cwaniak69
(Barcelona1988)
6 Grudzień 2005 19:54
#1
nie otwieraja mi sie zadne strony w internecie
Logfile of HijackThis v1.99.1 Scan saved at 20:40:30, on 05-12-06 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\PAYTIME.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\TOOL2.EXE C:\WINDOWS\ADTECH2006.EXE C:\WINDOWS\SYSTEM\PAYTIME.EXE C:\WINSTALL.EXE C:\WINDOWS\TOOL2.EXE C:\PROGRAM FILES\COMMON FILES\IFUW\IFUWM.EXE C:\PROGRAM FILES\COMMON FILES\IFUW\IFUWA.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE E:\GADU-GADU\GG.EXE C:\PROGRAM FILES\MKS\BIN\MKS_VIRW.EXE C:\PROGRAM FILES\MKS\BIN\MKS_SCAN.EXE C:\WINDOWS\NOTEPAD.EXE E:\DO WIRUSOW\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com O1 - Hosts: 127.0.0.5 x.full-tgp.net O1 - Hosts: 127.0.0.5 counter.sexmaniack.com O1 - Hosts: 127.0.0.5 autoescrowpay.com O1 - Hosts: 127.0.0.5 http://www.autoescrowpay.com O1 - Hosts: 127.0.0.5 http://www.awmdabest.com O1 - Hosts: 127.0.0.5 http://www.sexfiles.nu O1 - Hosts: 127.0.0.5 awmdabest.com O1 - Hosts: 127.0.0.5 sexfiles.nu O1 - Hosts: 127.0.0.5 allforadult.com O1 - Hosts: 127.0.0.5 http://www.allforadult.com O1 - Hosts: 127.0.0.5 http://www.iframe.biz O1 - Hosts: 127.0.0.5 iframe.biz O1 - Hosts: 127.0.0.5 http://www.newiframe.biz O1 - Hosts: 127.0.0.5 newiframe.biz O1 - Hosts: 127.0.0.5 http://www.vesbiz.biz O1 - Hosts: 127.0.0.5 vesbiz.biz O1 - Hosts: 127.0.0.5 http://www.pizdato.biz O1 - Hosts: 127.0.0.5 pizdato.biz O1 - Hosts: 127.0.0.5 http://www.awmcash.biz O1 - Hosts: 127.0.0.5 awmcash.biz O1 - Hosts: 127.0.0.5 buldog-stats.com O1 - Hosts: 127.0.0.5 http://www.buldog-stats.com O1 - Hosts: 127.0.0.5 fregat.drocherway.com O1 - Hosts: 127.0.0.5 slutmania.biz O1 - Hosts: 127.0.0.5 http://www.slutmania.biz O1 - Hosts: 127.0.0.5 toolbarpartner.com O1 - Hosts: 127.0.0.5 http://www.toolbarpartner.com O1 - Hosts: 127.0.0.5 http://www.megapornix.com O1 - Hosts: 127.0.0.5 megapornix.com O1 - Hosts: 127.0.0.5 http://www.sp2fucked.biz O1 - Hosts: 127.0.0.5 sp2fucked.biz O1 - Hosts: 127.0.0.5 greg-tut.com O1 - Hosts: 127.0.0.5 http://www.greg-tut.com O1 - Hosts: 127.0.0.5 nylonsexy.com O1 - Hosts: 127.0.0.5 http://www.nylonsexy.com O1 - Hosts: 127.0.0.5 vparivalka.com O1 - Hosts: 127.0.0.5 http://www.vparivalka.com O1 - Hosts: 127.0.0.5 iframeprofit.com O1 - Hosts: 127.0.0.5 http://www.iframeprofit.com O1 - Hosts: 127.0.0.5 topsearch10.com O1 - Hosts: 127.0.0.5 http://www.topsearch10.com O1 - Hosts: 127.0.0.5 statscash.biz O1 - Hosts: 127.0.0.5 http://www.statscash.biz O1 - Hosts: 127.0.0.5 vxiframe.biz O1 - Hosts: 127.0.0.5 http://www.vxiframe.biz O1 - Hosts: 127.0.0.5 crazy-toolbar.com O1 - Hosts: 127.0.0.5 http://www.crazy-toolbar.com O1 - Hosts: 127.0.0.5 topcash.biz O1 - Hosts: 127.0.0.5 http://www.topcash.biz O1 - Hosts: 127.0.0.5 loadcash.biz O1 - Hosts: 127.0.0.5 http://www.loadcash.biz