Komunikat z paska zadań


(Stasiek24) #1

W prawym dolnym rogu na pasku zadan wyskakuje mi komunikat "waring! your computer is at risk..." jest to jedyna pozostalosc po trojanie/virusie ktory juz usunalem ale to nie chce zniknac.Skanowalem Ad-awarem i "antivir xp". Prosze pomozcie :?


(Patricko) #2

Ctrl+Alt+Delete i usun go za pomoca "Zakoncz Proces"

Lub jak mozesz zobacz gdzie jest zrodla tej pozostalosci i usun je.

Sokoro zostala pozostalosc to znaczy ze trojan jeszcze nie jest usuniety do konca.


(boczi) #3

Daj nam loga z programu HijackThis 1.99.


(Stasiek24) #4
Logfile of HijackThis v1.99.0

Scan saved at 22:43:37, on 2005-02-12

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)


Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\AVPersonal\AVGUARD.EXE

E:\Program Files\AVPersonal\AVWUPSRV.EXE

E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\FarStone\VirtualDrive\vdtask.exe

E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

E:\WINDOWS\System32\P2P Networking\P2P Networking.exe

E:\Program Files\FarStone\VirtualDrive\Netsrv.exe

E:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe

E:\WINDOWS\System32\rundll32.exe

E:\Documents and Settings\Stasiek Burdon\Pulpit\Stasiek\Winamp\winampa.exe

E:\WINDOWS\System32\Services\{5BC507EA-FE1A-4BAE-AF8C-AE1F31A2EE6B}\SVCHOST.EXE

E:\WINDOWS\process.exe

E:\Program Files\AVPersonal\AVGNT.EXE

E:\Program Files\Messenger\msmsgs.exe

E:\Documents and Settings\Stasiek Burdon\Dane aplikacji\eaul.exe

E:\WINDOWS\System32\w?aclt.exe

E:\Program Files\Gadu-Gadu\gg.exe

E:\Program Files\mIRC\mirc.exe

E:\Program Files\Opera\opera.exe

E:\Program Files\Helbreath\klient.exe

E:\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F2 - REG:system.ini: UserInit=e:\windows\system32\userinit.exe

O1 - Hosts: 127.0.0.3 www.greg-tut.com

O1 - Hosts: 127.0.0.3 nylonsexy.com

O1 - Hosts: 127.0.0.3 www.nylonsexy.com

O1 - Hosts: 127.0.0.3 vparivalka.com

O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com

O1 - Hosts: 127.0.0.3 www.awmdabest.com

O1 - Hosts: 127.0.0.3 www.sexfiles.nu

O1 - Hosts: 127.0.0.3 awmdabest.com

O1 - Hosts: 127.0.0.3 sexfiles.nu

O1 - Hosts: 127.0.0.3 allforadult.com

O1 - Hosts: 127.0.0.3 www.allforadult.com

O1 - Hosts: 127.0.0.3 www.iframe.biz

O1 - Hosts: 127.0.0.3 iframe.biz

O1 - Hosts: 127.0.0.3 www.newiframe.biz

O1 - Hosts: 127.0.0.3 newiframe.biz

O1 - Hosts: 127.0.0.3 www.vesbiz.biz

O1 - Hosts: 127.0.0.3 vesbiz.biz

O1 - Hosts: 127.0.0.3 www.pizdato.biz

O1 - Hosts: 127.0.0.3 pizdato.biz

O1 - Hosts: 127.0.0.3 www.aaasexypics.com

O1 - Hosts: 127.0.0.3 aaasexypics.com

O1 - Hosts: 127.0.0.3 www.virgin-tgp.net

O1 - Hosts: 127.0.0.3 virgin-tgp.net

O1 - Hosts: 127.0.0.3 www.awmcash.biz

O1 - Hosts: 127.0.0.3 awmcash.biz

O1 - Hosts: 127.0.0.3 buldog-stats.com

O1 - Hosts: 127.0.0.3 www.buldog-stats.com

O1 - Hosts: 127.0.0.3 fregat.drocherway.com

O1 - Hosts: 127.0.0.3 slutmania.biz

O1 - Hosts: 127.0.0.3 www.slutmania.biz

O1 - Hosts: 127.0.0.3 toolbarpartner.com

O1 - Hosts: 127.0.0.3 www.toolbarpartner.com

O1 - Hosts: 127.0.0.3 www.megapornix.com

O1 - Hosts: 127.0.0.3 megapornix.com

O1 - Hosts: 127.0.0.3 www.sp2fucked.biz

O1 - Hosts: 127.0.0.3 sp2fucked.biz

O1 - Hosts: 127.0.0.3 greg-tut.com

O1 - Hosts: http://213.159.117.203/dkprogs/hosts.txt

O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: (no name) - {4016C6B8-7053-7CAC-2FE8-7295BAABDFEE} - E:\WINDOWS\System32\eplfv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - E:\Program Files\Hotbar\bin\4.5.1.0\HbHostIE.dll

