Dodaj do ulubionych

Pomocy ! Zaraz sie kompletnie zalame ! :'(

IP: *.internetdsl.tpnet.pl 03.03.05, 19:51
Zaraz sie kompletnie zalame :'( ! Mam jakiegos okropnego wirusa .
Zaczelo sie tak ze weszlam na strone google.pl i wpisalam opisy gg ,
kliknelam w link a tu zaraz jakies okienko , z napisem " Please select your
contry" . Wiem czym grozi wybranie kraju w ktorym mieszkam - wgrywa sie
jakies okropne porno na komputer , wiem bo kilka miesiecy temu mialam takiego
samego wirusa . Wtedy zrobilismy z bratem format C .
Ale juz nie chce tego robic. Prosze pomozcie jak wywalilc tego wirusa .
Probowalam mks_virem ale do bani :-(
Obserwuj wątek
    • m.gregor Re: Pomocy ! Zaraz sie kompletnie zalame ! :'( 03.03.05, 19:54
      1.) Stworz na dysku katalog
      2.) Sciagnij to:
      spywareinfo.globalservers.com/~merijn/files/HijackThis.exe
      i zapisz na dysku w utworzonym wczesniej katalogu (nie uruchamiaj z internetu!!!)
      3.) Uruchom z katalogu ktory utworzylas
      4.) Wybierz 'Do a system scan and save a logfile'
      5.) Poczekaj az skonczy skanowac i zapisz raport w katalogu z programem
      6.) Wklej nam tutaj zawartosc pliku hijackthis.log
      --
      "And the man in the rain picked up his bag of secrets, and journeyed up the
      mountainside,far above the clouds, and nothing was ever heard from him again,
      except for the sound of Tubular Bells..."
      mail: m.gregor@gazeta.pl ; GG: 391450
      • Gość: mniejsza Re: Zrobilam to co napisales. IP: *.internetdsl.tpnet.pl 04.03.05, 11:47
        Prosze :
        Logfile of HijackThis v1.99.1
        Scan saved at 11:45:00, on 2005-03-04
        Platform: Windows ME (Win9x 4.90.3000)
        MSIE: Internet Explorer v5.50 (5.50.4134.0100)

        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\SYSTEM\MSTASK.EXE
        C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
        C:\WINDOWS\EXPLORER.EXE
        C:\WINDOWS\SYSTEM\INTERNAT.EXE
        C:\WINDOWS\TASKMON.EXE
        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
        C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
        C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
        C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
        C:\WINDOWS\SOUNDMAN.EXE
        C:\WINDOWS\SYSTEM\SYSTIME.EXE
        C:\PROGRAM FILES\MKS\BIN\MKS_MENU.EXE
        C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE
        C:\WINDOWS\SYSTEM\SYSTIME.EXE
        C:\124494.EXE
        C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE
        C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
        C:\124494.EXE
        C:\WINDOWS\SYSTEM\WMIEXE.EXE
        C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
        C:\PROGRAM FILES\GADU-GADU\GG.EXE
        C:\WINDOWS\SYSTEM\RNAAPP.EXE
        C:\WINDOWS\SYSTEM\TAPISRV.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\MOJE DOKUMENTY\KALINA BZDETY\BBBUBU\HIJACKTHIS.EXE

