Pomozcie

kasia_17 · 25 Luty 2005 14:44

Sprawdzcie mojego loga. Ten wirus co chwile mnie denerwuje i chce sie go pozbyc.

Logfile of HijackThis v1.99.1

Scan saved at 15:43:56, on 05-02-25

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\WINDOWS\SYSTEM\OJQ.EXE

C:\WINDOWS\SYSTEM\CMD32.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\DANE APLIKACJI\OUBB.EXE

C:\WINDOWS\SYSTEM\SWNYRI.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\IZXCZXCR.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\MOJE DOKUMENTY\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {23C0A701-86AE-11D9-AD77-003093C9FA62} - C:\WINDOWS\SYSTEM\CMI.DLL

O2 - BHO: (no name) - {361EE5E5-0B00-22AC-2BB4-0495CBA2D8CA} - C:\WINDOWS\SYSTEM\OXL.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM…\Run: [internat.exe] internat.exe

O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM…\Run: [systemTray] systray.exe

O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\Run: [soundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd

O4 - HKLM…\Run: [WinampAgent] “C:\PROGRAM FILES\WINAMP\WINAMPa.exe”

O4 - HKLM…\Run: [Pku] C:\WINDOWS\SYSTEM\Ojq.exe

O4 - HKLM…\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe internat.dll,LoadKeyboardProfile

O4 - HKLM…\Run: [Vht] C:\WINDOWS\Auq.exe

O4 - HKLM…\Run: [Rdp] C:\WINDOWS\SYSTEM\Iqs.exe

O4 - HKLM…\Run: [Ltb] C:\WINDOWS\SYSTEM\Fqv.exe

O4 - HKLM…\Run: [Ovh] C:\WINDOWS\SYSTEM\Qqe.exe

O4 - HKLM…\Run: [Avt] C:\WINDOWS\SYSTEM\Mdl.exe

O4 - HKLM…\Run: [Mco] C:\WINDOWS\Lsl.exe

O4 - HKLM…\Run: [Efd] C:\WINDOWS\Eeu.exe

O4 - HKLM…\Run: [sdt] C:\WINDOWS\SYSTEM\Aks.exe

O4 - HKLM…\Run: [Qmk] C:\WINDOWS\Msj.exe

O4 - HKLM…\Run: [sdb] C:\WINDOWS\SYSTEM\Jht.exe

O4 - HKLM…\Run: [Ccd] C:\WINDOWS\Prr.exe

O4 - HKLM…\Run: [bpg] C:\WINDOWS\Nvg.exe

O4 - HKLM…\Run: [uhe] C:\WINDOWS\Tcj.exe

O4 - HKLM…\Run: [Hlk] C:\WINDOWS\Mpv.exe

O4 - HKLM…\Run: [Eet] C:\WINDOWS\SYSTEM\Kpf.exe

O4 - HKLM…\Run: [bnt] C:\WINDOWS\SYSTEM\Auf.exe

O4 - HKLM…\Run: [Hut] C:\WINDOWS\SYSTEM\Ovt.exe

O4 - HKLM…\Run: [Dah] C:\WINDOWS\SYSTEM\Pcn.exe

O4 - HKLM…\Run: [Rhu] C:\WINDOWS\SYSTEM\Ljt.exe

O4 - HKLM…\Run: [Dni] C:\WINDOWS\SYSTEM\Vuo.exe

O4 - HKLM…\Run: [Kui] C:\WINDOWS\SYSTEM\Tuc.exe

O4 - HKLM…\Run: [Chd] C:\WINDOWS\Rjb.exe

O4 - HKLM…\Run: [Nca] C:\WINDOWS\Sgb.exe

O4 - HKLM…\Run: [Nru] C:\WINDOWS\Par.exe

O4 - HKLM…\Run: [Enb] C:\WINDOWS\Mku.exe

O4 - HKLM…\Run: [Pub] C:\WINDOWS\Anb.exe

O4 - HKLM…\Run: [Goe] C:\WINDOWS\SYSTEM\Jdg.exe

O4 - HKLM…\Run: [Ovd] C:\WINDOWS\Fbe.exe

O4 - HKLM…\Run: [Qjt] C:\WINDOWS\SYSTEM\Ams.exe

O4 - HKLM…\Run: [idm] C:\WINDOWS\Gvu.exe

O4 - HKLM…\Run: [Jko] C:\WINDOWS\SYSTEM\Cms.exe

O4 - HKLM…\Run: [Qqh] C:\WINDOWS\Dlt.exe

O4 - HKLM…\Run: [Mqp] C:\WINDOWS\SYSTEM\Rpg.exe

O4 - HKLM…\Run: [Msh] C:\WINDOWS\SYSTEM\Klj.exe

O4 - HKLM…\Run: [Pjk] C:\WINDOWS\SYSTEM\Amu.exe

O4 - HKLM…\Run: [Pit] C:\WINDOWS\Srd.exe

O4 - HKLM…\Run: [Qma] C:\WINDOWS\SYSTEM\Hki.exe

O4 - HKLM…\Run: [iqu] C:\WINDOWS\SYSTEM\Pas.exe

O4 - HKLM…\Run: [Hro] C:\WINDOWS\Avf.exe

O4 - HKLM…\Run: [Ved] C:\WINDOWS\SYSTEM\Ltk.exe

O4 - HKLM…\Run: [Oug] C:\WINDOWS\SYSTEM\Cqt.exe

O4 - HKLM…\Run: [iuh] C:\WINDOWS\SYSTEM\Mjl.exe

O4 - HKLM…\Run: [Oeq] C:\WINDOWS\Dvh.exe

O4 - HKLM…\Run: [Qkm] C:\WINDOWS\Fiu.exe

O4 - HKLM…\Run: [Rgs] C:\WINDOWS\SYSTEM\Ecp.exe

O4 - HKLM…\Run: [Dij] C:\WINDOWS\SYSTEM\Ata.exe

O4 - HKLM…\Run: [Tfd] C:\WINDOWS\SYSTEM\Ihk.exe

O4 - HKLM…\Run: [Jnf] C:\WINDOWS\Ech.exe

O4 - HKLM…\Run: [bvq] C:\WINDOWS\SYSTEM\Vsu.exe

O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM…\RunServices: [schedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

