Forum Komputery Wirusy, trojany, spyware

ZMIEŃ

Dodaj do ulubionych

JAK USUNAC NIECHCIANY PROGRAM XXX ?

Gość: wanienka IP: *.neoplus.adsl.tpnet.pl 24.03.05, 20:01

mam jakiegos wirusa i zainstalowany program z netu xxx, ktorego nie moge
usunac - nie daje sie wyrzucic do kosza, odmowa dostepu. Ikona podobna do
ikony stron internetowych, nie wyglada jak program, jak moge sie pozbyc tego
czegos?

Obserwuj wątek

Drzewko
Od najstarszego
Od najnowszego

Gość: Kolobos Re: JAK USUNAC NIECHCIANY PROGRAM XXX ? IP: *.warszawa.sdi.tpnet.pl 24.03.05, 20:22

Wklej log z hijackthis na poczatek:
www.spychecker.com/program/hijackthis.html
- Gość: wanienka Re: JAK USUNAC NIECHCIANY PROGRAM XXX ? IP: *.neoplus.adsl.tpnet.pl 24.03.05, 21:10
  
  wklej log?
  - neder Re: JAK USUNAC NIECHCIANY PROGRAM XXX ? 24.03.05, 21:16
    
    ściągnij program, który podał Ci Kolobos, uruchom go, wybierz "do a system scan
    and save a logfile", program wygeneruje plik tekstowy (log) a zawartość tego
    pliku wklej na forum.
    
    pzdr.
  - Gość: Kolobos Re: JAK USUNAC NIECHCIANY PROGRAM XXX ? IP: *.warszawa.sdi.tpnet.pl 24.03.05, 21:16
    
    Sciagnij hijackthis -> www.spychecker.com/program/hijackthis.html
    uruchom, nacisnij Do a system scan and save a logfile i wklej tutaj na forum
    zawartosc wygenerowanego pliku :-)
    - Gość: wanienka Re: JAK USUNAC NIECHCIANY PROGRAM XXX ? IP: *.neoplus.adsl.tpnet.pl 09.04.05, 14:28
      
      dzieki za rady ale: ten program nie chce mi sie sciagnac, chwile cos sie sciaga
      ale za moment wystakuje, ze limit czasu (czas operacji/ minal czy jakos tak.
      Wiec co moge zrobic? dodam ze tym wirusem jest chyba jakies isrvs a znajduje
      sie w windowsie /system/
      - Gość: Kolobos Re: JAK USUNAC NIECHCIANY PROGRAM XXX ? IP: *.warszawa.sdi.tpnet.pl 09.04.05, 14:33
        
        No wiec sciagnij z innej strony, po wpisaniu w google hijackthis masz ich
        pelno :(
        
        www.merijn.org/files/hijackthis.zip
        downloads.subratam.org/hijackthis.zip
        www.unitethecows.com/software/HijackThis.exe
        www.bleepingcomputer.com/files/Merijn/HijackThis.zip
        dknoppix.com/Downloads/HijackThis.exe
        www.spywareinfo.com/~merijn/files/hijackthis.zip
        computercops.biz/zx/Merijn/hijackthis.zip
        www.majorgeeks.com/download3155.html
        
        Gość: wanienka Re: JAK USUNAC NIECHCIANY PROGRAM XXX ? IP: *.neoplus.adsl.tpnet.pl 09.04.05, 16:56
        
        no mam logi !!! to kolobos help w tym:
        
        Logfile of HijackThis v1.99.1
        Scan saved at 17:13:20, on 05-04-09
        Platform: Windows 98 SE (Win9x 4.10.2222A)
        MSIE: Internet Explorer v5.00 (5.00.2614.3500)
        
