nie otwieraja mi sie zadne strony w internecie

1. Zastartować do trybu awaryjnego bez internetu(opis TU).

2. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. Dodatkowo O15 może będzie stawiać opór więc ściągnij KillTrusted 0.7

3. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

4. Dokończyć skanerami online - Scanery do wyboru

5. Pokazać nowy log

Uzyj FxIstbar.exe.

Zastosuj Usuwanie tapety SpySheriff

Jak znasz zostaw w ciemno każe usnąć IFUW i UNAMon

Logfile of HijackThis v1.99.1

Scan saved at 22:41:14, on 05-12-06

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINSTALL.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

E:\GADU-GADU\GG.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

E:\DO WIRUSOW\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com

O1 - Hosts: 127.0.0.5 x.full-tgp.net

O1 - Hosts: 127.0.0.5 counter.sexmaniack.com

O1 - Hosts: 127.0.0.5 autoescrowpay.com

O1 - Hosts: 127.0.0.5 www.autoescrowpay.com

O1 - Hosts: 127.0.0.5 www.awmdabest.com

O1 - Hosts: 127.0.0.5 www.sexfiles.nu

O1 - Hosts: 127.0.0.5 awmdabest.com

O1 - Hosts: 127.0.0.5 sexfiles.nu

O1 - Hosts: 127.0.0.5 allforadult.com

O1 - Hosts: 127.0.0.5 www.allforadult.com

O1 - Hosts: 127.0.0.5 www.iframe.biz

O1 - Hosts: 127.0.0.5 iframe.biz

O1 - Hosts: 127.0.0.5 www.newiframe.biz

O1 - Hosts: 127.0.0.5 newiframe.biz

O1 - Hosts: 127.0.0.5 www.vesbiz.biz

O1 - Hosts: 127.0.0.5 vesbiz.biz

O1 - Hosts: 127.0.0.5 www.pizdato.biz

O1 - Hosts: 127.0.0.5 pizdato.biz

O1 - Hosts: 127.0.0.5 www.awmcash.biz

O1 - Hosts: 127.0.0.5 awmcash.biz

O1 - Hosts: 127.0.0.5 buldog-stats.com

O1 - Hosts: 127.0.0.5 www.buldog-stats.com

O1 - Hosts: 127.0.0.5 fregat.drocherway.com

O1 - Hosts: 127.0.0.5 slutmania.biz

O1 - Hosts: 127.0.0.5 www.slutmania.biz

O1 - Hosts: 127.0.0.5 toolbarpartner.com

O1 - Hosts: 127.0.0.5 www.toolbarpartner.com

O1 - Hosts: 127.0.0.5 www.megapornix.com

O1 - Hosts: 127.0.0.5 megapornix.com

O1 - Hosts: 127.0.0.5 www.sp2fucked.biz

O1 - Hosts: 127.0.0.5 sp2fucked.biz

O1 - Hosts: 127.0.0.5 greg-tut.com

O1 - Hosts: 127.0.0.5 www.greg-tut.com

O1 - Hosts: 127.0.0.5 nylonsexy.com

O1 - Hosts: 127.0.0.5 www.nylonsexy.com

O1 - Hosts: 127.0.0.5 vparivalka.com

O1 - Hosts: 127.0.0.5 www.vparivalka.com

O1 - Hosts: 127.0.0.5 iframeprofit.com

O1 - Hosts: 127.0.0.5 www.iframeprofit.com

O1 - Hosts: 127.0.0.5 topsearch10.com

O1 - Hosts: 127.0.0.5 www.topsearch10.com

O1 - Hosts: 127.0.0.5 statscash.biz

O1 - Hosts: 127.0.0.5 www.statscash.biz

O1 - Hosts: 127.0.0.5 vxiframe.biz

O1 - Hosts: 127.0.0.5 www.vxiframe.biz

O1 - Hosts: 127.0.0.5 crazy-toolbar.com

O1 - Hosts: 127.0.0.5 www.crazy-toolbar.com

O1 - Hosts: 127.0.0.5 topcash.biz

O1 - Hosts: 127.0.0.5 www.topcash.biz

O1 - Hosts: 127.0.0.5 loadcash.biz

O1 - Hosts: 127.0.0.5 www.loadcash.biz

O1 - Hosts: 127.0.0.5 txiframe.biz

O1 - Hosts: 127.0.0.5 www.txiframe.biz

O1 - Hosts: 127.0.0.5 procounter.biz

O1 - Hosts: 127.0.0.5 www.procounter.biz

O1 - Hosts: 127.0.0.5 advadmin.biz

O1 - Hosts: 127.0.0.5 www.advadmin.biz

O1 - Hosts: 127.0.0.5 trafficbest.net

O1 - Hosts: 127.0.0.5 www.trafficbest.net

O1 - Hosts: 127.0.0.5 besthvac.com

O1 - Hosts: 127.0.0.5 www.besthvac.com

O1 - Hosts: 127.0.0.5 traff4.com

O1 - Hosts: 127.0.0.5 www.traff4.com

O1 - Hosts: 127.0.0.5 ambush-script.com

O1 - Hosts: 127.0.0.5 www.ambush-script.com

O1 - Hosts: 127.0.0.5 beehappyy.biz

O1 - Hosts: 127.0.0.5 www.beehappyy.biz

O1 - Hosts: 127.0.0.5 tracktraff.cc

O1 - Hosts: 127.0.0.5 www.tracktraff.cc

O1 - Hosts: 127.0.0.5 allcount.net

O1 - Hosts: 127.0.0.5 www.allcount.net

O1 - Hosts: 127.0.0.5 onedayoffer.biz

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\PROGRAM FILES\ISTBAR\ISTBARCM.DLL (file missing)

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (HKCU)

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab

O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_65.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://playqames.com/default.cab?uid=18&id=31346&ex&1s&ppd=5

Usuń: (wszystko oczywiście robisz w trybie awaryjnym )

Pliki na czerwono usun ręcznie z dysku

Zastosowałeś się do?

Plik winstall.exe usuń programem Pocket Killbox czyli odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżke:

C:** winstall.exe**

następnie program będzie pytał o restart (oczywiście zgadzasz sie)

