Dodaj do ulubionych

pomocy ! wirusy, szpiegi i dialery ... :((

IP: *.b.jawnet.pl 08.10.05, 17:37
Uprzedazam, że w temacie "komputer" jestem laikiem.
Przeskanowałam Pandą online swój komp i okazało się, że mam ogrom wirusów,
szpiegów i dialerów. Ani Pandą, ani Mks Vir, ani nawet Adaware ich nie chce
usunąć. W dodatku po uruchomieniu Internet Explorer nie chce mi się otworzyć
strona startowa, tylko wyskakuje mi jakieś dziadostwo i strona erotyczna.
Pomóżcie ! Proszę o dokładne instrukcje. Pozdrawiam !
Obserwuj wątek
      • Gość: Natalia wklejam loga ... IP: *.246.jawnet.pl 08.10.05, 18:03
        Logfile of HijackThis v1.99.1
        Scan saved at 17:54:50, on 2005-10-08
        Platform: Windows ME (Win9x 4.90.3000)
        MSIE: Internet Explorer v5.50 (5.50.4134.0100)

        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\SYSTEM\MSTASK.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
        C:\WINDOWS\EXPLORER.EXE
        C:\WINDOWS\TASKMON.EXE
        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
        C:\WINDOWS\SYSTEM\ATIKEY32.EXE
        C:\WINDOWS\SYSTEM\POPCORN320.EXE
        C:\PROGRAM FILES\GADU-GADU\GG.EXE
        C:\WINDOWS\SYSTEM\ATIICON.EXE
        C:\WINDOWS\SYSTEM\WMIEXE.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\WINDOWS\SYSTEM\PSTORES.EXE
        C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        C:\WINDOWS\SYSTEM\msblank.html
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
        \SPYBOT~1\SDHELPER.DLL
        O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
        00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
        O4 - HKLM\..\Run: [Windows Millennium Edition Intro Video] C:\WINDOWS\Applic~1
        \Micros~1\Intro\content.hta
        O4 - HKLM\..\Run: [SelfHostUtil] C:\WINDOWS\selfhost.exe /L
        O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
        O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
        O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\Run: [AtiKey] Atikey32.exe
        O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\popcorn320.exe
        rundll.dll,LoadMouseProfile
        O4 - HKLM\..\RunServices: [HiberMonitor] HCount.exe
        O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
        O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
        O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office\OSA9.EXE
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
        acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        CO DALEJ ?
        • Gość: Kolobos Re: wklejam loga ... IP: *.warszawa.sdi.tpnet.pl 08.10.05, 18:08
          Zainstaluj aktualizacje do systemu i przegladarki o ile chcesz jej jeszcze
          uzywac! -> www.windowsupdate.com jak nie zainstalujesz to zmien
          przegladarke, najlepiej i tak zmien na Opere lub Firefox.

          W hijackthis usun:

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          C:\WINDOWS\SYSTEM\msblank.html

          Nastepnie alt+ctrl+del i zakoncz tam:
          POPCORN320.EXE i usun plik z:
          C:\WINDOWS\SYSTEM\POPCORN320.EXE

          Zainstaluj tez:
          www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
          przeskanuj i wlacz ochrone przegladarki
          www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
          ochrone przegladarki
          www.wilderssecurity.net/spywareguard.html <- SpywareGuard
        • Gość: Natalia Re: pomocy ! wirusy, szpiegi i dialery ... :(( IP: *.b.jawnet.pl 08.10.05, 20:18
          Logfile of HijackThis v1.99.1
          Scan saved at 20:18:09, on 2005-10-08
          Platform: Windows ME (Win9x 4.90.3000)
          MSIE: Internet Explorer v5.50 (5.50.4134.0100)

