problem z mprexe. prosze o sprawdzenie loga
komp ciezko odpala po czym po bolach pojawia sie kom. o problemie z aplikacja mprexe (problem zwiazany z kerlel32.dll) po OK jest juz tylko bolesna pustka
probowalem juz kilku sposobow z forum ale nici. dodatkowym problemem jest brak solidnego anty–wir`a a cd juz nie odpala.
BŁAGAM POMOCY!
PS. pare tygodni temu mialem problem z CWS ale niby triumf i teraz srawdzalem CWShredderem– faktycznie nic, no ale moze
Logfile of HijackThis v1.99.1
Scan saved at 21:41:15, on 05–02–20
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSEXPLORER.EXE
C:PROGRAM FILESWINZIPWINZIP32.EXE
C:WINDOWSTEMPHIJACKTHIS.EXE
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://o2.pl
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://o2.pl
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {5F479581–81B9–11D9–9768–000D32C02803} – (no file)
O2 – BHO: (no name) – {FE80D721–43CF–6564–B28D–176404DE4BC6} – C:WINDOWSSYSTEMKODI.DLL
O2 – BHO: (no name) – {0F9561D0–03B2–44a3–89A6–E95E417CBA25} – C:WINDOWSCERBMOD.DLL (file missing)
O2 – BHO: (no name) – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:WINDOWSSYSTEMporynt.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [Startup Manager Scanner] C:Program FilesStartup MechanicStartupMonitor.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O15 – ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 – ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O16 – DPF: {181E0086–2014–3146–572C–47B175AF44E0} – http://213.159.117.150/1/rdgPL10.exe
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} (VacPro.russia_ver3) – http://www.globalphon.com/dialer/russia.CAB
O16 – DPF: {77BF7102–3907–49BA–6B67–38705BF4AA00} – http://213.159.117.150/1/rdgPL10.exe
O16 – DPF: {631FF594–EC25–4CFF–B869–402DF294E1D6} (Instalator oprogramowania Onet.pl) – http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O17 – HKLMSystemCCSServicesVxDMSTCP: Domain = rafi
O17 – HKLMSystemCCSServicesVxDMSTCP: NameServer = 194.204.152.34,194.204.151.1
O18 – Filter: text/html – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:WINDOWSSYSTEMporynt.dll
O18 – Filter: text/plain – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:WINDOWSSYSTEMporynt.dll
probowalem juz kilku sposobow z forum ale nici. dodatkowym problemem jest brak solidnego anty–wir`a a cd juz nie odpala.
BŁAGAM POMOCY!
PS. pare tygodni temu mialem problem z CWS ale niby triumf i teraz srawdzalem CWShredderem– faktycznie nic, no ale moze
Logfile of HijackThis v1.99.1
Scan saved at 21:41:15, on 05–02–20
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSEXPLORER.EXE
C:PROGRAM FILESWINZIPWINZIP32.EXE
C:WINDOWSTEMPHIJACKTHIS.EXE
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://o2.pl
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://o2.pl
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {5F479581–81B9–11D9–9768–000D32C02803} – (no file)
O2 – BHO: (no name) – {FE80D721–43CF–6564–B28D–176404DE4BC6} – C:WINDOWSSYSTEMKODI.DLL
O2 – BHO: (no name) – {0F9561D0–03B2–44a3–89A6–E95E417CBA25} – C:WINDOWSCERBMOD.DLL (file missing)
O2 – BHO: (no name) – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:WINDOWSSYSTEMporynt.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [Startup Manager Scanner] C:Program FilesStartup MechanicStartupMonitor.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O15 – ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 – ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O16 – DPF: {181E0086–2014–3146–572C–47B175AF44E0} – http://213.159.117.150/1/rdgPL10.exe
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} (VacPro.russia_ver3) – http://www.globalphon.com/dialer/russia.CAB
O16 – DPF: {77BF7102–3907–49BA–6B67–38705BF4AA00} – http://213.159.117.150/1/rdgPL10.exe
O16 – DPF: {631FF594–EC25–4CFF–B869–402DF294E1D6} (Instalator oprogramowania Onet.pl) – http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O17 – HKLMSystemCCSServicesVxDMSTCP: Domain = rafi
O17 – HKLMSystemCCSServicesVxDMSTCP: NameServer = 194.204.152.34,194.204.151.1
O18 – Filter: text/html – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:WINDOWSSYSTEMporynt.dll
O18 – Filter: text/plain – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:WINDOWSSYSTEMporynt.dll
Odpowiedzi: 9
Graboll:
Wielkie dzięki panowie– pełne powodzenie
Dobra, dobra...
