Bardzo proszę o sprawdzenie loga

Renia1 · 7 Grudzień 2005 08:19

Mam zaśmieconego kompa, nie mogę usunąć wpisów w rejestrze. Proszę o pomoc.

Logfile of HijackThis v1.99.1

Scan saved at 08:06:46, on 05-12-07

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\WINDOWS\SYSTEM\MSDTCW.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\VTTIMER.EXE

C:\PROGRAM FILES\VIAUDIOI\SBADECK\ADECK.EXE

C:\PROGRAM FILES\DRWEB\SPIDERML.EXE

C:\PROGRAM FILES\DRWEB\SPIDER.EXE

C:\PROGRAM FILES\DRWEB\DRWEBSCD.EXE

C:\WINDOWS\SYSTEM\ICSMGR.EXE

C:\PROGRAM FILES\CWRSWC\DOYQES.EXE

C:\WINDOWS\SYSTEM\PAYTIME.EXE

D:\INSTALACYJNE\TLEN.EXE

C:\WINDOWS\SYSTEM\PAYTIME.EXE

C:\PROGRAM FILES\DELUX\PS2 KEYBOARD ENGLISH EDITION\KEYBOARD.EXE

C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE

C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL\BINN\SQLSERVR.EXE

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE10\MSOFFICE.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL\BINN\SQLAGENT.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\HIJACKTHIS\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.eu.microsoft.com/poland/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com