O1 - Hosts: 127.0.0.5 txiframe.biz O1 - Hosts: 127.0.0.5 http://www.txiframe.biz O1 - Hosts: 127.0.0.5 procounter.biz O1 - Hosts: 127.0.0.5 http://www.procounter.biz O1 - Hosts: 127.0.0.5 advadmin.biz O1 - Hosts: 127.0.0.5 http://www.advadmin.biz O1 - Hosts: 127.0.0.5 trafficbest.net O1 - Hosts: 127.0.0.5 http://www.trafficbest.net O1 - Hosts: 127.0.0.5 besthvac.com O1 - Hosts: 127.0.0.5 http://www.besthvac.com O1 - Hosts: 127.0.0.5 traff4.com O1 - Hosts: 127.0.0.5 http://www.traff4.com O1 - Hosts: 127.0.0.5 ambush-script.com O1 - Hosts: 127.0.0.5 http://www.ambush-script.com O1 - Hosts: 127.0.0.5 beehappyy.biz O1 - Hosts: 127.0.0.5 http://www.beehappyy.biz O1 - Hosts: 127.0.0.5 tracktraff.cc O1 - Hosts: 127.0.0.5 http://www.tracktraff.cc O1 - Hosts: 127.0.0.5 allcount.net O1 - Hosts: 127.0.0.5 http://www.allcount.net O1 - Hosts: 127.0.0.5 onedayoffer.biz O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\PROGRAM FILES\ISTBAR\ISTBARCM.DLL (file missing) O4 - HKLM…\Run: [salm] c:\program files\180searchassistant\salm.exe O4 - HKLM…\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM…\Run: [timessquare] C:\WINDOWS\TIMESSQUARE.exe O4 - HKLM…\Run: [adtech2006] C:\WINDOWS\ADTECH2006.exe O4 - HKLM…\Run: [uNAMon] E:\PROGRAM FILES\UACENTER\UNAMON.EXE O4 - HKCU…\Run: [bDomRWfnT] EXSPSTUB.EXE O4 - HKCU…\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe O4 - HKCU…\Run: [Windows installer] C:\winstall.exe O4 - HKCU…\Run: [shell] “C:\WINDOWS\SYSTEM\ibm00003.exe” O4 - HKCU…\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU…\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU…\Run: [iFUW] C:\PROGRAM FILES\COMMON FILES\IFUW\IFUWM.EXE O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU) O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (HKCU) O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media … e-c139.cab O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4 . … egular.cab O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_65.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://playqames.com/default.cab?uid=18 … x&1s&ppd=5 O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\SYSTEM\fnbndlkc.dll (file missing)
Gutek
(Gutek)
6 Grudzień 2005 20:07
#2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com O1 - Hosts: 127.0.0.5 x.full-tgp.net O1 - Hosts: 127.0.0.5 counter.sexmaniack.com O1 - Hosts: 127.0.0.5 autoescrowpay.com O1 - Hosts: 127.0.0.5 http://www.autoescrowpay.com O1 - Hosts: 127.0.0.5 http://www.awmdabest.com O1 - Hosts: 127.0.0.5 http://www.sexfiles.nu O1 - Hosts: 127.0.0.5 awmdabest.com O1 - Hosts: 127.0.0.5 sexfiles.nu O1 - Hosts: 127.0.0.5 allforadult.com O1 - Hosts: 127.0.0.5 http://www.allforadult.com O1 - Hosts: 127.0.0.5 http://www.iframe.biz O1 - Hosts: 127.0.0.5 iframe.biz O1 - Hosts: 127.0.0.5 http://www.newiframe.biz O1 - Hosts: 127.0.0.5 