Strona startowa


(Future2019) #1

Nie mogę na swoim komputerze ustawić dowolnej strony głównej. Poza tym co jakiś czas wyskakują okienka z informacjami o błędach i wirusach.

Logfile of HijackThis v1.99.1

Scan saved at 18:28:18, on 05-04-11

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SPOOLSRV32.EXE

C:\TNT2-64\VI_GRM.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\WINDOWS\SYSTEM\FMCTRL.EXE

C:\WINDOWS\SYSTEM32\XPSP2FW.EXE

C:\WINDOWS\SYSTEM\SYSTIME.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\GAH95ON6.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\SYSTIME.EXE

C:\WP.EXE

C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\WINRAR\WINRAR.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\MOJE DOKUMENTY\TAA\NOWY FOLDER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F1 - win.ini: load=C:\TNT2-64\vi_grm.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL (file missing)

O2 - BHO: (no name) - {AB118601-A915-11D9-BEEF-000EB250128A} - C:\WINDOWS\SYSTEM\PEEJ.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min

O4 - HKLM..\Run: [sSAntyDialer] C:\Program Files\SSAntyDialer\SSAntyDialer.exe tray

O4 - HKLM..\Run: [AntyDialerTP] "c:\program files\antydialer tp\antydialertp.exe" tray

O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\Run: [internat.exe] internat.exe

O4 - HKLM..\Run: [Reg32] C:\WINDOWS\reg32.exe

O4 - HKLM..\Run: [EzAudioTray] C:\PROGRAM FILES\EZAUDIO\EZAUDIO.EXE TRAYAPP

O4 - HKLM..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [Q3dctlTray] Fmctrl.EXE

O4 - HKLM..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"

O4 - HKLM..\Run: [salm] c:\temp\salm.exe

O4 - HKLM..\Run: [hgzmhkz] C:\WINDOWS\hgzmhkz.exe

O4 - HKLM..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe

O4 - HKLM..\Run: [sysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - HKLM..\Run: [ewefbYW^]babxwut] C:\WINDOWS\SYSTEM\tkavuljmmhwz.exe

O4 - HKLM..\Run: [vmtune] %SystemRoot%\system32\gdlib.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM..\Run: [gah95on6] C:\WINDOWS\SYSTEM\gah95on6.exe

O4 - HKLM..\Run: [security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe

O4 - HKLM..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM..\RunServices: [ewefbYW^]babxwut] C:\WINDOWS\SYSTEM\tkavuljmmhwz.exe

O4 - HKLM..\RunServices: [srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE

O4 - HKCU..\Run: [Windows Update Client] C:\WINDOWS\system32\wuclient.exe

O4 - HKCU..\Run: [sysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - HKCU..\Run: [skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized

O4 - HKCU..\Run: [WindowsFY] C:\WP.EXE

O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O4 - Startup: PowerReg Scheduler.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: Microsoft AntiSpyware helper - {B65D1060-A915-11D9-BEEF-000E5C8F1D19} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B65D1060-A915-11D9-BEEF-000E5C8F1D19} - (no file) (HKCU)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted IP range: 67.19.185.246

O15 - Trusted IP range: 67.19.185.246 (HKLM)

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg.ocx

O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) - http://czat.onet.pl/client/kalambury/NetPunGame.dll

O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GINBILLARD9 Class) - http://gryonline.wp.pl/files/billard9_2_0_0_6.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.2/g_bin/pl/poker_2_0_0_30.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GINWORDS Class) - http://gryonline.wp.pl/files/words_2_0_0_18.cab

O16 - DPF: {67135BDA-6546-4426-BC94-BB5AF5005231} (GINCHECKERS Class) - http://gryonline.wp.pl/files/checkers_2_0_0_6.cab

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.2/g_bin/pl/darts_2_0_0_28.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab

O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - http://67.15.101.3/g_bin/pl/makao_2_0_0_14.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

O18 - Filter: text/html - {757C585E-A9B8-11D9-BEEF-000E44B14050} - C:\WINDOWS\SYSTEM\PEEJ.DLL

O18 - Filter: text/plain - {757C585E-A9B8-11D9-BEEF-000E44B14050} - C:\WINDOWS\SYSTEM\PEEJ.DLL


(Damian) #2

Nieciekawie masz namieszane z Internet Explorerami.

