jak wywalić to dziadostwo???

IP: *.aster.pl / *.aster.pl 17.04.05, 13:48
Mam wielką prośbe.
wczoraj zainstalował mi się jakis dziad. Sam otwiera okno internetowe, nawet
jak przeglądarka nie jest włączona, to te okna wyskakuja, to sa jakies strony
po angielsku, nie żadne porno, ale to męczace, bo co chwilę otwiera się jakas
stronka. na pulpicie instaluja mi się jakies dziwne ikonki.

wklejam linki ze skanowania i dziękuję z góry za pomoc. Poradźcie co wywalić :
(((

Logfile of HijackThis v1.99.1
Scan saved at 13:48:22, on 2005-04-17
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE
C:\TEMP\SALM.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
C:\WINDOWS\ISRVS\DESKTOP.EXE
C:\WINDOWS\SYSTEM\PGCARI.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OPENOFFICE.ORG1.1.2\PROGRAM\SOFFICE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\CALC.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
C:\MOJE DOKUMENTY\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
www.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
searchbar.findthewebsiteyouneed.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = www.aster.pl/aster.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} -
C:\PROGRAM FILES\IESEARCHTOOLBAR\IESEARCHTOOLBAR.DLL (file missing)
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0
\OUTPOST.EXE /waitservice
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI
SERVICE\ADMILLISERV.EXE
O4 - HKLM\..\Run: [honorgl] C:\WINDOWS\honorgl.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [pgcari] c:\windows\system\pgcari.exe
O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2
\program\quickstart.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npvmidi.dll
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted IP range: 69.50.161.82 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be
Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be
Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be
Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be
Internet Zone (HKLM)
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} -
akamai.downloadv3.com/binaries/IA/netia32_EN.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) -
akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1012_EN.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) -
akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) -
www9.advnt01.com/dialer/win98_P.CAB
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c18.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) -
ads.dealhelper.com/updates/DealHelperNew.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scan
    • Gość: Kolobos Re: jak wywalić to dziadostwo??? IP: *.warszawa.sdi.tpnet.pl 17.04.05, 14:41
      Najpierw przeskanuj tym:
      cwshredder.net/bin/CWShredder.exe <- CWS Shredder
      pozniej www.cexx.org/LSPFix.exe i usun nim to aklsp.dll
      W dodaj usun programy odinstaluj wszystko czego nie znasz.


      Zaznacz w hijackthis te wpisy:

      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
      searchbar.findthewebsiteyouneed.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      searchbar.findthewebsiteyouneed.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = 
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      www.findthewebsiteyouneed.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
      searchbar.findthewebsiteyouneed.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      searchbar.findthewebsiteyouneed.com
      O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} -
      C:\PROGRAM FILES\IESEARCHTOOLBAR\IESEARCHTOOLBAR.DLL (file missing)
      O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
      O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
      O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI
      SERVICE\ADMILLISERV.EXE
      O4 - HKLM\..\Run: [honorgl] C:\WINDOWS\honorgl.exe
      O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
      O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
      O4 - HKLM\..\Run: [pgcari] c:\windows\system\pgcari.exe
      O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O15 - Trusted Zone: *.windupdates.com (HKLM)
      O15 - Trusted Zone: *.searchbarcash.com (HKLM)
      O15 - Trusted Zone: *.searchmiracle.com (HKLM)
      O15 - Trusted Zone: *.skoobidoo.com (HKLM)
      O15 - Trusted Zone: *.my-internet.info (HKLM)
      O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
      O15 - Trusted Zone: *.slotch.com (HKLM)
      O15 - Trusted Zone: *.flingstone.com (HKLM)
      O15 - Trusted Zone: *.mt-download.com (HKLM)
      O15 - Trusted Zone: *.blazefind.com (HKLM)
      O15 - Trusted Zone: *.clickspring.net (HKLM)
      O15 - Trusted Zone: *.topconverting.com (HKLM)
      O15 - Trusted Zone: *.crazywinnings.com (HKLM)
      O15 - Trusted IP range: 69.50.161.82 (HKLM)
      O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be
      Internet Zone
      O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be
      Internet Zone
      O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be
      Internet Zone (HKLM)
      O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be
      Internet Zone (HKLM)
      O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) -
      ads.dealhelper.com/updates/DealHelperNew.cab
      O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) -
      www9.advnt01.com/dialer/win98_P.CAB
      O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
      static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c18.cab