        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\SYSTEM\MSTASK.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\EXPLORER.EXE
        C:\WINDOWS\SYSTEM\MSOFFICE.EXE
        C:\WINDOWS\TASKMON.EXE
        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
        C:\WINDOWS\SYSTEM\SERVICES\{7ACF9640-6B2F-11D9-B6BC-00304F1454D6}\SVCHOST.EXE
        C:\WINDOWS\LIVECHATUT.EXE
        C:\WINDOWS\SYSTEM\CGQHYO.EXE
        C:\WINDOWS\XHRMY.EXE
        C:\WINDOWS\DANE APLIKACJI\ELRU.EXE
        C:\PROGRAM FILES\COMMON FILES\QUQZ\QUQZM.EXE
        C:\PROGRAM FILES\PHOTOWORKS\PHOTOWORKS DIGITAL PARTNER\ACQUIRE.EXE
        C:\WINDOWS\SYSTEM\WMIEXE.EXE
        C:\WINDOWS\PACKAGER.EXE
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\PROGRAM FILES\EMULE.DE\EMULE.EXE
        C:\WINDOWS\SYSTEM\WINOA386.MOD
        C:\WINDOWS\SYSTEM\WINOA386.MOD
        C:\WINDOWS\SYSTEM\WINOA386.MOD
        C:\WINDOWS\SYSTEM\WINOA386.MOD
        C:\WINDOWS\SYSTEM\WINOA386.MOD
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\WINDOWS\SYSTEM\WINOA386.MOD
        C:\WINDOWS\SYSTEM\PRIVATE-ZONE.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\WINDOWS\PULPIT\HIJACKTHIS.EXE
        C:\PROGRAM FILES\WINAMP\WINAMP.EXE
        
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        www.onet.pl
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.onet.pl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        www.onet.pl
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.onet.pl
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
        file)
        F1 - win.ini: run=C:\WINDOWS\SYSTEM\msoffice.exe hpfsched
        O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
        O2 - BHO: (no name) - {F5A48525-3DC8-5549-B289-176401DB1BB2} -
        C:\WINDOWS\SYSTEM\AGOFNDGC.DLL (file missing)
        O2 - BHO: (no name) - {EF64885A-63BA-5736-99DB-42819FC05FE0} -
        C:\WINDOWS\SYSTEM\QOCDAQ.DLL (file missing)
        O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} -
        C:\WINDOWS\isrvs\sysupd.dll
        O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} -
        C:\WINDOWS\SYSTEM\boln.dll
        O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} -
        C:\WINDOWS\SYSTEM\Loader.dll
        O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
        C:\WINDOWS\NEM220.DLL
        O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} -
        C:\WINDOWS\DOWNLO~1\INSTAFIN.DLL
        O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} -
        C:\WINDOWS\SYSTEM\LMF32V.DLL
        O2 - BHO: (no name) - {EB9805B5-E40F-89D6-2730-CCA93D9B5AE7} -
        C:\WINDOWS\SYSTEM\MZDZLQT.DLL
        O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} -
        C:\WINDOWS\CERES.DLL
        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
        O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\SERVICES\{7ACF9640-6B2F-11D9-
        B6BC-00304F1454D6}\SVCHOST.EXE
        O4 - HKLM\..\Run: [LIVECHATUT] C:\WINDOWS\LIVECHATUT.EXE
        O4 - HKLM\..\Run: [WebRun] C:\WINDOWS\SYSTEM\MSXMIDI.EXE
        O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
        O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\PRIVATE-ZONE.EXE
        O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
        O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
        O4 - HKLM\..\Run: [cgqhyo] c:\windows\system\cgqhyo.exe
        O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