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Virtual Drive] "E:\Program Files\FarStone\VirtualDrive\vdtask.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [P2P Networking] E:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [WeatherOnTray] E:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe

O4 - HKLM\..\Run: [shgdgx] E:\WINDOWS\shgdgx.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [gtmfkjon] E:\WINDOWS\gtmfkjon.exe

O4 - HKLM\..\Run: [Hotbar] E:\Program Files\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade

O4 - HKLM\..\Run: [WinampAgent] E:\Documents and Settings\Stasiek Burdon\Pulpit\Stasiek\Winamp\winampa.exe

O4 - HKLM\..\Run: [SysTime] E:\WINDOWS\System32\systime.exe

O4 - HKLM\..\Run: [pir] E:\WINDOWS\System32\ivfhgsfxjuxpuh.exe

O4 - HKLM\..\Run: [Service Host] E:\WINDOWS\System32\Services\{5BC507EA-FE1A-4BAE-AF8C-AE1F31A2EE6B}\SVCHOST.EXE

O4 - HKLM\..\Run: [process.exe] E:\WINDOWS\process.exe

O4 - HKLM\..\Run: [AVGCtrl] "E:\Program Files\AVPersonal\AVGNT.EXE" /min

O4 - HKLM\..\RunOnce: [Srv32 spool service] E:\WINDOWS\System32\spoolsrv32.exe

O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Komunikator] E:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [E] E:\WINDOWS\System32\ifooawi.dll /c del >nul

O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Aemp] E:\Documents and Settings\Stasiek Burdon\Dane aplikacji\eaul.exe

O4 - HKCU\..\Run: [Mmwiddvs] E:\WINDOWS\System32\w?aclt.exe

O4 - HKCU\..\RunOnce: [Srv32 spool service] E:\WINDOWS\System32\spoolsrv32.exe

O4 - Startup: Power Project.lnk = C:\Program Files\Gadu-Gadu\PowerGG.exe

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE

O10 - Hijacked Internet access by New.Net

O10 - Broken Internet access because of LSP provider 'e:\windows\system32\aklsp.dll' missing

O12 - Plugin for .mov: E:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .wav: E:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: 213.159.117.202 (HKLM)

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 

O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://iframedollars.biz/tb/loader2.ocx

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.flexview.de/InstallationsAssistent.ocx

O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - E:\Program Files\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - E:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: NVIDIA Display Driver Service - Unknown - E:\WINDOWS\System32\nvsvc32.exe (file missing)

O23 - Service: Office Source Engine - Unknown - E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)

zasmiecone ostro:P powiedzcie wszystko co mam z tym zrobic bardzo prosze


(Damian) #5

Nieźle zaśmiecone. Proponuje narazie przeskanować system programami:

:arrow: CWShredder 2.13

:arrow: Spybot Search & Destroy 1.3

:arrow: Ad-aware SE Personal 1.05

I tymi z tego topika:

http://forum.dobreprogramy.pl/viewtopic.php?t=17671

http://forum.dobreprogramy.pl/viewtopic.php?t=17685

A potem wklej nowego loga :slight_smile:


(fiesta) #6
O1 - Hosts: 127.0.0.3 www.greg-tut.com 

O1 - Hosts: 127.0.0.3 nylonsexy.com 

O1 - Hosts: 127.0.0.3 www.nylonsexy.com 

O1 - Hosts: 127.0.0.3 vparivalka.com 

O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com 

O1 - Hosts: 127.0.0.3 www.awmdabest.com 

O1 - Hosts: 127.0.0.3 www.sexfiles.nu 

O1 - Hosts: 127.0.0.3 awmdabest.com 

O1 - Hosts: 127.0.0.3 sexfiles.nu 

O1 - Hosts: 127.0.0.3 allforadult.com 

O1 - Hosts: 127.0.0.3 www.allforadult.com 

O1 - Hosts: 127.0.0.3 www.iframe.biz 

O1 - Hosts: 127.0.0.3 iframe.biz 

O1 - Hosts: 127.0.0.3 www.newiframe.biz 

O1 - Hosts: 127.0.0.3 newiframe.biz 

O1 - Hosts: 127.0.0.3 www.vesbiz.biz 

O1 - Hosts: 127.0.0.3 vesbiz.biz 

O1 - Hosts: 127.0.0.3 www.pizdato.biz 

O1 - Hosts: 127.0.0.3 pizdato.biz 

O1 - Hosts: 127.0.0.3 www.aaasexypics.com 

O1 - Hosts: 127.0.0.3 aaasexypics.com 

O1 - Hosts: 127.0.0.3 www.virgin-tgp.net 

O1 - Hosts: 127.0.0.3 virgin-tgp.net 

O1 - Hosts: 127.0.0.3 www.awmcash.biz 

O1 - Hosts: 127.0.0.3 awmcash.biz 

O1 - Hosts: 127.0.0.3 buldog-stats.com 

O1 - Hosts: 127.0.0.3 www.buldog-stats.com 

O1 - Hosts: 127.0.0.3 fregat.drocherway.com 

O1 - Hosts: 127.0.0.3 slutmania.biz 

O1 - Hosts: 127.0.0.3 www.slutmania.biz 

O1 - Hosts: 127.0.0.3 toolbarpartner.com 

O1 - Hosts: 127.0.0.3 www.toolbarpartner.com 

O1 - Hosts: 127.0.0.3 www.megapornix.com 

O1 - Hosts: 127.0.0.3 megapornix.com 

O1 - Hosts: 127.0.0.3 www.sp2fucked.biz 

O1 - Hosts: 127.0.0.3 sp2fucked.biz 

O1 - Hosts: 127.0.0.3 greg-tut.com

Ty masz niezłą kolekcję licznie odwiedzanych stron porno Wszystko do kasacji

O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com

a takiego cuda to jeszcze nie widziałem prawdopodobnie do kasacji


(boczi) #7

Brak Service Pack 2! Koniecznie zainstaluj.

Do usunięcia :!:

E:\WINDOWS\System32\P2P Networking\P2P Networking.exe

   	E:\WINDOWS\process.exe

   	E:\Documents and Settings\Stasiek Burdon\Dane aplikacji\eaul.exe

   	E:\WINDOWS\System32\w?aclt.exe

Znasz - zostawiasz - nie - usuwasz:

E:\Program Files\Helbreath\klient.exe

Kasacja:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: 127.0.0.3 www.greg-tut.com

O1 - Hosts: 127.0.0.3 nylonsexy.com

O1 - Hosts: 127.0.0.3 www.nylonsexy.com

O1 - Hosts: 127.0.0.3 vparivalka.com

O1 - Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com

O1 - Hosts: 127.0.0.3 www.awmdabest.com

O1 - Hosts: 127.0.0.3 www.sexfiles.nu

O1 - Hosts: 127.0.0.3 awmdabest.com

O1 - Hosts: 127.0.0.3 sexfiles.nu

O1 - Hosts: 127.0.0.3 allforadult.com

O1 - Hosts: 127.0.0.3 www.allforadult.com

O1 - Hosts: 127.0.0.3 www.iframe.biz

O1 - Hosts: 127.0.0.3 iframe.biz

O1 - Hosts: 127.0.0.3 www.newiframe.biz

O1 - Hosts: 127.0.0.3 newiframe.biz

O1 - Hosts: 127.0.0.3 www.vesbiz.biz

O1 - Hosts: 127.0.0.3 vesbiz.biz

O1 - Hosts: 127.0.0.3 www.pizdato.biz

O1 - Hosts: 127.0.0.3 pizdato.biz

O1 - Hosts: 127.0.0.3 www.aaasexypics.com

O1 - Hosts: 127.0.0.3 aaasexypics.com

O1 - Hosts: 127.0.0.3 www.virgin-tgp.net

O1 - Hosts: 127.0.0.3 virgin-tgp.net

O1 - Hosts: 127.0.0.3 www.awmcash.biz

O1 - Hosts: 127.0.0.3 awmcash.biz

O1 - Hosts: 127.0.0.3 buldog-stats.com

O1 - Hosts: 127.0.0.3 www.buldog-stats.com

O1 - Hosts: 127.0.0.3 fregat.drocherway.com

O1 - Hosts: 127.0.0.3 slutmania.biz

O1 - Hosts: 127.0.0.3 www.slutmania.biz

O1 - Hosts: 127.0.0.3 toolbarpartner.com

O1 - Hosts: 127.0.0.3 www.toolbarpartner.com

O1 - Hosts: 127.0.0.3 www.megapornix.com

O1 - Hosts: 127.0.0.3 megapornix.com

O1 - Hosts: 127.0.0.3 www.sp2fucked.biz

O1 - Hosts: 127.0.0.3 sp2fucked.biz

O1 - Hosts: 127.0.0.3 greg-tut.com

O1 - Hosts: http://213.159.117.203/dkprogs/hosts.txt

O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)

O2 - BHO: (no name) - {4016C6B8-7053-7CAC-2FE8-7295BAABDFEE} - E:\WINDOWS\System32\eplfv.dll 

O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - E:\Program Files\Hotbar\bin\4.5.1.0\HbHostIE.dll

   	O4 - HKLM\..\Run: [P2P Networking] E:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [WeatherOnTray] E:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe

   	O4 - HKLM\..\Run: [shgdgx] E:\WINDOWS\shgdgx.exe

   	O4 - HKLM\..\Run: [New.net Startup] rundll32 E:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [gtmfkjon] E:\WINDOWS\gtmfkjon.exe

 	O4 - HKLM\..\Run: [Hotbar] E:\Program Files\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade

   	O4 - HKLM\..\Run: [WinampAgent] E:\Documents and Settings\Stasiek Burdon\Pulpit\Stasiek\Winamp\winampa.exe

O4 - HKLM\..\Run: [SysTime] E:\WINDOWS\System32\systime.exe

   	O4 - HKLM\..\Run: [pir] E:\WINDOWS\System32\ivfhgsfxjuxpuh.exe

   	O4 - HKLM\..\Run: [Service Host] E:\WINDOWS\System32\Services\{5BC507EA-FE1A-4BAE-AF8C-AE1F31A2EE6B}\SVCHOST.EXE  	

   	O4 - HKLM\..\Run: [process.exe] E:\WINDOWS\process.exe

O4 - HKLM\..\RunOnce: [Srv32 spool service] E:\WINDOWS\System32\spoolsrv32.exe

O4 - HKCU\..\Run: [E] E:\WINDOWS\System32\ifooawi.dll /c del >nul

O4 - HKCU\..\Run: [Aemp] E:\Documents and Settings\Stasiek Burdon\Dane aplikacji\eaul.exe

O4 - HKCU\..\Run: [Mmwiddvs] E:\WINDOWS\System32\w?aclt.exe

O4 - HKCU\..\RunOnce: [Srv32 spool service] E:\WINDOWS\System32\spoolsrv32.exe

   	O10 - Hijacked Internet access by New.Net

O10 - Broken Internet access because of LSP provider 'e:\windows\system32\aklsp.dll' missing

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 213.159.117.202

O15 - Trusted IP range: 213.159.117.202 (HKLM)

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx

O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://iframedollars.biz/tb/loader2.ocx 

O23 - Service: Office Source Engine - Unknown - E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)

usuwasz. ale najpierw skan stosownymi aplikacjami. Masz linki z wszelkimi info:

http://forum.dobreprogramy.pl/viewtopic.php?t=17593

http://forum.dobreprogramy.pl/viewtopic.php?t=17763

http://forum.dobreprogramy.pl/viewtopic.php?t=8175

http://forum.dobreprogramy.pl/viewtopic.php?t=17671

Zajrzyj, skorzystaj bo masz masę śmieci. Zrób na spokojnie wszystko, najlepiej w tr. awaryjnym, włączasz komputer, naciskach F8.

Po tym wszystkim podaj na nowo loga


(Stasiek24) #8

Ja to noob konkretny... powiedzcie mi jeszcze jak to usunac...:stuck_out_tongue:


(boczi) #9

Zaznaczasz tylko WYBRANE, nie usuń przypadkiem czegoś dobrego (ale mało tego w Twoim logu) "zaptaszasz" te ktore zostały wymienione, a następnie FIX. PAMIĘTAJ O SKANIE ANTY!