PROSZE O SPRAWDZENIE LOGA

[misio.69]

Logfile of HijackThis v1.99.1
Scan saved at 20:53:05, on 05-09-29
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\EFSDFGXG.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\CMD32.EXE
C:\WINDOWS\SYSTEM\EFSDFGXG.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\WINDOWS\SYSTEM\SYSVCS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\PROFILES\GOSIACZEK\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
C:\WINDOWS\SYSTEM\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
C:\WINDOWS\SYSTEM\search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
C:\WINDOWS\SYSTEM\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
C:\WINDOWS\SYSTEM\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
C:\WINDOWS\SYSTEM\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
C:\WINDOWS\SYSTEM\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
C:\WINDOWS\SYSTEM\search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\SYSTEM\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\SYSTEM\search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
F1 - win.ini: load=C:\POWER95\vi_grm.exe
F1 - win.ini: run=hpfsched
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINDOWS\NEM220.DLL (file missing)
O2 - BHO: (no name) - {99C5DE22-17C2-4C67-B048-3D01459A2E95} -
C:\WINDOWS\SYSTEM\GCNJV.DLL (file missing)
O2 - BHO: (no name) - {EB356F21-A9C5-FE32-B568-8F7AE2900EC4} -
C:\WINDOWS\SYSTEM\EPUHVRA.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe
internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Explorer32] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Explorer64] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\SYSTEM\sysvcs.exe
O4 - HKCU\..\Run: [Peib] C:\Program Files\ustr\asut.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\SYSTEM\Z11.EXE
O4 - HKCU\..\Run: [eMuleAutoStart] C:\PROGRAM FILES\EMULE\EMULE.EXE -AutoStart
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\sysvcs.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
C:\Program Files\Ebay\Ebay.htm (file missing)
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.asdbiz.biz
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.asdbiz.biz (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) -
www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
its:mhtml:file://c:\adsuntdt.mht!http://adextension.com/ext2/lca.chm::/Bridge-
c139.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=5016
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) -
www.180searchassistant.com/180saax.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl
Object) - megapanel.gem.pl/WebInstaller.dll
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = retsat1.com.pl
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = dns.retsat1.com.pl
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 195.13.38.3
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} -
C:\WINDOWS\SYSTEM\birdihuy32.dll

Prosze o pomoc :(

[Gość: iga]

Możesz sobie sam sprawdzić wklejając cały log tutaj:
www.hijackthis.de/index.php

[Gość: Kolobos]

Alt+ctrl+del i zakoncz te procesy:
C:\WINDOWS\SYSTEM\EFSDFGXG.EXE
C:\WINDOWS\SYSTEM\EFSDFGXG.EXE
C:\WINDOWS\SYSTEM\SYSVCS.EXE

Whijackthis usun:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
C:\WINDOWS\SYSTEM\search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
C:\WINDOWS\SYSTEM\search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
C:\WINDOWS\SYSTEM\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
C:\WINDOWS\SYSTEM\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
C:\WINDOWS\SYSTEM\search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
C:\WINDOWS\SYSTEM\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
C:\WINDOWS\SYSTEM\search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\SYSTEM\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINDOWS\SYSTEM\search.html

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINDOWS\NEM220.DLL (file missing)
O2 - BHO: (no name) - {99C5DE22-17C2-4C67-B048-3D01459A2E95} -
C:\WINDOWS\SYSTEM\GCNJV.DLL (file missing)
O2 - BHO: (no name) - {EB356F21-A9C5-FE32-B568-8F7AE2900EC4} -
C:\WINDOWS\SYSTEM\EPUHVRA.DLL <- usun plik
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe
internat.dll,LoadKeyboardProfile <- usun plik internat.dll
O4 - HKLM\..\Run: [Explorer32] C:\WINDOWS\SYSTEM\efsdfgxg.exe
O4 - HKLM\..\RunServices: [Explorer64] C:\WINDOWS\SYSTEM\efsdfgxg.exe <- usun
plik
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe <- usun plik
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\SYSTEM\sysvcs.exe <- usun plik
O4 - HKCU\..\Run: [Peib] C:\Program Files\ustr\asut.exe <- usun katalog ustr
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\SYSTEM\Z11.EXE <- usun plik z dysku
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\sysvcs.exe

Usun z Start->Programy->Autostart te dwa skroty:
Microsoft Office.lnk
Microsoft Office.lnk

O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
C:\Program Files\Ebay\Ebay.htm (file missing)
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.asdbiz.biz
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.asdbiz.biz (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) -
www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
its:mhtml:file://c:\adsuntdt.mht!http://adextension.com/ext2/lca.chm::/Bridge-
c139.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=5016
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) -
www.180searchassistant.com/180saax.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl
Object) - megapanel.gem.pl/WebInstaller.dll
O21 - SSODL: DDE - {F33812FB-F35C-4674-90F6-FD757C419C51} -
C:\WINDOWS\SYSTEM\birdihuy32.dll <- usun plik z dysku

+ skan tym:
www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
przeskanuj i wlacz ochrone przegladarki
www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
ochrone przegladarki
www.wilderssecurity.net/spywareguard.html <- SpywareGuard


Po wszystkim wklej nowy log.