Prosze o pomoc wyskakujace strony typu yyy102 dalem loga
Wiec prosze o pomoc zgdoną z tematem nie wiem juz co mam robic oto moj log z hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 14:30:02, on 2005–11–13
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\RedLine\Taskbar.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\D–Tools\daemon.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\redline\gameutil.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\k4y\Ustawienia lokalne\Temp\Katalog tymczasowy 5 dla hijackthis_199.zip\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{08C06D61–F1F3–4799–86F8–BE1A89362C85} – (no file)
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F2 – REG:system.ini: Shell=
F3 – REG:win.ini: run=C:\WINDOWS\system32\services.exe
F2 – REG:system.ini: UserInit=userinit.exe
O4 – HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 – HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 – HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 – HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 – HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [RedLine Taskbar] C:\Program Files\RedLine\Taskbar.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\RunServices: [Network Access] winssh.exe
O4 – HKLM\..\RunServices: [yahoo inc.] ypages.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – Global Startup: gameutil.exe.lnk = ?
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O8 – Extra context menu item: Otwórz w nowym Avant Browser – C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: Szukaj – C:\Program Files\Avant Browser\Search.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_63.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{63124A84–F71B–480D–A63F–35096B119B05}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: policies – C:\WINDOWS\system32\lvr4099qe.dll
O21 – SSODL: Azureus – {64AD3392–534E–908B–1189–9375C36A8BA8} – (no file)
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
Probowalem tez programu typu l2mfix ale nie pomaga postepuje zgodnie z instrukcja jego uzywania... poczytalem tez troche tematow na forum wyprobowalem rozne programy do usuwania spamu i nic ... dzieki za ewentualna pomoc i pozdrawiam
Logfile of HijackThis v1.99.1
Scan saved at 14:30:02, on 2005–11–13
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\RedLine\Taskbar.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\D–Tools\daemon.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\redline\gameutil.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\k4y\Ustawienia lokalne\Temp\Katalog tymczasowy 5 dla hijackthis_199.zip\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{08C06D61–F1F3–4799–86F8–BE1A89362C85} – (no file)
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F2 – REG:system.ini: Shell=
F3 – REG:win.ini: run=C:\WINDOWS\system32\services.exe
F2 – REG:system.ini: UserInit=userinit.exe
O4 – HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 – HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 – HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 – HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 – HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive\Program\CTAvTray.EXE
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [RedLine Taskbar] C:\Program Files\RedLine\Taskbar.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\RunServices: [Network Access] winssh.exe
O4 – HKLM\..\RunServices: [yahoo inc.] ypages.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – Global Startup: gameutil.exe.lnk = ?
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O8 – Extra context menu item: Otwórz w nowym Avant Browser – C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: Szukaj – C:\Program Files\Avant Browser\Search.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_63.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{63124A84–F71B–480D–A63F–35096B119B05}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: policies – C:\WINDOWS\system32\lvr4099qe.dll
O21 – SSODL: Azureus – {64AD3392–534E–908B–1189–9375C36A8BA8} – (no file)
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
Probowalem tez programu typu l2mfix ale nie pomaga postepuje zgodnie z instrukcja jego uzywania... poczytalem tez troche tematow na forum wyprobowalem rozne programy do usuwania spamu i nic ... dzieki za ewentualna pomoc i pozdrawiam
Odpowiedzi: 3
k4tori:
R3 – URLSearchHook: (no name) – _{08C06D61–F1F3–4799–86F8–BE1A89362C85} – (no file)
O4 – HKLM\..\RunServices: [Network Access] winssh.exe
O4 – HKLM\..\RunServices: [yahoo inc.] ypages.exe
O20 – Winlogon Notify: policies – C:\WINDOWS\system32\lvr4099qe.dll
O21 – SSODL: Azureus – {64AD3392–534E–908B–1189–9375C36A8BA8} – (no file)
Do wywalenia
Ściągnij sobie kurna l2mfix i postepuj zgodnie z instrukcja w faq
3 dzisiaj przypadek Look2Me
heh nikt nie pomoze? poczytalem troche tematow na ten temat... porobilem kilka rzeczy zalecanych i nic nie pomaga...
heh nikt nie pomoze? poczytalem troche tematow na ten temat... porobilem kilka rzeczy zalecanych i nic nie pomaga...