O4 - HKCU…\Run: [Pku] C:\WINDOWS\SYSTEM\Ojq.exe

O4 - HKCU…\Run: [Vht] C:\WINDOWS\Auq.exe

O4 - HKCU…\Run: [Rdp] C:\WINDOWS\SYSTEM\Iqs.exe

O4 - HKCU…\Run: [Ltb] C:\WINDOWS\SYSTEM\Fqv.exe

O4 - HKCU…\Run: [Ovh] C:\WINDOWS\SYSTEM\Qqe.exe

O4 - HKCU…\Run: [Avt] C:\WINDOWS\SYSTEM\Mdl.exe

O4 - HKCU…\Run: [Mco] C:\WINDOWS\Lsl.exe

O4 - HKCU…\Run: [Hlwa] C:\WINDOWS\Dane aplikacji\oubb.exe

O4 - HKCU…\Run: [Otmrg] C:\WINDOWS\SYSTEM\swnyri.exe

O4 - HKCU…\Run: [Efd] C:\WINDOWS\Eeu.exe

O4 - HKCU…\Run: [sdt] C:\WINDOWS\SYSTEM\Aks.exe

O4 - HKCU…\Run: [Qmk] C:\WINDOWS\Msj.exe

O4 - HKCU…\Run: [sdb] C:\WINDOWS\SYSTEM\Jht.exe

O4 - HKCU…\Run: [Ccd] C:\WINDOWS\Prr.exe

O4 - HKCU…\Run: [bpg] C:\WINDOWS\Nvg.exe

O4 - HKCU…\Run: [uhe] C:\WINDOWS\Tcj.exe

O4 - HKCU…\Run: [Hlk] C:\WINDOWS\Mpv.exe

O4 - HKCU…\Run: [Eet] C:\WINDOWS\SYSTEM\Kpf.exe

O4 - HKCU…\Run: [bnt] C:\WINDOWS\SYSTEM\Auf.exe

O4 - HKCU…\Run: [Hut] C:\WINDOWS\SYSTEM\Ovt.exe

O4 - HKCU…\Run: [Dah] C:\WINDOWS\SYSTEM\Pcn.exe

O4 - HKCU…\Run: [Rhu] C:\WINDOWS\SYSTEM\Ljt.exe

O4 - HKCU…\Run: [Dni] C:\WINDOWS\SYSTEM\Vuo.exe

O4 - HKCU…\Run: [Kui] C:\WINDOWS\SYSTEM\Tuc.exe

O4 - HKCU…\Run: [Chd] C:\WINDOWS\Rjb.exe

O4 - HKCU…\Run: [Nca] C:\WINDOWS\Sgb.exe

O4 - HKCU…\Run: [Nru] C:\WINDOWS\Par.exe

O4 - HKCU…\Run: [Enb] C:\WINDOWS\Mku.exe

O4 - HKCU…\Run: [Pub] C:\WINDOWS\Anb.exe

O4 - HKCU…\Run: [Goe] C:\WINDOWS\SYSTEM\Jdg.exe

O4 - HKCU…\Run: [Ovd] C:\WINDOWS\Fbe.exe

O4 - HKCU…\Run: [Qjt] C:\WINDOWS\SYSTEM\Ams.exe

O4 - HKCU…\Run: [idm] C:\WINDOWS\Gvu.exe

O4 - HKCU…\Run: [Jko] C:\WINDOWS\SYSTEM\Cms.exe

O4 - HKCU…\Run: [Qqh] C:\WINDOWS\Dlt.exe

O4 - HKCU…\Run: [Mqp] C:\WINDOWS\SYSTEM\Rpg.exe

O4 - HKCU…\Run: [Msh] C:\WINDOWS\SYSTEM\Klj.exe

O4 - HKCU…\Run: [Pjk] C:\WINDOWS\SYSTEM\Amu.exe

O4 - HKCU…\Run: [Pit] C:\WINDOWS\Srd.exe

O4 - HKCU…\Run: [Qma] C:\WINDOWS\SYSTEM\Hki.exe

O4 - HKCU…\Run: [iqu] C:\WINDOWS\SYSTEM\Pas.exe

O4 - HKCU…\Run: [Hro] C:\WINDOWS\Avf.exe

O4 - HKCU…\Run: [Ved] C:\WINDOWS\SYSTEM\Ltk.exe

O4 - HKCU…\Run: [Oug] C:\WINDOWS\SYSTEM\Cqt.exe

O4 - HKCU…\Run: [iuh] C:\WINDOWS\SYSTEM\Mjl.exe

O4 - HKCU…\Run: [Oeq] C:\WINDOWS\Dvh.exe

O4 - HKCU…\Run: [Qkm] C:\WINDOWS\Fiu.exe

O4 - HKCU…\Run: [Rgs] C:\WINDOWS\SYSTEM\Ecp.exe

O4 - HKCU…\Run: [Dij] C:\WINDOWS\SYSTEM\Ata.exe

O4 - HKCU…\Run: [Tfd] C:\WINDOWS\SYSTEM\Ihk.exe

O4 - HKCU…\Run: [Jnf] C:\WINDOWS\Ech.exe

O4 - HKCU…\Run: [bvq] C:\WINDOWS\SYSTEM\Vsu.exe

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.xxxtoolbar.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.searchbarcash.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)

O15 - Trusted Zone: *.slotch.com (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.blazefind.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted IP range: 67.19.185.246

O15 - Trusted IP range: 67.19.185.246 (HKLM)

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTickets … refid=3548

O18 - Filter: text/html - {23C0A700-86AE-11D9-AD77-0030FC855FF9} - C:\WINDOWS\SYSTEM\CMI.DLL

O18 - Filter: text/plain - {23C0A700-86AE-11D9-AD77-0030FC855FF9} - C:\WINDOWS\SYSTEM\CMI.DLL

boczi · 25 Luty 2005 14:55

Ale syf :o

Chyba format dysku/partycji systemowej przydałby się…

Wielki syf, brak antywirusa, firewalla, stara wersja IE… Nie używaj IE! Użyj http://www.firefox.pl

Rzeczy próbujesz usuwać w trybie awaryjnym [F8]

C:\WINDOWS\SYSTEM\OJQ.EXE 

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\OJQ.EXE

C:\WINDOWS\DANE APLIKACJI\OUBB.EXE

C:\WINDOWS\SYSTEM\SWNYRI.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\IZXCZXCR.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {23C0A701-86AE-11D9-AD77-003093C9FA62} - C:\WINDOWS\SYSTEM\CMI.DLL

O2 - BHO: (no name) - {361EE5E5-0B00-22AC-2BB4-0495CBA2D8CA} - C:\WINDOWS\SYSTEM\OXL.DLL


O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd

O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"

O4 - HKLM\..\Run: [Pku] C:\WINDOWS\SYSTEM\Ojq.exe

O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe internat.dll,LoadKeyboardProfile