O1 - Hosts: 127.0.0.5 x.full-tgp.net

O1 - Hosts: 127.0.0.5 counter.sexmaniack.com

O1 - Hosts: 127.0.0.5 autoescrowpay.com

O1 - Hosts: 127.0.0.5 www.autoescrowpay.com

O1 - Hosts: 127.0.0.5 www.awmdabest.com

O1 - Hosts: 127.0.0.5 www.sexfiles.nu

O1 - Hosts: 127.0.0.5 awmdabest.com

O1 - Hosts: 127.0.0.5 sexfiles.nu

O1 - Hosts: 127.0.0.5 allforadult.com

O1 - Hosts: 127.0.0.5 www.allforadult.com

O1 - Hosts: 127.0.0.5 www.iframe.biz

O1 - Hosts: 127.0.0.5 iframe.biz

O1 - Hosts: 127.0.0.5 www.newiframe.biz

O1 - Hosts: 127.0.0.5 newiframe.biz

O1 - Hosts: 127.0.0.5 www.vesbiz.biz

O1 - Hosts: 127.0.0.5 vesbiz.biz

O1 - Hosts: 127.0.0.5 www.pizdato.biz

O1 - Hosts: 127.0.0.5 pizdato.biz

O1 - Hosts: 127.0.0.5 www.awmcash.biz

O1 - Hosts: 127.0.0.5 awmcash.biz

O1 - Hosts: 127.0.0.5 buldog-stats.com

O1 - Hosts: 127.0.0.5 www.buldog-stats.com

O1 - Hosts: 127.0.0.5 fregat.drocherway.com

O1 - Hosts: 127.0.0.5 slutmania.biz

O1 - Hosts: 127.0.0.5 www.slutmania.biz

O1 - Hosts: 127.0.0.5 toolbarpartner.com

O1 - Hosts: 127.0.0.5 www.toolbarpartner.com

O1 - Hosts: 127.0.0.5 www.megapornix.com

O1 - Hosts: 127.0.0.5 megapornix.com

O1 - Hosts: 127.0.0.5 www.sp2fucked.biz

O1 - Hosts: 127.0.0.5 sp2fucked.biz

O1 - Hosts: 127.0.0.5 greg-tut.com

O1 - Hosts: 127.0.0.5 www.greg-tut.com

O1 - Hosts: 127.0.0.5 nylonsexy.com

O1 - Hosts: 127.0.0.5 www.nylonsexy.com

O1 - Hosts: 127.0.0.5 vparivalka.com

O1 - Hosts: 127.0.0.5 www.vparivalka.com

O1 - Hosts: 127.0.0.5 iframeprofit.com

O1 - Hosts: 127.0.0.5 www.iframeprofit.com

O1 - Hosts: 127.0.0.5 topsearch10.com

O1 - Hosts: 127.0.0.5 www.topsearch10.com

O1 - Hosts: 127.0.0.5 statscash.biz

O1 - Hosts: 127.0.0.5 www.statscash.biz

O1 - Hosts: 127.0.0.5 vxiframe.biz

O1 - Hosts: 127.0.0.5 www.vxiframe.biz

O1 - Hosts: 127.0.0.5 crazy-toolbar.com

O1 - Hosts: 127.0.0.5 www.crazy-toolbar.com

O1 - Hosts: 127.0.0.5 topcash.biz

O1 - Hosts: 127.0.0.5 www.topcash.biz

O1 - Hosts: 127.0.0.5 loadcash.biz

O1 - Hosts: 127.0.0.5 www.loadcash.biz

O1 - Hosts: 127.0.0.5 txiframe.biz

O1 - Hosts: 127.0.0.5 www.txiframe.biz

O1 - Hosts: 127.0.0.5 procounter.biz

O1 - Hosts: 127.0.0.5 www.procounter.biz

O1 - Hosts: 127.0.0.5 advadmin.biz

O1 - Hosts: 127.0.0.5 www.advadmin.biz

O1 - Hosts: 127.0.0.5 trafficbest.net

O1 - Hosts: 127.0.0.5 www.trafficbest.net

O1 - Hosts: 127.0.0.5 besthvac.com

O1 - Hosts: 127.0.0.5 www.besthvac.com

O1 - Hosts: 127.0.0.5 traff4.com

O1 - Hosts: 127.0.0.5 www.traff4.com

O1 - Hosts: 127.0.0.5 ambush-script.com

O1 - Hosts: 127.0.0.5 www.ambush-script.com

O1 - Hosts: 127.0.0.5 beehappyy.biz

O1 - Hosts: 127.0.0.5 www.beehappyy.biz

O1 - Hosts: 127.0.0.5 tracktraff.cc

O1 - Hosts: 127.0.0.5 www.tracktraff.cc

O1 - Hosts: 127.0.0.5 allcount.net

O1 - Hosts: 127.0.0.5 www.allcount.net

O1 - Hosts: 127.0.0.5 onedayoffer.biz

O1 - Hosts: 127.0.0.5 www.onedayoffer.biz

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AudioDeck] C:\PROGRAM FILES\VIAUDIOI\SBADECK\ADECK.EXE 1

O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM\..\Run: [Start_SCM] SCM.exe -Action 1 -Silent 1 -Service MSSQLServer

O4 - HKLM\..\Run: [SpIDerMail] "C:\PROGRAM FILES\DRWEB\SPIDERML.EXE"

O4 - HKLM\..\Run: [SpIDer] "C:\PROGRAM FILES\DRWEB\SPIDER.EXE"

O4 - HKLM\..\Run: [DrWebScheduler] "C:\PROGRAM FILES\DRWEB\DRWEBSCD.EXE"

O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE

O4 - HKLM\..\Run: [Zpadktg] C:\PROGRAM FILES\CWRSWC\DOYQES.EXE

O4 - HKLM\..\Run: [NetDy] C:\WINDOWS\VisualGuard.exe

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe

O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKCU\..\Run: [Komunikator] D:\INSTALACYJNE\TLEN.EXE

O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe

O4 - Startup: PS2 Keyboard English Edition.lnk = C:\Program Files\Delux\PS2 Keyboard English Edition\keyboard.exe

O4 - Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Startup: SQL Server.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\scm.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000

O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system\drwebsp.dll

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.152.34,194.204.159.1

O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\SYSTEM\qhgpfjpq.dll


Teresa

kuz5 · 7 Grudzień 2005 14:30

W Dodaj/Usun odinstaluj MEDIA ACCESS

Usuń: (wszystko oczywiście robisz w trybie awaryjnym )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R3 - Default URLSearchHook is missing O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com O1 - Hosts: 127.0.0.5 x.full-tgp.net O1 - Hosts: 127.0.0.5 counter.sexmaniack.com O1 - Hosts: 127.0.0.5 autoescrowpay.com O1 - Hosts: 127.0.0.5 http://www.autoescrowpay.com O1 - Hosts: 127.0.0.5 http://www.awmdabest.com O1 - Hosts: 127.0.0.5 http://www.sexfiles.nu O1 - Hosts: 127.0.0.5 awmdabest.com O1 - Hosts: 127.0.0.5 sexfiles.nu O1 - Hosts: 127.0.0.5 allforadult.com O1 - Hosts: 127.0.0.5 http://www.allforadult.com O1 - Hosts: 127.0.0.5 http://www.iframe.biz O1 - Hosts: 127.0.0.5 iframe.biz O1 - Hosts: 127.0.0.5 http://www.newiframe.biz O1 - Hosts: 127.0.0.5 newiframe.biz O1 - Hosts: 127.0.0.5 http://www.vesbiz.biz O1 - Hosts: 127.0.0.5 vesbiz.biz O1 - Hosts: 127.0.0.5 http://www.pizdato.biz O1 - Hosts: 127.0.0.5 pizdato.biz O1 - Hosts: 127.0.0.5 http://www.awmcash.biz O1 - Hosts: 127.0.0.5 awmcash.biz O1 - Hosts: 127.0.0.5 buldog-stats.com O1 - Hosts: 127.0.0.5 http://www.buldog-stats.com O1 - Hosts: 127.0.0.5 fregat.drocherway.com O1 - Hosts: 127.0.0.5 slutmania.biz O1 - Hosts: 127.0.0.5 http://www.slutmania.biz O1 - Hosts: 127.0.0.5 toolbarpartner.com O1 - Hosts: 127.0.0.5 http://www.toolbarpartner.com O1 - Hosts: 127.0.0.5 http://www.megapornix.com O1 - Hosts: 127.0.0.5 megapornix.com O1 - Hosts: 127.0.0.5 http://www.sp2fucked.biz O1 - Hosts: 127.0.0.5 sp2fucked.biz O1 - Hosts: 127.0.0.5 greg-tut.com O1 - Hosts: 127.0.0.5 http://www.greg-tut.com O1 - Hosts: 127.0.0.5 nylonsexy.com O1 - Hosts: 127.0.0.5 http://www.nylonsexy.com O1 - Hosts: 127.0.0.5 vparivalka.com O1 - Hosts: 127.0.0.5 http://www.vparivalka.com O1 - Hosts: 127.0.0.5 iframeprofit.com O1 - Hosts: 127.0.0.5 http://www.iframeprofit.com O1 - Hosts: 127.0.0.5 topsearch10.com O1 - Hosts: 127.0.0.5 http://www.topsearch10.com O1 - Hosts: 127.0.0.5 statscash.biz O1 - Hosts: 127.0.0.5 http://www.statscash.biz O1 - Hosts: 127.0.0.5 vxiframe.biz O1 - Hosts: 127.0.0.5 http://www.vxiframe.biz O1 - Hosts: 127.0.0.5 crazy-toolbar.com O1 - Hosts: 127.0.0.5 http://www.crazy-toolbar.com O1 - Hosts: 127.0.0.5 topcash.biz O1 - Hosts: 127.0.0.5 http://www.topcash.biz O1 - Hosts: 127.0.0.5 loadcash.biz O1 - Hosts: 127.0.0.5 http://www.loadcash.biz O1 - Hosts: 127.0.0.5 txiframe.biz O1 - Hosts: 127.0.0.5 http://www.txiframe.biz O1 - Hosts: 127.0.0.5 procounter.biz O1 - Hosts: 127.0.0.5 http://www.procounter.biz O1 - Hosts: 127.0.0.5 advadmin.biz O1 - Hosts: 127.0.0.5 http://www.advadmin.biz O1 - Hosts: 127.0.0.5 trafficbest.net O1 - Hosts: 127.0.0.5 http://www.trafficbest.net O1 - Hosts: 127.0.0.5 besthvac.com O1 - Hosts: 127.0.0.5 http://www.besthvac.com O1 - Hosts: 127.0.0.5 traff4.com O1 - Hosts: 127.0.0.5 http://www.traff4.com O1 - Hosts: 127.0.0.5 ambush-script.com O1 - Hosts: 127.0.0.5 http://www.ambush-script.com O1 - Hosts: 127.0.0.5 beehappyy.biz O1 - Hosts: 127.0.0.5 http://www.beehappyy.biz O1 - Hosts: 127.0.0.5 tracktraff.cc O1 - Hosts: 127.0.0.5 http://www.tracktraff.cc O1 - Hosts: 127.0.0.5 allcount.net O1 - Hosts: 127.0.0.5 http://www.allcount.net O1 - Hosts: 127.0.0.5 onedayoffer.biz O1 - Hosts: 127.0.0.5 http://www.onedayoffer.biz O4 - HKLM…\Run: [Zpadktg] C:\PROGRAM FILES\CWRSWC\DOYQES.EXE O4 - HKLM…\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe O4 - HKLM…\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe O4 - HKLM…\Run: [NetDy] C:\WINDOWS\VisualGuard.exe O4 - HKCU…\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\SYSTEM\qhgpfjpq.dll

Pliki na czerwono usun ręcznie z dysku

Znasz to?:

Gutek · 7 Grudzień 2005 17:01

zostaw to Distributed Transaction Coordinator