Bardzo proszę o pomoc - log!

Dla specjalistów Bezpieczeństwo
#1

Pomóżcie! Strona startowa zmieniona, przekierowuje ciągle na wiadome strony, otwierają się nowe okna. Jestem leszczem w komputerach więc bardzo proszę niech ktoś rzuci na to okiem. Co robić? Z góry dzięki!

Logfile of HijackThis v1.99.1

Scan saved at 15:21:25, on 03/05/2005

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\MSGC32.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\LEXPPS.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\APIZU32.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\PAYTIME.EXE

C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\WINDOWS\SYSTEM\PAYTIME.EXE

C:\PROGRAM FILES\UNITEK HOTKEY\UNITEKHOTKEY.EXE

C:\PROGRAM FILES\WLAN\WCONFIG\WCONFIG.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\HIJACKTHHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us/10095/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/10095/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\xlgub.dll/sp.html#34429

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us/10095/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v73.us/10095/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us/10095/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/10095/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\xlgub.dll/sp.html#34429

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://v73.us/10095/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\xlgub.dll/sp.html#34429

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://v73.us/10095/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/10095/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us/10095/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us/10095/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://v73.us/10095/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: Class - {1152EB4C-6EE5-7DBD-33CA-B92E2B8A81D0} - C:\WINDOWS\SYSTEM\NTWG32.DLL

O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp3\winampa.exe”

O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM…\Run: [HotKey] C:\Program Files\Unitek Hotkey\Hotkeydrv.exe

O4 - HKLM…\Run: [LexStart] Lexstart.exe

O4 - HKLM…\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime

O4 - HKLM…\Run: [hhrwfomke] C:\WINDOWS\SYSTEM\kdimtsoq.exe

O4 - HKLM…\Run: [spySpotter] C:\PROGRAM FILES\SPYSPOTTER\SpySpotter.exe

O4 - HKLM…\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE “REBOOT”

O4 - HKLM…\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe

O4 - HKLM…\Run: [sre] rundll32.exe sre.dll,Register

O4 - HKLM…\Run: [startup] WinlogonStartup

O4 - HKLM…\Run: [srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe

O4 - HKLM…\Run: [iEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

O4 - HKLM…\Run: [APIZU32.EXE] C:\WINDOWS\SYSTEM\APIZU32.EXE

O4 - HKLM…\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKLM…\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe

O4 - HKLM…\RunServices: [MSGC32.EXE] C:\WINDOWS\MSGC32.EXE /s

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU…\Run: [srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray

O4 - HKCU…\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: WConfig.lnk = C:\Program Files\WLAN\WConfig\WConfig.exe

O4 - Global Startup: Skrót do UnitekHotKey.lnk = C:\Program Files\Unitek Hotkey\UnitekHotKey.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/Cult.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspott … nstall.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/d103/mailcfg.ocx

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aaa

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

O21 - SSODL: eplrr9 - {1AEACD60-8BD9-11D9-8D45-0008A16C7259} - C:\WINDOWS\SYSTEM\mspdnx.dll

O21 - SSODL: Sysctl Desktop Handler - {23456789-0000-0020-0900-00AAFF6D2EA4} - C:\WINDOWS\System32\NTOSV.DLL

#2

usuwasz w trybie awaryjnym f8

dajesz raz jeszcze log

rowniez usun

mam nadzieje ze to nie blad hijacka :stuck_out_tongue:

#3

Wyczyść katalog TEMP

Start=>Uruchom=>%temp%=>I usuń wszystko co sie tam znajduje

Usuń: (wszystko oczywiście robisz w trybie awaryjnym)

Znasz zostawiasz nie znasz usuwasz

Pliki na czerwono usun recznie z dysku

#4

wejdz jeszce w klucze rejestro w trybie awaryjnym i usuń co piszą na

>>> http://www.sophos.com/virusinfo/analyse … odorl.html

Po wzsystkim sprawdz system programami :

PestPatrol

CWShredder

Ad-aware

Spybot Search & Destroy

Microsoft® Windows AntiSpyware

Po tym restsrt i dawaj nowego loga do sprawdzenia.

Ps .

I tu muszę dodać swoje ale !!

Dlaczego koledzy

musg i kuz5 nigdy nie zalecają sprawdzenia systemu innymi progarmami ??? A przecież to podstawa. !!

. :smiley:

#5

Na ten syf wątpie żeby te programy w czymś pomogły aleee…

#6

Tu nie chodzi o ten syf ale o inne :D.

I zawsze po usunieci przez HijackThis

Albo na odwrut najpierw anyt , i dopiero HijackThis .

Zawsze radzę sprawdzć innymi programami . Ludzkie oko jest zawodne … :smiley:

#7

Pousuwałem chyba wszystko co napisaliście i jest jak na razie dużo lepiej, strona startowa wróciła a przekierowania i reklamy są znacznie rzadsze. Naprawdę WIELKIE DZIEKI za dotychczasową pomoc! A oto aktualny log:

Logfile of HijackThis v1.99.1

Scan saved at 17:53:54, on 03/05/2005

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\MSGC32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\APIZU32.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\UNITEK HOTKEY\UNITEKHOTKEY.EXE

C:\PROGRAM FILES\WLAN\WCONFIG\WCONFIG.EXE

C:\WINDOWS\SYSTEM\LEXPPS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\HIJACKTHHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us/10095/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/10095/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\esbab.dll/sp.html#34429

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\esbab.dll/sp.html#34429

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\esbab.dll/sp.html#34429

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\esbab.dll/sp.html#34429

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\esbab.dll/sp.html#34429

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\esbab.dll/sp.html#34429

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\esbab.dll/sp.html#34429

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/10095/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us/10095/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us/10095/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp3\winampa.exe”

O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM…\Run: [HotKey] C:\Program Files\Unitek Hotkey\Hotkeydrv.exe

O4 - HKLM…\Run: [LexStart] Lexstart.exe

O4 - HKLM…\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime

O4 - HKLM…\Run: [spySpotter] C:\PROGRAM FILES\SPYSPOTTER\SpySpotter.exe

O4 - HKLM…\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE “REBOOT”

O4 - HKLM…\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe

O4 - HKLM…\Run: [sre] rundll32.exe sre.dll,Register

O4 - HKLM…\Run: [startup] WinlogonStartup

O4 - HKLM…\Run: [iEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

O4 - HKLM…\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKLM…\Run: [APIZU32.EXE] C:\WINDOWS\SYSTEM\APIZU32.EXE

O4 - HKLM…\RunServices: [MSGC32.EXE] C:\WINDOWS\MSGC32.EXE /s

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: WConfig.lnk = C:\Program Files\WLAN\WConfig\WConfig.exe

O4 - Global Startup: Skrót do UnitekHotKey.lnk = C:\Program Files\Unitek Hotkey\UnitekHotKey.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/Cult.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspott … nstall.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/d103/mailcfg.ocx

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

#8

Wyczyść katalog TEMP

Start=>Uruchom=>%temp%=> I usuń wszystko co sie tam znajduje

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Pliki na czerwono usuwasz recznie z dysku

I odpowiedz na pytanie

#9

Te Hotkey to prawie na 100% sterowniki do klawiatury. Nie wiem czemu pojawiły się w logu ponownie te 2 pliki uswałem je, ale usunąłem jeszcze raz. W katalogu TEMP usunąłem wszystko z wyjątkiem folderów systemowych. Log:

Logfile of HijackThis v1.99.1

Scan saved at 18:44:09, on 03/05/2005

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\LXSUPMON.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\UNITEK HOTKEY\UNITEKHOTKEY.EXE

C:\PROGRAM FILES\WLAN\WCONFIG\WCONFIG.EXE

C:\WINDOWS\SYSTEM\LEXPPS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\HIJACKTHHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us/10095/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/10095/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\esbab.dll/sp.html#34429

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\esbab.dll/sp.html#34429

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\esbab.dll/sp.html#34429

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\esbab.dll/sp.html#34429

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\esbab.dll/sp.html#34429

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\esbab.dll/sp.html#34429

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\esbab.dll/sp.html#34429

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/10095/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us/10095/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us/10095/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp3\winampa.exe”

O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM…\Run: [HotKey] C:\Program Files\Unitek Hotkey\Hotkeydrv.exe

O4 - HKLM…\Run: [LexStart] Lexstart.exe

O4 - HKLM…\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN

O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\SYSTEM\QTTASK.EXE” -atboottime

O4 - HKLM…\Run: [spySpotter] C:\PROGRAM FILES\SPYSPOTTER\SpySpotter.exe

O4 - HKLM…\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE “REBOOT”

O4 - HKLM…\Run: [tcactive] C:\PROGRAM FILES\THE CLEANER\tca.exe

O4 - HKLM…\Run: [sre] rundll32.exe sre.dll,Register

O4 - HKLM…\Run: [startup] WinlogonStartup

O4 - HKLM…\Run: [iEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

O4 - HKLM…\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Startup: WConfig.lnk = C:\Program Files\WLAN\WConfig\WConfig.exe

O4 - Global Startup: Skrót do UnitekHotKey.lnk = C:\Program Files\Unitek Hotkey\UnitekHotKey.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLL

O16 - DPF: komentator - http://sport.onet.pl/komentator.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/Cult.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspott … nstall.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/d103/mailcfg.ocx

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

#10

[usuwałeś w awaryjnym na wyłączonym przywracaniu systemu? Ten syf dalej siedzi:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v73.us/10095/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/10095/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://v73.us/10095/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\esbab.dll/sp.html#34429

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\esbab.dll/sp.html#34429

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\esbab.dll/sp.html#34429

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\esbab.dll/sp.html#34429

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\esbab.dll/sp.html#34429

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\esbab.dll/sp.html#34429

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\esbab.dll/sp.html#34429

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://v73.us/10095/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us/10095/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://v73.us/10095/

R3 - Default URLSearchHook is missing

O4 - HKLM…\Run: [sre] rundll32.exe sre.dll,Register

O4 - HKLM…\Run: [startup] WinlogonStartup

O4 - HKLM…\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspott … Install.ca b

Czyściłeś wszystko programami podanymi przez Phylbiego?