Warning - co to za paskudztwo?

23.04.05, 20:18
Raz na jakiś czas (co ok. 15 min.) wyskakuje mi okienko - podłużne, wąskie
(poziome - zawsze ten sam rozmiar), na pasku u góry napis Warning, a w oknie
najpierw ostrzeżenia o spyware i zachęta do klikania, a ostatnio jakieś
reklamy linii lotniczych.
Próbowałam CWShredderem, Ad-Awarem i mks-virem i nic nie wykryło. Może coś z
rejestru trzeba wywalić?

Najgorsze jest to, że to okienko wyskakuje nawet, gdy nie korzystam z
przeglądarki, tylko sobie np. w coś gram, albo pracuje z innnymi dokumentami,
wtedy na kilka sekund komp "zamiera", bieżące okno się dezaktywuje, dysk
zamruczy i wiem, że za chwilę się ta franca pojawi.

Przejrzałam forum, ale nie znalazlam prostej rady. Hijack nie dla mnie,
zdecydowanie.
    • Gość: Kolobos Re: Warning - co to za paskudztwo? IP: *.warszawa.sdi.tpnet.pl 23.04.05, 20:25
      Wklej log z hijackthis:
      www.spychecker.com/program/hijackthis.html

      • wasa Re: Warning - co to za paskudztwo? 23.04.05, 20:49
        Myślałam, że to trudne, ale ściągnęłam, kazałam skanować i wyszło ;-)) Dotąd
        nie wiedziałam, co to te logi ;-)

        Wklejam:
        Logfile of HijackThis v1.99.1
        Scan saved at 20:49:42, on 05-04-23
        Platform: Windows 98 SE (Win9x 4.10.2222A)
        MSIE: Internet Explorer v5.00 (5.00.2614.3500)

        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\EXPLORER.EXE
        C:\WINDOWS\SYSTEM\INTERNAT.EXE
        C:\WINDOWS\TASKMON.EXE
        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
        C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
        C:\WINDOWS\RUNDLL32.EXE
        C:\PROGRAM FILES\GADU-GADU\GG.EXE
        C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
        C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
        C:\WINDOWS\SYSTEM\WMIEXE.EXE
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\WINDOWS\SYSTEM\SPOOL32.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACRORD32.EXE
        C:\WINDOWS\SYSTEM\PSTORES.EXE
        C:\PROGRAM FILES\WINRAR\WINRAR.EXE
        C:\WINDOWS\TEMP\RAR$EX00.276\HIJACKTHIS.EXE

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        C:\WINDOWS\_hp.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        res://C:\WINDOWS\TEMP\se.dll/sp.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        C:\WINDOWS\_hp.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        C:\WINDOWS\_hp.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
        res://C:\WINDOWS\TEMP\se.dll/sp.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        about:blank
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) =
        C:\WINDOWS\_sp.html
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
        C:\WINDOWS\_sp.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
        C:\WINDOWS\_hp.html
        R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
        C:\WINDOWS\_hp.html
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        R3 - Default URLSearchHook is missing
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
        O2 - BHO: AdBlock APToolBarHelper Class - {54EC170F-6EB1-47C6-9C4D-
        EB0BE20CE45E} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
        O2 - BHO: mwsBar BHO - {07b18ea1-a523-4961-b6bb-170de4475cca} - C:\PROGRAM
        FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing)
        O2 - BHO: MyWebSearch Search Assistant BHO - {00a6faf1-072e-44cf-8957-
        5838f569a31d} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file
        missing)
        O2 - BHO: (no name) - {1E9038C2-B428-11D9-86C9-00E0FB76CDFD} -
        C:\WINDOWS\SYSTEM\NAEPA.DLL
        O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
        C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing)
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\SYSTEM\MSDXM.OCX
        O4 - HKLM\..\Run: [internat.exe] internat.exe
        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
        O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
        O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
        O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP
        STOPPER FREE EDITION\PSFREE.EXE"
        O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA.EXE
        O9 - Extra button: AdBlock - {7E34CCAC-2531-450E-8746-80DA107ADAF5} -
        C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
        O9 - Extra button: (no name) - {D1E435DB-EE0C-4A71-84A8-A270F03B3EE7} -
        C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
        O9 - Extra 'Tools' menuitem: AdBlock Configuration - {D1E435DB-EE0C-4A71-84A8-
        A270F03B3EE7} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
        O14 - IERESET.INF: SEARCH_PAGE_URL=
        O14 - IERESET.INF: START_PAGE_URL=
        O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet
        Zone
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
        imgfarm.com/images/nocache/funwebproducts/MyWebSearchInitialSetup1.0.0.6.cab
        O16 - DPF: {93829908-07C2-44A2-95DB-F78F201A9B48} (AdBlock APInstaller Class) -
        adblock.linkz.com/APHelper.dll
        O16 - DPF: {14578416-1111-1111-1111-111111411123} -
        file://C:\WINDOWS\TEMP\Rar$EX02.022\1\calc.exe
        O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
        www.netvenda.com/sites/games-intl/pl/games4.cab
        O18 - Filter: text/html - {1E9038C1-B428-11D9-86C9-00E00BA4538A} -
        C:\WINDOWS\SYSTEM\NAEPA.DLL
        O18 - Filter: text/plain - {1E9038C1-B428-11D9-86C9-00E00BA4538A} -
        C:\WINDOWS\SYSTEM\NAEPA.DLL
        • Gość: Kolobos Re: Warning - co to za paskudztwo? IP: *.warszawa.sdi.tpnet.pl 23.04.05, 22:21
          Najpierw uzyj tego:
          www.derbilk.de/SpSeHjfix110.zip

          W hijackthis wybierz scan only i zaznacz te wpisy:

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
          C:\WINDOWS\_hp.html
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
          res://C:\WINDOWS\TEMP\se.dll/sp.html
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          C:\WINDOWS\_hp.html
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
          C:\WINDOWS\_hp.html
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
          res://C:\WINDOWS\TEMP\se.dll/sp.html
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
          R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          about:blank
          R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) =
          C:\WINDOWS\_sp.html
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          about:blank
          R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
          C:\WINDOWS\_sp.html
          R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
          C:\WINDOWS\_hp.html
          R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
          C:\WINDOWS\_hp.html
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
          R3 - Default URLSearchHook is missing
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
          C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
          O2 - BHO: AdBlock APToolBarHelper Class - {54EC170F-6EB1-47C6-9C4D-
          EB0BE20CE45E} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
          O2 - BHO: mwsBar BHO - {07b18ea1-a523-4961-b6bb-170de4475cca} - C:\PROGRAM
          FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing)
          O2 - BHO: MyWebSearch Search Assistant BHO - {00a6faf1-072e-44cf-8957-
          5838f569a31d} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file
          missing)
          O2 - BHO: (no name) - {1E9038C2-B428-11D9-86C9-00E0FB76CDFD} -
          C:\WINDOWS\SYSTEM\NAEPA.DLL
          O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
          C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing)
          O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
          O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
          O9 - Extra button: AdBlock - {7E34CCAC-2531-450E-8746-80DA107ADAF5} -
          C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
          O9 - Extra button: (no name) - {D1E435DB-EE0C-4A71-84A8-A270F03B3EE7} -
          C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
          O9 - Extra 'Tools' menuitem: AdBlock Configuration - {D1E435DB-EE0C-4A71-84A8-
          A270F03B3EE7} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
          O14 - IERESET.INF: SEARCH_PAGE_URL=
          O14 - IERESET.INF: START_PAGE_URL=
          O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet
          Zone
          O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
          imgfarm.com/images/nocache/funwebproducts/MyWebSearchInitialSetup1.0.0.6.cab
          O16 - DPF: {93829908-07C2-44A2-95DB-F78F201A9B48} (AdBlock APInstaller Class) -
          adblock.linkz.com/APHelper.dll
          O16 - DPF: {14578416-1111-1111-1111-111111411123} -
          file://C:\WINDOWS\TEMP\Rar$EX02.022\1\calc.exe
          O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
          www.netvenda.com/sites/games-intl/pl/games4.cab
          O18 - Filter: text/html - {1E9038C1-B428-11D9-86C9-00E00BA4538A} -
          C:\WINDOWS\SYSTEM\NAEPA.DLL
          O18 - Filter: text/plain - {1E9038C1-B428-11D9-86C9-00E00BA4538A} -
          C:\WINDOWS\SYSTEM\NAEPA.DLL

          I nacisnij Fix Checked, po resecie usun te pliki:

          C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
          C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
          C:\WINDOWS\TEMP\SE.DLL <- najlepiej wszystko z temp usun
          C:\PROGRAM FILES\MYWEBSEARCH\ <- caly ktalog mywebsearch

          I wklej nowy log z hijackthis.
          • wasa Re: Warning - co to za paskudztwo? 24.04.05, 18:18

            > Najpierw uzyj tego:
            > www.derbilk.de/SpSeHjfix110.zip

            Tak zrobiłam i jest problem. Po restarcie pokazał się komunikat, że system nie odnalazł okreslonego pliku: C:\WINDOWS\TEMP\SE.DLL i kilka razy mi to wyskakuje.

            Poza tym NIE OTWIERA SIĘ Internet Explorer. W tej chcwili korzytsam z Opery, co nie bardzo mi odpowiada. Co z tym Explorerem? Jak go przywrócić?
            • Gość: T-800 Re: Warning - co to za paskudztwo? IP: *.tpnet.pl / *.tpnet.pl 24.04.05, 18:34
              Wklej nowego loga.
              • wasa Re: Warning - co to za paskudztwo? 24.04.05, 18:54
                Robi się:
                Logfile of HijackThis v1.99.1
                Scan saved at 18:54:16, on 05-04-24
                Platform: Windows 98 SE (Win9x 4.10.2222A)
                MSIE: Internet Explorer v5.00 (5.00.2614.3500)

                Running processes:
                C:\WINDOWS\SYSTEM\KERNEL32.DLL
                C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                C:\WINDOWS\SYSTEM\MPREXE.EXE
                C:\WINDOWS\SYSTEM\mmtask.tsk
                C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE
                C:\WINDOWS\EXPLORER.EXE
                C:\WINDOWS\SYSTEM\INTERNAT.EXE
                C:\WINDOWS\TASKMON.EXE
                C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
                C:\PROGRAM FILES\GADU-GADU\GG.EXE
                C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
                C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
                C:\WINDOWS\SYSTEM\WMIEXE.EXE
                C:\PROGRAM FILES\OPERA\OPERA.EXE
                C:\WINDOWS\SYSTEM\PSTORES.EXE
                C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                C:\WINDOWS\SYSTEM\DDHELP.EXE
                C:\PROGRAM FILES\WINRAR\WINRAR.EXE
                C:\WINDOWS\TEMP\RAR$EX15.980\HIJACKTHIS.EXE

                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_hp.html
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\_hp.html
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = C:\WINDOWS\_hp.html
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
                R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = C:\WINDOWS\_sp.html
                R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html
                R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = C:\WINDOWS\_hp.html
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                R3 - Default URLSearchHook is missing
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
                O2 - BHO: AdBlock APToolBarHelper Class - {54EC170F-6EB1-47C6-9C4D-EB0BE20CE45E} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
                O2 - BHO: mwsBar BHO - {07b18ea1-a523-4961-b6bb-170de4475cca} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing)
                O2 - BHO: MyWebSearch Search Assistant BHO - {00a6faf1-072e-44cf-8957-5838f569a31d} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file missing)
                O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing)
                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
                O4 - HKLM\..\Run: [internat.exe] internat.exe
                O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
                O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
                O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
                O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
                O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
                O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
                O9 - Extra button: AdBlock - {7E34CCAC-2531-450E-8746-80DA107ADAF5} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
                O9 - Extra button: (no name) - {D1E435DB-EE0C-4A71-84A8-A270F03B3EE7} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
                O9 - Extra 'Tools' menuitem: AdBlock Configuration - {D1E435DB-EE0C-4A71-84A8-A270F03B3EE7} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
                O14 - IERESET.INF: SEARCH_PAGE_URL=
                O14 - IERESET.INF: START_PAGE_URL=
                O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
                O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - skaner.mks.com.pl/SkanerOnline.cab
                O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - imgfarm.com/images/nocache/funwebproducts/MyWebSearchInitialSetup1.0.0.6.cab
                O16 - DPF: {93829908-07C2-44A2-95DB-F78F201A9B48} (AdBlock APInstaller Class) - adblock.linkz.com/APHelper.dll
                O16 - DPF: {14578416-1111-1111-1111-111111411123} - file://C:\WINDOWS\TEMP\Rar$EX02.022\1\calc.exe
                O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - www.netvenda.com/sites/games-intl/pl/games4.cab