newiframe.biz O1 - Hosts: 127.0.0.5 http://www.vesbiz.biz O1 - Hosts: 127.0.0.5 vesbiz.biz O1 - Hosts: 127.0.0.5 http://www.pizdato.biz O1 - Hosts: 127.0.0.5 pizdato.biz O1 - Hosts: 127.0.0.5 http://www.awmcash.biz O1 - Hosts: 127.0.0.5 awmcash.biz O1 - Hosts: 127.0.0.5 buldog-stats.com O1 - Hosts: 127.0.0.5 http://www.buldog-stats.com O1 - Hosts: 127.0.0.5 fregat.drocherway.com O1 - Hosts: 127.0.0.5 slutmania.biz O1 - Hosts: 127.0.0.5 http://www.slutmania.biz O1 - Hosts: 127.0.0.5 toolbarpartner.com O1 - Hosts: 127.0.0.5 http://www.toolbarpartner.com O1 - Hosts: 127.0.0.5 http://www.megapornix.com O1 - Hosts: 127.0.0.5 megapornix.com O1 - Hosts: 127.0.0.5 http://www.sp2fucked.biz O1 - Hosts: 127.0.0.5 sp2fucked.biz O1 - Hosts: 127.0.0.5 greg-tut.com O1 - Hosts: 127.0.0.5 http://www.greg-tut.com O1 - Hosts: 127.0.0.5 nylonsexy.com O1 - Hosts: 127.0.0.5 http://www.nylonsexy.com O1 - Hosts: 127.0.0.5 vparivalka.com O1 - Hosts: 127.0.0.5 http://www.vparivalka.com O1 - Hosts: 127.0.0.5 iframeprofit.com O1 - Hosts: 127.0.0.5 http://www.iframeprofit.com O1 - Hosts: 127.0.0.5 topsearch10.com O1 - Hosts: 127.0.0.5 http://www.topsearch10.com O1 - Hosts: 127.0.0.5 statscash.biz O1 - Hosts: 127.0.0.5 http://www.statscash.biz O1 - Hosts: 127.0.0.5 vxiframe.biz O1 - Hosts: 127.0.0.5 http://www.vxiframe.biz O1 - Hosts: 127.0.0.5 crazy-toolbar.com O1 - Hosts: 127.0.0.5 http://www.crazy-toolbar.com O1 - Hosts: 127.0.0.5 topcash.biz O1 - Hosts: 127.0.0.5 http://www.topcash.biz O1 - Hosts: 127.0.0.5 loadcash.biz O1 - Hosts: 127.0.0.5 http://www.loadcash.biz O1 - Hosts: 127.0.0.5 txiframe.biz O1 - Hosts: 127.0.0.5 http://www.txiframe.biz O1 - Hosts: 127.0.0.5 procounter.biz O1 - Hosts: 127.0.0.5 http://www.procounter.biz O1 - Hosts: 127.0.0.5 advadmin.biz O1 - Hosts: 127.0.0.5 http://www.advadmin.biz O1 - Hosts: 127.0.0.5 trafficbest.net O1 - Hosts: 127.0.0.5 http://www.trafficbest.net O1 - Hosts: 127.0.0.5 besthvac.com O1 - Hosts: 127.0.0.5 http://www.besthvac.com O1 - Hosts: 127.0.0.5 traff4.com O1 - Hosts: 127.0.0.5 http://www.traff4.com O1 - Hosts: 127.0.0.5 ambush-script.com O1 - Hosts: 127.0.0.5 http://www.ambush-script.com O1 - Hosts: 127.0.0.5 beehappyy.biz O1 - Hosts: 127.0.0.5 http://www.beehappyy.biz O1 - Hosts: 127.0.0.5 tracktraff.cc O1 - Hosts: 127.0.0.5 http://www.tracktraff.cc O1 - Hosts: 127.0.0.5 allcount.net O1 - Hosts: 127.0.0.5 http://www.allcount.net O1 - Hosts: 127.0.0.5 onedayoffer.biz O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\PROGRAM FILES\ISTBAR\ISTBARCM.DLL (file missing) O4 - HKLM…\Run: [salm] c:\program files\180searchassistant\salm.exe O4 - HKLM…\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe O4 - HKLM…\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM…\Run: [timessquare] C:\WINDOWS\TIMESSQUARE.exe O4 - HKLM…\Run: [adtech2006] C:\WINDOWS\ADTECH2006.exe O4 - HKCU…\Run: [bDomRWfnT] EXSPSTUB.EXE O4 - HKCU…\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe O4 - HKCU…\Run: [Windows installer] C:\winstall.exe O4 - HKLM…\Run: [uNAMon] E:\PROGRAM FILES\UACENTER\UNAMON.EXE O4 - HKCU…\Run: [shell] “C:\WINDOWS\SYSTEM\ibm00003.exe” O4 - HKCU…\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU…\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU…\Run: [iFUW] C:\PROGRAM FILES\COMMON FILES\IFUW\IFUWM.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU) O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (HKCU) O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media … e-c139.cab O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4 . … egular.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://playqames.com/default.cab?uid=18 … x&1s&ppd=5 O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\SYSTEM\fnbndlkc.dll (file missing)
Zastartować do trybu awaryjnego bez internetu(opis TU ).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte. Dodatkowo O15 może będzie stawiać opór więc ściągnij KillTrusted 0.7
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log
Uzyj FxIstbar.exe.
Zastosuj Usuwanie tapety SpySheriff
Jak znasz zostaw w ciemno każe usnąć IFUW i UNAMon
cwaniak69
(Barcelona1988)
6 Grudzień 2005 21:40
#3
Logfile of HijackThis v1.99.1
Scan saved at 22:41:14, on 05-12-06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINSTALL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
E:\GADU-GADU\GG.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
E:\DO WIRUSOW\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.5 x.full-tgp.net
O1 - Hosts: 127.0.0.5 counter.sexmaniack.com
O1 - Hosts: 127.0.0.5 autoescrowpay.com
O1 - Hosts: 127.0.0.5 www.autoescrowpay.com
O1 - Hosts: 127.0.0.5 www.awmdabest.com
O1 - Hosts: 127.0.0.5 www.sexfiles.nu
O1 - Hosts: 127.0.0.5 awmdabest.com
O1 - Hosts: 127.0.0.5 sexfiles.nu
O1 - Hosts: 127.0.0.5 allforadult.com
O1 - Hosts: 127.0.0.5 www.allforadult.com
O1 - Hosts: 127.0.0.5 www.iframe.biz
O1 - Hosts: 127.0.0.5 iframe.biz
O1 - Hosts: 127.0.0.5 www.newiframe.biz
O1 - Hosts: 127.0.0.5 newiframe.biz
O1 - Hosts: 127.0.0.5 www.vesbiz.biz
O1 - Hosts: 127.0.0.5 vesbiz.biz
O1 - Hosts: 127.0.0.5 www.pizdato.biz
O1 - Hosts: 127.0.0.5 pizdato.biz
O1 - Hosts: 127.0.0.5 www.awmcash.biz
O1 - Hosts: 127.0.0.5 awmcash.biz
O1 - Hosts: 127.0.0.5 buldog-stats.com
O1 - Hosts: 127.0.0.5 www.buldog-stats.com
O1 - Hosts: 127.0.0.5 fregat.drocherway.com
O1 - Hosts: 127.0.0.5 slutmania.biz
O1 - Hosts: 127.0.0.5 www.slutmania.biz
O1 - Hosts: 127.0.0.5 toolbarpartner.com
O1 - Hosts: 127.0.0.5 www.toolbarpartner.com
O1 - Hosts: 127.0.0.5 www.megapornix.com
O1 - Hosts: 127.0.0.5 megapornix.com
O1 - Hosts: 127.0.0.5 www.sp2fucked.biz
O1 - Hosts: 127.0.0.5 sp2fucked.biz
O1 - Hosts: 127.0.0.5 greg-tut.com
O1 - Hosts: 127.0.0.5 www.greg-tut.com