Nadal czekamy na...
... bo zadna ciezarowka ze skrzynkami piwa pod moj dom nie zajechała :mrgreen:...macie wszyscy duze piwko!...
EL tez by sie pewnie napił :P
Wielkie dzięki panowie– pełne powodzenie
Usuwales recznie ten plik z dysku ? Jesli tak, przywroc go z plyty."nie mozna zaladowac lub uruchomic `SULFNBK.exe`
Teraz usun:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
O4 – HKLM..Run: [SysTime] C:WINDOWSSYSTEMsystime.exe
O4 – HKCU..Run: [SysTime] C:WINDOWSSYSTEMsystime.exe
O4 – HKCU..RunServices: [SysTime] C:WINDOWSSYSTEMsystime.exe
O14 – IERESET.INF: SEARCH_PAGE_URL=
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted IP range: 69.50.161.82
O15 – Trusted IP range: 69.50.161.82 (HKLM)
O15 – ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 – ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 – ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 – ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 – DPF: {181E0086–2014–3146–572C–47B175AF44E0} – http://213.159.117.150/1/rdgPL10.exe
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} (VacPro.russia_ver3) – http://www.globalphon.com/dialer/russia.CAB
O16 – DPF: {77BF7102–3907–49BA–6B67–38705BF4AA00} – http://213.159.117.150/1/rdgPL10.exe
O17 – HKLMSystemCCSServicesVxDMSTCP: Domain = rafi
ok VIKTORIA!!! macie wszyscy duze piwko! SIC
–powiodło sie po dezinstalacji win98 wydanie drugie – nie zwróciłem na to uwagi wczesniej! ups!
pytam jeszcze dla pewnosci bo pojawia mi sie kom:\r
"nie mozna zaladowac lub uruchomic `SULFNBK.exe` okreslonego w pliku win.ini upewnij sie czy ten plik istnieje na tym komputerze albo usun odwolanie do niego w pliku WIN.INI"
??
moj obecny log:
Logfile of HijackThis v1.99.1
Scan saved at 00:21:19, on 05–02–22
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMMSTASK.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESA4TECHMOUSEAMOUMAIN.EXE
C:PROGRAM FILESGADU–GADUGG.EXE
C:PROGRAM FILESWINZIPWINZIP32.EXE
C:WINDOWSTEMPHIJACKTHIS.EXE
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
F1 – win.ini: run=C:WINDOWSCOMMANDSULFNBK.EXE
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 – HKLM..Run: [SysTime] C:WINDOWSSYSTEMsystime.exe
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – HKCU..Run: [SysTime] C:WINDOWSSYSTEMsystime.exe
O4 – HKCU..Run: [SpySweeper] "C:Program FilesWebrootSpy SweeperSPYSWEEPER.EXE" /0
O4 – HKCU..RunServices: [Gadu–Gadu] "C:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – HKCU..RunServices: [SysTime] C:WINDOWSSYSTEMsystime.exe
O4 – HKCU..RunServices: [SpySweeper] "C:Program FilesWebrootSpy SweeperSPYSWEEPER.EXE" /0
O14 – IERESET.INF: SEARCH_PAGE_URL=
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted IP range: 69.50.161.82
O15 – Trusted IP range: 69.50.161.82 (HKLM)
O15 – ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 – ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 – ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 – ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 – DPF: {181E0086–2014–3146–572C–47B175AF44E0} – http://213.159.117.150/1/rdgPL10.exe
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} (VacPro.russia_ver3) – http://www.globalphon.com/dialer/russia.CAB
O16 – DPF: {77BF7102–3907–49BA–6B67–38705BF4AA00} – http://213.159.117.150/1/rdgPL10.exe
O17 – HKLMSystemCCSServicesVxDMSTCP: Domain = rafi
O17 – HKLMSystemCCSServicesVxDMSTCP: NameServer = 194.204.152.34,194.204.151.1
POZDRAWIAM.