O4 - HKLM\..\Run: [Vht] C:\WINDOWS\Auq.exe

O4 - HKLM\..\Run: [Rdp] C:\WINDOWS\SYSTEM\Iqs.exe

O4 - HKLM\..\Run: [Ltb] C:\WINDOWS\SYSTEM\Fqv.exe

O4 - HKLM\..\Run: [Ovh] C:\WINDOWS\SYSTEM\Qqe.exe

O4 - HKLM\..\Run: [Avt] C:\WINDOWS\SYSTEM\Mdl.exe

O4 - HKLM\..\Run: [Mco] C:\WINDOWS\Lsl.exe

O4 - HKLM\..\Run: [Efd] C:\WINDOWS\Eeu.exe

O4 - HKLM\..\Run: [Sdt] C:\WINDOWS\SYSTEM\Aks.exe

O4 - HKLM\..\Run: [Qmk] C:\WINDOWS\Msj.exe

O4 - HKLM\..\Run: [Sdb] C:\WINDOWS\SYSTEM\Jht.exe

O4 - HKLM\..\Run: [Ccd] C:\WINDOWS\Prr.exe

O4 - HKLM\..\Run: [Bpg] C:\WINDOWS\Nvg.exe

O4 - HKLM\..\Run: [Uhe] C:\WINDOWS\Tcj.exe

O4 - HKLM\..\Run: [Hlk] C:\WINDOWS\Mpv.exe

O4 - HKLM\..\Run: [Eet] C:\WINDOWS\SYSTEM\Kpf.exe

O4 - HKLM\..\Run: [Bnt] C:\WINDOWS\SYSTEM\Auf.exe

O4 - HKLM\..\Run: [Hut] C:\WINDOWS\SYSTEM\Ovt.exe

O4 - HKLM\..\Run: [Dah] C:\WINDOWS\SYSTEM\Pcn.exe

O4 - HKLM\..\Run: [Rhu] C:\WINDOWS\SYSTEM\Ljt.exe

O4 - HKLM\..\Run: [Dni] C:\WINDOWS\SYSTEM\Vuo.exe

O4 - HKLM\..\Run: [Kui] C:\WINDOWS\SYSTEM\Tuc.exe

O4 - HKLM\..\Run: [Chd] C:\WINDOWS\Rjb.exe

O4 - HKLM\..\Run: [Nca] C:\WINDOWS\Sgb.exe

O4 - HKLM\..\Run: [Nru] C:\WINDOWS\Par.exe

O4 - HKLM\..\Run: [Enb] C:\WINDOWS\Mku.exe

O4 - HKLM\..\Run: [Pub] C:\WINDOWS\Anb.exe

O4 - HKLM\..\Run: [Goe] C:\WINDOWS\SYSTEM\Jdg.exe

O4 - HKLM\..\Run: [Ovd] C:\WINDOWS\Fbe.exe

O4 - HKLM\..\Run: [Qjt] C:\WINDOWS\SYSTEM\Ams.exe

O4 - HKLM\..\Run: [Idm] C:\WINDOWS\Gvu.exe

O4 - HKLM\..\Run: [Jko] C:\WINDOWS\SYSTEM\Cms.exe

O4 - HKLM\..\Run: [Qqh] C:\WINDOWS\Dlt.exe

O4 - HKLM\..\Run: [Mqp] C:\WINDOWS\SYSTEM\Rpg.exe

O4 - HKLM\..\Run: [Msh] C:\WINDOWS\SYSTEM\Klj.exe

O4 - HKLM\..\Run: [Pjk] C:\WINDOWS\SYSTEM\Amu.exe

O4 - HKLM\..\Run: [Pit] C:\WINDOWS\Srd.exe

O4 - HKLM\..\Run: [Qma] C:\WINDOWS\SYSTEM\Hki.exe

O4 - HKLM\..\Run: [Iqu] C:\WINDOWS\SYSTEM\Pas.exe

O4 - HKLM\..\Run: [Hro] C:\WINDOWS\Avf.exe

O4 - HKLM\..\Run: [Ved] C:\WINDOWS\SYSTEM\Ltk.exe

O4 - HKLM\..\Run: [Oug] C:\WINDOWS\SYSTEM\Cqt.exe

O4 - HKLM\..\Run: [Iuh] C:\WINDOWS\SYSTEM\Mjl.exe

O4 - HKLM\..\Run: [Oeq] C:\WINDOWS\Dvh.exe

O4 - HKLM\..\Run: [Qkm] C:\WINDOWS\Fiu.exe

O4 - HKLM\..\Run: [Rgs] C:\WINDOWS\SYSTEM\Ecp.exe

O4 - HKLM\..\Run: [Dij] C:\WINDOWS\SYSTEM\Ata.exe

O4 - HKLM\..\Run: [Tfd] C:\WINDOWS\SYSTEM\Ihk.exe

O4 - HKLM\..\Run: [Jnf] C:\WINDOWS\Ech.exe

O4 - HKLM\..\Run: [Bvq] C:\WINDOWS\SYSTEM\Vsu.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKCU\..\Run: [Pku] C:\WINDOWS\SYSTEM\Ojq.exe