Logfile of HijackThis v1.99.1

Scan saved at 16:51:38, on 05-12-07

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

E:\GADU-GADU\GG.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

E:\DO WIRUSOW\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com

O1 - Hosts: 127.0.0.5 x.full-tgp.net

O1 - Hosts: 127.0.0.5 counter.sexmaniack.com

O1 - Hosts: 127.0.0.5 autoescrowpay.com

O1 - Hosts: 127.0.0.5 www.autoescrowpay.com

O1 - Hosts: 127.0.0.5 www.awmdabest.com

O1 - Hosts: 127.0.0.5 www.sexfiles.nu

O1 - Hosts: 127.0.0.5 awmdabest.com

O1 - Hosts: 127.0.0.5 sexfiles.nu

O1 - Hosts: 127.0.0.5 allforadult.com

O1 - Hosts: 127.0.0.5 www.allforadult.com

O1 - Hosts: 127.0.0.5 www.iframe.biz

O1 - Hosts: 127.0.0.5 iframe.biz

O1 - Hosts: 127.0.0.5 www.newiframe.biz

O1 - Hosts: 127.0.0.5 newiframe.biz

O1 - Hosts: 127.0.0.5 www.vesbiz.biz

O1 - Hosts: 127.0.0.5 vesbiz.biz

O1 - Hosts: 127.0.0.5 www.pizdato.biz

O1 - Hosts: 127.0.0.5 pizdato.biz

O1 - Hosts: 127.0.0.5 www.awmcash.biz

O1 - Hosts: 127.0.0.5 awmcash.biz

O1 - Hosts: 127.0.0.5 buldog-stats.com

O1 - Hosts: 127.0.0.5 www.buldog-stats.com

O1 - Hosts: 127.0.0.5 fregat.drocherway.com

O1 - Hosts: 127.0.0.5 slutmania.biz

O1 - Hosts: 127.0.0.5 www.slutmania.biz

O1 - Hosts: 127.0.0.5 toolbarpartner.com

O1 - Hosts: 127.0.0.5 www.toolbarpartner.com

O1 - Hosts: 127.0.0.5 www.megapornix.com

O1 - Hosts: 127.0.0.5 megapornix.com

O1 - Hosts: 127.0.0.5 www.sp2fucked.biz

O1 - Hosts: 127.0.0.5 sp2fucked.biz

O1 - Hosts: 127.0.0.5 greg-tut.com

O1 - Hosts: 127.0.0.5 www.greg-tut.com

O1 - Hosts: 127.0.0.5 nylonsexy.com

O1 - Hosts: 127.0.0.5 www.nylonsexy.com

O1 - Hosts: 127.0.0.5 vparivalka.com

O1 - Hosts: 127.0.0.5 www.vparivalka.com

O1 - Hosts: 127.0.0.5 iframeprofit.com

O1 - Hosts: 127.0.0.5 www.iframeprofit.com

O1 - Hosts: 127.0.0.5 topsearch10.com

O1 - Hosts: 127.0.0.5 www.topsearch10.com

O1 - Hosts: 127.0.0.5 statscash.biz

O1 - Hosts: 127.0.0.5 www.statscash.biz

O1 - Hosts: 127.0.0.5 vxiframe.biz

O1 - Hosts: 127.0.0.5 www.vxiframe.biz

O1 - Hosts: 127.0.0.5 crazy-toolbar.com

O1 - Hosts: 127.0.0.5 www.crazy-toolbar.com

O1 - Hosts: 127.0.0.5 topcash.biz

O1 - Hosts: 127.0.0.5 www.topcash.biz

O1 - Hosts: 127.0.0.5 loadcash.biz

O1 - Hosts: 127.0.0.5 www.loadcash.biz

O1 - Hosts: 127.0.0.5 txiframe.biz

O1 - Hosts: 127.0.0.5 www.txiframe.biz

O1 - Hosts: 127.0.0.5 procounter.biz

O1 - Hosts: 127.0.0.5 www.procounter.biz

O1 - Hosts: 127.0.0.5 advadmin.biz

O1 - Hosts: 127.0.0.5 www.advadmin.biz

O1 - Hosts: 127.0.0.5 trafficbest.net

O1 - Hosts: 127.0.0.5 www.trafficbest.net

O1 - Hosts: 127.0.0.5 besthvac.com

O1 - Hosts: 127.0.0.5 www.besthvac.com

O1 - Hosts: 127.0.0.5 traff4.com

O1 - Hosts: 127.0.0.5 www.traff4.com

O1 - Hosts: 127.0.0.5 ambush-script.com

O1 - Hosts: 127.0.0.5 www.ambush-script.com

O1 - Hosts: 127.0.0.5 beehappyy.biz

O1 - Hosts: 127.0.0.5 www.beehappyy.biz

O1 - Hosts: 127.0.0.5 tracktraff.cc

O1 - Hosts: 127.0.0.5 www.tracktraff.cc

O1 - Hosts: 127.0.0.5 allcount.net

O1 - Hosts: 127.0.0.5 www.allcount.net

O1 - Hosts: 127.0.0.5 onedayoffer.biz

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\PROGRAM FILES\ISTBAR\ISTBARCM.DLL (file missing)

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (HKCU)

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab

O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab

O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_65.cab

O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://playqames.com/default.cab?uid=18&id=31346&ex&1s&ppd=5

Poczytaj jeszcze raz mój post i rób jak mówiłem nadal są te wpisy!!

Logfile of HijackThis v1.99.1

Scan saved at 17:19:06, on 05-12-07

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

E:\GADU-GADU\GG.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

E:\DO WIRUSOW\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\PROGRAM FILES\ISTBAR\ISTBARCM.DLL (file missing)

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (HKCU)

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab

O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab

1. Zastartować do trybu awaryjnego bez internetu.

2. Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.

3. Skasować z dysku pliki i foldery, które podkreśliłem na czerwono

4. Dokończyć skanerami online - Scanery do wyboru

5. Pokazać nowy log

Poczytaj i zastosuj Usuwanie tapety SpySheriff

Logfile of HijackThis v1.99.1

Scan saved at 17:59:03, on 05-12-07

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

E:\GADU-GADU\GG.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

E:\DO WIRUSOW\HIJACKTHIS.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Zostało post wyżej jak usunąc ale w szczególności winstall.exe - instrukcję Usuwanie tapety SpySheriff

Logfile of HijackThis v1.99.1

Scan saved at 18:55:13, on 05-12-07

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

[code]C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

E:\GADU-GADU\GG.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

E:\DO WIRUSOW\HIJACKTHIS.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.google.pl/]http://www.google.pl/[/url]

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

juz normalna strone mam w necie jak wlączam

Juz OK, miałes syfu