Prosze o sprawdzenie loga

tomh2o · 7 Styczeń 2006 18:38

Logfile of HijackThis v1.99.1 Scan saved at 21:20:29, on 2006-01-05 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\PTSNOOP.EXE C:\WINDOWS\SYSTEM\CMMPU.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE D:\Z INTERNTU\WINAMP\WINAMPA.EXE C:\WINDOWS\BANMANPRO.EXE C:\WINDOWS\LANLITE.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\GADU-GADU\GG.EXE C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQM.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQA.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE C:\WINDOWS\TEMP\RAR$EX00.321\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F1 - win.ini: load=ptsnoop.exe F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe hpfsched O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com O1 - Hosts: 127.0.0.5 x.full-tgp.net O1 - Hosts: 127.0.0.5 counter.sexmaniack.com O1 - Hosts: 127.0.0.5 autoescrowpay.com O1 - Hosts: 127.0.0.5 http://www.autoescrowpay.com O1 - Hosts: 127.0.0.5 http://www.awmdabest.com O1 - Hosts: 127.0.0.5 http://www.sexfiles.nu O1 - Hosts: 127.0.0.5 awmdabest.com O1 - Hosts: 127.0.0.5 sexfiles.nu O1 - Hosts: 127.0.0.5 allforadult.com O1 - Hosts: 127.0.0.5 http://www.allforadult.com O1 - Hosts: 127.0.0.5 http://www.iframe.biz O1 - Hosts: 127.0.0.5 iframe.biz O1 - Hosts: 127.0.0.5 http://www.newiframe.biz O1 - Hosts: 127.0.0.5 newiframe.biz O1 - Hosts: 127.0.0.5 http://www.vesbiz.biz O1 - Hosts: 127.0.0.5 vesbiz.biz O1 - Hosts: 127.0.0.5 http://www.pizdato.biz O1 - Hosts: 127.0.0.5 pizdato.biz O1 - Hosts: 127.0.0.5 http://www.awmcash.biz O1 - Hosts: 127.0.0.5 awmcash.biz O1 - Hosts: 127.0.0.5 buldog-stats.com O1 - Hosts: 127.0.0.5 http://www.buldog-stats.com O1 - Hosts: 127.0.0.5 fregat.drocherway.com O1 - Hosts: 127.0.0.5 slutmania.biz O1 - Hosts: 127.0.0.5 http://www.slutmania.biz O1 - Hosts: 127.0.0.5 toolbarpartner.com O1 - Hosts: 127.0.0.5 http://www.toolbarpartner.com O1 - Hosts: 127.0.0.5 http://www.megapornix.com O1 - Hosts: 127.0.0.5 megapornix.com O1 - Hosts: 127.0.0.5 http://www.sp2fucked.biz O1 - Hosts: 127.0.0.5 sp2fucked.biz O1 - Hosts: 127.0.0.5 greg-tut.com O1 - Hosts: 127.0.0.5 http://www.greg-tut.com O1 - Hosts: 127.0.0.5 nylonsexy.com O1 - Hosts: 127.0.0.5 http://www.nylonsexy.com O1 - Hosts: 127.0.0.5 vparivalka.com O1 - Hosts: 127.0.0.5 http://www.vparivalka.com O1 - Hosts: 127.0.0.5 iframeprofit.com O1 - Hosts: 127.0.0.5 http://www.iframeprofit.com O1 - Hosts: 127.0.0.5 topsearch10.com O1 - Hosts: 127.0.0.5 http://www.topsearch10.com O1 - Hosts: 127.0.0.5 statscash.biz O1 - Hosts: 127.0.0.5 http://www.statscash.biz