        O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
        Optimizer\optimize.exe"
        O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe
        O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
        O4 - HKCU\..\Run: [Ctwr] C:\WINDOWS\Dane aplikacji\elru.exe
        O4 - HKCU\..\Run: [Sstmq] C:\WINDOWS\SYSTEM\mmdo.exe
        O4 - HKCU\..\Run: [WebRun] C:\WINDOWS\SYSTEM\MSXMIDI.EXE
        O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\PRIVATE-ZONE.EXE
        O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1037.dll,InstantAccess
        O4 - HKCU\..\Run: [QUQZ] C:\PROGRAM FILES\COMMON FILES\QUQZ\QUQZM.EXE
        O4 - Startup: PhotoWorks Acquire.lnk = C:\Program Files\PhotoWorks\PhotoWorks
        Digital Partner\Acquire.exe
        O4 - Startup: PhotoWorks Upload Scheduler.lnk = C:\Program
        Files\PhotoWorks\PhotoWorks Digital Partner\PhotoWorksWiz.exe
        O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
        O14 - IERESET.INF: SEARCH_PAGE_URL=
        O14 - IERESET.INF: START_PAGE_URL=
        O15 - Trusted Zone: *.windupdates.com
        O15 - Trusted Zone: *.skoobidoo.com
        O15 - Trusted Zone: *.slotchbar.com
        O15 - Trusted Zone: *.iframedollars.biz
        O15 - Trusted Zone: *.iframe.biz
        O15 - Trusted Zone: *.newiframe.biz
        O15 - Trusted Zone: *.pi..to.biz
        O15 - Trusted Zone: *.vse-moe.biz
        O15 - Trusted Zone: *.sp2fucked.biz
        O15 - Trusted Zone: *.sp2admin.biz
        O15 - Trusted Zone: *.clickspring.net
        O15 - Trusted Zone: *.mt-download.com
        O15 - Trusted Zone: *.slotch.com
        O15 - Trusted Zone: *.c4tdownload.com
        O15 - Trusted Zone: *.xxxtoolbar.com
        O15 - Trusted Zone: *.ysbweb.com
        O15 - Trusted Zone: *.overpro.com
        O15 - Trusted Zone: *.megapornix.com
        O15 - Trusted Zone: *.awmdabest.com
        O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
        O15 - Trusted Zone: *.admin2cash.biz
        O15 - Trusted Zone: *.private-iframe.biz
        O15 - Trusted Zone: *.private-dialer.biz
        O15 - Trusted Zone: *.bettersearch.biz
        O15 - Trusted Zone: *.addictivetechnologies.com
        O15 - Trusted Zone: *.addictivetechnologies.net
        O15 - Trusted Zone: *.f1organizer.com
        O15 - Trusted Zone: *.crazywinnings.com
        O15 - Trusted Zone: *.topconverting.com
        O15 - Trusted Zone: *.traffic2cash.biz
        O15 - Trusted Zone: *.windupdates.com (HKLM)
        O15 - Trusted Zone: *.skoobidoo.com (HKLM)
        O15 - Trusted Zone: *.slotchbar.com (HKLM)
        O15 - Trusted Zone: *.iframedollars.biz (HKLM)
        O15 - Trusted IP range: 213.159.117.202
        O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet
        Zone
        O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet
        Zone (HKLM)
        O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) -
        xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB
        O16 - DPF: {15D0E439-4E58-45E1-A9C1-0B1B16749A3C} -
        akamai.downloadv3.com/binaries/IA/netcmp32_EN.cab
        O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} -
        C:\WINDOWS\isrvs\mfiltis.dll
        O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} -
        C:\WINDOWS\SYSTEM\Ccbpci32.dll
        O21 - SSODL: OLE Module - {0211C4D9-BC71-8916-38AD-9DEA5D213614} -
        C:\WINDOWS\SYSTEM\chup.dll
        
        Gość: Kolobos Re: JAK USUNAC NIECHCIANY PROGRAM XXX ? IP: *.warszawa.sdi.tpnet.pl 09.04.05, 18:36
        
        W dodaj usun programy odszukaj Internet Optimizer i odinstaluj.
        
        Uruchom hijackthis i zaznacz te wpisy:
        
        R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no
        file)
        F1 - win.ini: run=C:\WINDOWS\SYSTEM\msoffice.exe hpfsched
        O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
        O2 - BHO: (no name) - {F5A48525-3DC8-5549-B289-176401DB1BB2} -
        C:\WINDOWS\SYSTEM\AGOFNDGC.DLL (file missing)
        O2 - BHO: (no name) - {EF64885A-63BA-5736-99DB-42819FC05FE0} -
        C:\WINDOWS\SYSTEM\QOCDAQ.DLL (file missing)
        O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} -
        C:\WINDOWS\isrvs\sysupd.dll
        O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} -
        C:\WINDOWS\SYSTEM\boln.dll
        O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} -
        C:\WINDOWS\SYSTEM\Loader.dll
        O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
        C:\WINDOWS\NEM220.DLL
        O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} -
        C:\WINDOWS\DOWNLO~1\INSTAFIN.DLL
        O2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} -
        C:\WINDOWS\SYSTEM\LMF32V.DLL
        O2 - BHO: (no name) - {EB9805B5-E40F-89D6-2730-CCA93D9B5AE7} -
        C:\WINDOWS\SYSTEM\MZDZLQT.DLL
        O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} -
        C:\WINDOWS\CERES.DLL
        O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\SYSTEM\SERVICES\{7ACF9640-6B2F-11D9-
        B6BC-00304F1454D6}\SVCHOST.EXE
        O4 - HKLM\..\Run: [LIVECHATUT] C:\WINDOWS\LIVECHATUT.EXE
        O4 - HKLM\..\Run: [WebRun] C:\WINDOWS\SYSTEM\MSXMIDI.EXE
        O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
        O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\PRIVATE-ZONE.EXE
        O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
        O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
        O4 - HKLM\..\Run: [cgqhyo] c:\windows\system\cgqhyo.exe
        O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
        O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
        Optimizer\optimize.exe"
        O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe
        O4 - HKCU\..\Run: [Ctwr] C:\WINDOWS\Dane aplikacji\elru.exe
        O4 - HKCU\..\Run: [Sstmq] C:\WINDOWS\SYSTEM\mmdo.exe
        O4 - HKCU\..\Run: [WebRun] C:\WINDOWS\SYSTEM\MSXMIDI.EXE
        O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\SYSTEM\PRIVATE-ZONE.EXE
        O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1037.dll,InstantAccess
        O4 - HKCU\..\Run: [QUQZ] C:\PROGRAM FILES\COMMON FILES\QUQZ\QUQZM.EXE
        O14 - IERESET.INF: SEARCH_PAGE_URL=
        O14 - IERESET.INF: START_PAGE_URL=
        O15 - Trusted Zone: *.windupdates.com
        O15 - Trusted Zone: *.skoobidoo.com
        O15 - Trusted Zone: *.slotchbar.com
        O15 - Trusted Zone: *.iframedollars.biz
        O15 - Trusted Zone: *.iframe.biz
        O15 - Trusted Zone: *.newiframe.biz
        O15 - Trusted Zone: *.pi..to.biz
        O15 - Trusted Zone: *.vse-moe.biz
        O15 - Trusted Zone: *.sp2fucked.biz
        O15 - Trusted Zone: *.sp2admin.biz
        O15 - Trusted Zone: *.clickspring.net
        O15 - Trusted Zone: *.mt-download.com
        O15 - Trusted Zone: *.slotch.com
        O15 - Trusted Zone: *.c4tdownload.com
        O15 - Trusted Zone: *.xxxtoolbar.com
        O15 - Trusted Zone: *.ysbweb.com
        O15 - Trusted Zone: *.overpro.com
        O15 - Trusted Zone: *.megapornix.com
        O15 - Trusted Zone: *.awmdabest.com
        O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
        O15 - Trusted Zone: *.admin2cash.biz
        O15 - Trusted Zone: *.private-iframe.biz
        O15 - Trusted Zone: *.private-dialer.biz
        O15 - Trusted Zone: *.bettersearch.biz
        O15 - Trusted Zone: *.addictivetechnologies.com
        O15 - Trusted Zone: *.addictivetechnologies.net
        O15 - Trusted Zone: *.f1organizer.com
        O15 - Trusted Zone: *.crazywinnings.com
        O15 - Trusted Zone: *.topconverting.com
        O15 - Trusted Zone: *.traffic2cash.biz
        O15 - Trusted Zone: *.windupdates.com (HKLM)
        O15 - Trusted Zone: *.skoobidoo.com (HKLM)
        O15 - Trusted Zone: *.slotchbar.com (HKLM)
        O15 - Trusted Zone: *.iframedollars.biz (HKLM)
        O15 - Trusted IP range: 213.159.117.202
        O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet
        Zone
        O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet
        Zone (HKLM)
        O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) -
        xbs.mtree.com/mt/dialers/fc/MultiDistFC.CAB
        O16 - DPF: {15D0E439-4E58-45E1-A9C1-0B1B16749A3C} -
        akamai.downloadv3.com/binaries/IA/netcmp32_EN.cab
        O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} -
        C:\WINDOWS\isrvs\mfiltis.dll
        O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} -
        C:\WINDOWS\SYSTEM\Ccbpci32.dll
        O21 - SSODL: OLE Module - {0211C4D9-BC71-8916-38AD-9DEA5D213614} -
        C:\WINDOWS\SYSTEM\chup.dll
        
        I Fix Checked, nastepnie reset i wklej nowy log.
        
