Gość: ja czyli nie ty
IP: *.aster.pl / *.aster.pl
17.04.05, 13:48
Mam wielką prośbe.
wczoraj zainstalował mi się jakis dziad. Sam otwiera okno internetowe, nawet
jak przeglądarka nie jest włączona, to te okna wyskakuja, to sa jakies strony
po angielsku, nie żadne porno, ale to męczace, bo co chwilę otwiera się jakas
stronka. na pulpicie instaluja mi się jakies dziwne ikonki.
wklejam linki ze skanowania i dziękuję z góry za pomoc. Poradźcie co wywalić :
(((
Logfile of HijackThis v1.99.1
Scan saved at 13:48:22, on 2005-04-17
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE
C:\TEMP\SALM.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
C:\WINDOWS\ISRVS\DESKTOP.EXE
C:\WINDOWS\SYSTEM\PGCARI.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OPENOFFICE.ORG1.1.2\PROGRAM\SOFFICE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\CALC.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
C:\MOJE DOKUMENTY\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
www.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
searchbar.findthewebsiteyouneed.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = www.aster.pl/aster.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} -
C:\PROGRAM FILES\IESEARCHTOOLBAR\IESEARCHTOOLBAR.DLL (file missing)
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0
\OUTPOST.EXE /waitservice
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI
SERVICE\ADMILLISERV.EXE
O4 - HKLM\..\Run: [honorgl] C:\WINDOWS\honorgl.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [pgcari] c:\windows\system\pgcari.exe
O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2
\program\quickstart.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npvmidi.dll
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted IP range: 69.50.161.82 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be
Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be
Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be
Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be
Internet Zone (HKLM)
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} -
akamai.downloadv3.com/binaries/IA/netia32_EN.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) -
akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1012_EN.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) -
akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) -
www9.advnt01.com/dialer/win98_P.CAB
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c18.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) -
ads.dealhelper.com/updates/DealHelperNew.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scan