O1 - Hosts: 127.0.0.5 vxiframe.biz O1 - Hosts: 127.0.0.5 http://www.vxiframe.biz O1 - Hosts: 127.0.0.5 crazy-toolbar.com O1 - Hosts: 127.0.0.5 http://www.crazy-toolbar.com O1 - Hosts: 127.0.0.5 topcash.biz O1 - Hosts: 127.0.0.5 http://www.topcash.biz O1 - Hosts: 127.0.0.5 loadcash.biz O1 - Hosts: 127.0.0.5 http://www.loadcash.biz O1 - Hosts: 127.0.0.5 txiframe.biz O1 - Hosts: 127.0.0.5 http://www.txiframe.biz O1 - Hosts: 127.0.0.5 procounter.biz O1 - Hosts: 127.0.0.5 http://www.procounter.biz O1 - Hosts: 127.0.0.5 advadmin.biz O1 - Hosts: 127.0.0.5 http://www.advadmin.biz O1 - Hosts: 127.0.0.5 trafficbest.net O1 - Hosts: 127.0.0.5 http://www.trafficbest.net O1 - Hosts: 127.0.0.5 besthvac.com O1 - Hosts: 127.0.0.5 http://www.besthvac.com O1 - Hosts: 127.0.0.5 traff4.com O1 - Hosts: 127.0.0.5 http://www.traff4.com O1 - Hosts: 127.0.0.5 ambush-script.com O1 - Hosts: 127.0.0.5 http://www.ambush-script.com O1 - Hosts: 127.0.0.5 beehappyy.biz O1 - Hosts: 127.0.0.5 http://www.beehappyy.biz O1 - Hosts: 127.0.0.5 tracktraff.cc O1 - Hosts: 127.0.0.5 http://www.tracktraff.cc O1 - Hosts: 127.0.0.5 allcount.net O1 - Hosts: 127.0.0.5 http://www.allcount.net O1 - Hosts: 127.0.0.5 onedayoffer.biz O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM…\Run: [Windows Millennium Edition Intro Video] C:\WINDOWS\Applic~1\Micros~1\Intro\content.hta O4 - HKLM…\Run: [selfHostUtil] C:\WINDOWS\selfhost.exe /L O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM…\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\Run: [sERVICES.EXE] C:\WINDOWS\SERVICES.EXE O4 - HKLM…\Run: [MW1HelperStartUp] C:\PROGRAM FILES\MAGIC WATERFALL SCREENSAVER\MW1HELPER.EXE /partner MW1 O4 - HKLM…\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe O4 - HKLM…\Run: [WinampAgent] D:\z interntu\Winamp\winampa.exe O4 - HKLM…\Run: [bearShare] “D:\BEARSHARE\BEARSHARE.EXE” /pause O4 - HKLM…\Run: [enewsletterpro] C:\WINDOWS\ENEWSLETTERPRO.exe O4 - HKLM…\Run: [banmanpro] C:\WINDOWS\BANMANPRO.exe O4 - HKLM…\Run: [drsmartloadb] C:\DRSMARTLOADB.exe O4 - HKLM…\Run: [spySpotter System Defender] C:\PROGRAM FILES\SPYSPOTTER3\Defender.exe -startup O4 - HKLM…\RunServices: [HiberMonitor] C:\WINDOWS\HCount.exe O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe O4 - HKLM…\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKCU…\Run: [LanLite] lanlite.exe O4 - HKCU…\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray O4 - HKCU…\Run: [MUIQ] C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQM.EXE O9 - Extra button: Wyslij SMS’a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 81.219.160.2,217.17.34.10