Moze na początek przejedź system skanerami :

:arrow: CWShredder 2.14

:arrow: Spybot Search & Destroy 1.3

:arrow: Ad-aware SE Personal 1.05

:arrow:PestPatrol

..::X-Scan::..

http://www.spywareinfo.com/xscan.php

..::GeCAD (RAV)::..

http://www.ravantivirus.com/scan/

..::F-Secure::..

http://support.f-secure.com/enu/home/ols.shtml

..::mks_vir::..

http://skaner.mks.com.pl

..::BitDefender::..

http://www.bitdefender.com/scan/licence.php

..::Symantec {Norton}::..

http://security.symantec.com

..::HouseCall::..

http://pl.trendmicro-europe.com/consume ... call_pre.p

ETD Security Scanner 3.0 - Antyszpieg

a potem wklej loga jeszcze raz :?


(Kuz5) #3

Wyczyść katalog TEMP

Start=>Uruchom=>%temp%=>I usuń wszystko co sie tam znajduje

Usuń w trybie awaryjnym :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL (file missing)

O2 - BHO: (no name) - {AB118601-A915-11D9-BEEF-000EB250128A} - C:\WINDOWS\SYSTEM\PEEJ.DLL

O4 - HKLM..\Run: [Reg32] C:\WINDOWS\reg32.exe

O4 - HKLM..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"

O4 - HKLM..\Run: [salm] c:\temp\salm.exe

O4 - HKLM..\Run: [hgzmhkz] C:\WINDOWS\hgzmhkz.exe

O4 - HKLM..\Run: [ewefbYW^]babxwut] C:\WINDOWS\SYSTEM\tkavuljmmhwz.exe

O4 - HKLM..\Run: [gah95on6] C:\WINDOWS\SYSTEM\gah95on6.exe

O4 - HKLM..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKLM..\RunServices: [ewefbYW^]babxwut] C:\WINDOWS\SYSTEM\tkavuljmmhwz.exe

O4 - HKLM..\RunServices: [srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe

O4 - HKCU..\Run: [sysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - HKLM..\Run: [sysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - HKCU..\Run: [Windows Update Client] C:\WINDOWS\system32\wuclient.exe

O4 - Startup: PowerReg Scheduler.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Microsoft AntiSpyware helper - {B65D1060-A915-11D9-BEEF-000E5C8F1D19} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B65D1060-A915-11D9-BEEF-000E5C8F1D19} - (no file) (HKCU)

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted IP range: 67.19.185.246

O15 - Trusted IP range: 67.19.185.246 (HKLM)

O18 - Filter: text/html - {757C585E-A9B8-11D9-BEEF-000E44B14050} - C:\WINDOWS\SYSTEM\PEEJ.DLL

O18 - Filter: text/plain - {757C585E-A9B8-11D9-BEEF-000E44B14050} - C:\WINDOWS\SYSTEM\PEEJ.DLL

O4 - HKLM..\Run: [security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe

W Dodaj/Usuń wywal ten program.

Wszystkie pliki na czerwono usuń ręcznie z dysku

Na koniec wklej nowego loga.


(Future2019) #4

Logfile of HijackThis v1.99.1

Scan saved at 20:16:47, on 05-04-12

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\TNT2-64\VI_GRM.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\WINDOWS\SYSTEM\FMCTRL.EXE

C:\WINDOWS\SYSTEM32\XPSP2FW.EXE

C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE

C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\MOJE DOKUMENTY\TAA\NOWY FOLDER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

F1 - win.ini: load=C:\TNT2-64\vi_grm.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {AB118601-A915-11D9-BEEF-000EB250128A} - C:\WINDOWS\SYSTEM\PEEJ.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min

O4 - HKLM..\Run: [sSAntyDialer] C:\Program Files\SSAntyDialer\SSAntyDialer.exe tray

O4 - HKLM..\Run: [AntyDialerTP] "c:\program files\antydialer tp\antydialertp.exe" tray

O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\Run: [internat.exe] internat.exe

O4 - HKLM..\Run: [Reg32] C:\WINDOWS\reg32.exe

O4 - HKLM..\Run: [EzAudioTray] C:\PROGRAM FILES\EZAUDIO\EZAUDIO.EXE TRAYAPP

O4 - HKLM..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [Q3dctlTray] Fmctrl.EXE

O4 - HKLM..\Run: [hgzmhkz] C:\WINDOWS\hgzmhkz.exe

O4 - HKLM..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe

O4 - HKLM..\Run: [sysTime] C:\WINDOWS\SYSTEM\systime.exe

O4 - HKLM..\Run: [ewefbYW^]babxwut] C:\WINDOWS\SYSTEM\tkavuljmmhwz.exe

O4 - HKLM..\Run: [vmtune] %SystemRoot%\system32\gdlib.exe

O4 - HKLM..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM..\Run: [security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe

O4 - HKLM..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O4 - HKLM..\RunServices: [srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE

O4 - HKCU..\Run: [Windows Update Client] C:\WINDOWS\system32\wuclient.exe

O4 - HKCU..\Run: [skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized

O4 - HKCU..\Run: [WindowsFY] C:\WP.EXE

O4 - HKCU..\Run: [ETD Security Scanner] "C:\PROGRAM FILES\ETD SECURITY SCANNER\ETD SECURITY SCANNER.EXE" /s

O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra button: Microsoft AntiSpyware helper - {B65D1060-A915-11D9-BEEF-000E5C8F1D19} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B65D1060-A915-11D9-BEEF-000E5C8F1D19} - (no file) (HKCU)

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted IP range: 67.19.185.246

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg.ocx

O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GINBILLARD9 Class) - http://gryonline.wp.pl/files/billard9_2_0_0_6.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.2/g_bin/pl/poker_2_0_0_30.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GINWORDS Class) - http://gryonline.wp.pl/files/words_2_0_0_18.cab

O16 - DPF: {67135BDA-6546-4426-BC94-BB5AF5005231} (GINCHECKERS Class) - http://gryonline.wp.pl/files/checkers_2_0_0_6.cab

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.2/g_bin/pl/darts_2_0_0_28.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab

O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - http://67.15.101.3/g_bin/pl/makao_2_0_0_14.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O18 - Filter: text/html - {D9E7CF27-AB63-11D9-BEEF-000E7397BCEE} - C:\WINDOWS\SYSTEM\PEEJ.DLL

O18 - Filter: text/plain - {D9E7CF27-AB63-11D9-BEEF-000E7397BCEE} - C:\WINDOWS\SYSTEM\PEEJ.DLL


(boczi) #5

Jeszcze skasuj to:

Jeśli nie da się normalnie usunąć, rób to KillBox'em;

Teraz skan CWShredder

Następnie:

W trybie awaryjnym:

(W Hijacku)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

   	R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

 	R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

   	R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

   	R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

   	R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

   	R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

   	R3 - Default URLSearchHook is missing

   	O2 - BHO: (no name) - {AB118601-A915-11D9-BEEF-000EB250128A} - C:\WINDOWS\SYSTEM\PEEJ.DLL (file missing)

   	O4 - HKLM\..\Run: [Reg32] C:\WINDOWS\reg32.exe

O4 - HKLM\..\Run: [hgzmhkz] C:\WINDOWS\hgzmhkz.exe

   	O4 - HKLM\..\Run: [XPSP2 Firewall] C:\WINDOWS\system32\xpsp2fw.exe

   	O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe

   	O4 - HKLM\..\Run: [ewefbYW^]babxwut] C:\WINDOWS\SYSTEM\tkavuljmmhwz.exe

   	O4 - HKLM\..\Run: [vmtune] %SystemRoot%\system32\gdlib.exe

   	O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

   	O4 - HKLM\..\RunServices: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe

   	O4 - HKCU\..\Run: [Windows Update Client] C:\WINDOWS\system32\wuclient.exe

O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE

   	O4 - HKCU\..\Run: [ETD Security Scanner] "C:\PROGRAM FILES\ETD SECURITY SCANNER\ETD SECURITY SCANNER.EXE" /s

   	O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

   	O9 - Extra button: Microsoft AntiSpyware helper - {B65D1060-A915-11D9-BEEF-000E5C8F1D19} - (no file) (HKCU)

   	O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B65D1060-A915-11D9-BEEF-000E5C8F1D19} - (no file) (HKCU)

   	O18 - Filter: text/html - {D9E7CF27-AB63-11D9-BEEF-000E7397BCEE} - C:\WINDOWS\SYSTEM\PEEJ.DLL

   	O18 - Filter: text/plain - {D9E7CF27-AB63-11D9-BEEF-000E7397BCEE} - C:\WINDOWS\SYSTEM\PEEJ.DLL

Następnie programem KillTrusted:

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.iframedollars.biz

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.iframedollars.biz (HKLM)

O15 - Trusted IP range: 67.19.185.246

Potem skan programami ANTY i czyszczenie rejestru programem jv16 PowerTools i na nowo log.


(Future2019) #6

Logfile of HijackThis v1.99.1

Scan saved at 17:50:44, on 05-04-13

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\TNT2-64\VI_GRM.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\WINDOWS\SYSTEM\FMCTRL.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE

C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE

C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE

C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\EXPLORER.EXE

C:\MOJE DOKUMENTY\TAA\NOWY FOLDER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F1 - win.ini: load=C:\TNT2-64\vi_grm.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {49AC12BF-AB99-11D9-BEEF-000EC670C082} - C:\WINDOWS\SYSTEM\JMKGPGA.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min

O4 - HKLM..\Run: [AntyDialerTP] "c:\program files\antydialer tp\antydialertp.exe" tray

O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\Run: [internat.exe] internat.exe

O4 - HKLM..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [Q3dctlTray] Fmctrl.EXE

O4 - HKLM..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE

O4 - HKCU..\Run: [skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized

O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg.ocx

O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GINBILLARD9 Class) - http://gryonline.wp.pl/files/billard9_2_0_0_6.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.2/g_bin/pl/poker_2_0_0_30.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GINWORDS Class) - http://gryonline.wp.pl/files/words_2_0_0_18.cab

O16 - DPF: {67135BDA-6546-4426-BC94-BB5AF5005231} (GINCHECKERS Class) - http://gryonline.wp.pl/files/checkers_2_0_0_6.cab

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.2/g_bin/pl/darts_2_0_0_28.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab

O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - http://67.15.101.3/g_bin/pl/makao_2_0_0_14.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab


(Qbek50) #7

kosz:

1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html


(Musg) #8

zainstaluj i przeskanuj system jeszcze tym:

raz jeszcze to powyzej zafixyj hijackiem

dalej usuwasz:

daj log po usunieciu wpisow


(Future2019) #9

Logfile of HijackThis v1.99.1

Scan saved at 18:45:58, on 05-04-13

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\TNT2-64\VI_GRM.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\WINAMP\WINAMPA.EXE

C:\WINDOWS\SYSTEM\FMCTRL.EXE

C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE

C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE

C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\MOJE DOKUMENTY\TAA\NOWY FOLDER\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F1 - win.ini: load=C:\TNT2-64\vi_grm.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min

O4 - HKLM..\Run: [AntyDialerTP] "c:\program files\antydialer tp\antydialertp.exe" tray

O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\Run: [internat.exe] internat.exe

O4 - HKLM..\Run: [Zasobnik systemowy] SysTray.Exe

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM..\Run: [Q3dctlTray] Fmctrl.EXE

O4 - HKLM..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - HKCU..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE

O4 - HKCU..\Run: [skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized

O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg.ocx

O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GINBILLARD9 Class) - http://gryonline.wp.pl/files/billard9_2_0_0_6.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.2/g_bin/pl/poker_2_0_0_30.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GINWORDS Class) - http://gryonline.wp.pl/files/words_2_0_0_18.cab

O16 - DPF: {67135BDA-6546-4426-BC94-BB5AF5005231} (GINCHECKERS Class) - http://gryonline.wp.pl/files/checkers_2_0_0_6.cab

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.2/g_bin/pl/darts_2_0_0_28.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab

O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - http://67.15.101.3/g_bin/pl/makao_2_0_0_14.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab


(Musg) #10

czysto :slight_smile:

zaktualizuj jeszcze IE

A najlepiej wybierz jakas inna przegladarke :slight_smile:


(Monczkin) #11

popatrz http://forum.dobreprogramy.pl/viewtopic.php?t=25137


(Future2019) #12

Niestety. Te uciążliwe okna z informacjami o wirusach i błędach ciągle się pojawiają...


(Kuz5) #13

Zrób screena i tego komunikatu i pokaż go na forum.


(Future2019) #14

(Damian) #15

Przeskanowałeś komputer wszystkim, co podałem Ci w pierwszym poście?


(Future2019) #16

Spybot Search & Destroy 1.3 - za wyjątkiem tego