Dodaj do ulubionych

Pomocy ! Zaraz sie kompletnie zalame ! :'(

IP: *.internetdsl.tpnet.pl 03.03.05, 19:51
Zaraz sie kompletnie zalame :'( ! Mam jakiegos okropnego wirusa .
Zaczelo sie tak ze weszlam na strone google.pl i wpisalam opisy gg ,
kliknelam w link a tu zaraz jakies okienko , z napisem " Please select your
contry" . Wiem czym grozi wybranie kraju w ktorym mieszkam - wgrywa sie
jakies okropne porno na komputer , wiem bo kilka miesiecy temu mialam takiego
samego wirusa . Wtedy zrobilismy z bratem format C .
Ale juz nie chce tego robic. Prosze pomozcie jak wywalilc tego wirusa .
Probowalam mks_virem ale do bani :-(
Obserwuj wątek
    • m.gregor Re: Pomocy ! Zaraz sie kompletnie zalame ! :'( 03.03.05, 19:54
      1.) Stworz na dysku katalog
      2.) Sciagnij to:
      spywareinfo.globalservers.com/~merijn/files/HijackThis.exe
      i zapisz na dysku w utworzonym wczesniej katalogu (nie uruchamiaj z internetu!!!)
      3.) Uruchom z katalogu ktory utworzylas
      4.) Wybierz 'Do a system scan and save a logfile'
      5.) Poczekaj az skonczy skanowac i zapisz raport w katalogu z programem
      6.) Wklej nam tutaj zawartosc pliku hijackthis.log
      • Gość: mniejsza Re: Zrobilam to co napisales. IP: *.internetdsl.tpnet.pl 04.03.05, 11:47
        Prosze :
        Logfile of HijackThis v1.99.1
        Scan saved at 11:45:00, on 2005-03-04
        Platform: Windows ME (Win9x 4.90.3000)
        MSIE: Internet Explorer v5.50 (5.50.4134.0100)

        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\SYSTEM\MSTASK.EXE
        C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
        C:\WINDOWS\EXPLORER.EXE
        C:\WINDOWS\SYSTEM\INTERNAT.EXE
        C:\WINDOWS\TASKMON.EXE
        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
        C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
        C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
        C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
        C:\WINDOWS\SOUNDMAN.EXE
        C:\WINDOWS\SYSTEM\SYSTIME.EXE
        C:\PROGRAM FILES\MKS\BIN\MKS_MENU.EXE
        C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE
        C:\WINDOWS\SYSTEM\SYSTIME.EXE
        C:\124494.EXE
        C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE
        C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
        C:\124494.EXE
        C:\WINDOWS\SYSTEM\WMIEXE.EXE
        C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
        C:\PROGRAM FILES\GADU-GADU\GG.EXE
        C:\WINDOWS\SYSTEM\RNAAPP.EXE
        C:\WINDOWS\SYSTEM\TAPISRV.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\MOJE DOKUMENTY\KALINA BZDETY\BBBUBU\HIJACKTHIS.EXE