          Running processes:
          C:\WINDOWS\SYSTEM\KERNEL32.DLL
          C:\WINDOWS\SYSTEM\MSGSRV32.EXE
          C:\WINDOWS\SYSTEM\SPOOL32.EXE
          C:\WINDOWS\SYSTEM\MPREXE.EXE
          C:\WINDOWS\SYSTEM\MSTASK.EXE
          C:\WINDOWS\SYSTEM\mmtask.tsk
          C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
          C:\WINDOWS\EXPLORER.EXE
          C:\WINDOWS\TASKMON.EXE
          C:\WINDOWS\SYSTEM\SYSTRAY.EXE
          C:\WINDOWS\SYSTEM\ATIKEY32.EXE
          C:\PROGRAM FILES\GADU-GADU\GG.EXE
          C:\WINDOWS\SYSTEM\ATIICON.EXE
          C:\WINDOWS\SYSTEM\WMIEXE.EXE
          C:\WINDOWS\SYSTEM\DDHELP.EXE
          C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
          C:\WINDOWS\SYSTEM\PSTORES.EXE
          C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
          C:\WINDOWS\SYSTEM\TAPISRV.EXE
          C:\WINDOWS\SYSTEM\RNAAPP.EXE
          C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          C:\WINDOWS\SYSTEM\msblank.html
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1
          \SPYBOT~1\SDHELPER.DLL
          O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
          00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
          O4 - HKLM\..\Run: [Windows Millennium Edition Intro Video] C:\WINDOWS\Applic~1
          \Micros~1\Intro\content.hta
          O4 - HKLM\..\Run: [SelfHostUtil] C:\WINDOWS\selfhost.exe /L
          O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
          O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
          O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
          O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
          O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
          powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\Run: [AtiKey] Atikey32.exe
          O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\popcorn320.exe
          rundll.dll,LoadMouseProfile
          O4 - HKLM\..\RunServices: [HiberMonitor] HCount.exe
          O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
          powrprof.dll,LoadCurrentPwrScheme
          O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
          O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
          O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
          Office\Office\OSA9.EXE
          O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
          C:\WINDOWS\web\related.htm
          O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
          00aa003c157a} - C:\WINDOWS\web\related.htm
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
          C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
          O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
          00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
          acs.pandasoftware.com/activescan/as5free/asinst.cab
          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
          skaner.mks.com.pl/SkanerOnline.cab
          O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) -
          www.windowsecurity.com/trojanscan/axscan.cab
          Usuwałam go tak jak kazałeś, ale on ciągle jest.
            • Gość: natalia Re: pomocy ! wirusy, szpiegi i dialery ... :(( IP: *.246.jawnet.pl 08.10.05, 20:54
              "Silent Runners.vbs", revision 41, www.silentrunners.org/
              Operating System: Windows Me (Millennium Edition)
              Output limited to non-default values, except where indicated by "{++}"


              Startup items buried in registry:
              ---------------------------------

              HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
              "Gadu-Gadu" = ""C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray" ["sms-express.com"]

              HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
              "Windows Millennium Edition Intro Video" = "C:\WINDOWS\Applic~1\Micros~1
              \Intro\content.hta" [file not found]
              "SelfHostUtil" = "C:\WINDOWS\selfhost.exe /L" [MS]
              "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
              "TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
              "PCHealth" = "C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s" [MS]
              "SystemTray" = "SysTray.Exe" [MS]
              "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
              "AtiKey" = "Atikey32.exe" ["ATI Technologies, Inc."]
              "ControlPanel" = "C:\WINDOWS\SYSTEM\popcorn320.exe rundll.dll,LoadMouseProfile"
              [null data]

              HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
              "HiberMonitor" = "HCount.exe" [null data]
              "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
              "SchedulingAgent" = "mstask.exe" [MS]
              "*StateMgr" = "C:\WINDOWS\System\Restore\StateMgr.exe" [MS]

              HKLM\Software\Microsoft\Active Setup\Installed Components\
              PerUser_CVT_Inis\(Default) = "Instalator systemu Windows — Konwerter FAT32"
              \StubPath = "rundll.exe
              C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64
              C:\WINDOWS\INF\applets1.inf" [MS]

              HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
              {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
              -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL"
              ["Safer Networking Limited"]


              Active Desktop and Wallpaper:
              -----------------------------

              Active Desktop is enabled at this entry:
              HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

              HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
              "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Raj.jpg"


              WIN.INI & SYSTEM.INI launch points:
              -----------------------------------

              SYSTEM.INI
              [boot]
              "SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\TEKST3~1.SCR" (Tekst 3W.scr) [MS]


              Startup items in "Startup" & "All Users...Startup" folders:
              -----------------------------------------------------------

              C:\WINDOWS\Menu Start\Programy\Autostart
              "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft
              Office\Office\OSA9.EXE -b -l" [MS]


              Enabled Scheduled Tasks:
              ------------------------

              "Rozpoczęcie aplikacji dostrajania" -> launches: "walign" [MS]
              "Harmonogram programu PCHealth dla zbierania danych" ->
              launches: "C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE -c" [MS]


              Winsock2 Service Provider DLLs:
              -------------------------------

              Namespace Service Providers

              HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5
              \Catalog_Entries\ {++}
              000000000001\LibraryPath = "C:\WINDOWS\SYSTEM\rnr20.dll" [MS]

              Transport Service Providers

              HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9
              \Catalog_Entries\ {++}
              00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range:
              C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1
              C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4
              C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6


              Toolbars, Explorer Bars, Extensions:
              ------------------------------------

              Extensions (Tools menu items, main toolbar menu buttons)

              HKLM\Software\Microsoft\Internet Explorer\Extensions\
              {FB5F1910-F110-11D2-BB9E-00C04F795683}\
              "ButtonText" = "Messenger"
              "MenuText" = "MSN Messenger Service"
              "Exec" = "C:\PROGRA~1\MESSEN~1\MSMSGS.EXE" [MS]


              Miscellaneous IE Hijack Points
              ------------------------------

              HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)
              The Internet Explorer version cannot be found!

              C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
              The contents of IERESET.INF cannot be reliably checked!

              Added lines (compared with English-language version):
              [Strings]: START_PAGE_URL="www.microsoft.com/isapi/redir.dll?
              prd=ie&pver=5.5&ar=msnhome"
              [Strings]: MS_START_PAGE_URL="www.microsoft.com/isapi/redir.dll?
              prd=ie&pver=5.5&ar=msnhome"

              Missing lines (compared with English-language version):
              [Strings]: 2 lines


              ----------
              + This report excludes default entries except where indicated.
              + To see *everywhere* the script checks and *everything* it finds,
              launch it from a command prompt or a shortcut with the -all parameter.
              + To search all directories of local fixed drives for DESKTOP.INI
              DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
              use the -supp parameter or answer "No" at the first message box.
              --------
        • Gość: Natalia Re: pomocy ! wirusy, szpiegi i dialery ... :(( IP: *.b.jawnet.pl 08.10.05, 20:21
          "Silent Runners.vbs", revision 41, www.silentrunners.org/
          Operating System: Windows Me (Millennium Edition)
          Output limited to non-default values, except where indicated by "{++}"


          Startup items buried in registry:
          ---------------------------------

          HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
          "Gadu-Gadu" = ""C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray" ["sms-express.com"]

          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
          "Windows Millennium Edition Intro Video" = "C:\WINDOWS\Applic~1\Micros~1
          \Intro\content.hta" [file not found]
          "SelfHostUtil" = "C:\WINDOWS\selfhost.exe /L" [MS]
          "ScanRegistry" = "C:\WINDOWS\scanregw.exe /autorun" [MS]
          "TaskMonitor" = "C:\WINDOWS\taskmon.exe" [MS]
          "PCHealth" = "C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s" [MS]
          "SystemTray" = "SysTray.Exe" [MS]
          "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
          "AtiKey" = "Atikey32.exe" ["ATI Technologies, Inc."]
          "ControlPanel" = "C:\WINDOWS\SYSTEM\popcorn320.exe rundll.dll,LoadMouseProfile"
          [null data]

          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++}
          "HiberMonitor" = "HCount.exe" [null data]
          "LoadPowerProfile" = "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" [MS]
          "SchedulingAgent" = "mstask.exe" [MS]
          "*StateMgr" = "C:\WINDOWS\System\Restore\StateMgr.exe" [MS]

          HKLM\Software\Microsoft\Active Setup\Installed Components\
          PerUser_CVT_Inis\(Default) = "Instalator systemu Windows — Konwerter FAT32"
          \StubPath = "rundll.exe
          C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64
          C:\WINDOWS\INF\applets1.inf" [MS]

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka