Witam wszystkich.
Zainstalowal sie mi spysheriff (na dole znaczek your computer is infected)i rozne wirusy tez mi grasuja po kompie. W trybie awaryjnum usunelam spysheriffa,przekreslone czerwone koleczko juz sie nie wyswietla, zostalo tylko your comuter is infected. Nie wiem czy dobrze zrobilam, bo jestem jak dziecko we mgle, jesli chodzi o komputery.Poczytalam troche o tym cudzie na forum i troche mi sie rozjasnia, ale i tak prosze o wyrozumialosc. Na poczatek prosze o sprawdzenie loga i wskazowki krok po kroku co dalej.
oto moj log
Logfile of HijackThis v1.99.1
Scan saved at 18:05:18, on 05-11-01
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SAGEM SA\DGIPSVR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\WINNSYST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\FMCTRL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MDMS.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\SURFACCURACY\SACC.EXE
C:\WINDOWS\SP2UPDATE00.EXE
C:\WINDOWS\SYSTEM\CAPRPCS.EXE
C:\WINDOWS\SYSTEM\QZDOVST.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MAILSKINNER\MAILSKINNER.EXE
C:\WINSTALL.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.free64all.com/tgp/out.php3?l=207
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.exxxpress.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.free64all.com/tgp/out.php3?l=207
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.wbk.pl/wbk24_start
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 213.222.11.6 auto.search.msn.com
O1 - Hosts: 213.222.11.6 ieautosearch
O2 - BHO: SponsorAdulto Class - {511F9316-771B-4953-A268-1C36DA667FE9} - C:\WINDOWS\DOWNLO~1\SPONSO~1.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\PROGRAM FILES\THESEARCHACCELERATOR\UCMTSAIE.DLL
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRAM FILES\YOURSITEBAR\YSB.DLL
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\SYSTEM\CAPON.EXE
O4 - HKLM\..\Run: [SystemMD] C:\WINDOWS\md.exe m
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system\mdms.exe
O4 - HKLM\..\Run: [MSRESEARCH] C:\WINDOWS\MSRESEARCH.exe
O4 - HKLM\..\Run: [MSUpdate] debug32.exe
O4 - HKLM\..\Run: [sp2update] C:\WINDOWS\SP2UPDATE00.exe
O4 - HKLM\..\Run: [WindowsUpdate] "C:\SVCHOSTSS.EXE"
O4 - HKLM\..\Run: [MSControl31] WINNSYST.EXE
O4 - HKLM\..\Run: [MSControl3d1]
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [msoft-updater23] MSSYSSTEMS.EXE
O4 - HKLM\..\Run: [MS-patch] MSPATCH32.EXE
O4 - HKLM\..\Run: [qzdovst] c:\windows\system\qzdovst.exe
O4 - HKLM\..\Run: [devsecbxp] C:\WINDOWS\dx32cxprb.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [ServeurIPAsde] C:\Program Files\Common Files\SAGEM SA\dgipsvr.exe
O4 - HKLM\..\RunServices: [System Tray] SysTray.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [dx32servbxp] dx32cxprb.exe
O4 - HKLM\..\RunServices: [MSControl31] WINNSYST.EXE
O4 - HKLM\..\RunServices: [MSControl3d1]
O4 - HKLM\..\RunServices: [msoft-updater23] MSSYSSTEMS.EXE
O4 - HKLM\..\RunServices: [MS-patch] MSPATCH32.EXE
O4 - HKCU\..\Run: [OKMEDIA] BIG-PENIS.EXE /menu
O4 - HKCU\..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1068.dll,InstantAccess
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00003.exe"
O4 - HKCU\..\Run: [SpySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe
O4 - Global Startup: dx32cxprb.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.greatplugin.com/diallerfiles/005016.exe
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://204.177.92.201/pt/foreign/pleasure_005014.cab
O16 - DPF: {D53B810F-6219-11D4-95B6-0040950375E7} - http://204.177.92.201/pt/foreign/pleasure_005012.cab
O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binaries/IA/sysnetsvc32_EN.cab
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1045_EN.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/en/SysWebTelecomInt.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c4.cab
O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload44a.exe
O16 - DPF: {261EE805-4893-45A3-8E9E-AD90914CB39A} (VacPro.internazionale_98_ver11) - http://www9.advnt01.com/dialer/internazionale_98_ver11.CAB
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:\nosuch.mht!http://buytraff.biz/dl/adv508/x.chm::/load.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aaa
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.10.1.1
Złączono Posta : 02.11.2005 (Sro) 16:04
Witam raz jeszcze
Dlaczego nikt mi nie odpisuje, cos zle zrobilam czy co?