O1 - Hosts: 127.0.0.5 nylonsexy.com
O1 - Hosts: 127.0.0.5 www.nylonsexy.com
O1 - Hosts: 127.0.0.5 vparivalka.com
O1 - Hosts: 127.0.0.5 www.vparivalka.com
O1 - Hosts: 127.0.0.5 iframeprofit.com
O1 - Hosts: 127.0.0.5 www.iframeprofit.com
O1 - Hosts: 127.0.0.5 topsearch10.com
O1 - Hosts: 127.0.0.5 www.topsearch10.com
O1 - Hosts: 127.0.0.5 statscash.biz
O1 - Hosts: 127.0.0.5 www.statscash.biz
O1 - Hosts: 127.0.0.5 vxiframe.biz
O1 - Hosts: 127.0.0.5 www.vxiframe.biz
O1 - Hosts: 127.0.0.5 crazy-toolbar.com
O1 - Hosts: 127.0.0.5 www.crazy-toolbar.com
O1 - Hosts: 127.0.0.5 topcash.biz
O1 - Hosts: 127.0.0.5 www.topcash.biz
O1 - Hosts: 127.0.0.5 loadcash.biz
O1 - Hosts: 127.0.0.5 www.loadcash.biz
O1 - Hosts: 127.0.0.5 txiframe.biz
O1 - Hosts: 127.0.0.5 www.txiframe.biz
O1 - Hosts: 127.0.0.5 procounter.biz
O1 - Hosts: 127.0.0.5 www.procounter.biz
O1 - Hosts: 127.0.0.5 advadmin.biz
O1 - Hosts: 127.0.0.5 www.advadmin.biz
O1 - Hosts: 127.0.0.5 trafficbest.net
O1 - Hosts: 127.0.0.5 www.trafficbest.net
O1 - Hosts: 127.0.0.5 besthvac.com
O1 - Hosts: 127.0.0.5 www.besthvac.com
O1 - Hosts: 127.0.0.5 traff4.com
O1 - Hosts: 127.0.0.5 www.traff4.com
O1 - Hosts: 127.0.0.5 ambush-script.com
O1 - Hosts: 127.0.0.5 www.ambush-script.com
O1 - Hosts: 127.0.0.5 beehappyy.biz
O1 - Hosts: 127.0.0.5 www.beehappyy.biz
O1 - Hosts: 127.0.0.5 tracktraff.cc
O1 - Hosts: 127.0.0.5 www.tracktraff.cc
O1 - Hosts: 127.0.0.5 allcount.net
O1 - Hosts: 127.0.0.5 www.allcount.net
O1 - Hosts: 127.0.0.5 onedayoffer.biz
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\PROGRAM FILES\ISTBAR\ISTBARCM.DLL (file missing)
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (HKCU)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_65.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://playqames.com/default.cab?uid=18&id=31346&ex&1s&ppd=5
kuz5
(Kuz5)
6 Grudzień 2005 22:00
#4
Usuń: (wszystko oczywiście robisz w trybie awaryjnym )
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com O1 - Hosts: 127.0.0.5 x.full-tgp.net O1 - Hosts: 127.0.0.5 counter.sexmaniack.com O1 - Hosts: 127.0.0.5 autoescrowpay.com O1 - Hosts: 127.0.0.5 http://www.autoescrowpay.com O1 - Hosts: 127.0.0.5 http://www.awmdabest.com O1 - Hosts: 127.0.0.5 http://www.sexfiles.nu O1 - Hosts: 127.0.0.5 awmdabest.com O1 - Hosts: 127.0.0.5 sexfiles.nu O1 - Hosts: 127.0.0.5 allforadult.com O1 - Hosts: 127.0.0.5 http://www.allforadult.com O1 - Hosts: 127.0.0.5 http://www.iframe.biz O1 - Hosts: 127.0.0.5 iframe.biz O1 - Hosts: 127.0.0.5 http://www.newiframe.biz O1 - Hosts: 127.0.0.5 newiframe.biz O1 - Hosts: 127.0.0.5 http://www.vesbiz.biz O1 - Hosts: 127.0.0.5 vesbiz.biz O1 - Hosts: 127.0.0.5 http://www.pizdato.biz O1 - Hosts: 127.0.0.5 pizdato.biz O1 - Hosts: 127.0.0.5 http://www.awmcash.biz O1 - Hosts: 127.0.0.5 awmcash.biz O1 - Hosts: 127.0.0.5 buldog-stats.com O1 - Hosts: 127.0.0.5 http://www.buldog-stats.com O1 - Hosts: 127.0.0.5 fregat.drocherway.com O1 - Hosts: 127.0.0.5 slutmania.biz O1 - Hosts: 127.0.0.5 http://www.slutmania.biz O1 - Hosts: 127.0.0.5 toolbarpartner.com O1 - Hosts: 127.0.0.5 http://www.toolbarpartner.com O1 - Hosts: 127.0.0.5 http://www.megapornix.com O1 - Hosts: 127.0.0.5 megapornix.com O1 - Hosts: 127.0.0.5 http://www.sp2fucked.biz O1 - Hosts: 127.0.0.5 sp2fucked.biz O1 - Hosts: 127.0.0.5 greg-tut.com O1 - Hosts: 127.0.0.5 http://www.greg-tut.com O1 - Hosts: 127.0.0.5 nylonsexy.com O1 - Hosts: 127.0.0.5 http://www.nylonsexy.com O1 - Hosts: 127.0.0.5 vparivalka.com O1 - Hosts: 127.0.0.5 http://www.vparivalka.com O1 - Hosts: 127.0.0.5 iframeprofit.com O1 - Hosts: 127.0.0.5 http://www.iframeprofit.com O1 - Hosts: 127.0.0.5 topsearch10.com O1 - Hosts: 127.0.0.5 http://www.topsearch10.com O1 - Hosts: 127.0.0.5 statscash.biz O1 - Hosts: 127.0.0.5 http://www.statscash.biz O1 - Hosts: 127.0.0.5 vxiframe.biz O1 - Hosts: 127.0.0.5 http://www.vxiframe.biz O1 - Hosts: 127.0.0.5 crazy-toolbar.com O1 - Hosts: 127.0.0.5 http://www.crazy-toolbar.com O1 - Hosts: 127.0.0.5 topcash.biz O1 - Hosts: 127.0.0.5 http://www.topcash.biz O1 - Hosts: 127.0.0.5 loadcash.biz O1 - Hosts: 127.0.0.5 http://www.loadcash.biz O1 - Hosts: 127.0.0.5 txiframe.biz O1 - Hosts: 127.0.0.5 http://www.txiframe.biz O1 - Hosts: 127.0.0.5 procounter.biz O1 - Hosts: 127.0.0.5 http://www.procounter.biz O1 - Hosts: 127.0.0.5 advadmin.biz O1 - Hosts: 127.0.0.5 http://www.advadmin.biz O1 - Hosts: 127.0.0.5 trafficbest.net O1 - Hosts: 127.0.0.5 http://www.trafficbest.net O1 - Hosts: 127.0.0.5 besthvac.com O1 - Hosts: 127.0.0.5 http://www.besthvac.com O1 - Hosts: 127.0.0.5 traff4.com O1 - Hosts: 127.0.0.5 http://www.traff4.com O1 - Hosts: 127.0.0.5 ambush-script.com O1 - Hosts: 127.0.0.5 http://www.ambush-script.com O1 - Hosts: 127.0.0.5 beehappyy.biz O1 - Hosts: 127.0.0.5 http://www.beehappyy.biz O1 - Hosts: 127.0.0.5 tracktraff.cc O1 - Hosts: 127.0.0.5 http://www.tracktraff.cc O1 - Hosts: 127.0.0.5 allcount.net O1 - Hosts: 127.0.0.5 http://www.allcount.net O1 - Hosts: 127.0.0.5 onedayoffer.biz O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\PROGRAM FILES\ISTBAR\ISTBARCM.DLL (file missing) O4 - HKLM…\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe O4 - HKCU…\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU…\Run: [Windows installer] C:\winstall.exe O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU) O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (HKCU) O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media … e-c139.cab O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://playqames.com/default.cab?uid=18 … x&1s&ppd=5 O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4 . … egular.cab
Pliki na czerwono usun ręcznie z dysku
Zastosowałeś się do?