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        213.159.117.134/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        213.159.117.134/index.php
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        213.159.117.134/index.php
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        213.159.117.134/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        213.159.117.134/index.php
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        213.159.117.134/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O1 - Hosts: 127.0.0.3 www.greg-tut.com
        O1 - Hosts: 127.0.0.3 nylonsexy.com
        O1 - Hosts: 127.0.0.3 www.nylonsexy.com
        O1 - Hosts: 127.0.0.3 vparivalka.com
        O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com
        O1 - Hosts: 127.0.0.3 www.awmdabest.com
        O1 - Hosts: 127.0.0.3 www.sexfiles.nu
        O1 - Hosts: 127.0.0.3 awmdabest.com
        O1 - Hosts: 127.0.0.3 sexfiles.nu
        O1 - Hosts: 127.0.0.3 allforadult.com
        O1 - Hosts: 127.0.0.3 www.allforadult.com
        O1 - Hosts: 127.0.0.3 www.iframe.biz
        O1 - Hosts: 127.0.0.3 iframe.biz
        O1 - Hosts: 127.0.0.3 www.newiframe.biz
        O1 - Hosts: 127.0.0.3 newiframe.biz
        O1 - Hosts: 127.0.0.3 www.vesbiz.biz
        O1 - Hosts: 127.0.0.3 vesbiz.biz
        O1 - Hosts: 127.0.0.3 www.pi..to.biz
        O1 - Hosts: 127.0.0.3 pi..to.biz
        O1 - Hosts: 127.0.0.3 www.aaasexypics.com
        O1 - Hosts: 127.0.0.3 aaasexypics.com
        O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
        O1 - Hosts: 127.0.0.3 virgin-tgp.net
        O1 - Hosts: 127.0.0.3 www.awmcash.biz
        O1 - Hosts: 127.0.0.3 awmcash.biz
        O1 - Hosts: 127.0.0.3 buldog-stats.com
        O1 - Hosts: 127.0.0.3 www.buldog-stats.com
        O1 - Hosts: 127.0.0.3 fregat.drocherway.com
        O1 - Hosts: 127.0.0.3 slutmania.biz
        O1 - Hosts: 127.0.0.3 www.slutmania.biz
        O1 - Hosts: 127.0.0.3 toolbarpartner.com
        O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
        O1 - Hosts: 127.0.0.3 www.megapornix.com
        O1 - Hosts: 127.0.0.3 megapornix.com
        O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
        O1 - Hosts: 127.0.0.3 sp2fucked.biz
        O1 - Hosts: 127.0.0.3 greg-tut.com
        O1 - Hosts: 213.159.117.203/dkprogs/hosts.txt
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
        O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
        00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
        O4 - HKLM\..\Run: [internat.exe] internat.exe
        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
        O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
        Files\Logitech\iTouch\iTouch.exe
        O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
        O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
        O4 - HKLM\..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe
        O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe
        O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
        O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
        O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
        O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
        O4 - HKCU\..\RunServices: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
        O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN
        Adapter\WLANMON.exe
        O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
        O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
        Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
        O15 - Trusted Zone: *.windupdates.com
        O15 - Trusted Zone: *.searchmiracle.com
        O15 - Trusted Zone: *.searchbarcash.com
        O15 - Trusted Zone: *.skoobidoo.com
        O15 - Trusted Zone: *.my-internet.info
        O15 - Trusted Zone: *.xxxtoolbar.com
        O15 - Trusted Zone: *.slotch.com
        O15 - Trusted Zone: *.flingstone.com
        O15 - Trusted Zone: *.mt-download.com
        O15 - Trusted Zone: *.blazefind.com
        O15 - Trusted Zone: *.clickspring.net
        O15 - Trusted Zone: *.ysbweb.com
        O15 - Trusted Zone: *.slotchbar.com
        O15 - Trusted Zone: *.iframedollars.biz
        O15 - Trusted Zone: *.windupdates.com (HKLM)
        O15 - Trusted Zone: *.searchbarcash.com (HKLM)
        O15 - Trusted Zone: *.searchmiracle.com (HKLM)
        O15 - Trusted Zone: *.skoobidoo.com (HKLM)
        O15 - Trusted Zone: *.my-internet.info (HKLM)
        O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
        O15 - Trusted Zone: *.slotch.com (HKLM)
        O15 - Trusted Zone: *.flingstone.com (HKLM)
        O15 - Trusted Zone: *.mt-download.com (HKLM)
        O15 - Trusted Zone: *.blazefind.com (HKLM)
        O15 - Trusted Zone: *.clickspring.net (HKLM)
        O15 - Trusted Zone: *.ysbweb.com (HKLM)
        O15 - Trusted Zone: *.slotchbar.com (HKLM)
        O15 - Trusted Zone: *.iframedollars.biz (HKLM)
        O15 - Trusted IP range: 213.159.117.202
        O15 - Trusted IP range: 213.159.117.202 (HKLM)
        O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) -
        czat.onet.pl/client/kalambury/NetPunGame1.dll
        O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) -
        www.miniclip.com/inflaterball/miniclipGameLoader.dll
        O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
        194.204.159.1,194.204.152.34