–powiodło sie po dezinstalacji win98 wydanie drugie – nie zwróciłem na to uwagi wczesniej! ups!
pytam jeszcze dla pewnosci bo pojawia mi sie kom:\r
"nie mozna zaladowac lub uruchomic `SULFNBK.exe` okreslonego w pliku win.ini upewnij sie czy ten plik istnieje na tym komputerze albo usun odwolanie do niego w pliku WIN.INI"
??
moj obecny log:
Logfile of HijackThis v1.99.1
Scan saved at 00:21:19, on 05–02–22
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMMSTASK.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESA4TECHMOUSEAMOUMAIN.EXE
C:PROGRAM FILESGADU–GADUGG.EXE
C:PROGRAM FILESWINZIPWINZIP32.EXE
C:WINDOWSTEMPHIJACKTHIS.EXE
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
F1 – win.ini: run=C:WINDOWSCOMMANDSULFNBK.EXE
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 – HKLM..Run: [SysTime] C:WINDOWSSYSTEMsystime.exe
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – HKCU..Run: [SysTime] C:WINDOWSSYSTEMsystime.exe
O4 – HKCU..Run: [SpySweeper] "C:Program FilesWebrootSpy SweeperSPYSWEEPER.EXE" /0
O4 – HKCU..RunServices: [Gadu–Gadu] "C:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – HKCU..RunServices: [SysTime] C:WINDOWSSYSTEMsystime.exe
O4 – HKCU..RunServices: [SpySweeper] "C:Program FilesWebrootSpy SweeperSPYSWEEPER.EXE" /0
O14 – IERESET.INF: SEARCH_PAGE_URL=
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted IP range: 69.50.161.82
O15 – Trusted IP range: 69.50.161.82 (HKLM)
O15 – ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 – ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O15 – ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O15 – ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 – DPF: {181E0086–2014–3146–572C–47B175AF44E0} – http://213.159.117.150/1/rdgPL10.exe
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} (VacPro.russia_ver3) – http://www.globalphon.com/dialer/russia.CAB
O16 – DPF: {77BF7102–3907–49BA–6B67–38705BF4AA00} – http://213.159.117.150/1/rdgPL10.exe
O17 – HKLMSystemCCSServicesVxDMSTCP: Domain = rafi
O17 – HKLMSystemCCSServicesVxDMSTCP: NameServer = 194.204.152.34,194.204.151.1
POZDRAWIAM.
http://support.microsoft.com/?kbid=187965
http://support.microsoft.com/?kbid=192249
http://support.microsoft.com/kb/q238454/
http://support.microsoft.com/?kbid=192249
http://support.microsoft.com/kb/q238454/
log coraz lepszy ale niestety objawy te same :?
Logfile of HijackThis v1.99.1
Scan saved at 00:55:06, on 05–02–21
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSEXPLORER.EXE
C:PROGRAM FILESWINZIPWINZIP32.EXE
C:WINDOWSTEMPHIJACKTHIS.EXE
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [Startup Manager Scanner] C:Program FilesStartup MechanicStartupMonitor.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O16 – DPF: {631FF594–EC25–4CFF–B869–402DF294E1D6} (Instalator oprogramowania Onet.pl) – http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O17 – HKLMSystemCCSServicesVxDMSTCP: Domain = rafi
O17 – HKLMSystemCCSServicesVxDMSTCP: NameServer = 194.204.152.34,194.204.151.1
Logfile of HijackThis v1.99.1
Scan saved at 00:55:06, on 05–02–21
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSEXPLORER.EXE
C:PROGRAM FILESWINZIPWINZIP32.EXE
C:WINDOWSTEMPHIJACKTHIS.EXE
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [Startup Manager Scanner] C:Program FilesStartup MechanicStartupMonitor.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O16 – DPF: {631FF594–EC25–4CFF–B869–402DF294E1D6} (Instalator oprogramowania Onet.pl) – http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O17 – HKLMSystemCCSServicesVxDMSTCP: Domain = rafi
O17 – HKLMSystemCCSServicesVxDMSTCP: NameServer = 194.204.152.34,194.204.151.1
zaznaczylem wskazane pliki w hijack i Fix Checked, to chyba jednak jeszcze nie wszystko... wciaz ten sam komunikat po restarcie.
"Mprexe
Program wykonał nieprawidłową opeeracje (...) ze sprzedawcą.
SZCZEGÓŁY>
Mprexe spowodował ogólny błąd ochrony w module KERNEL32.DLL przy 0167 bff7dde7
Rejestry:
.... (tego chyba nie musze pisać?)"
tak czy inaczej wciąź nic nie działa po OK.
obecny log:
Logfile of HijackThis v1.99.1
Scan saved at 23:40:39, on 05–02–20
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSEXPLORER.EXE
C:PROGRAM FILESWINZIPWINZIP32.EXE
C:WINDOWSTEMPHIJACKTHIS.EXE
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [Startup Manager Scanner] C:Program FilesStartup MechanicStartupMonitor.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {631FF594–EC25–4CFF–B869–402DF294E1D6} (Instalator oprogramowania Onet.pl) – http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O17 – HKLMSystemCCSServicesVxDMSTCP: Domain = rafi
O17 – HKLMSystemCCSServicesVxDMSTCP: NameServer = 194.204.152.34,194.204.151.1
Co dalej? :shock:
"Mprexe
Program wykonał nieprawidłową opeeracje (...) ze sprzedawcą.
SZCZEGÓŁY>
Mprexe spowodował ogólny błąd ochrony w module KERNEL32.DLL przy 0167 bff7dde7
Rejestry:
.... (tego chyba nie musze pisać?)"
tak czy inaczej wciąź nic nie działa po OK.
obecny log:
Logfile of HijackThis v1.99.1
Scan saved at 23:40:39, on 05–02–20
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSEXPLORER.EXE
C:PROGRAM FILESWINZIPWINZIP32.EXE
C:WINDOWSTEMPHIJACKTHIS.EXE
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TECHMOUSEAMOUMAIN.EXE
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [Startup Manager Scanner] C:Program FilesStartup MechanicStartupMonitor.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {631FF594–EC25–4CFF–B869–402DF294E1D6} (Instalator oprogramowania Onet.pl) – http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O17 – HKLMSystemCCSServicesVxDMSTCP: Domain = rafi
O17 – HKLMSystemCCSServicesVxDMSTCP: NameServer = 194.204.152.34,194.204.151.1
Co dalej? :shock:
Mamy pozostałosci po tym trojanie CWS
Usuwasz pliki wymienione nizej a poznie FIX:
http://search.microsoft.com/search/results.aspx?st=b&na=80&qu=MPREXE&View=pl–pl
Usuwasz pliki wymienione nizej a poznie FIX:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://o2.pl
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://o2.pl
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {5F479581–81B9–11D9–9768–000D32C02803} – (no file)
O2 – BHO: (no name) – {FE80D721–43CF–6564–B28D–176404DE4BC6} – C:WINDOWSSYSTEMKODI.DLL
O2 – BHO: (no name) – {0F9561D0–03B2–44a3–89A6–E95E417CBA25} – C:WINDOWSCERBMOD.DLL (file missing)
O2 – BHO: (no name) – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:WINDOWSSYSTEMporynt.dll (file missing)
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O14 – IERESET.INF: SEARCH_PAGE_URL=
O14 – IERESET.INF: START_PAGE_URL=
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O15 – ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 – ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone
O16 – DPF: {181E0086–2014–3146–572C–47B175AF44E0} – http://213.159.117.150/1/rdgPL10.exe
O16 – DPF: {3E339D3C–4B12–4E8C–A529–9CC4BEEAFD4F} (VacPro.russia_ver3) – http://www.globalphon.com/dialer/russia.CAB
O16 – DPF: {77BF7102–3907–49BA–6B67–38705BF4AA00} – http://213.159.117.150/1/rdgPL10.exe
O18 – Filter: text/html – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:WINDOWSSYSTEMporynt.dll
O18 – Filter: text/plain – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:WINDOWSSYSTEMporynt.dll
http://search.microsoft.com/search/results.aspx?st=b&na=80&qu=MPREXE&View=pl–pl
Strona 1 / 1