        Wejdz tez na www.windowsupdate.com i sciagnij Internet Exploter 6 i reszete
        aktualizacji.
        
        Usun tez katalog:
        C:\WINDOWS\isrvs\
        C:\PROGRAM FILES\COMMON FILES\QUQZ\
        C:\WINDOWS\SYSTEM\SERVICES\{7ACF9640-6B2F-11D9-B6BC-00304F1454D6}
        
        Oraz pliki:
        C:\WINDOWS\SYSTEM\chup.dll
        C:\WINDOWS\SYSTEM\msoffice.exe
        C:\WINDOWS\SYSTEM\boln.dll
        C:\WINDOWS\SYSTEM\Ccbpci32.dll
        C:\WINDOWS\SYSTEM\Loader.dll
        C:\WINDOWS\isrvs\sysupd.dll
        C:\WINDOWS\NEM220.DLL
        C:\WINDOWS\DOWNLO~1\INSTAFIN.DLL
        C:\WINDOWS\SYSTEM\LMF32V.DLL
        C:\WINDOWS\SYSTEM\MZDZLQT.DLL
        C:\WINDOWS\CERES.DLL
        C:\WINDOWS\LIVECHATUT.EXE
        C:\WINDOWS\SYSTEM\MSXMIDI.EXE
        C:\WINDOWS\SYSTEM\PRIVATE-ZONE.EXE
        C:\WINDOWS\FARMMEXT.exe
        c:\windows\system\cgqhyo.exe
        C:\Program Files\Internet Optimizer\
        C:\WINDOWS\Xhrmy.exe
        C:\WINDOWS\Dane aplikacji\elru.exe
        C:\WINDOWS\SYSTEM\mmdo.exe
        C:\WINDOWS\SYSTEM\MSXMIDI.EXE
        p2esocks_1037.dll
        
        I Fix Checked, nastepnie reset i wklej nowy log.
        
        Wejdz tez na www.windowsupdate.com i sciagnij Internet Exploter 6 i reszete
        aktualizacji.
        
        Zainstaluj tez firewall i antyvirusa itd:
        www.kerio.com/kpf_home.html <- Firewall
        www.avast.com/eng/avast_4_home.html <- Antyvirus, po instalacji
        zarejestruj sie na stronie w celu otrzymania kodu.
        www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D
        www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster
        Po instalacji wlacz ochrone przegladarki.
        
        Gość: wanienka Re: JAK USUNAC NIECHCIANY PROGRAM XXX ? IP: *.neoplus.adsl.tpnet.pl 09.04.05, 19:25
        
        nowy log Logfile of HijackThis v1.99.1
        Scan saved at 19:43:10, on 05-04-09
        Platform: Windows 98 SE (Win9x 4.10.2222A)
        MSIE: Internet Explorer v5.00 (5.00.2614.3500)
        
        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\EXPLORER.EXE
        C:\PROGRAM FILES\EMULE.DE\EMULE.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
        C:\WINDOWS\TEMP\RAR$EX00.152\HIJACKTHIS.EXE
        
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        www.onet.pl
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.onet.pl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        www.onet.pl
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.onet.pl
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
        O14 - IERESET.INF: SEARCH_PAGE_URL=
        O14 - IERESET.INF: START_PAGE_URL=
        O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
        O15 - Trusted IP range: 213.159.117.202
        
        Gość: Kolobos Re: JAK USUNAC NIECHCIANY PROGRAM XXX ? IP: *.warszawa.sdi.tpnet.pl 09.04.05, 19:34
        
        No to sobie odchudzilas system... ;-)
        Do tego nie zainstalowalas tego co napisalesm.
        
        Uruchom hijackthis wybierz Open Misc Tools i Backups i odzyskaj te wpisy:
        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
        O4 - Startup: PhotoWorks Upload Scheduler.lnk = C:\Program
        Files\PhotoWorks\PhotoWorks Digital Partner\PhotoWorksWiz.exe
        
        Tych nie mialas kasowac ;-)
        
        Za to w Do a system scan only zaznacz i usun te:
        
        O14 - IERESET.INF: SEARCH_PAGE_URL=
        O14 - IERESET.INF: START_PAGE_URL=
        O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
        O15 - Trusted IP range: 213.159.117.202
        
        Uzyj tez tego:
        www.searchengines.pl/phpbb203/index.php?s=5debf1bfeab0c89e54567f66c39699f0&act=Attach&type=post&id=459
        
        W celu usniecia wpisow Trusted
        
        Masz koniecznie zainstalowac to co podalem tutaj:
        forum.gazeta.pl/forum/72,2.html?f=430&w=22052063&a=22540434
        Inaczej to w ogole nie masz co usuwac bo zaraz bedzie to samo.
        