        • m.gregor Re: Zrobilam to co napisales. 04.03.05, 12:01
          1.) Wymien dziadowskiego MKS-VIR'a na cos skuteczniejszego (ja polecam Avast'a)
          2.) Zainstaluj firewall'a (Kerio albo Sygate)
          3.) Zainstaluj bezpieczna przegladarke (FireFox, Mozilla, Opera - ja polecam
          FireFox'a)
          4.) Zaznacz te linie i kliknij FIX CHECKED:
          > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          > 213.159.117.134/index.php
          > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          > 213.159.117.134/index.php
          > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          > 213.159.117.134/index.php
          > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
          > 213.159.117.134/index.php
          > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          > 213.159.117.134/index.php
          > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          > 213.159.117.134/index.php
          > O1 - Hosts: 127.0.0.3 www.greg-tut.com
          > O1 - Hosts: 127.0.0.3 nylonsexy.com
          > O1 - Hosts: 127.0.0.3 www.nylonsexy.com
          > O1 - Hosts: 127.0.0.3 vparivalka.com
          > O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com
          > O1 - Hosts: 127.0.0.3 www.awmdabest.com
          > O1 - Hosts: 127.0.0.3 www.sexfiles.nu
          > O1 - Hosts: 127.0.0.3 awmdabest.com
          > O1 - Hosts: 127.0.0.3 sexfiles.nu
          > O1 - Hosts: 127.0.0.3 allforadult.com
          > O1 - Hosts: 127.0.0.3 www.allforadult.com
          > O1 - Hosts: 127.0.0.3 www.iframe.biz
          > O1 - Hosts: 127.0.0.3 iframe.biz
          > O1 - Hosts: 127.0.0.3 www.newiframe.biz
          > O1 - Hosts: 127.0.0.3 newiframe.biz
          > O1 - Hosts: 127.0.0.3 www.vesbiz.biz
          > O1 - Hosts: 127.0.0.3 vesbiz.biz
          > O1 - Hosts: 127.0.0.3 www.pi..to.biz
          > O1 - Hosts: 127.0.0.3 pi..to.biz
          > O1 - Hosts: 127.0.0.3 www.aaasexypics.com
          > O1 - Hosts: 127.0.0.3 aaasexypics.com
          > O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
          > O1 - Hosts: 127.0.0.3 virgin-tgp.net
          > O1 - Hosts: 127.0.0.3 www.awmcash.biz
          > O1 - Hosts: 127.0.0.3 awmcash.biz
          > O1 - Hosts: 127.0.0.3 buldog-stats.com
          > O1 - Hosts: 127.0.0.3 www.buldog-stats.com
          > O1 - Hosts: 127.0.0.3 fregat.drocherway.com
          > O1 - Hosts: 127.0.0.3 slutmania.biz
          > O1 - Hosts: 127.0.0.3 www.slutmania.biz
          > O1 - Hosts: 127.0.0.3 toolbarpartner.com
          > O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
          > O1 - Hosts: 127.0.0.3 www.megapornix.com
          > O1 - Hosts: 127.0.0.3 megapornix.com
          > O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
          > O1 - Hosts: 127.0.0.3 sp2fucked.biz
          > O1 - Hosts: 127.0.0.3 greg-tut.com
          > O1 - Hosts: 213.159.117.203/dkprogs/hosts.txt
          > O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
          > O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
          > O4 - HKCU\..\RunServices: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
          > O15 - Trusted Zone: *.windupdates.com
          > O15 - Trusted Zone: *.searchmiracle.com
          > O15 - Trusted Zone: *.searchbarcash.com
          > O15 - Trusted Zone: *.skoobidoo.com
          > O15 - Trusted Zone: *.my-internet.info
          > O15 - Trusted Zone: *.xxxtoolbar.com
          > O15 - Trusted Zone: *.slotch.com
          > O15 - Trusted Zone: *.flingstone.com
          > O15 - Trusted Zone: *.mt-download.com
          > O15 - Trusted Zone: *.blazefind.com
          > O15 - Trusted Zone: *.clickspring.net
          > O15 - Trusted Zone: *.ysbweb.com
          > O15 - Trusted Zone: *.slotchbar.com
          > O15 - Trusted Zone: *.iframedollars.biz
          > O15 - Trusted Zone: *.windupdates.com (HKLM)
          > O15 - Trusted Zone: *.searchbarcash.com (HKLM)
          > O15 - Trusted Zone: *.searchmiracle.com (HKLM)
          > O15 - Trusted Zone: *.skoobidoo.com (HKLM)
          > O15 - Trusted Zone: *.my-internet.info (HKLM)
          > O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
          > O15 - Trusted Zone: *.slotch.com (HKLM)
          > O15 - Trusted Zone: *.flingstone.com (HKLM)
          > O15 - Trusted Zone: *.mt-download.com (HKLM)
          > O15 - Trusted Zone: *.blazefind.com (HKLM)
          > O15 - Trusted Zone: *.clickspring.net (HKLM)
          > O15 - Trusted Zone: *.ysbweb.com (HKLM)
          > O15 - Trusted Zone: *.slotchbar.com (HKLM)
          A potem ponownie przeskanuj komputer i wklej nowego loga (tym razem pelnego bo
          ten tutaj jest niepelny - zobacz ze obcielo koncowke a cholera wie co sie tam
          jeszcze uruchamia)
          --
          "And the man in the rain picked up his bag of secrets,
          and journeyed up the mountainside, far above the clouds,
          and nothing was ever heard from him again,
          except for the sound of Tubular Bells..."
            • m.gregor Re: Zrobilam to co napisales. 04.03.05, 15:53
              Nie. Nie zrobilas wszystkiego co napisalem. Nie wkleilas nowego loga. Napisalem
              tez ze ten ktory wkleilas nie jest kompletny i nie wiadomo co uruchamia sie
              ponizej miejsca w ktorym obcielo.