                Explorer nie otwiera mi się z ikonek na pulpicie i pasku, ale otworzył się przez Ulubione w Menu Start. Co to za dziwna sprawa?
                • Gość: T-800 Re: Warning - co to za paskudztwo? IP: *.tpnet.pl / *.tpnet.pl 24.04.05, 19:19
                  Do usunięcia; zaznacz i wciśnij Fix Checked:

                  > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
                  C:\WIN
                  > DOWS\_hp.html
                  > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                  > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                  C:\WINDO
                  > WS\_hp.html
                  > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
                  C:\WIN
                  > DOWS\_hp.html
                  > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                  > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) =
                  C:\WINDOWS\_s
                  > p.html
                  > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                  > R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
                  C:\WINDOWS\_s
                  > p.html
                  > R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
                  C:\WINDOWS
                  > \_hp.html
                  > R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
                  C:\WINDOWS
                  > \_hp.html
                  > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
                  > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
                  about:blan
                  > k

                  > R3 - Default URLSearchHook is missing

                  > O2 - BHO: AdBlock APToolBarHelper Class - {54EC170F-6EB1-47C6-9C4D-
                  EB0BE20CE45E
                  > } - C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
                  > O2 - BHO: mwsBar BHO - {07b18ea1-a523-4961-b6bb-170de4475cca} - C:\PROGRAM
                  FILE
                  > S\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing)
                  > O2 - BHO: MyWebSearch Search Assistant BHO - {00a6faf1-072e-44cf-8957-
                  5838f569a
                  > 31d} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file missing)
                  > O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
                  C:\PROG
                  > RAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing)

                  > O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
                  > O4 - HKLM\..\RunServices: [Srv32 spool service]
                  C:\WINDOWS\System\spoolsrv32.ex
                  > e

                  > O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-
                  UP
                  > STOPPER FREE EDITION\PSFREE.EXE"

                  > O9 - Extra button: AdBlock - {7E34CCAC-2531-450E-8746-80DA107ADAF5} -
                  C:\WINDOW
                  > S\DOWNLOADED PROGRAM FILES\APHELPER.DLL
                  > O9 - Extra button: (no name) - {D1E435DB-EE0C-4A71-84A8-A270F03B3EE7} -
                  C:\WIND
                  > OWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
                  > O9 - Extra 'Tools' menuitem: AdBlock Configuration - {D1E435DB-EE0C-4A71-84A8-
                  A
                  > 270F03B3EE7} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\APHELPER.DLL
                  > O14 - IERESET.INF: SEARCH_PAGE_URL=
                  > O14 - IERESET.INF: START_PAGE_URL=
                  > O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be
                  Internet
                  > Zone

                  > O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
                  imgfarm.com/images/nocache/funwebproducts/MyWebSearchInitialSetup1.0.0.6.cab
                  > O16 - DPF: {93829908-07C2-44A2-95DB-F78F201A9B48} (AdBlock APInstaller
                  Class) - adblock.linkz.com/APHelper.dll
                  > O16 - DPF: {14578416-1111-1111-1111-111111411123} -
                  file://C:\WINDOWS\TEMP\Rar$EX02.022\1\calc.exe
                  > O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} -
                  www.netvenda.com/sites/games-intl/pl/games4.cab

                  Jeśli wiesz, co to ten Adblock i PopUp Stopper to nie wyrzucaj.

                  > Explorer nie otwiera mi się z ikonek na pulpicie i pasku, ale otworzył się
                  prze
                  > z Ulubione w Menu Start. Co to za dziwna sprawa?

                  Dziwna. Ale na razie wyrzuć to, co wyżej, uruchom ponownie system i wklej
                  nowego loga.
                  • Gość: wasa Re: Warning - co to za paskudztwo? IP: 213.17.150.* 24.04.05, 19:45
                    System otworzył się tym razem bez żadnych komunikatów. Explorer działa bez
                    zarzutu. Oto nowy log:

                    Logfile of HijackThis v1.99.1
                    Scan saved at 19:42:49, on 05-04-24
                    Platform: Windows 98 SE (Win9x 4.10.2222A)
                    MSIE: Internet Explorer v5.00 (5.00.2614.3500)

                    Running processes:
                    C:\WINDOWS\SYSTEM\KERNEL32.DLL
                    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                    C:\WINDOWS\SYSTEM\MPREXE.EXE
                    C:\WINDOWS\SYSTEM\mmtask.tsk
                    C:\WINDOWS\EXPLORER.EXE
                    C:\WINDOWS\SYSTEM\INTERNAT.EXE
                    C:\WINDOWS\TASKMON.EXE
                    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
                    C:\PROGRAM FILES\GADU-GADU\GG.EXE
                    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
                    C:\WINDOWS\SYSTEM\RNAAPP.EXE
                    C:\WINDOWS\SYSTEM\TAPISRV.EXE
                    C:\WINDOWS\SYSTEM\WMIEXE.EXE
                    C:\PROGRAM FILES\WINRAR\WINRAR.EXE
                    C:\WINDOWS\TEMP\RAR$EX00.473\HIJACKTHIS.EXE

                    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
                    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
                    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                    C:\WINDOWS\SYSTEM\MSDXM.OCX
                    O4 - HKLM\..\Run: [internat.exe] internat.exe
                    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
                    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
                    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                    O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
                    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
                    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
                    O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft
                    Office\Office\OSA.EXE
                    O14 - IERESET.INF: SEARCH_PAGE_URL=
                    O14 - IERESET.INF: START_PAGE_URL=
                    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                    skaner.mks.com.pl/SkanerOnline.cab
                    Wygląda na to, że pomogło. Jak na razie to głupie okienko Warning nie
                    wyskoczyło ani razu. Czy jeszcze coś powinnam zrobić?
                    W każdym razie dzięki!
                    • Gość: Kolobos Re: Warning - co to za paskudztwo? IP: *.warszawa.sdi.tpnet.pl 24.04.05, 19:56
                      Odwiedzic www.windowsupdate.com i sciagnac najnowsza wersje Internet Explorera.
                      Zainstalowac firewall oraz antyvirus:
                      www.kerio.com/us/kpf_home.html
                      www.avast.com/eng/avast_4_home.html
                      Oraz programy do ochrony przegladarki:
                      www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
                      przeskanuj i wlacz ochrone przegladarki
                      www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
                      ochrone przegladarki
                      www.wilderssecurity.net/spywareguard.html <- SpywareGuard

                      I to tyle :-)
                      • wasa Re: Warning - co to za paskudztwo? 24.04.05, 20:05
                        Dzięki serdeczne.

                        Do podziękowań załączam dwa ogromne buziaki dla obu uczynnych Wspomożycieli
                        :-* :-*
                        • Gość: T-800 Re: Warning - co to za paskudztwo? IP: *.tpnet.pl / *.tpnet.pl 24.04.05, 20:36
                          I jeszcze usuń plik C:\Windows\Inf\IERESET.INF i odpowiednie wpisy w HijackThis.
    • wielandf Re: Warning - co to za paskudztwo? 25.04.05, 19:08

    • wielandf Re: Warning - co to za paskudztwo? 25.04.05, 19:15

Pełna wersja