Plik winstall.exe usuń programem Pocket Killbox czyli odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżke:
C:* * winstall.exe**
następnie program będzie pytał o restart (oczywiście zgadzasz sie)
cwaniak69
(Barcelona1988)
7 Grudzień 2005 15:50
#5
Logfile of HijackThis v1.99.1
Scan saved at 16:51:38, on 05-12-07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
E:\GADU-GADU\GG.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
E:\DO WIRUSOW\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.5 x.full-tgp.net
O1 - Hosts: 127.0.0.5 counter.sexmaniack.com
O1 - Hosts: 127.0.0.5 autoescrowpay.com
O1 - Hosts: 127.0.0.5 www.autoescrowpay.com
O1 - Hosts: 127.0.0.5 www.awmdabest.com
O1 - Hosts: 127.0.0.5 www.sexfiles.nu
O1 - Hosts: 127.0.0.5 awmdabest.com
O1 - Hosts: 127.0.0.5 sexfiles.nu
O1 - Hosts: 127.0.0.5 allforadult.com
O1 - Hosts: 127.0.0.5 www.allforadult.com
O1 - Hosts: 127.0.0.5 www.iframe.biz
O1 - Hosts: 127.0.0.5 iframe.biz
O1 - Hosts: 127.0.0.5 www.newiframe.biz
O1 - Hosts: 127.0.0.5 newiframe.biz
O1 - Hosts: 127.0.0.5 www.vesbiz.biz
O1 - Hosts: 127.0.0.5 vesbiz.biz
O1 - Hosts: 127.0.0.5 www.pizdato.biz
O1 - Hosts: 127.0.0.5 pizdato.biz
O1 - Hosts: 127.0.0.5 www.awmcash.biz
O1 - Hosts: 127.0.0.5 awmcash.biz
O1 - Hosts: 127.0.0.5 buldog-stats.com
O1 - Hosts: 127.0.0.5 www.buldog-stats.com
O1 - Hosts: 127.0.0.5 fregat.drocherway.com
O1 - Hosts: 127.0.0.5 slutmania.biz
O1 - Hosts: 127.0.0.5 www.slutmania.biz
O1 - Hosts: 127.0.0.5 toolbarpartner.com
O1 - Hosts: 127.0.0.5 www.toolbarpartner.com
O1 - Hosts: 127.0.0.5 www.megapornix.com
O1 - Hosts: 127.0.0.5 megapornix.com
O1 - Hosts: 127.0.0.5 www.sp2fucked.biz
O1 - Hosts: 127.0.0.5 sp2fucked.biz
O1 - Hosts: 127.0.0.5 greg-tut.com
O1 - Hosts: 127.0.0.5 www.greg-tut.com
O1 - Hosts: 127.0.0.5 nylonsexy.com
O1 - Hosts: 127.0.0.5 www.nylonsexy.com
O1 - Hosts: 127.0.0.5 vparivalka.com
O1 - Hosts: 127.0.0.5 www.vparivalka.com
O1 - Hosts: 127.0.0.5 iframeprofit.com
O1 - Hosts: 127.0.0.5 www.iframeprofit.com
O1 - Hosts: 127.0.0.5 topsearch10.com
O1 - Hosts: 127.0.0.5 www.topsearch10.com
O1 - Hosts: 127.0.0.5 statscash.biz
O1 - Hosts: 127.0.0.5 www.statscash.biz
O1 - Hosts: 127.0.0.5 vxiframe.biz
O1 - Hosts: 127.0.0.5 www.vxiframe.biz
O1 - Hosts: 127.0.0.5 crazy-toolbar.com
O1 - Hosts: 127.0.0.5 www.crazy-toolbar.com
O1 - Hosts: 127.0.0.5 topcash.biz
O1 - Hosts: 127.0.0.5 www.topcash.biz
O1 - Hosts: 127.0.0.5 loadcash.biz
O1 - Hosts: 127.0.0.5 www.loadcash.biz
O1 - Hosts: 127.0.0.5 txiframe.biz
O1 - Hosts: 127.0.0.5 www.txiframe.biz
O1 - Hosts: 127.0.0.5 procounter.biz
O1 - Hosts: 127.0.0.5 www.procounter.biz
O1 - Hosts: 127.0.0.5 advadmin.biz
O1 - Hosts: 127.0.0.5 www.advadmin.biz
O1 - Hosts: 127.0.0.5 trafficbest.net
O1 - Hosts: 127.0.0.5 www.trafficbest.net
O1 - Hosts: 127.0.0.5 besthvac.com
O1 - Hosts: 127.0.0.5 www.besthvac.com
O1 - Hosts: 127.0.0.5 traff4.com
O1 - Hosts: 127.0.0.5 www.traff4.com
O1 - Hosts: 127.0.0.5 ambush-script.com
O1 - Hosts: 127.0.0.5 www.ambush-script.com
O1 - Hosts: 127.0.0.5 beehappyy.biz
O1 - Hosts: 127.0.0.5 www.beehappyy.biz
O1 - Hosts: 127.0.0.5 tracktraff.cc
O1 - Hosts: 127.0.0.5 www.tracktraff.cc
O1 - Hosts: 127.0.0.5 allcount.net
O1 - Hosts: 127.0.0.5 www.allcount.net
O1 - Hosts: 127.0.0.5 onedayoffer.biz
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\PROGRAM FILES\ISTBAR\ISTBARCM.DLL (file missing)
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (HKCU)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_65.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://playqames.com/default.cab?uid=18&id=31346&ex&1s&ppd=5
Gutek
(Gutek)
7 Grudzień 2005 16:04
#6
Poczytaj jeszcze raz mój post i rób jak mówiłem nadal są te wpisy!!
cwaniak69
(Barcelona1988)
7 Grudzień 2005 16:18
#7
Logfile of HijackThis v1.99.1
Scan saved at 17:19:06, on 05-12-07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
E:\GADU-GADU\GG.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
E:\DO WIRUSOW\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\PROGRAM FILES\ISTBAR\ISTBARCM.DLL (file missing)
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (HKCU)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
Gutek
(Gutek)
7 Grudzień 2005 16:24
#8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\PROGRAM FILES\ISTBAR\ISTBARCM.DLL (file missing) O4 - HKLM…\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe O4 - HKCU…\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU…\Run: [Windows installer] C:\winstall.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU) O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (HKCU) O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media … e-c139.cab O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
Zastartować do trybu awaryjnego bez internetu.
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.
Skasować z dysku pliki i foldery, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log
Poczytaj i zastosuj Usuwanie tapety SpySheriff
cwaniak69
(Barcelona1988)
7 Grudzień 2005 16:57
#9
Logfile of HijackThis v1.99.1
Scan saved at 17:59:03, on 05-12-07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
E:\GADU-GADU\GG.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
E:\DO WIRUSOW\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O8 - Extra context menu item: Ebates - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Gutek
(Gutek)
7 Grudzień 2005 17:03
#10
Zostało post wyżej jak usunąc ale w szczególności winstall.exe - instrukcję Usuwanie tapety SpySheriff
cwaniak69
(Barcelona1988)
7 Grudzień 2005 17:54
#11
Logfile of HijackThis v1.99.1
Scan saved at 18:55:13, on 05-12-07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
[code]C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
E:\GADU-GADU\GG.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
E:\DO WIRUSOW\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://www.google.pl/]http://www.google.pl/[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
juz normalna strone mam w necie jak wlączam