              Czy zmienilas juz program antywirusowy na lepszy? Czy zainstalowalas firewall'a
              i bezpieczna przegladarke?
              --
              "And the man in the rain picked up his bag of secrets,
              and journeyed up the mountainside, far above the clouds,
              and nothing was ever heard from him again,
              except for the sound of Tubular Bells..."
                • koaa Re: Zrobilam to co napisales. 05.03.05, 13:38
                  ale czego nie umiesz?
                  kliknij ikonke Hijack this a nastepnie na przycisk na którym jest napisane "do
                  a system scan and save logfile" i to co sie wyswietli kopiujesz i wklejsz
                  na forum(tak jak za pierwszym razem to zrobiłas)

                  --
                  Czarodziej(specjalizacja iluzja)
                  Smoczek
                    • m.gregor Re: Zrobilam to co napisales. 05.03.05, 22:43
                      A gdzie ja Ci kazalem zmienic loga? Prosilem zebys usunela to co podalem a potem
                      przeskanowala system jeszcze raz HiJackThis, stworzyla nowy raport i wkleila
                      jego zawartosc tutaj. To samo co na poczatku robilas tylko jeszcze raz i musisz
                      zapisac nowy plik hijackthis.log i wkleic jego zawartosc tutaj (tylko na Zeusa
                      NIE STARY PLIK hijackthis.log!!!!)
                      --
                      "And the man in the rain picked up his bag of secrets,
                      and journeyed up the mountainside, far above the clouds,
                      and nothing was ever heard from him again,
                      except for the sound of Tubular Bells..."
                      • Gość: mniejsza Re: Zrobilam to co napisales. IP: *.internetdsl.tpnet.pl 06.03.05, 11:36
                        Przepraszam , zle zrozumialam z tym logiem .
                        Przeskanowalam ponownie :

                        Logfile of HijackThis v1.99.1
                        Scan saved at 11:33:06, on 2005-03-06
                        Platform: Windows ME (Win9x 4.90.3000)
                        MSIE: Internet Explorer v5.50 (5.50.4134.0100)

                        Running processes:
                        C:\WINDOWS\SYSTEM\KERNEL32.DLL
                        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                        C:\WINDOWS\SYSTEM\mmtask.tsk
                        C:\WINDOWS\SYSTEM\MPREXE.EXE
                        C:\WINDOWS\SYSTEM\MSTASK.EXE
                        C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                        C:\WINDOWS\EXPLORER.EXE
                        C:\WINDOWS\SYSTEM\INTERNAT.EXE
                        C:\WINDOWS\TASKMON.EXE
                        C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
                        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                        C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
                        C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
                        C:\WINDOWS\SOUNDMAN.EXE
                        C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE
                        C:\WINDOWS\SYSTEM\SYSTIME.EXE
                        C:\WINDOWS\SYSTEM\SYSTIME.EXE
                        C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE
                        C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
                        C:\WINDOWS\SYSTEM\WMIEXE.EXE
                        C:\124494.EXE
                        C:\124494.EXE
                        C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
                        C:\PROGRAM FILES\GADU-GADU\GG.EXE
                        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                        C:\WINDOWS\SYSTEM\RNAAPP.EXE
                        C:\WINDOWS\SYSTEM\TAPISRV.EXE
                        C:\WINDOWS\SYSTEM\DDHELP.EXE
                        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                        C:\MOJE DOKUMENTY\KALINA BZDETY\BBBUBU\HIJACKTHIS.EXE

                        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                        213.159.117.134/index.php
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                        213.159.117.134/index.php
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                        213.159.117.134/index.php
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                        213.159.117.134/index.php
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                        213.159.117.134/index.php
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                        213.159.117.134/index.php
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                        C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
                        O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
                        00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                        O4 - HKLM\..\Run: [internat.exe] internat.exe
                        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                        O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
                        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
                        powrprof.dll,LoadCurrentPwrScheme
                        O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
                        Files\Logitech\iTouch\iTouch.exe
                        O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                        O4 - HKLM\..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe
                        O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe
                        O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                        O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                        powrprof.dll,LoadCurrentPwrScheme
                        O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                        O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
                        O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                        O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                        O4 - HKCU\..\RunServices: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                        O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN
                        Adapter\WLANMON.exe
                        O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
                        O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
                        Files\Adobe\Calibration\Adobe Gamma Loader.exe
                        O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                        Office\Office\OSA9.EXE
                        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                        C:\WINDOWS\web\related.htm
                        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                        00aa003c157a} - C:\WINDOWS\web\related.htm
                        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                        C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                        O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
                        00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                        O15 - Trusted Zone: *.iframedollars.biz (HKLM)
                        O15 - Trusted IP range: 213.159.117.202
                        O15 - Trusted IP range: 213.159.117.202 (HKLM)
                        O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) -
                        czat.onet.pl/client/kalambury/NetPunGame1.dll
                        O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) -
                        www.miniclip.com/inflaterball/miniclipGameLoader.dll
                        O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
                        194.204.159.1,194.204.152.34