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5

Gutek · 7 Styczeń 2006 18:45

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com O1 - Hosts: 127.0.0.5 x.full-tgp.net O1 - Hosts: 127.0.0.5 counter.sexmaniack.com O1 - Hosts: 127.0.0.5 autoescrowpay.com O1 - Hosts: 127.0.0.5 http://www.autoescrowpay.com O1 - Hosts: 127.0.0.5 http://www.awmdabest.com O1 - Hosts: 127.0.0.5 http://www.sexfiles.nu O1 - Hosts: 127.0.0.5 awmdabest.com O1 - Hosts: 127.0.0.5 sexfiles.nu O1 - Hosts: 127.0.0.5 allforadult.com O1 - Hosts: 127.0.0.5 http://www.allforadult.com O1 - Hosts: 127.0.0.5 http://www.iframe.biz O1 - Hosts: 127.0.0.5 iframe.biz O1 - Hosts: 127.0.0.5 http://www.newiframe.biz O1 - Hosts: 127.0.0.5 newiframe.biz O1 - Hosts: 127.0.0.5 http://www.vesbiz.biz O1 - Hosts: 127.0.0.5 vesbiz.biz O1 - Hosts: 127.0.0.5 http://www.pizdato.biz O1 - Hosts: 127.0.0.5 pizdato.biz O1 - Hosts: 127.0.0.5 http://www.awmcash.biz O1 - Hosts: 127.0.0.5 awmcash.biz O1 - Hosts: 127.0.0.5 buldog-stats.com O1 - Hosts: 127.0.0.5 http://www.buldog-stats.com O1 - Hosts: 127.0.0.5 fregat.drocherway.com O1 - Hosts: 127.0.0.5 slutmania.biz O1 - Hosts: 127.0.0.5 http://www.slutmania.biz O1 - Hosts: 127.0.0.5 toolbarpartner.com O1 - Hosts: 127.0.0.5 http://www.toolbarpartner.com O1 - Hosts: 127.0.0.5 http://www.megapornix.com O1 - Hosts: 127.0.0.5 megapornix.com O1 - Hosts: 127.0.0.5 http://www.sp2fucked.biz O1 - Hosts: 127.0.0.5 sp2fucked.biz O1 - Hosts: 127.0.0.5 greg-tut.com O1 - Hosts: 127.0.0.5 http://www.greg-tut.com O1 - Hosts: 127.0.0.5 nylonsexy.com O1 - Hosts: 127.0.0.5 http://www.nylonsexy.com O1 - Hosts: 127.0.0.5 vparivalka.com O1 - Hosts: 127.0.0.5 http://www.vparivalka.com O1 - Hosts: 127.0.0.5 iframeprofit.com O1 - Hosts: 127.0.0.5 http://www.iframeprofit.com O1 - Hosts: 127.0.0.5 topsearch10.com O1 - Hosts: 127.0.0.5 http://www.topsearch10.com O1 - Hosts: 127.0.0.5 statscash.biz O1 - Hosts: 127.0.0.5 http://www.statscash.biz O1 - Hosts: 127.0.0.5 vxiframe.biz O1 - Hosts: 127.0.0.5 http://www.vxiframe.biz O1 - Hosts: 127.0.0.5 crazy-toolbar.com O1 - Hosts: 127.0.0.5 http://www.crazy-toolbar.com O1 - Hosts: 127.0.0.5 topcash.biz O1 - Hosts: 127.0.0.5 http://www.topcash.biz O1 - Hosts: 127.0.0.5 loadcash.biz O1 - Hosts: 127.0.0.5 http://www.loadcash.biz O1 - Hosts: 127.0.0.5 txiframe.biz O1 - Hosts: 127.0.0.5 http://www.txiframe.biz O1 - Hosts: 127.0.0.5 procounter.biz O1 - Hosts: 127.0.0.5 http://www.procounter.biz O1 - Hosts: 127.0.0.5 advadmin.biz O1 - Hosts: 127.0.0.5 http://www.advadmin.biz O1 - Hosts: 127.0.0.5 trafficbest.net O1 - Hosts: 127.0.0.5 http://www.trafficbest.net O1 - Hosts: 127.0.0.5 besthvac.com O1 - Hosts: 127.0.0.5 http://www.besthvac.com O1 - Hosts: 127.0.0.5 traff4.com O1 - Hosts: 127.0.0.5 http://www.traff4.com O1 - Hosts: 127.0.0.5 ambush-script.com O1 - Hosts: 127.0.0.5 http://www.ambush-script.com O1 - Hosts: 127.0.0.5 beehappyy.biz O1 - Hosts: 127.0.0.5 http://www.beehappyy.biz O1 - Hosts: 127.0.0.5 tracktraff.cc O1 - Hosts: 127.0.0.5 http://www.tracktraff.cc O1 - Hosts: 127.0.0.5 allcount.net O1 - Hosts: 127.0.0.5 http://www.allcount.net O1 - Hosts: 127.0.0.5 onedayoffer.biz O4 - HKLM…\Run: [sERVICES.EXE] C:\WINDOWS\SERVICES.EXE O4 - HKLM…\Run: [enewsletterpro] C:\WINDOWS\ENEWSLETTERPRO.exe O4 - HKLM…\Run: [banmanpro] C:\WINDOWS\BANMANPRO.exe O4 - HKLM…\Run: [drsmartloadb] C:\DRSMARTLOADB.exe

Wyłączyć Przywracanie systemu w ME TU
Zastartować do trybu awaryjnego bez internetu(opis w linku wyżej).
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked. Wpisy zostaną usunięte.
Skasować z dysku pliki, które podkreśliłem na czerwono
Dokończyć skanerami online - Scanery do wyboru
Pokazać nowy log

tomh2o · 7 Styczeń 2006 19:42

jak skasowac pliki zaznaczone na czerwono dokladniej napisz dzieki

jimmi · 7 Styczeń 2006 19:50

http://dobreprogramy.pl/index.php?dz=22&id=188&t=82 spróbuj tym gdy nie pomoże to arcavir

Gutek · 7 Styczeń 2006 20:30

Jak postępujesz i idziesz według instrukcji to jesteś w trybie awaryjnym a tam szukasz lokalizacji pliku i wchodzisz np. C:\WINDOWS\ i szukasz SERVICES.EXE i kasujesz

tomh2o · 7 Styczeń 2006 21:20

daje loga po kasowaniach

cytat

Logfile of HijackThis v1.99.1 Scan saved at 00:03:26, on 2006-01-06 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\PTSNOOP.EXE C:\WINDOWS\SYSTEM\CMMPU.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE D:\Z INTERNTU\WINAMP\WINAMPA.EXE C:\WINDOWS\BANMANPRO.EXE C:\WINDOWS\LANLITE.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\GADU-GADU\GG.EXE C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQM.EXE C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQA.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE C:\WINDOWS\TEMP\RAR$EX01.756\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F1 - win.ini: load=ptsnoop.exe F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe hpfsched O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM…\Run: [Windows Millennium Edition Intro Video] C:\WINDOWS\Applic~1\Micros~1\Intro\content.hta O4 - HKLM…\Run: [selfHostUtil] C:\WINDOWS\selfhost.exe /L O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM…\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\Run: [sERVICES.EXE] C:\WINDOWS\SERVICES.EXE O4 - HKLM…\Run: [MW1HelperStartUp] C:\PROGRAM FILES\MAGIC WATERFALL SCREENSAVER\MW1HELPER.EXE /partner MW1 O4 - HKLM…\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe O4 - HKLM…\Run: [WinampAgent] D:\z interntu\Winamp\winampa.exe O4 - HKLM…\Run: [bearShare] “D:\BEARSHARE\BEARSHARE.EXE” /pause O4 - HKLM…\Run: [enewsletterpro] C:\WINDOWS\ENEWSLETTERPRO.exe O4 - HKLM…\Run: [banmanpro] C:\WINDOWS\BANMANPRO.exe O4 - HKLM…\Run: [drsmartloadb] C:\DRSMARTLOADB.exe O4 - HKLM…\Run: [spySpotter System Defender] C:\PROGRAM FILES\SPYSPOTTER3\Defender.exe -startup O4 - HKLM…\RunServices: [HiberMonitor] C:\WINDOWS\HCount.exe O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe O4 - HKLM…\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKCU…\Run: [LanLite] lanlite.exe O4 - HKCU…\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray O4 - HKCU…\Run: [MUIQ] C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQM.EXE O9 - Extra button: Wyslij SMS’a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 81.219.160.2,217.17.34.10

Gutek · 7 Styczeń 2006 21:24

Nic nie usunołeś, użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki

C:\WINDOWS\BANMANPRO.exe

C:\WINDOWS\ENEWSLETTERPRO.exe

C:\WINDOWS\SERVICES.EXE

C:\DRSMARTLOADB.exe

i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.

To mniej wiecej tak wygląda

http://viruscenter.pl/mrowek/screeny/kill1.jpg

tomh2o · 7 Styczeń 2006 23:10

cytat

Logfile of HijackThis v1.99.1 Scan saved at 01:53:59, on 2006-01-06 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\RUNDLL32.EXE C:\WINDOWS\PTSNOOP.EXE C:\WINDOWS\SYSTEM\CMMPU.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE D:\Z INTERNTU\WINAMP\WINAMPA.EXE C:\WINDOWS\BANMANPRO.EXE C:\WINDOWS\LANLITE.EXE C:\WINDOWS\RunDLL.exe C:\PROGRAM FILES\GADU-GADU\GG.EXE C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQM.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQA.EXE C:\PROGRAM FILES\WINRAR\WINRAR.EXE C:\WINDOWS\TEMP\RAR$EX00.835\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F1 - win.ini: load=ptsnoop.exe F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe hpfsched O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM…\Run: [Windows Millennium Edition Intro Video] C:\WINDOWS\Applic~1\Micros~1\Intro\content.hta O4 - HKLM…\Run: [selfHostUtil] C:\WINDOWS\selfhost.exe /L O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM…\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\Run: [sERVICES.EXE] C:\WINDOWS\SERVICES.EXE O4 - HKLM…\Run: [MW1HelperStartUp] C:\PROGRAM FILES\MAGIC WATERFALL SCREENSAVER\MW1HELPER.EXE /partner MW1 O4 - HKLM…\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe O4 - HKLM…\Run: [WinampAgent] D:\z interntu\Winamp\winampa.exe O4 - HKLM…\Run: [bearShare] “D:\BEARSHARE\BEARSHARE.EXE” /pause O4 - HKLM…\Run: [enewsletterpro] C:\WINDOWS\ENEWSLETTERPRO.exe O4 - HKLM…\Run: [banmanpro] C:\WINDOWS\BANMANPRO.exe O4 - HKLM…\Run: [drsmartloadb] C:\DRSMARTLOADB.exe O4 - HKLM…\Run: [spySpotter System Defender] C:\PROGRAM FILES\SPYSPOTTER3\Defender.exe -startup O4 - HKLM…\RunServices: [HiberMonitor] C:\WINDOWS\HCount.exe O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe O4 - HKLM…\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKCU…\Run: [LanLite] lanlite.exe O4 - HKCU…\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray O4 - HKCU…\Run: [MUIQ] C:\PROGRAM FILES\COMMON FILES\MUIQ\MUIQM.EXE O9 - Extra button: Wyslij SMS’a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 81.219.160.2,217.17.34.10

Gutek · 7 Styczeń 2006 23:15

nie wiem jak to robisz ale nadal masz to samo świństwo, instrukcja usuwania sie nie zmienia

tomh2o · 7 Styczeń 2006 23:23

probowalem ze trzy razy sprawdzam i bez zmian moze cos innego mozemy \esz zrobic

Gutek · 7 Styczeń 2006 23:27

W trybie awaryjnym usuwasz recznie plik inaczej sie nie da.

jeszcze odinstaluj szitowy program

tomh2o · 10 Styczeń 2006 20:45

CZESC nie odzywalem sie bo musialem formatowac dzieki nara