://hot-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://hot-search.biz/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://hot-search.biz/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://hot-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://hot-search.biz/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://hot-search.biz/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://realsearcher.com/?a=2&b=encry1

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://bigbr.cc (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - (no file)

O2 - BHO: TSCOM Class - {62160EEF-9D84-4C19-B7B8-6AC2526CD726} - C:\WINDOWS\SYSTEM\ICIYEDI.DLL

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL

O2 - BHO: (no name) - {69AA635D-B318-2CB3-8753-60550DA82C4A} - (no file)

O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - (no file)

O2 - BHO: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: sr - {FC2593E3-3E5A-410F-AF3D-82613CCE58E5} - (no file)

O2 - BHO: (no name) - {1BF03411-FDFD-A55F-80BE-F40A7208A6C9} - C:\WINDOWS\SYSTEM\HOXKHR.DLL

O2 - BHO: (no name) - {1BF03411-FDFD-A55F-80BE-F40A7208A6C9} - C:\WINDOWS\SYSTEM\HOXKHR.DLL

O3 - Toolbar: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL

O4 - HKLM..\Run: [Windows Shell Library Loader] loading shell32.dll /c /set

O4 - HKLM..\Run: [Windows Shell Library Loader] loading shell32.dll /c /set

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)

O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU

O13 - DefaultPrefix:

O13 - WWW Prefix:

O13 - Home Prefix: http://www.heretofind.com/show.php?id=3&q=

O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=3&q=

O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=3&q=

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.blazefind.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)

O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht! http://69.50.187.109/winsearchie32.chm::/winse archie32.exe

O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht! http://www.search-and-more.com/clk/145.chm::/f ile.exe

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht! http://195.225.177.13/551/online.chm::/on-line.ex e

O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT! http://69.50.179.61///search/1/user.chm::/user.ex e

O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) - http://www.advnt01.com/dialer/russia.CAB

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/pl/games4.cab

O16 - DPF: {11010101-1001-1111-1000-115676576811} - ms-its:mhtml:file://c:\nosuch.mht! http://www.ustimerz.com/pm11115/var1.chm::/var .exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... 828f5983e2 3109b906c2b320d9f1b39ed54699be7e97f4caf42694383070009646062296ff92e68cfba8c:eb8a 1fb09d00c5943edceabcca450006

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht! http://213.159.117.133/dl/adv87/x.chm::/load.e xe

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://207.234.185.217/ABoxInst.exe

O16 - DPF: {11010101-1001-1111-1000-115676576822} - ms-its:mhtml:file://c:\nosuch.mht! http://www.ustimerz.com/tm11111/par2.chm::/par 2.exe

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

O18 - Filter: text/plain - {A04BF0E1-800A-11D9-84B2-000273F589F5} - C:\WINDOWS\SYSTEM\OPPHBA.DLL

O18 - Filter: text/html - {A04BF0E1-800A-11D9-84B2-000273F589F5} - C:\WINDOWS\SYSTEM\OPPHBA.DLL

O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)

uff--ale masz robactwa,dialery i tp

nastepnie przeskanuj system tymi programami

http://forum.dobreprogramy.pl/viewtopic.php?t=17671

i dajesz raz jeszcze log


(Nai Mad) #9

dzięki wielkie chłopaki...

usunałem to co podaliście, przeskanowałem tymi programami..

wklejam nowego loga:

Logfile of HijackThis v1.99.1

Scan saved at 18:02:53, on 05-02-18

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

D:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE

D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\PRINTRAY.EXE

D:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\MICROTEK\SCANWIZARD 5\SCANNERFINDER.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\LEXPPS.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

D:\DAMIAN\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM..\Run: [eTrust PestPatrol Active Protection] none

O4 - HKLM..\Run: [KAVPersonal50] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM..\RunServices: [DkService] D:\Program Files\Executive Software\DiskeeperLite\DkService.exe

O4 - HKLM..\RunServices: [kavsvc] "d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"

O4 - HKCU..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: Pobierz przez Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: Pobierz wszystko przez Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: Microsoft® JavaScript® Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX

O9 - Extra 'Tools' menuitem: JavaScript Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL

O9 - Extra button: Microsoft® JavaScript® Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console - {FE8D45E0-B9FF-11D8-84B2-0002443BB31B} - C:\WINDOWS\SYSTEM\COMDLG32.OCX (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

O15 - Trusted IP range: 213.159.117.133

..czy teraz log jest ok..??

P.S. to co zaznaczone skasowałem ale mam to znowu...robić coś z tym..??


(Dragonlnx) #10

To Ci pomoże

KillTrusted 0.6


(123448) #11

już jest czysty :wink: , ale nazbierało ci się tego w tym poprzednim logu :stuck_out_tongue:

jeszcze zaintaluj sobie najnowsza wersje IE v.6.0 , 5.0 troche stara jest