                        • m.gregor Re: Zrobilam to co napisales. 06.03.05, 23:03
                          Powtarzam ponownie:
                          1.) Zainstaluj porzadny program antywirusowy (polecam Avast)
                          2.) Zainstaluj firewall'a (Kerio lub Sygate)
                          3.) Zainstaluj bezpieczna przegladarke (FireFox, Mozilla, Opera - ja polecam
                          FireFox'a) i przestan korzystac z Internet Explorer'a
                          4.) Zaznacz te linijki i kliknij 'Fix Checked' a potem zrestartuj komputer,
                          przeskanuj komputer i wklej nowego loga. 'Fix checked' wykonuj PRZY ZAMKNIETYCH
                          OKNACH PRZEGLADARKI!!!!!
                          > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                          > 213.159.117.134/index.php
                          > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                          > 213.159.117.134/index.php
                          > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                          > 213.159.117.134/index.php
                          > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                          > 213.159.117.134/index.php
                          > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                          > 213.159.117.134/index.php
                          > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                          > 213.159.117.134/index.php
                          > O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                          > O15 - Trusted Zone: *.iframedollars.biz (HKLM)
                          > O15 - Trusted IP range: 213.159.117.202
                          > O15 - Trusted IP range: 213.159.117.202 (HKLM)
                          > O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) -
                          > www.miniclip.com/inflaterball/miniclipGameLoader.dll

                          PAMIETAJ ZEBY WYKONYWAC FIX CHECKED PRZY ZAMKNIETYCH OKNACH PRZEGLADARKI.
                          WSZYSTKICH OKNACH!!!!
                          --
                          "And the man in the rain picked up his bag of secrets,
                          and journeyed up the mountainside, far above the clouds,
                          and nothing was ever heard from him again,
                          except for the sound of Tubular Bells..."
                          • Gość: mniejsza Re: Zrobilam to co napisales :-) IP: *.internetdsl.tpnet.pl 07.03.05, 16:10
                            Ok zainstaluje firefoxa :-)
                            i skads wytrzasne avasta :-)
                            i wszystko co poleciles .
                            A teraz log :

                            Logfile of HijackThis v1.99.1
                            Scan saved at 16:06:46, on 2005-03-07
                            Platform: Windows ME (Win9x 4.90.3000)
                            MSIE: Internet Explorer v5.50 (5.50.4134.0100)

                            Running processes:
                            C:\WINDOWS\SYSTEM\KERNEL32.DLL
                            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                            C:\WINDOWS\SYSTEM\SPOOL32.EXE
                            C:\WINDOWS\SYSTEM\MPREXE.EXE
                            C:\WINDOWS\SYSTEM\MSTASK.EXE
                            C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                            C:\WINDOWS\SYSTEM\mmtask.tsk
                            C:\WINDOWS\EXPLORER.EXE
                            C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
                            C:\WINDOWS\SYSTEM\INTERNAT.EXE
                            C:\WINDOWS\TASKMON.EXE
                            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                            C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
                            C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
                            C:\WINDOWS\SOUNDMAN.EXE
                            C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE
                            C:\WINDOWS\SYSTEM\SYSTIME.EXE
                            C:\WINDOWS\SYSTEM\WMIEXE.EXE
                            C:\WINDOWS\SYSTEM\DKTIBS.EXE
                            C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE
                            C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
                            C:\124494.EXE
                            C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
                            C:\MOJE DOKUMENTY\KALINA BZDETY\BBBUBU\HIJACKTHIS.EXE

                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                            213.159.117.134/index.php
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                            213.159.117.134/index.php
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                            213.159.117.134/index.php
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                            213.159.117.134/index.php
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                            213.159.117.134/index.php
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                            213.159.117.134/index.php
                            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                            C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
                            O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
                            00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                            O4 - HKLM\..\Run: [internat.exe] internat.exe
                            O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                            O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                            O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
                            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                            O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
                            powrprof.dll,LoadCurrentPwrScheme
                            O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
                            Files\Logitech\iTouch\iTouch.exe
                            O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                            O4 - HKLM\..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe
                            O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe
                            O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                            O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                            powrprof.dll,LoadCurrentPwrScheme
                            O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                            O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
                            O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                            O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                            O4 - HKCU\..\RunServices: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                            O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN
                            Adapter\WLANMON.exe
                            O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
                            O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
                            Files\Adobe\Calibration\Adobe Gamma Loader.exe
                            O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                            Office\Office\OSA9.EXE
                            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                            C:\WINDOWS\web\related.htm
                            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                            00aa003c157a} - C:\WINDOWS\web\related.htm
                            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                            C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                            O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
                            00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                            O15 - Trusted IP range: 213.159.117.202
                            O15 - Trusted IP range: 213.159.117.202 (HKLM)
                            O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) -
                            czat.onet.pl/client/kalambury/NetPunGame1.dll
                            O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
                            194.204.159.1,194.204.152.34