      I Fix Checked, po resecie usun wszystkie wymienione pliki exe oraz katalogi:
      C:\WINDOWS\isrvs\
      C:\PROGRAM FILES\COMMON FILES\CMEII\
      C:\PROGRAM FILES\ADMILLI SERVICE\

      Przeskanuj tez system tym:
      housecall.trendmicro.com/housecall/start_corp.asp
      www.windowsecurity.com/trojanscan/
      www.pandasoftware.com/activescan/pol/activescan_principal.htm
      Oraz zainstaluj to:
      www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D
      www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster
      W obu wlacz ochrone przegladarki.

      Doklej tez reszte log'a bo sie caly nie zmiescil jak nie masz antyvirusa oraz
      firewall'a to tez zainstaluj:
      www.kerio.com/us/kpf_home.html
      www.avast.com/eng/avast_4_home.html
      Nie wchodz wiecej na strony porno ani żadne inne, ktorych nie znasz skoro nie
      umiesz sie powstrzymac od klikania i instalowania trojanow/spywareu itd.

      Jak juz to wszystko zrobisz to zresetuj i wklej nowy log (tym razem caly).
      • Gość: ja czyli nie ty Re: jak wywalić to dziadostwo??? IP: *.aster.pl / *.aster.pl 17.04.05, 23:14
        Hmm postepowałam wg instrukcji.
        chyba wszystko wyrzuciłam ale popupy na mouim kompie cały czas sa :(((

        Logfile of HijackThis v1.99.1
        Scan saved at 23:09:02, on 2005-04-17
        Platform: Windows ME (Win9x 4.90.3000)
        MSIE: Internet Explorer v5.50 (5.50.4134.0100)

        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\EXPLORER.EXE
        C:\WINDOWS\RUNDLL32.EXE
        C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
        C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE
        C:\TEMP\SALM.EXE
        C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
        C:\WINDOWS\ISRVS\DESKTOP.EXE
        C:\PROGRAM FILES\GADU-GADU\GG.EXE
        C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
        C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE
        C:\PROGRAM FILES\OPENOFFICE.ORG1.1.2\PROGRAM\SOFFICE.EXE
        C:\WINDOWS\SYSTEM\PSTORES.EXE
        C:\WINDOWS\SYSTEM\TAPISRV.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\WINDOWS\EXPLORER.EXE
        C:\WINDOWS\SYSTEM\MDM.EXE
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\WINDOWS\SYSTEM\PGCARI.EXE
        C:\WINDOWS\PACKAGER.EXE
        C:\WINDOWS\TEMP\DRTEMP\THNALL1P.EXE
        C:\MOJE DOKUMENTY\HIJACKTHIS.EXE
        C:\WINDOWS\EXPLORER.EXE

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.wp.pl/
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        Settings,AutoConfigURL = www.aster.pl/aster.pac
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} -
        C:\WINDOWS\DLMAX.DLL
        O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
        O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0
        \OUTPOST.EXE /waitservice
        O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
        O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI
        SERVICE\ADMILLISERV.EXE
        O4 - HKLM\..\Run: [honorgl] C:\WINDOWS\honorgl.exe
        O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
        O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
        O4 - HKLM\..\Run: [pgcari] c:\windows\system\pgcari.exe
        O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
        O4 - HKCU\..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
        O4 - HKCU\..\RunServices: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
        O4 - HKCU\..\RunServices: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
        O4 - Startup: OpenOffice.org 1.1.2.lnk = C:\Program Files\OpenOffice.org1.1.2
        \program\quickstart.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\WINDOWS\SYSTEM\MSJAVA.DLL
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
        O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
        O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npvmidi.dll
        O15 - Trusted IP range: 69.50.161.82 (HKLM)
        O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet
        Zone
        O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet
        Zone
        O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet
        Zone (HKLM)
        O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet
        Zone (HKLM)
        O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} -
        akamai.downloadv3.com/binaries/IA/netia32_EN.cab
        O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) -
        akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1012_EN.cab
        O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
        akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
        O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) -
        akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1014_EN.cab
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) -
        www9.advnt01.com/dialer/win98_P.CAB
        O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
        static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c18.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
        www.pandasoftware.com/activescan/as5/asinst.cab
        O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) -
        ads.dealhelper.com/updates/DealHelperNew.cab
        O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} -
        www.bundleware.com/activeX/DS3/DS3.cab
        O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
        a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
        O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} -
        C:\WINDOWS\isrvs\mfiltis.dll

        Panda nie działa niestety :(( Tamte inne antyvirusy wywaliły mi jakies trojany.
        Jak mam usunąć HiddenDll ??? Keiro miałam i niestety nie poradziłam sobie z nim
        musiałam wywalić :( Na strony porno też nie wchodze, za to często bywam na
        zagranicznych witrynach
        • Gość: ja czyli nie ty Re: jak wywalić to dziadostwo??? IP: *.aster.pl / *.aster.pl 17.04.05, 23:16
          Z tego wszystkiego...
          Ten program Hijack zainstalował mi taki katalog pod nazwa backups. Co to jest
          czy to wywalić czy nie???
          a i dziękuję za pomoc :) sanma bym sobie nie poradziła :)
        • Gość: piecyk gazowy Re: jak wywalić to dziadostwo??? IP: *.tpnet.pl / *.tpnet.pl 17.04.05, 23:31
          Do wyrzucenia (najlepiej w trybie awaryjnym):

          > O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} -
          > C:\WINDOWS\DLMAX.DLL
          > O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"

          > O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
          > O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI
          > SERVICE\ADMILLISERV.EXE
          > O4 - HKLM\..\Run: [honorgl] C:\WINDOWS\honorgl.exe
          > O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
          > O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
          > O4 - HKLM\..\Run: [pgcari] c:\windows\system\pgcari.exe
          > O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe

          > O15 - Trusted IP range: 69.50.161.82 (HKLM)
          > O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be
          Internet
          > Zone
          > O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be
          Internet
          >
          > Zone
          > O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be
          Internet
          > Zone (HKLM)
          > O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be
          Internet
          >
          > Zone (HKLM)

          > O16 - DPF: {042EEA26-2402-4E5A-B5BB-0FB445A5526E} (VacPro.win98_P) -
          > www9.advnt01.com/dialer/win98_P.CAB
          > O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
          > static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c18.cab

          > O16 - DPF: {FE4BBEA8-1EFD-4B8A-BD1B-341CCDBEEAA6} (Dhsigned Control) -
          > ads.dealhelper.com/updates/DealHelperNew.cab
          > O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} -
          > www.bundleware.com/activeX/DS3/DS3.cab

          > O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} -
          > C:\WINDOWS\isrvs\mfiltis.dll

          Backups jest folderem tworzonym przez HijackThis, na razie zostaw.

          Po wyrzuceniu powyższych śmieci wklej nowego loga.
    • Gość: ja czyli nie ty Re: jak wywalić to dziadostwo??? IP: *.aster.pl / *.aster.pl 18.04.05, 22:55
      Dziekuje wszystkim którzy mi pomagają :)) jestescie kochani dziekuję wam :))))
      Nie wiem czemu nie działa mi Panda online. Czy to wina jakiegoś vira ????
      Konkretnie nie działa mi przycisk "dalej" a mojej kolezance działa.
      Już znalazłam winowajce jest to HiddenDll disyc słynny.
      ale stosowałam już kilka antywirusów wojuje z nim ale nie usuwa się :(
      AAAA i jeszcze mks online wiem że jest świetny ale u mnie wiesza sie na 39
      pliku i nie skanuje :((((
      • Gość: barracuda7110 Re: jak wywalić to dziadostwo??? IP: *.dsl.telepac.pt 18.04.05, 23:07
        Skaner online mks-vir to badziew. Cienko mu idzie wykrywanie wirusów, podobnie
        jak skanerowi on-line symanteca. Najlepiej wykrywa wirusy panda.

        di.com.pl/n/?lp=9477&r=2
        • neder Re: jak wywalić to dziadostwo??? 18.04.05, 23:18
          mi panda jeszcze ani razu nie wykryła wirusa a mks i symantec owszem ;/


          pzdr.
Pełna wersja