        Gość: wanienka Re: JAK USUNAC NIECHCIANY PROGRAM XXX ? IP: *.neoplus.adsl.tpnet.pl 09.04.05, 21:00
        
        plikow nie odzyskam bo w backup najzwyczajniej nic nie ma mimo ze nic tam nie
        robilam wczesniej. Wkleje teraz nowe logi bo juz nie wiem co mam instalowac
        niektore instalowalam inne nie wiedziec czemu nie chca sie zainstalowac
        
        Logfile of HijackThis v1.99.1
        Scan saved at 21:01:38, on 05-04-09
        Platform: Windows 98 SE (Win9x 4.10.2222A)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
        
        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\WINDOWS\SYSTEM\PSTORES.EXE
        C:\WINDOWS\SYSTEM\MSTASK.EXE
        C:\WINDOWS\EXPLORER.EXE
        C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
        C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
        C:\WINDOWS\SYSTEM\RPCSS.EXE
        C:\PROGRAM FILES\EMULE.DE\EMULE.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
        C:\WINDOWS\TEMP\RAR$EX00.990\HIJACKTHIS.EXE
        
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        www.onet.pl
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.onet.pl/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.onet.pl
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\SYSTEM\MSDXM.OCX
        O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
        O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
        O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4
        \ashServ.exe
        O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
        O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
        O15 - Trusted IP range: 213.159.117.202
        
        Gość: Kolobos Re: JAK USUNAC NIECHCIANY PROGRAM XXX ? IP: *.warszawa.sdi.tpnet.pl 09.04.05, 21:23
        
        Dziwne, bo hijackthis robi zawsze backup tego co kasuje.
        
        Jak juz napisalem wczesniej:
        
        Uzyj tez tego:
        www.searchengines.pl/phpbb203/index.php?
        s=5debf1bfeab0c89e54567f66c39699f0&act=Attach&type=post&id=459
        W celu usniecia wpisow Trusted
        
        Masz koniecznie zainstalowac to co podalem tutaj:
        forum.gazeta.pl/forum/72,2.html?f=430&w=22052063&a=22540434
        Inaczej to w ogole nie masz co usuwac bo zaraz bedzie to samo.
        
        Gość: wanienka Re: JAK USUNAC NIECHCIANY PROGRAM XXX ? IP: *.neoplus.adsl.tpnet.pl 09.04.05, 21:23
        
        mam nowszy log i nie wiem jak wlacza sie przegladarki ochronne
        
        Logfile of HijackThis v1.99.1
        Scan saved at 21:23:01, on 05-04-09
        Platform: Windows 98 SE (Win9x 4.10.2222A)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
        
        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\WINDOWS\SYSTEM\PSTORES.EXE
        C:\WINDOWS\SYSTEM\MSTASK.EXE
        C:\WINDOWS\EXPLORER.EXE
        C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
        C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
        C:\WINDOWS\SYSTEM\RPCSS.EXE
        C:\PROGRAM FILES\EMULE.DE\EMULE.EXE
        C:\PROGRAM FILES\GADU-GADU\GG.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\WINDOWS\PULPIT\HIJACKTHIS.EXE
        
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        www.onet.pl
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.onet.pl/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.onet.pl
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
        Files\Spybot - Search & Destroy\SDHelper.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\SYSTEM\MSDXM.OCX
        O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
        O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
        O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4
        \ashServ.exe
        O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
        O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
        O15 - Trusted IP range: 213.159.117.202

Inne wątki na temat:

Najnowsze z forum Wirusy, trojany, spyware

Nakarm Pajacyka

Kategorie
Najnowsze wątki
Więcej forów
Więcej na tym forum
Tagi
Polecane
Powiązane tematy
Najciekawsze
Aktywne

Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin