Gość: Olcia IP: *.neoplus.adsl.tpnet.pl 26.03.05, 14:59 Mam SPAMA ,co mam zrobić ,zeby się go pozbyć? Prosze o pomoc!!!! Odpowiedz Link Zgłoś czytaj wygodnie posty
neder Re: SPAM-ratunku. 26.03.05, 15:30 hmm, co przepraszam masz? "SPAMA"? pl.wikipedia.org/wiki/Spam Uściślij problem, powiedz co się dzieje:) będzie łatwiej Odpowiedz Link Zgłoś
Gość: Olcia Re: SPAM-ratunku. IP: *.neoplus.adsl.tpnet.pl 26.03.05, 15:58 Cały czas pojawiają mi sie jakies reklamy,nawet jak nie otwieram zadnej strony. Niektóre sa nawet porno.. :/ Odpowiedz Link Zgłoś
neder Re: SPAM-ratunku. 26.03.05, 16:00 ściągnij HijackThis downloads.subratam.org/hijackthis.zip uruchom, wybierz "do a system scan and save a logfile", program wygeneruje Ci plik tekstowy (log), którego zawartość wklejasz tu na forum, w tym wątku. Odpowiedz Link Zgłoś
Gość: Kolobos Re: SPAM-ratunku. IP: *.warszawa.sdi.tpnet.pl 26.03.05, 19:44 Uruchom hijackthis i zaznacz te wpisy: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = letgohome.com/sp.htm?id=9 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ola\USTAWI~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = letgohome.com/hp.htm?id=9 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ola\USTAWI~1\Temp\se.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = £¹cza F3 - REG:win.ini: run=C:\WINDOWS\inet10055\winlogon.exe O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\FR1KCK~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\krzysiu\USTAWI~1 \Temp\se.dll,DllInstall O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\pd7.exe O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\olcm3z51f1yikdthd.exe Ten program odinstaluj w dodaj-usun programy: O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe O4 - HKLM\..\Run: [printer] C:\WINDOWS\dstart2.exe O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Microsoft AntiSpyware helper - {953B2A37-CABC-40E9-A5D2-6F0497CD35D7} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {953B2A37-CABC-40E9-A5D2-6F0497CD35D7} - (no file) (HKCU) O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 67.19.185.246 O15 - Trusted IP range: 67.19.185.246 (HKLM) O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - public.windupdates.com/get_file.php? bt=ie&p=968ab1eeb819842c25473460af5e00799c0f22a19a5978724d1573a80add050f758ba1e9 672431a381df706381eecba5b414a8ddc37f:fba3f53be3eaba4eb5bbfc8828e4f747 O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} - files.cometsystems.com/cometcursor/cobrand/comet.cab? 0.84546885652611391105805512796 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - I nacisnij Fix Checked, nastepnie uruchom ponownie komputer i wklej nowy log. Albo moze najpierw doklej koncowke log'a bo sie caly nie zmiescil. Odpowiedz Link Zgłoś
Gość: Olcia Re: SPAM-ratunku. IP: *.neoplus.adsl.tpnet.pl 26.03.05, 21:07 Logfile of HijackThis v1.99.1 Scan saved at 21:06:12, on 2005-03-26 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe C:\WINDOWS\inet10055\winlogon.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Wanadoo\EspaceWanadoo.exe C:\Program Files\Wanadoo\ComComp.exe C:\Program Files\Wanadoo\Watch.exe C:\Documents and Settings\ola\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.search-paga.com/10055/ F3 - REG:win.ini: run=C:\WINDOWS\inet10055\winlogon.exe O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\FR1KCK~1.DLL O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\krzysiu\USTAWI~1\Temp\se.dll,DllInstall O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - www.errorguard.com/installation/Install.cab O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - www.miniclip.com/bestfriends/retro64_loader.dll O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GINWORDS Class) - gryonline.wp.pl/files/words_2_0_0_18.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - player.virtools.com/downloads/player/Install2.5/Installer.exe O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - skaner.mks.com.pl/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D39672B4-5A56-4634-83C5-FDEAE7464C7F}: NameServer = 194.204.152.34 217.98.63.164 O18 - Filter: text/html - {B8B18B14-56E8-40A7-A3E7-2B53873CE1E4} - C:\WINDOWS\System32\ndam.dll O18 - Filter: text/plain - {B8B18B14-56E8-40A7-A3E7-2B53873CE1E4} - C:\WINDOWS\System32\ndam.dll O20 - AppInit_DLLs: owkrk8yiije3wjll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe Odpowiedz Link Zgłoś
Gość: Kolobos Re: SPAM-ratunku. IP: *.warszawa.sdi.tpnet.pl 26.03.05, 21:27 Najpierw sciagnij ten program: www.derbilk.de/SpSeHjfix110.zip rozpakuj, uruchom i Start Disinfect Nastepnie uruchom hijackthis i zaznacz te wpisy: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.search- paga.com/10055/ F3 - REG:win.ini: run=C:\WINDOWS\inet10055\winlogon.exe O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\FR1KCK~1.DLL O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\krzysiu\USTAWI~1 \Temp\se.dll,DllInstall O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet10055\winlogon.exe O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - www.errorguard.com/installation/Install.cab O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - www.miniclip.com/bestfriends/retro64_loader.dll O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - player.virtools.com/downloads/player/Install2.5/Installer.exe O18 - Filter: text/html - {B8B18B14-56E8-40A7-A3E7-2B53873CE1E4} - C:\WINDOWS\System32\ndam.dll O18 - Filter: text/plain - {B8B18B14-56E8-40A7-A3E7-2B53873CE1E4} - C:\WINDOWS\System32\ndam.dll O20 - AppInit_DLLs: owkrk8yiije3wjll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dl l .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2 (file missing) I Fix Checked, nastepnie reset i wklej nowy log. Zainstaluj sobie tez: www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D Nie wchodz na rozne dziwne strony i nie klikaj na nic co wyskakuje na stronach ani okienkach :-) Odpowiedz Link Zgłoś