Prosze o sprawdzenie loga


(Eburza) #1

Witam wszystkich.

Zainstalowal sie mi spysheriff (na dole znaczek your computer is infected)i rozne wirusy tez mi grasuja po kompie. W trybie awaryjnum usunelam spysheriffa,przekreslone czerwone koleczko juz sie nie wyswietla, zostalo tylko your comuter is infected. Nie wiem czy dobrze zrobilam, bo jestem jak dziecko we mgle, jesli chodzi o komputery.Poczytalam troche o tym cudzie na forum i troche mi sie rozjasnia, ale i tak prosze o wyrozumialosc. Na poczatek prosze o sprawdzenie loga i wskazowki krok po kroku co dalej.

oto moj log

Logfile of HijackThis v1.99.1

Scan saved at 18:05:18, on 05-11-01

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.50 (5.50.4134.0600)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\COMMON FILES\SAGEM SA\DGIPSVR.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\SYSTEM\WINNSYST.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\FMCTRL.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MDMS.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\PROGRAM FILES\SURFACCURACY\SACC.EXE

C:\WINDOWS\SP2UPDATE00.EXE

C:\WINDOWS\SYSTEM\CAPRPCS.EXE

C:\WINDOWS\SYSTEM\QZDOVST.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\MAILSKINNER\MAILSKINNER.EXE

C:\WINSTALL.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

C:\PROGRAM FILES\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.free64all.com/tgp/out.php3?l=207

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.exxxpress.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.free64all.com/tgp/out.php3?l=207

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.wbk.pl/wbk24_start

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 213.222.11.6 auto.search.msn.com

O1 - Hosts: 213.222.11.6 ieautosearch

O2 - BHO: SponsorAdulto Class - {511F9316-771B-4953-A268-1C36DA667FE9} - C:\WINDOWS\DOWNLO~1\SPONSO~1.DLL

O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\PROGRAM FILES\THESEARCHACCELERATOR\UCMTSAIE.DLL

O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRAM FILES\YOURSITEBAR\YSB.DLL

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun


O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM\..\Run: [Q3dctlTray] Fmctrl.EXE

O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\SYSTEM\CAPON.EXE

O4 - HKLM\..\Run: [SystemMD] C:\WINDOWS\md.exe m 

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system\mdms.exe

O4 - HKLM\..\Run: [MSRESEARCH] C:\WINDOWS\MSRESEARCH.exe

O4 - HKLM\..\Run: [MSUpdate] debug32.exe

O4 - HKLM\..\Run: [sp2update] C:\WINDOWS\SP2UPDATE00.exe

O4 - HKLM\..\Run: [WindowsUpdate] "C:\SVCHOSTSS.EXE"

O4 - HKLM\..\Run: [MSControl31] WINNSYST.EXE

O4 - HKLM\..\Run: [MSControl3d1] 

O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [msoft-updater23] MSSYSSTEMS.EXE

O4 - HKLM\..\Run: [MS-patch] MSPATCH32.EXE

O4 - HKLM\..\Run: [qzdovst] c:\windows\system\qzdovst.exe

O4 - HKLM\..\Run: [devsecbxp] C:\WINDOWS\dx32cxprb.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

O4 - HKLM\..\RunServices: [ServeurIPAsde] C:\Program Files\Common Files\SAGEM SA\dgipsvr.exe

O4 - HKLM\..\RunServices: [System Tray] SysTray.exe

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKLM\..\RunServices: [dx32servbxp] dx32cxprb.exe

O4 - HKLM\..\RunServices: [MSControl31] WINNSYST.EXE

O4 - HKLM\..\RunServices: [MSControl3d1] 

O4 - HKLM\..\RunServices: [msoft-updater23] MSSYSSTEMS.EXE

O4 - HKLM\..\RunServices: [MS-patch] MSPATCH32.EXE

O4 - HKCU\..\Run: [OKMEDIA] BIG-PENIS.EXE /menu

O4 - HKCU\..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1068.dll,InstantAccess

O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00003.exe"

O4 - HKCU\..\Run: [SpySheriff] C:\PROGRAM FILES\SPYSHERIFF\SpySheriff.exe

O4 - Global Startup: dx32cxprb.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL

O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.greatplugin.com/diallerfiles/005016.exe

O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://204.177.92.201/pt/foreign/pleasure_005014.cab

O16 - DPF: {D53B810F-6219-11D4-95B6-0040950375E7} - http://204.177.92.201/pt/foreign/pleasure_005012.cab

O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binaries/IA/sysnetsvc32_EN.cab

O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1045_EN.cab

O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} (SponsorAdulto Class) - http://ip.sponsoradulto.com/cab/3/en/SysWebTelecomInt.cab

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c4.cab

O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064.cab

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload44a.exe

O16 - DPF: {261EE805-4893-45A3-8E9E-AD90914CB39A} (VacPro.internazionale_98_ver11) - http://www9.advnt01.com/dialer/internazionale_98_ver11.CAB

O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068.cab

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://C:\nosuch.mht!http://buytraff.biz/dl/adv508/x.chm::/load.exe

O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aaa

O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 10.10.1.1

Złączono Posta : 02.11.2005 (Sro) 16:04

Witam raz jeszcze

Dlaczego nikt mi nie odpisuje, cos zle zrobilam czy co?


(Gutek) #2

  1. Zastartować do trybu awaryjnego bez internetu.

  2. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.

  3. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

  4. Dokończyć skanerami online - Scanery do wyboru

  5. Pokazać nowy log :stuck_out_tongue:

Czytaj: Usuwanie SpySheriff, Usuwanie Trojan.Repsamo oraz użyj FxIstbar.exe.


(Eburza) #3

no i klops, chyba cos zle usunelam, bo ciagle jak chce cos otworzyc,pisze mi brak programu debug32.exe niebednego do otworzenia aplikacji :frowning: .Kompletnie w nic nie da sie wejsc, i co mam biedna teraz zrobic? Ratunku chlopaki


(Gutek) #4

Użyj komendy start>>>Uruchom>>>sfc /scannow - płytke CD od systemu przygotuj :wink: