log dla fachowca

[Gość: gość24]

Logfile of HijackThis v1.99.0
Scan saved at 14:22:10, on 05-05-15
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\LESZEK\PROGRAMY\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} -
C:\WINDOWS\isrvs\sysupd.dll
O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4
\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\Services\{9D7E3F60-C4BD-
11D9-A097-0008540569CB}\SVCHOST.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security
iGuard.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4
\ashServ.exe
O4 - HKCU\..\Run: [Acrb] C:\WINDOWS\Dane aplikacji\rhro.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\STUBINSTALLER5356.EXE"
O4 - HKCU\..\RunServices: [Acrb] C:\WINDOWS\Dane aplikacji\rhro.exe
O4 - HKCU\..\RunServices:
[180ClientStubInstall] "C:\WINDOWS\STUBINSTALLER5356.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {AD453FC0-C4BD-11D9-A097-
0008540569CB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AD453FC0-C4BD-
11D9-A097-0008540569CB} - (no file) (HKCU)
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 81.222.131.59
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) -
67.15.101.3/g_bin/pl/darts_2_0_0_29.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} -
C:\WINDOWS\isrvs\mfiltis.dll

[Gość: Kolobos]

Zainstaluj nowe IE:
download.microsoft.com/download/ie6sp1/finrel/6_sp1/W98NT42KMeXP/PL/ie6setup.exe

+ www.windowsupdate.com

Opis usuwania iSearch "Desktop Search" masz tutaj:
www.searchengines.pl/phpbb203/index.php?
showtopic=12510&st=0&p=109496&#entry135478

Opis usuwania CWS'a Antispyware Helper + Security iGuard tutaj:
www.searchengines.pl/phpbb203/index.php?showtopic=14185&st=50&#entry149010

Odinstaluj:
Security iGuard

Masz stary Hijackthis:
www.spychecker.com/program/hijackthis.html

W hijackthis usun te wpisy:

O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} -
C:\WINDOWS\isrvs\sysupd.dll <- to usuwasz tak jak w opsie na stronie, plik
kasujesz.
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\Services\{9D7E3F60-C4BD-
11D9-A097-0008540569CB}\SVCHOST.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security
iGuard.exe
O4 - HKCU\..\Run: [Acrb] C:\WINDOWS\Dane aplikacji\rhro.exe
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\STUBINSTALLER5356.EXE"
O4 - HKCU\..\RunServices: [Acrb] C:\WINDOWS\Dane aplikacji\rhro.exe
O4 - HKCU\..\RunServices:
[180ClientStubInstall] "C:\WINDOWS\STUBINSTALLER5356.EXE"
O9 - Extra button: Microsoft AntiSpyware helper - {AD453FC0-C4BD-11D9-A097-
0008540569CB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AD453FC0-C4BD-
11D9-A097-0008540569CB} - (no file) (HKCU)
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 81.222.131.59
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} -
C:\WINDOWS\isrvs\mfiltis.dll

I Fix Checked

W hijackthis open misc tools i delete file on reboot i wklejasz tam:
C:\WINDOWS\isrvs\mfiltis.dll
C:\WINDOWS\STUBINSTALLER5356.EXE
C:\WINDOWS\Dane aplikacji\rhro.exe
C:\Program Files\Security iGuard\Security iGuard.exe <- pozniej kasujesz caly
katalog Security iGuard
C:\WINDOWS\isrvs\sysupd.dll
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
C:\WINDOWS\isrvs\ffisearch.exe
C:\WINDOWS\SYSTEM\Services\{9D7E3F60-C4BD-
11D9-A097-0008540569CB}\SVCHOST.EXE

Nastepnie reset, instalujesz to:
www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
przeskanuj i wlacz ochrone przegladarki
www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
ochrone przegladarki
www.wilderssecurity.net/spywareguard.html <- SpywareGuard

Skanujesz tym:
housecall.trendmicro.com/housecall/start_corp.asp
www.windowsecurity.com/trojanscan/
www.pandasoftware.com/activescan/pol/activescan_principal.htm

Po wszystkim wklej nowy log z NOWEGO hijackthis.

[wwwandal1]

...nie zły śmietnik/....wchodzenie na xxx strony ma swoje wady;) ....ale
najbardziej mnie ubawiła pomoc Kolobosa,który zapodał 10 linków w formie
pomocy . .....radząc zainstalować praktycznie wszystki antyszpiegi i
wykorzystać kilka scanerów- on-line ...............mi zajęło by to kilka
dni ;).......można też przeciągnąć na wszelki wypadek morą szmatą po kościach
ram i nie zaszkodzi naoliwić wiatraczki .......ale / przykro mi linków do 2
ostatnich czynności nie mam:)
pozdrawiam

[Gość: Kolobos]

Tylko trzy, zawsze radze je instalowac bo blokuja podjerzane strony do tego
spybot'em mozna przeskanowac system.