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        213.159.117.134/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        213.159.117.134/index.php
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        213.159.117.134/index.php
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        213.159.117.134/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        213.159.117.134/index.php
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        213.159.117.134/index.php
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O1 - Hosts: 127.0.0.3 www.greg-tut.com
        O1 - Hosts: 127.0.0.3 nylonsexy.com
        O1 - Hosts: 127.0.0.3 www.nylonsexy.com
        O1 - Hosts: 127.0.0.3 vparivalka.com
        O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com
        O1 - Hosts: 127.0.0.3 www.awmdabest.com
        O1 - Hosts: 127.0.0.3 www.sexfiles.nu
        O1 - Hosts: 127.0.0.3 awmdabest.com
        O1 - Hosts: 127.0.0.3 sexfiles.nu
        O1 - Hosts: 127.0.0.3 allforadult.com
        O1 - Hosts: 127.0.0.3 www.allforadult.com
        O1 - Hosts: 127.0.0.3 www.iframe.biz
        O1 - Hosts: 127.0.0.3 iframe.biz
        O1 - Hosts: 127.0.0.3 www.newiframe.biz
        O1 - Hosts: 127.0.0.3 newiframe.biz
        O1 - Hosts: 127.0.0.3 www.vesbiz.biz
        O1 - Hosts: 127.0.0.3 vesbiz.biz
        O1 - Hosts: 127.0.0.3 www.pi..to.biz
        O1 - Hosts: 127.0.0.3 pi..to.biz
        O1 - Hosts: 127.0.0.3 www.aaasexypics.com
        O1 - Hosts: 127.0.0.3 aaasexypics.com
        O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
        O1 - Hosts: 127.0.0.3 virgin-tgp.net
        O1 - Hosts: 127.0.0.3 www.awmcash.biz
        O1 - Hosts: 127.0.0.3 awmcash.biz
        O1 - Hosts: 127.0.0.3 buldog-stats.com
        O1 - Hosts: 127.0.0.3 www.buldog-stats.com
        O1 - Hosts: 127.0.0.3 fregat.drocherway.com
        O1 - Hosts: 127.0.0.3 slutmania.biz
        O1 - Hosts: 127.0.0.3 www.slutmania.biz
        O1 - Hosts: 127.0.0.3 toolbarpartner.com
        O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
        O1 - Hosts: 127.0.0.3 www.megapornix.com
        O1 - Hosts: 127.0.0.3 megapornix.com
        O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
        O1 - Hosts: 127.0.0.3 sp2fucked.biz
        O1 - Hosts: 127.0.0.3 greg-tut.com
        O1 - Hosts: 213.159.117.203/dkprogs/hosts.txt
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
        O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
        00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
        O4 - HKLM\..\Run: [internat.exe] internat.exe
        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
        O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
        Files\Logitech\iTouch\iTouch.exe
        O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
        O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
        O4 - HKLM\..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe
        O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe
        O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
        O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
        O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
        O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
        O4 - HKCU\..\RunServices: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
        O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN
        Adapter\WLANMON.exe
        O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
        O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
        Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
        O15 - Trusted Zone: *.windupdates.com
        O15 - Trusted Zone: *.searchmiracle.com
        O15 - Trusted Zone: *.searchbarcash.com
        O15 - Trusted Zone: *.skoobidoo.com
        O15 - Trusted Zone: *.my-internet.info
        O15 - Trusted Zone: *.xxxtoolbar.com
        O15 - Trusted Zone: *.slotch.com
        O15 - Trusted Zone: *.flingstone.com
        O15 - Trusted Zone: *.mt-download.com
        O15 - Trusted Zone: *.blazefind.com
        O15 - Trusted Zone: *.clickspring.net
        O15 - Trusted Zone: *.ysbweb.com
        O15 - Trusted Zone: *.slotchbar.com
        O15 - Trusted Zone: *.iframedollars.biz
        O15 - Trusted Zone: *.windupdates.com (HKLM)
        O15 - Trusted Zone: *.searchbarcash.com (HKLM)
        O15 - Trusted Zone: *.searchmiracle.com (HKLM)
        O15 - Trusted Zone: *.skoobidoo.com (HKLM)
        O15 - Trusted Zone: *.my-internet.info (HKLM)
        O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
        O15 - Trusted Zone: *.slotch.com (HKLM)
        O15 - Trusted Zone: *.flingstone.com (HKLM)
        O15 - Trusted Zone: *.mt-download.com (HKLM)
        O15 - Trusted Zone: *.blazefind.com (HKLM)
        O15 - Trusted Zone: *.clickspring.net (HKLM)
        O15 - Trusted Zone: *.ysbweb.com (HKLM)
        O15 - Trusted Zone: *.slotchbar.com (HKLM)
        O15 - Trusted Zone: *.iframedollars.biz (HKLM)
        O15 - Trusted IP range: 213.159.117.202
        O15 - Trusted IP range: 213.159.117.202 (HKLM)
        O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) -
        czat.onet.pl/client/kalambury/NetPunGame1.dll
        O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) -
        www.miniclip.com/inflaterball/miniclipGameLoader.dll
        O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
        194.204.159.1,194.204.152.34

        • m.gregor Re: Zrobilam to co napisales. 04.03.05, 12:01
          1.) Wymien dziadowskiego MKS-VIR'a na cos skuteczniejszego (ja polecam Avast'a)
          2.) Zainstaluj firewall'a (Kerio albo Sygate)
          3.) Zainstaluj bezpieczna przegladarke (FireFox, Mozilla, Opera - ja polecam
          FireFox'a)
          4.) Zaznacz te linie i kliknij FIX CHECKED:
          > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          > 213.159.117.134/index.php
          > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          > 213.159.117.134/index.php
          > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          > 213.159.117.134/index.php
          > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
          > 213.159.117.134/index.php
          > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          > 213.159.117.134/index.php
          > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          > 213.159.117.134/index.php
          > O1 - Hosts: 127.0.0.3 www.greg-tut.com
          > O1 - Hosts: 127.0.0.3 nylonsexy.com
          > O1 - Hosts: 127.0.0.3 www.nylonsexy.com
          > O1 - Hosts: 127.0.0.3 vparivalka.com
          > O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com
          > O1 - Hosts: 127.0.0.3 www.awmdabest.com
          > O1 - Hosts: 127.0.0.3 www.sexfiles.nu
          > O1 - Hosts: 127.0.0.3 awmdabest.com
          > O1 - Hosts: 127.0.0.3 sexfiles.nu
          > O1 - Hosts: 127.0.0.3 allforadult.com
          > O1 - Hosts: 127.0.0.3 www.allforadult.com
          > O1 - Hosts: 127.0.0.3 www.iframe.biz
          > O1 - Hosts: 127.0.0.3 iframe.biz
          > O1 - Hosts: 127.0.0.3 www.newiframe.biz
          > O1 - Hosts: 127.0.0.3 newiframe.biz
          > O1 - Hosts: 127.0.0.3 www.vesbiz.biz
          > O1 - Hosts: 127.0.0.3 vesbiz.biz
          > O1 - Hosts: 127.0.0.3 www.pi..to.biz
          > O1 - Hosts: 127.0.0.3 pi..to.biz
          > O1 - Hosts: 127.0.0.3 www.aaasexypics.com
          > O1 - Hosts: 127.0.0.3 aaasexypics.com
          > O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
          > O1 - Hosts: 127.0.0.3 virgin-tgp.net
          > O1 - Hosts: 127.0.0.3 www.awmcash.biz
          > O1 - Hosts: 127.0.0.3 awmcash.biz
          > O1 - Hosts: 127.0.0.3 buldog-stats.com
          > O1 - Hosts: 127.0.0.3 www.buldog-stats.com
          > O1 - Hosts: 127.0.0.3 fregat.drocherway.com
          > O1 - Hosts: 127.0.0.3 slutmania.biz
          > O1 - Hosts: 127.0.0.3 www.slutmania.biz
          > O1 - Hosts: 127.0.0.3 toolbarpartner.com
          > O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
          > O1 - Hosts: 127.0.0.3 www.megapornix.com
          > O1 - Hosts: 127.0.0.3 megapornix.com
          > O1 - Hosts: 127.0.0.3 www.sp2fucked.biz
          > O1 - Hosts: 127.0.0.3 sp2fucked.biz
          > O1 - Hosts: 127.0.0.3 greg-tut.com
          > O1 - Hosts: 213.159.117.203/dkprogs/hosts.txt
          > O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
          > O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
          > O4 - HKCU\..\RunServices: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
          > O15 - Trusted Zone: *.windupdates.com
          > O15 - Trusted Zone: *.searchmiracle.com
          > O15 - Trusted Zone: *.searchbarcash.com
          > O15 - Trusted Zone: *.skoobidoo.com
          > O15 - Trusted Zone: *.my-internet.info
          > O15 - Trusted Zone: *.xxxtoolbar.com
          > O15 - Trusted Zone: *.slotch.com
          > O15 - Trusted Zone: *.flingstone.com
          > O15 - Trusted Zone: *.mt-download.com
          > O15 - Trusted Zone: *.blazefind.com
          > O15 - Trusted Zone: *.clickspring.net
          > O15 - Trusted Zone: *.ysbweb.com
          > O15 - Trusted Zone: *.slotchbar.com
          > O15 - Trusted Zone: *.iframedollars.biz
          > O15 - Trusted Zone: *.windupdates.com (HKLM)
          > O15 - Trusted Zone: *.searchbarcash.com (HKLM)
          > O15 - Trusted Zone: *.searchmiracle.com (HKLM)
          > O15 - Trusted Zone: *.skoobidoo.com (HKLM)
          > O15 - Trusted Zone: *.my-internet.info (HKLM)
          > O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
          > O15 - Trusted Zone: *.slotch.com (HKLM)
          > O15 - Trusted Zone: *.flingstone.com (HKLM)
          > O15 - Trusted Zone: *.mt-download.com (HKLM)
          > O15 - Trusted Zone: *.blazefind.com (HKLM)
          > O15 - Trusted Zone: *.clickspring.net (HKLM)
          > O15 - Trusted Zone: *.ysbweb.com (HKLM)
          > O15 - Trusted Zone: *.slotchbar.com (HKLM)
          A potem ponownie przeskanuj komputer i wklej nowego loga (tym razem pelnego bo
          ten tutaj jest niepelny - zobacz ze obcielo koncowke a cholera wie co sie tam
          jeszcze uruchamia)
            • m.gregor Re: Zrobilam to co napisales. 04.03.05, 15:53
              Nie. Nie zrobilas wszystkiego co napisalem. Nie wkleilas nowego loga. Napisalem
              tez ze ten ktory wkleilas nie jest kompletny i nie wiadomo co uruchamia sie
              ponizej miejsca w ktorym obcielo.

              Czy zmienilas juz program antywirusowy na lepszy? Czy zainstalowalas firewall'a
              i bezpieczna przegladarke?
                • koaa Re: Zrobilam to co napisales. 05.03.05, 13:38
                  ale czego nie umiesz?
                  kliknij ikonke Hijack this a nastepnie na przycisk na którym jest napisane "do
                  a system scan and save logfile" i to co sie wyswietli kopiujesz i wklejsz
                  na forum(tak jak za pierwszym razem to zrobiłas)
                    • m.gregor Re: Zrobilam to co napisales. 05.03.05, 22:43
                      A gdzie ja Ci kazalem zmienic loga? Prosilem zebys usunela to co podalem a potem
                      przeskanowala system jeszcze raz HiJackThis, stworzyla nowy raport i wkleila
                      jego zawartosc tutaj. To samo co na poczatku robilas tylko jeszcze raz i musisz
                      zapisac nowy plik hijackthis.log i wkleic jego zawartosc tutaj (tylko na Zeusa
                      NIE STARY PLIK hijackthis.log!!!!)
                      • Gość: mniejsza Re: Zrobilam to co napisales. IP: *.internetdsl.tpnet.pl 06.03.05, 11:36
                        Przepraszam , zle zrozumialam z tym logiem .
                        Przeskanowalam ponownie :

                        Logfile of HijackThis v1.99.1
                        Scan saved at 11:33:06, on 2005-03-06
                        Platform: Windows ME (Win9x 4.90.3000)
                        MSIE: Internet Explorer v5.50 (5.50.4134.0100)

                        Running processes:
                        C:\WINDOWS\SYSTEM\KERNEL32.DLL
                        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                        C:\WINDOWS\SYSTEM\mmtask.tsk
                        C:\WINDOWS\SYSTEM\MPREXE.EXE
                        C:\WINDOWS\SYSTEM\MSTASK.EXE
                        C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                        C:\WINDOWS\EXPLORER.EXE
                        C:\WINDOWS\SYSTEM\INTERNAT.EXE
                        C:\WINDOWS\TASKMON.EXE
                        C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
                        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                        C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
                        C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
                        C:\WINDOWS\SOUNDMAN.EXE
                        C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE
                        C:\WINDOWS\SYSTEM\SYSTIME.EXE
                        C:\WINDOWS\SYSTEM\SYSTIME.EXE
                        C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE
                        C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
                        C:\WINDOWS\SYSTEM\WMIEXE.EXE
                        C:\124494.EXE
                        C:\124494.EXE
                        C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
                        C:\PROGRAM FILES\GADU-GADU\GG.EXE
                        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                        C:\WINDOWS\SYSTEM\RNAAPP.EXE
                        C:\WINDOWS\SYSTEM\TAPISRV.EXE
                        C:\WINDOWS\SYSTEM\DDHELP.EXE
                        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                        C:\MOJE DOKUMENTY\KALINA BZDETY\BBBUBU\HIJACKTHIS.EXE

                        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                        213.159.117.134/index.php
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                        213.159.117.134/index.php
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                        213.159.117.134/index.php
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                        213.159.117.134/index.php
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                        213.159.117.134/index.php
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                        213.159.117.134/index.php
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                        C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
                        O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
                        00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                        O4 - HKLM\..\Run: [internat.exe] internat.exe
                        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                        O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
                        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
                        powrprof.dll,LoadCurrentPwrScheme
                        O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
                        Files\Logitech\iTouch\iTouch.exe
                        O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                        O4 - HKLM\..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe
                        O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe
                        O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                        O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                        powrprof.dll,LoadCurrentPwrScheme
                        O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                        O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
                        O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                        O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                        O4 - HKCU\..\RunServices: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                        O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN
                        Adapter\WLANMON.exe
                        O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
                        O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
                        Files\Adobe\Calibration\Adobe Gamma Loader.exe
                        O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                        Office\Office\OSA9.EXE
                        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                        C:\WINDOWS\web\related.htm
                        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                        00aa003c157a} - C:\WINDOWS\web\related.htm
                        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                        C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                        O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
                        00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                        O15 - Trusted Zone: *.iframedollars.biz (HKLM)
                        O15 - Trusted IP range: 213.159.117.202
                        O15 - Trusted IP range: 213.159.117.202 (HKLM)
                        O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) -
                        czat.onet.pl/client/kalambury/NetPunGame1.dll
                        O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) -
                        www.miniclip.com/inflaterball/miniclipGameLoader.dll
                        O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
                        194.204.159.1,194.204.152.34

                        • m.gregor Re: Zrobilam to co napisales. 06.03.05, 23:03
                          Powtarzam ponownie:
                          1.) Zainstaluj porzadny program antywirusowy (polecam Avast)
                          2.) Zainstaluj firewall'a (Kerio lub Sygate)
                          3.) Zainstaluj bezpieczna przegladarke (FireFox, Mozilla, Opera - ja polecam
                          FireFox'a) i przestan korzystac z Internet Explorer'a
                          4.) Zaznacz te linijki i kliknij 'Fix Checked' a potem zrestartuj komputer,
                          przeskanuj komputer i wklej nowego loga. 'Fix checked' wykonuj PRZY ZAMKNIETYCH
                          OKNACH PRZEGLADARKI!!!!!
                          > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                          > 213.159.117.134/index.php
                          > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                          > 213.159.117.134/index.php
                          > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                          > 213.159.117.134/index.php
                          > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                          > 213.159.117.134/index.php
                          > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                          > 213.159.117.134/index.php
                          > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                          > 213.159.117.134/index.php
                          > O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                          > O15 - Trusted Zone: *.iframedollars.biz (HKLM)
                          > O15 - Trusted IP range: 213.159.117.202
                          > O15 - Trusted IP range: 213.159.117.202 (HKLM)
                          > O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) -
                          > www.miniclip.com/inflaterball/miniclipGameLoader.dll

                          PAMIETAJ ZEBY WYKONYWAC FIX CHECKED PRZY ZAMKNIETYCH OKNACH PRZEGLADARKI.
                          WSZYSTKICH OKNACH!!!!
                          • Gość: mniejsza Re: Zrobilam to co napisales :-) IP: *.internetdsl.tpnet.pl 07.03.05, 16:10
                            Ok zainstaluje firefoxa :-)
                            i skads wytrzasne avasta :-)
                            i wszystko co poleciles .
                            A teraz log :

                            Logfile of HijackThis v1.99.1
                            Scan saved at 16:06:46, on 2005-03-07
                            Platform: Windows ME (Win9x 4.90.3000)
                            MSIE: Internet Explorer v5.50 (5.50.4134.0100)

                            Running processes:
                            C:\WINDOWS\SYSTEM\KERNEL32.DLL
                            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                            C:\WINDOWS\SYSTEM\SPOOL32.EXE
                            C:\WINDOWS\SYSTEM\MPREXE.EXE
                            C:\WINDOWS\SYSTEM\MSTASK.EXE
                            C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                            C:\WINDOWS\SYSTEM\mmtask.tsk
                            C:\WINDOWS\EXPLORER.EXE
                            C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
                            C:\WINDOWS\SYSTEM\INTERNAT.EXE
                            C:\WINDOWS\TASKMON.EXE
                            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                            C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
                            C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
                            C:\WINDOWS\SOUNDMAN.EXE
                            C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE
                            C:\WINDOWS\SYSTEM\SYSTIME.EXE
                            C:\WINDOWS\SYSTEM\WMIEXE.EXE
                            C:\WINDOWS\SYSTEM\DKTIBS.EXE
                            C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE
                            C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
                            C:\124494.EXE
                            C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
                            C:\MOJE DOKUMENTY\KALINA BZDETY\BBBUBU\HIJACKTHIS.EXE

                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                            213.159.117.134/index.php
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                            213.159.117.134/index.php
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                            213.159.117.134/index.php
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                            213.159.117.134/index.php
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                            213.159.117.134/index.php
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                            213.159.117.134/index.php
                            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                            C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
                            O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
                            00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                            O4 - HKLM\..\Run: [internat.exe] internat.exe
                            O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                            O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                            O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
                            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                            O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
                            powrprof.dll,LoadCurrentPwrScheme
                            O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
                            Files\Logitech\iTouch\iTouch.exe
                            O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                            O4 - HKLM\..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe
                            O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe
                            O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                            O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                            powrprof.dll,LoadCurrentPwrScheme
                            O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                            O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
                            O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                            O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                            O4 - HKCU\..\RunServices: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                            O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN
                            Adapter\WLANMON.exe
                            O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
                            O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
                            Files\Adobe\Calibration\Adobe Gamma Loader.exe
                            O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                            Office\Office\OSA9.EXE
                            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                            C:\WINDOWS\web\related.htm
                            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
                            00aa003c157a} - C:\WINDOWS\web\related.htm
                            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                            C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                            O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
                            00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                            O15 - Trusted IP range: 213.159.117.202
                            O15 - Trusted IP range: 213.159.117.202 (HKLM)
                            O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) -
                            czat.onet.pl/client/kalambury/NetPunGame1.dll
                            O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
                            194.204.159.1,194.204.152.34

                            • m.gregor Re: Zrobilam to co napisales :-) 07.03.05, 17:49
                              Widze ze wszystko wraca. Sprobuj wywalic te linijki w trybie awaryjnym (zanim
                              pojawi sie logo windows 98 na tle chmurek wcisnij F8 i wybierz Tryb awaryjny ale
                              nie tryb awaryjny z obsluga sieci). Potem uruchamiasz HiJackThis, wybierasz 'Do
                              a system scan only', zaznaczasz nastepujace linijki i klikasz FixChecked. Potem
                              restartujesz komputer. A oto linijki do wywalenia:
                              > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                              > 213.159.117.134/index.php
                              > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                              > 213.159.117.134/index.php
                              > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                              > 213.159.117.134/index.php
                              > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                              > 213.159.117.134/index.php
                              > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                              > 213.159.117.134/index.php
                              > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                              > 213.159.117.134/index.php
                              > O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                              > O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                              > O4 - HKCU\..\RunServices: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
                              > O15 - Trusted IP range: 213.159.117.202
                              > O15 - Trusted IP range: 213.159.117.202 (HKLM)

                              Wazne zebys zaznaczyla wszystko dokladnie. Jak juz usuniesz to w trybie
                              awaryjnym i zrestartujesz komputer zrob i wklej nowego loga. Jak znowu pojawia
                              sie te linie bedziemy kombinowac.
                              • Gość: mnejsza Re: Zrobilam to co napisales :-) IP: *.internetdsl.tpnet.pl 07.03.05, 18:35
                                Nowy log :

                                Logfile of HijackThis v1.99.1
                                Scan saved at 18:32:49, on 2005-03-07
                                Platform: Windows ME (Win9x 4.90.3000)
                                MSIE: Internet Explorer v5.50 (5.50.4134.0100)

                                Running processes:
                                C:\WINDOWS\SYSTEM\KERNEL32.DLL
                                C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                                C:\WINDOWS\SYSTEM\mmtask.tsk
                                C:\WINDOWS\SYSTEM\MPREXE.EXE
                                C:\WINDOWS\SYSTEM\MSTASK.EXE
                                C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                                C:\WINDOWS\EXPLORER.EXE
                                C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
                                C:\WINDOWS\SYSTEM\INTERNAT.EXE
                                C:\WINDOWS\TASKMON.EXE
                                C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                                C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
                                C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
                                C:\WINDOWS\SOUNDMAN.EXE
                                C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE
                                C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE
                                C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
                                C:\WINDOWS\SYSTEM\WMIEXE.EXE
                                C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
                                C:\MOJE DOKUMENTY\KALINA BZDETY\BBBUBU\HIJACKTHIS.EXE

                                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                                213.159.117.134/index.php
                                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
                                O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio -
                                {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                                O4 - HKLM\..\Run: [internat.exe] internat.exe
                                O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                                O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                                O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
                                O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                                O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                                O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
                                O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                                O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                                O4 - HKLM\..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe
                                O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe
                                O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                                powrprof.dll,LoadCurrentPwrScheme
                                O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                                O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
                                O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                                O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN Adapter\WLANMON.exe
                                O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
                                O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
                                Files\Adobe\Calibration\Adobe Gamma Loader.exe
                                O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                Office\Office\OSA9.EXE
                                O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                                C:\WINDOWS\web\related.htm
                                O9 - Extra 'Tools' menuitem: Show &Related Links -
                                {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
                                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                                C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                                O9 - Extra 'Tools' menuitem: MSN Messenger Service -
                                {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                                O15 - Trusted IP range: 213.159.117.202
                                O15 - Trusted IP range: 213.159.117.202 (HKLM)
                                O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) -
                                czat.onet.pl/client/kalambury/NetPunGame1.dll
                                O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

                                • m.gregor Re: Zrobilam to co napisales :-) 07.03.05, 18:44
                                  Zaczyna byc juz widac koniec ale...
                                  1.) Zainstaluj Avast'a (linka podal Kalinowski11) i zaktualizuj go. Odrazu
                                  mozesz przeskanowac komputer.
                                  2.) Wystartuj komp. w tr. awaryjnym i usun te linijki:
                                  > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
                                  > 213.159.117.134/index.php
                                  > O4 - HKLM\..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe (resztki z
                                  MKS-VIR'a)
                                  > O15 - Trusted IP range: 213.159.117.202
                                  > O15 - Trusted IP range: 213.159.117.202 (HKLM)
                                  Pamietaj zeby wykonywac FixChecked w trybie awaryjnym. Potem oczywiscie wklej
                                  nowego loga.
                                  • Gość: mniejsza Re: Zrobilam to co napisales :-) IP: *.internetdsl.tpnet.pl 07.03.05, 19:39
                                    Nowy log mistrzu :

                                    Logfile of HijackThis v1.99.1
                                    Scan saved at 19:37:15, on 2005-03-07
                                    Platform: Windows ME (Win9x 4.90.3000)
                                    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

                                    Running processes:
                                    C:\WINDOWS\SYSTEM\KERNEL32.DLL
                                    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                                    C:\WINDOWS\SYSTEM\mmtask.tsk
                                    C:\WINDOWS\SYSTEM\MPREXE.EXE
                                    C:\WINDOWS\SYSTEM\MSTASK.EXE
                                    C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                                    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
                                    C:\WINDOWS\EXPLORER.EXE
                                    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
                                    C:\WINDOWS\SYSTEM\INTERNAT.EXE
                                    C:\WINDOWS\TASKMON.EXE
                                    C:\WINDOWS\SYSTEM\RPCSS.EXE
                                    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                                    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
                                    C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
                                    C:\WINDOWS\SOUNDMAN.EXE
                                    C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE
                                    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
                                    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
                                    C:\WINDOWS\SYSTEM\WMIEXE.EXE
                                    C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE
                                    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
                                    C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
                                    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\SETUP\AVAST.SETUP
                                    C:\MOJE DOKUMENTY\KALINA BZDETY\BBBUBU\HIJACKTHIS.EXE

                                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                    C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
                                    O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio -
                                    {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                                    O4 - HKLM\..\Run: [internat.exe] internat.exe
                                    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                                    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                                    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
                                    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                                    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                                    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
                                    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                                    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                                    O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe
                                    O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
                                    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
                                    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                                    powrprof.dll,LoadCurrentPwrScheme
                                    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                                    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
                                    O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                                    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil
                                    Software\Avast4\ashServ.exe
                                    O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN Adapter\WLANMON.exe
                                    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
                                    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
                                    Files\Adobe\Calibration\Adobe Gamma Loader.exe
                                    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                    Office\Office\OSA9.EXE
                                    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                                    C:\WINDOWS\web\related.htm
                                    O9 - Extra 'Tools' menuitem: Show &Related Links -
                                    {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
                                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                                    C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                                    O9 - Extra 'Tools' menuitem: MSN Messenger Service -
                                    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                                    O15 - Trusted IP range: 213.159.117.202
                                    O15 - Trusted IP range: 213.159.117.202 (HKLM)
                                    O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) -
                                    czat.onet.pl/client/kalambury/NetPunGame1.dll
                                    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

                                    • m.gregor Zostalo jeszcze to: 07.03.05, 19:54
                                      > O15 - Trusted IP range: 213.159.117.202
                                      > O15 - Trusted IP range: 213.159.117.202 (HKLM)
                                      A to usuniesz tym:
                                      republika.pl/mgregor/deldomains.inf
                                      Klikasz na tym prawym klawiszem myszy, wybierasz 'Zapisz element docelowy
                                      jako...', zapisujesz na dysku, potem klikasz na zapisany plik, wybierasz
                                      zainstaluj. A potem dla pewnosci skanujesz jeszcze raz komputer HiJackThis i
                                      wklejasz aktualnego loga.
                                    • m.gregor Re: Zrobilam to co napisales :-) 07.03.05, 19:50
                                      Zainstaluj firewall'a. Log z tego co widze jest czysty ale popatrze jeszcze raz.
                                      Aha. Zerknij sobie tutaj:
                                      forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=19472430
                                      i na posty nastepne gdzie sa erraty do linkow i nowsze wersje programow.
                                      • Gość: mniejsza ~~BARDZO DZIEKUJE ZA POMOC ~~ IP: *.internetdsl.tpnet.pl 07.03.05, 20:12
                                        Z calego serca dziekuje za pomoc ! Te okienka "please select your country " juz
                                        sie nie wlaczaja ! Wszystko jest ok !
                                        BArdzo dziekuje M.GREGOR ! Jestes na prawde swietny ! Nie wiem jak mam ci
                                        podziekowac ! Bardzo dziekuje ! :*
                                        Jestem taka szczesliwa ze nie musze robic tego formatu C ! Jejku !
                                        Jeszcze raz dziekuje z calego serca ! Jeszcze nikt mi nigdy tak nie pomogl !

                                          • Gość: mniejsza Re: ~~BARDZO DZIEKUJE ZA POMOC ~~ IP: *.internetdsl.tpnet.pl 09.03.05, 15:50
                                            :-)
                                            sorry ze nie odpisywalam dzien ale mialam awarie internetu :)
                                            Najnowszy log :

                                            Logfile of HijackThis v1.99.1
                                            Scan saved at 15:47:57, on 2005-03-09
                                            Platform: Windows ME (Win9x 4.90.3000)
                                            MSIE: Internet Explorer v5.50 (5.50.4134.0100)

                                            Running processes:
                                            C:\WINDOWS\SYSTEM\KERNEL32.DLL
                                            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                                            C:\WINDOWS\SYSTEM\MPREXE.EXE
                                            C:\WINDOWS\SYSTEM\MSTASK.EXE
                                            C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                                            C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
                                            C:\WINDOWS\SYSTEM\RPCSS.EXE
                                            C:\WINDOWS\SYSTEM\mmtask.tsk
                                            C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
                                            C:\WINDOWS\EXPLORER.EXE
                                            C:\WINDOWS\SYSTEM\INTERNAT.EXE
                                            C:\WINDOWS\TASKMON.EXE
                                            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                                            C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
                                            C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
                                            C:\WINDOWS\SOUNDMAN.EXE
                                            C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE
                                            C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
                                            C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
                                            C:\PROGRAM FILES\22M WLAN ADAPTER\WLANMON.EXE
                                            C:\WINDOWS\SYSTEM\WMIEXE.EXE
                                            C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
                                            C:\PROGRAM FILES\LOGITECH\ITOUCH\KBDTRAY.EXE
                                            C:\PROGRAM FILES\GADU-GADU\GG.EXE
                                            C:\WINDOWS\SYSTEM\RNAAPP.EXE
                                            C:\WINDOWS\SYSTEM\TAPISRV.EXE
                                            C:\WINDOWS\SYSTEM\DDHELP.EXE
                                            C:\MOJE DOKUMENTY\KALINA BZDETY\BBBUBU\HIJACKTHIS.EXE

                                            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                                            C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
                                            O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio -
                                            {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                                            O4 - HKLM\..\Run: [internat.exe] internat.exe
                                            O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                                            O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                                            O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
                                            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                                            O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
                                            O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
                                            O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
                                            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                                            O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe
                                            O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
                                            O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
                                            O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                                            powrprof.dll,LoadCurrentPwrScheme
                                            O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                                            O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
                                            O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE
                                            O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil
                                            Software\Avast4\ashServ.exe
                                            O4 - Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN Adapter\WLANMON.exe
                                            O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
                                            O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
                                            Files\Adobe\Calibration\Adobe Gamma Loader.exe
                                            O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
                                            Office\Office\OSA9.EXE
                                            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
                                            C:\WINDOWS\web\related.htm
                                            O9 - Extra 'Tools' menuitem: Show &Related Links -
                                            {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
                                            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                                            C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                                            O9 - Extra 'Tools' menuitem: MSN Messenger Service -
                                            {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
                                            O15 - Trusted IP range: 213.159.117.202
                                            O15 - Trusted IP range: 213.159.117.202 (HKLM)
                                            O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) -
                                            czat.onet.pl/client/kalambury/NetPunGame1.dll
                                            O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1,194.204.152.34

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka