Help!:(

IP: *.neoplus.adsl.tpnet.pl 21.04.05, 21:33
Przez jakiś czas miałam spokój ,a teraz znowu... Otwierają mi się reklamy
porno... Nawet jak nie wchodze na żadne strony... HELP!
    • Gość: Kolobos Re: Help!:( IP: *.warszawa.sdi.tpnet.pl 21.04.05, 21:42
      Nic sie samo nie dzieje, na ogol ;-)
      Wklej log z hijackthis:
      www.spychecker.com/program/hijackthis.html
      • Gość: Ola Re: Help!:( IP: *.neoplus.adsl.tpnet.pl 21.04.05, 21:47
        Tu mam to wkleić?
    • Gość: Ola Re: Help!:( IP: *.neoplus.adsl.tpnet.pl 21.04.05, 21:49
      Logfile of HijackThis v1.99.0
      Scan saved at 21:45:47, on 2005-04-21
      Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\inet10055\services.exe
      C:\WINDOWS\System32\dstart4.exe
      C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\Program Files\mozilla.org\Mozilla\mozilla.exe
      C:\Program Files\Windows Media Player\wmplayer.exe
      C:\Documents and Settings\ola\Moje dokumenty\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
      letgohome.com/sp.htm?id=9
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      letgohome.com/sp.htm?id=9
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
      letgohome.com/hp.htm?id=9
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.search-paga.com/10055/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
      letgohome.com/hp.htm?id=9
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      letgohome.com/sp.htm?id=9
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
      Plus wita Cie w Internecie
      F3 - REG:win.ini: run=C:\WINDOWS\inet10055\services.exe
      O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} -
      C:\WINDOWS\System32\FR1KCK~1.DLL
      O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet10055\services.exe
      O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\krzysiu\USTAWI~1\Temp\se.dll,DllInstall
      O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
      O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\dstart4.exe
      O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security
      iGuard.exe
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
      O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet10055\services.exe
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
      O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\dstart4.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
      800-840\dslmon.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{D39672B4-5A56-4634-83C5-FDEAE7464C7F}:
      NameServer = 194.204.152.34 217.98.63.164
      O20 - AppInit_DLLs:
      owkrk8yiije3wjll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

      • Gość: Kolobos Re: Help!:( IP: *.warszawa.sdi.tpnet.pl 21.04.05, 21:58
        Wiec piszesz, ze to wszystko sie samo zrobilo? ;-)

        Odinstaluj:
        Media Access


        Uzyj:
        www.derbilk.de/SpSeHjfix110.zip
        Opis usuniecia Letgohome masz tutaj:
        www.searchengines.pl/phpbb203/index.php?showtopic=14185&st=50&#entry114898

        W hijackthis wybierz scan only i zaznacz te wpisy (oczywiscie jak juz usuniesz
        letgohome):

        R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
        letgohome.com/sp.htm?id=9
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        letgohome.com/sp.htm?id=9
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
        letgohome.com/hp.htm?id=9
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.search-paga.com/10055/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
        letgohome.com/hp.htm?id=9
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        letgohome.com/sp.htm?id=9
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
        Plus wita Cie w Internecie
        F3 - REG:win.ini: run=C:\WINDOWS\inet10055\services.exe
        O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} -
        C:\WINDOWS\System32\FR1KCK~1.DLL
        O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet10055\services.exe
        O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\krzysiu\USTAWI~1
        \Temp\se.dll,DllInstall
        O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
        O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\dstart4.exe
        O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet10055\services.exe
        O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\dstart4.exe
        O20 - AppInit_DLLs:
        owkrk8yiije3wjll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
        .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
        .dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

        Fix Checked i po resecie wklej nowy log.
        • Gość: Ola Re: Help!:( IP: *.neoplus.adsl.tpnet.pl 21.04.05, 22:10
          Logfile of HijackThis v1.99.0
          Scan saved at 22:09:10, on 2005-04-21
          Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\System32\wuauclt.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Messenger\msmsgs.exe
          C:\WINDOWS\System32\wuauclt.exe
          C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
          C:\Program Files\Wanadoo\EspaceWanadoo.exe
          C:\Program Files\Wanadoo\ComComp.exe
          C:\Program Files\Wanadoo\Watch.exe
          C:\Program Files\Gadu-Gadu\gg.exe
          C:\Documents and Settings\ola\Moje dokumenty\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          letgohome.com/hp.htm?id=9
          O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} -
          C:\WINDOWS\System32\FR1KCK~1.DLL
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
          O17 - HKLM\System\CCS\Services\Tcpip\..\{D39672B4-5A56-4634-83C5-FDEAE7464C7F}:
          NameServer = 194.204.152.34 217.98.63.164
          O20 - AppInit_DLLs:
          owkrk8yiije3wjll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

          • Gość: Kolobos Re: Help!:( IP: *.warszawa.sdi.tpnet.pl 21.04.05, 22:51
            Jeszcze raz to przeczytaj i zrob to co jest tam napisane bo dalej masz
            letgohome:
            www.searchengines.pl/phpbb203/index.php?showtopic=14185&st=50&#entry114898

            > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            > letgohome.com/hp.htm?id=9
            > O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} -
            > C:\WINDOWS\System32\FR1KCK~1.DLL
            > O20 - AppInit_DLLs:
            > wkrk8yiije3wjll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dl
            >.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d
            > ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

            Te dwa pliki masz usunac i inne wymienione w opisie (te 0 bajtowe).

            www.downloads.subratam.org/KillBox.zip
            Zaznaczasz delete file on reboot i odszukujesz plik:
            owkrk8yiije3wjll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll....
            naciskacz czerwony przycisk ale nie resetujesz, pozniej to samo robisz z:
            C:\WINDOWS\System32\FR1KCK~1.DLL

            I po resecie juz ich nie powinno byc.


            Nie masz ani antyvirusa, ani firewall'a, a wiec instaluj:
            www.kerio.com/us/kpf_home.html
            www.avast.com/eng/avast_4_home.html
            Oraz:
            www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D
            www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster
            W obu wlacz ochrone przegladarki.
            www.wilderssecurity.net/spywareguard.html
            Nie zaszkodzi Ci poczytac:
            www.searchengines.pl/phpbb203/index.php?showtopic=11522
    • Gość: Robert Hellp IP: *.internetdsl.tpnet.pl 24.04.05, 15:46
      Musisz postawic caly system od podstawy.Ja tez tak mialem i musialem postawic
      caly system od podstaw .Jedna moja rada nie wchodz na strony erotyczne sa tam
      wirusy .
      • Gość: Ola Re: Hellp IP: *.neoplus.adsl.tpnet.pl 25.04.05, 18:25
        Ale ja nie wchodzę na strony erotyczne!
    • wielandf Re: Help!:( 25.04.05, 18:37

Pełna wersja