O4 - HKCU\..\Run: [Vht] C:\WINDOWS\Auq.exe

O4 - HKCU\..\Run: [Rdp] C:\WINDOWS\SYSTEM\Iqs.exe

O4 - HKCU\..\Run: [Ltb] C:\WINDOWS\SYSTEM\Fqv.exe

O4 - HKCU\..\Run: [Ovh] C:\WINDOWS\SYSTEM\Qqe.exe

O4 - HKCU\..\Run: [Avt] C:\WINDOWS\SYSTEM\Mdl.exe

O4 - HKCU\..\Run: [Mco] C:\WINDOWS\Lsl.exe

O4 - HKCU\..\Run: [Hlwa] C:\WINDOWS\Dane aplikacji\oubb.exe

O4 - HKCU\..\Run: [Otmrg] C:\WINDOWS\SYSTEM\swnyri.exe

O4 - HKCU\..\Run: [Efd] C:\WINDOWS\Eeu.exe

O4 - HKCU\..\Run: [Sdt] C:\WINDOWS\SYSTEM\Aks.exe

O4 - HKCU\..\Run: [Qmk] C:\WINDOWS\Msj.exe

O4 - HKCU\..\Run: [Sdb] C:\WINDOWS\SYSTEM\Jht.exe

O4 - HKCU\..\Run: [Ccd] C:\WINDOWS\Prr.exe

O4 - HKCU\..\Run: [Bpg] C:\WINDOWS\Nvg.exe

O4 - HKCU\..\Run: [Uhe] C:\WINDOWS\Tcj.exe

O4 - HKCU\..\Run: [Hlk] C:\WINDOWS\Mpv.exe

O4 - HKCU\..\Run: [Eet] C:\WINDOWS\SYSTEM\Kpf.exe

O4 - HKCU\..\Run: [Bnt] C:\WINDOWS\SYSTEM\Auf.exe

O4 - HKCU\..\Run: [Hut] C:\WINDOWS\SYSTEM\Ovt.exe

O4 - HKCU\..\Run: [Dah] C:\WINDOWS\SYSTEM\Pcn.exe

O4 - HKCU\..\Run: [Rhu] C:\WINDOWS\SYSTEM\Ljt.exe

O4 - HKCU\..\Run: [Dni] C:\WINDOWS\SYSTEM\Vuo.exe

O4 - HKCU\..\Run: [Kui] C:\WINDOWS\SYSTEM\Tuc.exe

O4 - HKCU\..\Run: [Chd] C:\WINDOWS\Rjb.exe

O4 - HKCU\..\Run: [Nca] C:\WINDOWS\Sgb.exe

O4 - HKCU\..\Run: [Nru] C:\WINDOWS\Par.exe

O4 - HKCU\..\Run: [Enb] C:\WINDOWS\Mku.exe

O4 - HKCU\..\Run: [Pub] C:\WINDOWS\Anb.exe

O4 - HKCU\..\Run: [Goe] C:\WINDOWS\SYSTEM\Jdg.exe

O4 - HKCU\..\Run: [Ovd] C:\WINDOWS\Fbe.exe

O4 - HKCU\..\Run: [Qjt] C:\WINDOWS\SYSTEM\Ams.exe

O4 - HKCU\..\Run: [Idm] C:\WINDOWS\Gvu.exe

O4 - HKCU\..\Run: [Jko] C:\WINDOWS\SYSTEM\Cms.exe

O4 - HKCU\..\Run: [Qqh] C:\WINDOWS\Dlt.exe

O4 - HKCU\..\Run: [Mqp] C:\WINDOWS\SYSTEM\Rpg.exe

O4 - HKCU\..\Run: [Msh] C:\WINDOWS\SYSTEM\Klj.exe

O4 - HKCU\..\Run: [Pjk] C:\WINDOWS\SYSTEM\Amu.exe

O4 - HKCU\..\Run: [Pit] C:\WINDOWS\Srd.exe

O4 - HKCU\..\Run: [Qma] C:\WINDOWS\SYSTEM\Hki.exe

O4 - HKCU\..\Run: [Iqu] C:\WINDOWS\SYSTEM\Pas.exe

O4 - HKCU\..\Run: [Hro] C:\WINDOWS\Avf.exe

O4 - HKCU\..\Run: [Ved] C:\WINDOWS\SYSTEM\Ltk.exe

O4 - HKCU\..\Run: [Oug] C:\WINDOWS\SYSTEM\Cqt.exe

O4 - HKCU\..\Run: [Iuh] C:\WINDOWS\SYSTEM\Mjl.exe

O4 - HKCU\..\Run: [Oeq] C:\WINDOWS\Dvh.exe

O4 - HKCU\..\Run: [Qkm] C:\WINDOWS\Fiu.exe

O4 - HKCU\..\Run: [Rgs] C:\WINDOWS\SYSTEM\Ecp.exe

O4 - HKCU\..\Run: [Dij] C:\WINDOWS\SYSTEM\Ata.exe

O4 - HKCU\..\Run: [Tfd] C:\WINDOWS\SYSTEM\Ihk.exe

O4 - HKCU\..\Run: [Jnf] C:\WINDOWS\Ech.exe

O4 - HKCU\..\Run: [Bvq] C:\WINDOWS\SYSTEM\Vsu.exe


O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


O14 - IERESET.INF: SEARCH_PAGE_URL=

O14 - IERESET.INF: START_PAGE_URL=

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.xxxtoolbar.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.searchbarcash.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)

O15 - Trusted Zone: *.slotch.com (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.blazefind.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted IP range: 67.19.185.246

O15 - Trusted IP range: 67.19.185.246 (HKLM)

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3548

O18 - Filter: text/html - {23C0A700-86AE-11D9-AD77-0030FC855FF9} - C:\WINDOWS\SYSTEM\CMI.DLL

O18 - Filter: text/plain - {23C0A700-86AE-11D9-AD77-0030FC855FF9} - C:\WINDOWS\SYSTEM\CMI.DLL

Ciężko będzie przywrócić system do poprawnego działania.

kuz5 · 25 Luty 2005 17:03

:o :o :o :o :o :o Pierwszy raz widze takiego loga :o :o :o :o :o :o :o

Po wykonaniu tego co napisał boczi wklej loga jeszcze raz.

Shark · 25 Luty 2005 17:25

Trojan CWS: typ: about:blank

kasia_17:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.eu.microsoft.com/poland/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

BHO:

Trojany:

kasia_17:

O4 - HKLM…\Run: [Pku] C:\WINDOWS\SYSTEM\Ojq.exe O4 - HKLM…\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe internat.dll,LoadKeyboardProfile O4 - HKLM…\Run: [Vht] C:\WINDOWS\Auq.exe O4 - HKLM…\Run: [Rdp] C:\WINDOWS\SYSTEM\Iqs.exe O4 - HKLM…\Run: [Ltb] C:\WINDOWS\SYSTEM\Fqv.exe O4 - HKLM…\Run: [Ovh] C:\WINDOWS\SYSTEM\Qqe.exe O4 - HKLM…\Run: [Avt] C:\WINDOWS\SYSTEM\Mdl.exe O4 - HKLM…\Run: [Mco] C:\WINDOWS\Lsl.exe O4 - HKLM…\Run: [Efd] C:\WINDOWS\Eeu.exe O4 - HKLM…\Run: [sdt] C:\WINDOWS\SYSTEM\Aks.exe O4 - HKLM…\Run: [Qmk] C:\WINDOWS\Msj.exe O4 - HKLM…\Run: [sdb] C:\WINDOWS\SYSTEM\Jht.exe O4 - HKLM…\Run: [Ccd] C:\WINDOWS\Prr.exe O4 - HKLM…\Run: [bpg] C:\WINDOWS\Nvg.exe O4 - HKLM…\Run: [uhe] C:\WINDOWS\Tcj.exe O4 - HKLM…\Run: [Hlk] C:\WINDOWS\Mpv.exe O4 - HKLM…\Run: [Eet] C:\WINDOWS\SYSTEM\Kpf.exe O4 - HKLM…\Run: [bnt] C:\WINDOWS\SYSTEM\Auf.exe O4 - HKLM…\Run: [Hut] C:\WINDOWS\SYSTEM\Ovt.exe O4 - HKLM…\Run: [Dah] C:\WINDOWS\SYSTEM\Pcn.exe O4 - HKLM…\Run: [Rhu] C:\WINDOWS\SYSTEM\Ljt.exe O4 - HKLM…\Run: [Dni] C:\WINDOWS\SYSTEM\Vuo.exe O4 - HKLM…\Run: [Kui] C:\WINDOWS\SYSTEM\Tuc.exe O4 - HKLM…\Run: [Chd] C:\WINDOWS\Rjb.exe O4 - HKLM…\Run: [Nca] C:\WINDOWS\Sgb.exe O4 - HKLM…\Run: [Nru] C:\WINDOWS\Par.exe O4 - HKLM…\Run: [Enb] C:\WINDOWS\Mku.exe O4 - HKLM…\Run: [Pub] C:\WINDOWS\Anb.exe O4 - HKLM…\Run: [Goe] C:\WINDOWS\SYSTEM\Jdg.exe O4 - HKLM…\Run: [Ovd] C:\WINDOWS\Fbe.exe O4 - HKLM…\Run: [Qjt] C:\WINDOWS\SYSTEM\Ams.exe O4 - HKLM…\Run: [idm] C:\WINDOWS\Gvu.exe O4 - HKLM…\Run: [Jko] C:\WINDOWS\SYSTEM\Cms.exe O4 - HKLM…\Run: [Qqh] C:\WINDOWS\Dlt.exe O4 - HKLM…\Run: [Mqp] C:\WINDOWS\SYSTEM\Rpg.exe O4 - HKLM…\Run: [Msh] C:\WINDOWS\SYSTEM\Klj.exe O4 - HKLM…\Run: [Pjk] C:\WINDOWS\SYSTEM\Amu.exe O4 - HKLM…\Run: [Pit] C:\WINDOWS\Srd.exe O4 - HKLM…\Run: [Qma] C:\WINDOWS\SYSTEM\Hki.exe O4 - HKLM…\Run: [iqu] C:\WINDOWS\SYSTEM\Pas.exe O4 - HKLM…\Run: [Hro] C:\WINDOWS\Avf.exe O4 - HKLM…\Run: [Ved] C:\WINDOWS\SYSTEM\Ltk.exe O4 - HKLM…\Run: [Oug] C:\WINDOWS\SYSTEM\Cqt.exe O4 - HKLM…\Run: [iuh] C:\WINDOWS\SYSTEM\Mjl.exe O4 - HKLM…\Run: [Oeq] C:\WINDOWS\Dvh.exe O4 - HKLM…\Run: [Qkm] C:\WINDOWS\Fiu.exe O4 - HKLM…\Run: [Rgs] C:\WINDOWS\SYSTEM\Ecp.exe O4 - HKLM…\Run: [Dij] C:\WINDOWS\SYSTEM\Ata.exe O4 - HKLM…\Run: [Tfd] C:\WINDOWS\SYSTEM\Ihk.exe O4 - HKLM…\Run: [Jnf] C:\WINDOWS\Ech.exe O4 - HKLM…\Run: [bvq] C:\WINDOWS\SYSTEM\Vsu.exe O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\RunServices: [schedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe O4 - HKCU…\Run: [Pku] C:\WINDOWS\SYSTEM\Ojq.exe O4 - HKCU…\Run: [Vht] C:\WINDOWS\Auq.exe O4 - HKCU…\Run: [Rdp] C:\WINDOWS\SYSTEM\Iqs.exe O4 - HKCU…\Run: [Ltb] C:\WINDOWS\SYSTEM\Fqv.exe O4 - HKCU…\Run: [Ovh] C:\WINDOWS\SYSTEM\Qqe.exe O4 - HKCU…\Run: [Avt] C:\WINDOWS\SYSTEM\Mdl.exe O4 - HKCU…\Run: [Mco] C:\WINDOWS\Lsl.exe O4 - HKCU…\Run: [Hlwa] C:\WINDOWS\Dane aplikacji\oubb.exe O4 - HKCU…\Run: [Otmrg] C:\WINDOWS\SYSTEM\swnyri.exe O4 - HKCU…\Run: [Efd] C:\WINDOWS\Eeu.exe O4 - HKCU…\Run: [sdt] C:\WINDOWS\SYSTEM\Aks.exe O4 - HKCU…\Run: [Qmk] C:\WINDOWS\Msj.exe O4 - HKCU…\Run: [sdb] C:\WINDOWS\SYSTEM\Jht.exe O4 - HKCU…\Run: [Ccd] C:\WINDOWS\Prr.exe O4 - HKCU…\Run: [bpg] C:\WINDOWS\Nvg.exe O4 - HKCU…\Run: [uhe] C:\WINDOWS\Tcj.exe O4 - HKCU…\Run: [Hlk] C:\WINDOWS\Mpv.exe O4 - HKCU…\Run: [Eet] C:\WINDOWS\SYSTEM\Kpf.exe O4 - HKCU…\Run: [bnt] C:\WINDOWS\SYSTEM\Auf.exe O4 - HKCU…\Run: [Hut] C:\WINDOWS\SYSTEM\Ovt.exe O4 - HKCU…\Run: [Dah] C:\WINDOWS\SYSTEM\Pcn.exe O4 - HKCU…\Run: [Rhu] C:\WINDOWS\SYSTEM\Ljt.exe O4 - HKCU…\Run: [Dni] C:\WINDOWS\SYSTEM\Vuo.exe O4 - HKCU…\Run: [Kui] C:\WINDOWS\SYSTEM\Tuc.exe O4 - HKCU…\Run: [Chd] C:\WINDOWS\Rjb.exe O4 - HKCU…\Run: [Nca] C:\WINDOWS\Sgb.exe O4 - HKCU…\Run: [Nru] C:\WINDOWS\Par.exe O4 - HKCU…\Run: [Enb] C:\WINDOWS\Mku.exe O4 - HKCU…\Run: [Pub] C:\WINDOWS\Anb.exe O4 - HKCU…\Run: [Goe] C:\WINDOWS\SYSTEM\Jdg.exe O4 - HKCU…\Run: [Ovd] C:\WINDOWS\Fbe.exe O4 - HKCU…\Run: [Qjt] C:\WINDOWS\SYSTEM\Ams.exe O4 - HKCU…\Run: [idm] C:\WINDOWS\Gvu.exe O4 - HKCU…\Run: [Jko] C:\WINDOWS\SYSTEM\Cms.exe O4 - HKCU…\Run: [Qqh] C:\WINDOWS\Dlt.exe O4 - HKCU…\Run: [Mqp] C:\WINDOWS\SYSTEM\Rpg.exe O4 - HKCU…\Run: [Msh] C:\WINDOWS\SYSTEM\Klj.exe O4 - HKCU…\Run: [Pjk] C:\WINDOWS\SYSTEM\Amu.exe O4 - HKCU…\Run: [Pit] C:\WINDOWS\Srd.exe O4 - HKCU…\Run: [Qma] C:\WINDOWS\SYSTEM\Hki.exe O4 - HKCU…\Run: [iqu] C:\WINDOWS\SYSTEM\Pas.exe O4 - HKCU…\Run: [Hro] C:\WINDOWS\Avf.exe O4 - HKCU…\Run: [Ved] C:\WINDOWS\SYSTEM\Ltk.exe O4 - HKCU…\Run: [Oug] C:\WINDOWS\SYSTEM\Cqt.exe O4 - HKCU…\Run: [iuh] C:\WINDOWS\SYSTEM\Mjl.exe O4 - HKCU…\Run: [Oeq] C:\WINDOWS\Dvh.exe O4 - HKCU…\Run: [Qkm] C:\WINDOWS\Fiu.exe O4 - HKCU…\Run: [Rgs] C:\WINDOWS\SYSTEM\Ecp.exe O4 - HKCU…\Run: [Dij] C:\WINDOWS\SYSTEM\Ata.exe O4 - HKCU…\Run: [Tfd] C:\WINDOWS\SYSTEM\Ihk.exe O4 - HKCU…\Run: [Jnf] C:\WINDOWS\Ech.exe O4 - HKCU…\Run: [bvq] C:\WINDOWS\SYSTEM\Vsu.exe

Alexa:

Reszta:

kasia_17:

O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted IP range: 67.19.185.246 O15 - Trusted IP range: 67.19.185.246 (HKLM) O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTickets … refid=3548

Następnie skanujesz WSZYSTKIMI SKANERAMI:

http://forum.dobreprogramy.com/viewtopic.php?t=17671

(KillTrusted też)

Następnie:

Windows Worms Doors Cleaner v1.4.1 - zamykasz wszystkie porty w tym programie

Szukasz plików:

C:\WINDOWS\SYSTEM\OJQ.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\OJQ.EXE

C:\WINDOWS\DANE APLIKACJI\OUBB.EXE

C:\WINDOWS\SYSTEM\SWNYRI.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\IZXCZXCR.EXE

I usuwasz je ręcznie.

Po tym skan jv16PowerTools

Warunki usuwania z HiJackThis:

1.Tryb Awaryjny

2.Wyłącz przywracanie systemu (o ile jest)

3.Później skanujesz

4.Instalacja Service Packów

5.Ponowny log

Jeżeli będą DLLe (sprawdź to:)

Start -> uruchom ->

regsvr32 \u i ścieżka Tu wpisujesz nazwę pliku

i klikasz

Nazwy plików i ścieżki:

C:\WINDOWS\SYSTEM\CMI.DLL

C:\WINDOWS\SYSTEM\OXL.DLL

Następnie usuwasz ręcznie je i skan jv16PowerTools