                            • m.gregor Re: Zrobilam to co napisales :-) 07.03.05, 17:49
                              Widze ze wszystko wraca. Sprobuj wywalic te linijki w trybie awaryjnym (zanim
                              pojawi sie logo windows 98 na tle chmurek wcisnij F8 i wybierz Tryb awaryjny ale
                              nie tryb awaryjny z obsluga sieci). Potem uruchamiasz HiJackThis, wybierasz 'Do
                              a system scan only', zaznaczasz nastepujace linijki i klikasz FixChecked. Potem
                              restartujesz komputer. A oto linijki do wywalenia:
                              > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                              > 213.159.117.134/index.php
                              > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                              > 213.159.117.134/index.php
                              > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                              > 213.159.117.134/index.php
                              > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                              > 213.159.117.134/index.php
                              > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                              > 213.159.117.134/index.php
                              > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                              > 213.159.117.134/index.php
                              > O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                              > O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                              > O4 - HKCU\..\RunServices: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                              > O15 - Trusted IP range: 213.159.117.202
                              > O15 - Trusted IP range: 213.159.117.202 (HKLM)

                              Wazne zebys zaznaczyla wszystko dokladnie. Jak juz usuniesz to w trybie
                              awaryjnym i zrestartujesz komputer zrob i wklej nowego loga. Jak znowu pojawia
                              sie te linie bedziemy kombinowac.
                              --
                              "And the man in the rain picked up his bag of secrets,
                              and journeyed up the mountainside, far above the clouds,
                              and nothing was ever heard from him again,
                              except for the sound of Tubular Bells..."
                              • Gość: mnejsza Re: Zrobilam to co napisales :-) IP: *.internetdsl.tpnet.pl 07.03.05, 18:35
                                Nowy log :

                                Logfile of HijackThis v1.99.1
                                Scan saved at 18:32:49, on 2005-03-07
                                Platform: Windows ME (Win9x 4.90.3000)
                                MSIE: Internet Explorer v5.50 (5.50.4134.0100)

                                Running processes:
                                C:\WINDOWS\SYSTEM\KERNEL32.DLL
                                C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                                C:\WINDOWS\SYSTEM\mmtask.tsk
                                C:\WINDOWS\SYSTEM\MPREXE.EXE
                                C:\WINDOWS\SYSTEM\MSTASK.EXE
                                C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                                C:\WINDOWS\EXPLORER.EXE
                                C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
                                C:\WINDOWS\SYSTEM\INTERNAT.EXE
                                C:\WINDOWS\TASKMON.EXE
                                C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                                C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
                                C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
                                C:\WINDOWS\SOUNDMAN.EXE
                                C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE
                                C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE
                                C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
                                C:\WINDOWS\SYSTEM\WMIEXE.EXE
                                C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
                                C:\MOJE DOKUMENTY\KALINA BZDETY\BBBUBU\HIJACKTHIS.EXE

                                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                                213.159.117.134/index.php
                                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
                                O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio -
                                {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                                O4 - HKLM\..\Run: [internat.exe] internat.exe
                                O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                                O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                                O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
                                O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                                O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                                O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
                                O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                                O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                                O4 - HKLM\..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe
                                O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe
                                O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                                powrprof.dll,LoadCurrentPwrScheme
                                O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                                O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
                                O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                                O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN Adapter\WLANMON.exe
                                O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
                                O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
                                Files\Adobe\Calibration\Adobe Gamma Loader.exe
                                O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                Office\Office\OSA9.EXE
                                O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                                C:\WINDOWS\web\related.htm
                                O9 - Extra 'Tools' menuitem: Show &Related Links -
                                {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
                                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                                C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                                O9 - Extra 'Tools' menuitem: MSN Messenger Service -
                                {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                                O15 - Trusted IP range: 213.159.117.202
                                O15 - Trusted IP range: 213.159.117.202 (HKLM)
                                O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) -
                                czat.onet.pl/client/kalambury/NetPunGame1.dll
                                O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

                                • m.gregor Re: Zrobilam to co napisales :-) 07.03.05, 18:44
                                  Zaczyna byc juz widac koniec ale...
                                  1.) Zainstaluj Avast'a (linka podal Kalinowski11) i zaktualizuj go. Odrazu
                                  mozesz przeskanowac komputer.
                                  2.) Wystartuj komp. w tr. awaryjnym i usun te linijki:
                                  > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                                  > 213.159.117.134/index.php
                                  > O4 - HKLM\..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe (resztki z
                                  MKS-VIR'a)
                                  > O15 - Trusted IP range: 213.159.117.202
                                  > O15 - Trusted IP range: 213.159.117.202 (HKLM)
                                  Pamietaj zeby wykonywac FixChecked w trybie awaryjnym. Potem oczywiscie wklej
                                  nowego loga.
                                  --
                                  "And the man in the rain picked up his bag of secrets,
                                  and journeyed up the mountainside, far above the clouds,
                                  and nothing was ever heard from him again,
                                  except for the sound of Tubular Bells..."
                                  • Gość: mniejsza Re: Zrobilam to co napisales :-) IP: *.internetdsl.tpnet.pl 07.03.05, 19:39
                                    Nowy log mistrzu :

                                    Logfile of HijackThis v1.99.1
                                    Scan saved at 19:37:15, on 2005-03-07
                                    Platform: Windows ME (Win9x 4.90.3000)
                                    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

                                    Running processes:
                                    C:\WINDOWS\SYSTEM\KERNEL32.DLL
                                    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                                    C:\WINDOWS\SYSTEM\mmtask.tsk
                                    C:\WINDOWS\SYSTEM\MPREXE.EXE
                                    C:\WINDOWS\SYSTEM\MSTASK.EXE
                                    C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                                    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
                                    C:\WINDOWS\EXPLORER.EXE
                                    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
                                    C:\WINDOWS\SYSTEM\INTERNAT.EXE
                                    C:\WINDOWS\TASKMON.EXE
                                    C:\WINDOWS\SYSTEM\RPCSS.EXE
                                    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                                    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
                                    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
                                    C:\WINDOWS\SOUNDMAN.EXE
                                    C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE
                                    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
                                    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
                                    C:\WINDOWS\SYSTEM\WMIEXE.EXE
                                    C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE
                                    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
                                    C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
                                    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\SETUP\AVAST.SETUP
                                    C:\MOJE DOKUMENTY\KALINA BZDETY\BBBUBU\HIJACKTHIS.EXE

                                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                    C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
                                    O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio -
                                    {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                                    O4 - HKLM\..\Run: [internat.exe] internat.exe
                                    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                                    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                                    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
                                    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                                    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                                    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
                                    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                                    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                                    O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe
                                    O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
                                    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
                                    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                                    powrprof.dll,LoadCurrentPwrScheme
                                    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                                    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
                                    O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                                    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil
                                    Software\Avast4\ashServ.exe
                                    O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN Adapter\WLANMON.exe
                                    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
                                    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
                                    Files\Adobe\Calibration\Adobe Gamma Loader.exe
                                    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                    Office\Office\OSA9.EXE
                                    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                                    C:\WINDOWS\web\related.htm
                                    O9 - Extra 'Tools' menuitem: Show &Related Links -
                                    {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
                                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                                    C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                                    O9 - Extra 'Tools' menuitem: MSN Messenger Service -
                                    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                                    O15 - Trusted IP range: 213.159.117.202
                                    O15 - Trusted IP range: 213.159.117.202 (HKLM)
                                    O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) -
                                    czat.onet.pl/client/kalambury/NetPunGame1.dll
                                    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

                                    • m.gregor Zostalo jeszcze to: 07.03.05, 19:54
                                      > O15 - Trusted IP range: 213.159.117.202
                                      > O15 - Trusted IP range: 213.159.117.202 (HKLM)
                                      A to usuniesz tym:
                                      republika.pl/mgregor/deldomains.inf
                                      Klikasz na tym prawym klawiszem myszy, wybierasz 'Zapisz element docelowy
                                      jako...', zapisujesz na dysku, potem klikasz na zapisany plik, wybierasz
                                      zainstaluj. A potem dla pewnosci skanujesz jeszcze raz komputer HiJackThis i
                                      wklejasz aktualnego loga.
                                      --
                                      "And the man in the rain picked up his bag of secrets,
                                      and journeyed up the mountainside, far above the clouds,
                                      and nothing was ever heard from him again,
                                      except for the sound of Tubular Bells..."
                                    • m.gregor Re: Zrobilam to co napisales :-) 07.03.05, 19:50
                                      Zainstaluj firewall'a. Log z tego co widze jest czysty ale popatrze jeszcze raz.
                                      Aha. Zerknij sobie tutaj:
                                      forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=19472430
                                      i na posty nastepne gdzie sa erraty do linkow i nowsze wersje programow.
                                      --
                                      "And the man in the rain picked up his bag of secrets,
                                      and journeyed up the mountainside, far above the clouds,
                                      and nothing was ever heard from him again,
                                      except for the sound of Tubular Bells..."
                                      • Gość: mniejsza ~~BARDZO DZIEKUJE ZA POMOC ~~ IP: *.internetdsl.tpnet.pl 07.03.05, 20:12
                                        Z calego serca dziekuje za pomoc ! Te okienka "please select your country " juz
                                        sie nie wlaczaja ! Wszystko jest ok !
                                        BArdzo dziekuje M.GREGOR ! Jestes na prawde swietny ! Nie wiem jak mam ci
                                        podziekowac ! Bardzo dziekuje ! :*
                                        Jestem taka szczesliwa ze nie musze robic tego formatu C ! Jejku !
                                        Jeszcze raz dziekuje z calego serca ! Jeszcze nikt mi nigdy tak nie pomogl !

                                        • m.gregor Re: ~~BARDZO DZIEKUJE ZA POMOC ~~ 07.03.05, 20:13
                                          Jeszcze tylko wklej najnowszego (zrobionego przed chwila) loga zeby bylo wiadomo
                                          ze wszystko na pewno sie usunelo.
                                          --
                                          "And the man in the rain picked up his bag of secrets,
                                          and journeyed up the mountainside, far above the clouds,
                                          and nothing was ever heard from him again,
                                          except for the sound of Tubular Bells..."
                                          • Gość: mniejsza Re: ~~BARDZO DZIEKUJE ZA POMOC ~~ IP: *.internetdsl.tpnet.pl 09.03.05, 15:50
                                            :-)
                                            sorry ze nie odpisywalam dzien ale mialam awarie internetu :)
                                            Najnowszy log :

                                            Logfile of HijackThis v1.99.1
                                            Scan saved at 15:47:57, on 2005-03-09
                                            Platform: Windows ME (Win9x 4.90.3000)
                                            MSIE: Internet Explorer v5.50 (5.50.4134.0100)

                                            Running processes:
                                            C:\WINDOWS\SYSTEM\KERNEL32.DLL
                                            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                                            C:\WINDOWS\SYSTEM\MPREXE.EXE
                                            C:\WINDOWS\SYSTEM\MSTASK.EXE
                                            C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                                            C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
                                            C:\WINDOWS\SYSTEM\RPCSS.EXE
                                            C:\WINDOWS\SYSTEM\mmtask.tsk
                                            C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
                                            C:\WINDOWS\EXPLORER.EXE
                                            C:\WINDOWS\SYSTEM\INTERNAT.EXE
                                            C:\WINDOWS\TASKMON.EXE
                                            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                                            C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
                                            C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
                                            C:\WINDOWS\SOUNDMAN.EXE
                                            C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE
                                            C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
                                            C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
                                            C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE
                                            C:\WINDOWS\SYSTEM\WMIEXE.EXE
                                            C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
                                            C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
                                            C:\PROGRAM FILES\GADU-GADU\GG.EXE
                                            C:\WINDOWS\SYSTEM\RNAAPP.EXE
                                            C:\WINDOWS\SYSTEM\TAPISRV.EXE
                                            C:\WINDOWS\SYSTEM\DDHELP.EXE
                                            C:\MOJE DOKUMENTY\KALINA BZDETY\BBBUBU\HIJACKTHIS.EXE

                                            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                            C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
                                            O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio -
                                            {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                                            O4 - HKLM\..\Run: [internat.exe] internat.exe
                                            O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                                            O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                                            O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
                                            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                                            O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                                            O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
                                            O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                                            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                                            O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe
                                            O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
                                            O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
                                            O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                                            powrprof.dll,LoadCurrentPwrScheme
                                            O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                                            O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
                                            O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                                            O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil
                                            Software\Avast4\ashServ.exe
                                            O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN Adapter\WLANMON.exe
                                            O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
                                            O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
                                            Files\Adobe\Calibration\Adobe Gamma Loader.exe
                                            O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                            Office\Office\OSA9.EXE
                                            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                                            C:\WINDOWS\web\related.htm
                                            O9 - Extra 'Tools' menuitem: Show &Related Links -
                                            {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
                                            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                                            C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                                            O9 - Extra 'Tools' menuitem: MSN Messenger Service -
                                            {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                                            O15 - Trusted IP range: 213.159.117.202
                                            O15 - Trusted IP range: 213.159.117.202 (HKLM)
                                            O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) -
                                            czat.onet.pl/client/kalambury/NetPunGame1.dll
                                            O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka