SPAM-ratunku.

IP: *.neoplus.adsl.tpnet.pl 26.03.05, 14:59
Mam SPAMA ,co mam zrobić ,zeby się go pozbyć? Prosze o pomoc!!!!
    • neder Re: SPAM-ratunku. 26.03.05, 15:30
      hmm, co przepraszam masz? "SPAMA"?
      pl.wikipedia.org/wiki/Spam

      Uściślij problem, powiedz co się dzieje:) będzie łatwiej
      • Gość: Olcia Re: SPAM-ratunku. IP: *.neoplus.adsl.tpnet.pl 26.03.05, 15:58
        Cały czas pojawiają mi sie jakies reklamy,nawet jak nie otwieram zadnej strony.
        Niektóre sa nawet porno.. :/
    • neder Re: SPAM-ratunku. 26.03.05, 16:00
      ściągnij HijackThis
      downloads.subratam.org/hijackthis.zip
      uruchom, wybierz "do a system scan and save a logfile", program wygeneruje Ci
      plik tekstowy (log), którego zawartość wklejasz tu na forum, w tym wątku.
      • Gość: Olcia Re: SPAM-ratunku. IP: *.neoplus.adsl.tpnet.pl 26.03.05, 18:48
        • Gość: Kolobos Re: SPAM-ratunku. IP: *.warszawa.sdi.tpnet.pl 26.03.05, 19:44
          Uruchom hijackthis i zaznacz te wpisy:

          R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
          letgohome.com/sp.htm?id=9
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
          res://C:\DOCUME~1\ola\USTAWI~1\Temp\se.dll/sp.html
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          letgohome.com/hp.htm?id=9
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
          res://C:\DOCUME~1\ola\USTAWI~1\Temp\se.dll/sp.html
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
          R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          about:blank
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          about:blank
          R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
          red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*www.yahoo.com
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
          Plus wita Cie w Internecie
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = £¹cza
          F3 - REG:win.ini: run=C:\WINDOWS\inet10055\winlogon.exe
          O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} -
          C:\WINDOWS\System32\FR1KCK~1.DLL
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
          C:\WINDOWS\System32\msdxm.ocx
          O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe
          O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\krzysiu\USTAWI~1
          \Temp\se.dll,DllInstall
          O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\pd7.exe
          O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\olcm3z51f1yikdthd.exe

          Ten program odinstaluj w dodaj-usun programy:
          O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security
          iGuard.exe

          O4 - HKLM\..\Run: [printer] C:\WINDOWS\dstart2.exe
          O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe
          O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
          C:\WINDOWS\web\related.htm
          O9 - Extra 'Tools' menuitem: Show &Related Links -
          {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
          O9 - Extra button: Microsoft AntiSpyware helper -
          {953B2A37-CABC-40E9-A5D2-6F0497CD35D7} - (no file) (HKCU)
          O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
          {953B2A37-CABC-40E9-A5D2-6F0497CD35D7} - (no file) (HKCU)
          O15 - Trusted Zone: *.blazefind.com
          O15 - Trusted Zone: *.clickspring.net
          O15 - Trusted Zone: *.flingstone.com
          O15 - Trusted Zone: *.mt-download.com
          O15 - Trusted Zone: *.my-internet.info
          O15 - Trusted Zone: *.searchbarcash.com
          O15 - Trusted Zone: *.searchmiracle.com
          O15 - Trusted Zone: *.skoobidoo.com
          O15 - Trusted Zone: *.slotch.com
          O15 - Trusted Zone: *.slotchbar.com
          O15 - Trusted Zone: *.windupdates.com
          O15 - Trusted Zone: *.xxxtoolbar.com
          O15 - Trusted Zone: *.ysbweb.com
          O15 - Trusted Zone: *.blazefind.com (HKLM)
          O15 - Trusted Zone: *.clickspring.net (HKLM)
          O15 - Trusted Zone: *.flingstone.com (HKLM)
          O15 - Trusted Zone: *.mt-download.com (HKLM)
          O15 - Trusted Zone: *.my-internet.info (HKLM)
          O15 - Trusted Zone: *.searchbarcash.com (HKLM)
          O15 - Trusted Zone: *.searchmiracle.com (HKLM)
          O15 - Trusted Zone: *.skoobidoo.com (HKLM)
          O15 - Trusted Zone: *.slotch.com (HKLM)
          O15 - Trusted Zone: *.slotchbar.com (HKLM)
          O15 - Trusted Zone: *.windupdates.com (HKLM)
          O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
          O15 - Trusted Zone: *.ysbweb.com (HKLM)
          O15 - Trusted IP range: 67.19.185.246
          O15 - Trusted IP range: 67.19.185.246 (HKLM)
          O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
          O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
          O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
          O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
          O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
          O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
          O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
          public.windupdates.com/get_file.php?
          bt=ie&p=968ab1eeb819842c25473460af5e00799c0f22a19a5978724d1573a80add050f758ba1e9
          672431a381df706381eecba5b414a8ddc37f:fba3f53be3eaba4eb5bbfc8828e4f747
          O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} -
          files.cometsystems.com/cometcursor/cobrand/comet.cab?
          0.84546885652611391105805512796
          O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -


          I nacisnij Fix Checked, nastepnie uruchom ponownie komputer i wklej nowy log.
          Albo moze najpierw doklej koncowke log'a bo sie caly nie zmiescil.
    • Gość: Olcia Re: SPAM-ratunku. IP: *.neoplus.adsl.tpnet.pl 26.03.05, 21:07
      Logfile of HijackThis v1.99.1
      Scan saved at 21:06:12, on 2005-03-26
      Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
      C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
      C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
      C:\WINDOWS\inet10055\winlogon.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\Wanadoo\EspaceWanadoo.exe
      C:\Program Files\Wanadoo\ComComp.exe
      C:\Program Files\Wanadoo\Watch.exe
      C:\Documents and Settings\ola\Pulpit\hijackthis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.search-paga.com/10055/
      F3 - REG:win.ini: run=C:\WINDOWS\inet10055\winlogon.exe
      O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} -
      C:\WINDOWS\System32\FR1KCK~1.DLL
      O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\krzysiu\USTAWI~1\Temp\se.dll,DllInstall
      O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe
      O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe
      O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
      www.errorguard.com/installation/Install.cab
      O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
      O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) -
      www.miniclip.com/bestfriends/retro64_loader.dll
      O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
      www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
      www.pandasoftware.com/activescan/as5/asinst.cab
      O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GINWORDS Class) -
      gryonline.wp.pl/files/words_2_0_0_18.cab
      O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
      player.virtools.com/downloads/player/Install2.5/Installer.exe
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{D39672B4-5A56-4634-83C5-FDEAE7464C7F}:
      NameServer = 194.204.152.34 217.98.63.164
      O18 - Filter: text/html - {B8B18B14-56E8-40A7-A3E7-2B53873CE1E4} -
      C:\WINDOWS\System32\ndam.dll
      O18 - Filter: text/plain - {B8B18B14-56E8-40A7-A3E7-2B53873CE1E4} -
      C:\WINDOWS\System32\ndam.dll
      O20 - AppInit_DLLs:
      owkrk8yiije3wjll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
      O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
      C:\WINDOWS\System32\vbsys2 (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
      C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program
      Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
      O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program
      Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

      • Gość: Kolobos Re: SPAM-ratunku. IP: *.warszawa.sdi.tpnet.pl 26.03.05, 21:27
        Najpierw sciagnij ten program:
        www.derbilk.de/SpSeHjfix110.zip
        rozpakuj, uruchom i Start Disinfect

        Nastepnie uruchom hijackthis i zaznacz te wpisy:

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.search-
        paga.com/10055/
        F3 - REG:win.ini: run=C:\WINDOWS\inet10055\winlogon.exe
        O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} -
        C:\WINDOWS\System32\FR1KCK~1.DLL
        O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\krzysiu\USTAWI~1
        \Temp\se.dll,DllInstall
        O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe
        O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe
        O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
        www.errorguard.com/installation/Install.cab
        O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
        O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) -
        www.miniclip.com/bestfriends/retro64_loader.dll
        O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
        www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
        O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
        player.virtools.com/downloads/player/Install2.5/Installer.exe
        O18 - Filter: text/html - {B8B18B14-56E8-40A7-A3E7-2B53873CE1E4} -
        C:\WINDOWS\System32\ndam.dll
        O18 - Filter: text/plain - {B8B18B14-56E8-40A7-A3E7-2B53873CE1E4} -
        C:\WINDOWS\System32\ndam.dll
        O20 - AppInit_DLLs:
        owkrk8yiije3wjll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
        .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dl
        l .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
        O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} -
        C:\WINDOWS\System32\vbsys2 (file missing)


        I Fix Checked, nastepnie reset i wklej nowy log.

        Zainstaluj sobie tez:
        www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster
        www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D

        Nie wchodz na rozne dziwne strony i nie klikaj na nic co wyskakuje na stronach
        ani okienkach :-)
Pełna wersja