GRY-Online.pl --> Archiwum Forum

hijackthis -- kto sie zna na tym programie ?

28.06.2004
12:40
smile
[1]

Gandalf-bia造 [ Mithrandir ]

hijackthis -- kto sie zna na tym programie ?

Mam pewien problem z about.blank i pr鏏uje sie go pozbyc

Niech mi ktos napisze kto sie zna ktorych mam sie plikow pozbyc

Logfile of HijackThis v1.97.7
Scan saved at 12:38:48, on 2004-06-28
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\mks-onet\bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Gadu-Gadu\gg.exe
C:\Piotras\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.wp.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ㄨcza
R3 - URLSearchHook: (no name) - ‹0428FFC7-1931-45b7-95CB-3CBB919777E1› - (no file)
R3 - URLSearchHook: IncrediFindBHO Class - ‹5D60FF48-95BE-4956-B4C6-6BB168A70310› - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - ‹000006B1-19B5-414A-849F-2A3C64AE6939› - C:\WINDOWS\bi.dll (file missing)
O2 - BHO: (no name) - ‹00000EF1-0786-4633-87C6-1AA7A44296DA› - C:\WINDOWS\System32\ATPART~1.DLL (file missing)
O2 - BHO: (no name) - ‹0000CC75-ACF3-4cac-A0A9-DD3868E06852› - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: NavErrRedir Class - ‹00D6A7E7-4A97-456f-848A-3B75BF7554D7› - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL (file missing)
O2 - BHO: (no name) - ‹06849E9F-C8D7-4D59-B87D-784B7D6BE0B3› - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NavErrRedir Class - ‹5D60FF48-95BE-4956-B4C6-6BB168A70310› - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - ‹71ED4FBA-4024-4bbe-91DC-9704C93F453E› - (no file)
O2 - BHO: (no name) - ‹83DE62E0-5805-11D8-9B25-00E04C60FAF2› - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - ‹9C691A33-7DDA-4C2F-BE4C-C176083F35CF› - C:\WINDOWS\Downloaded Program Files\bridge.dll (file missing)
O2 - BHO: (no name) - ‹BBA9637C-6B8B-463D-8011-4974F989DF0F› - C:\WINDOWS\System32\gpapa.dll
O2 - BHO: (no name) - ‹f21e06ff-ed9e-455c-89ae-a3fbd896c97d› - C:\DOCUME~1\Kris\DANEAP~1\oamzouqsts.dll (file missing)
O3 - Toolbar: &Radio - ‹8E718888-423F-11D2-876E-00A0C9082467› - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ‹00000EF1-0786-4633-87C6-1AA7A44296DA› (F1 Organizer Class) - https://www.addictivetechnologies.net/DM0/cab/fngrbng.cab
O16 - DPF: ‹018B7EC3-EECA-11D3-8E71-0000E82C6C0D› (Installer Class) - https://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: ‹0191ABF4-9421-435E-9FFD-CD827A2A82D8› (SBITAX7Ctrl Class) - https://www.movie-browser.com/tl7000.dll
O16 - DPF: ‹02C20140-76F8-4763-83D5-B660107B7A90› (Moniker32 Class) - https://63.219.181.7/cax.cab
O16 - DPF: ‹166B1BCA-3F9C-11CF-8075-444553540000› (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: ‹1D6711C8-7154-40BB-8380-3DEA45B69CBF› (Web P2P Installer) -
O16 - DPF: ‹33564D57-0000-0010-8000-00AA00389B71› - https://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: ‹37A49D66-2735-4BB9-8503-82BA5E2333D0› (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 - DPF: ‹91413D86-9F27-402C-B5E3-DEBDD122C339› - https://content2.netvenda.com/sites/games-intl/pl/games4.cab
O16 - DPF: ‹91433D86-9F27-402C-B5E3-DEBDD122C339› - https://www.netvenda.com/sites/games-intl/pl/games4.cab
O16 - DPF: ‹9AA73F41-EC64-489E-9A73-9CD52E528BC4› (ZoneAxRcMgr Class) - https://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: ‹9C691A33-7DDA-4C2F-BE4C-C176083F35CF› (brdg Class) - https://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: ‹9EB320CE-BE1D-4304-A081-4B4665414BEF› (MediaTicketsInstaller Control) - https://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: ‹AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A› (WTHoster Class) - https://install.wildtangent.com/bgn/partners/nike/nikefz4/install.cab
O16 - DPF: ‹AC120B1D-9411-4111-AF52-118052D85D45› (GINDARTS Class) - https://66.98.132.11/g_bin_eng/darts_2_0_0_21.cab
O16 - DPF: ‹BFA1F11D-3121-AFE1-4112-894323212DAC› (GINWORDS Class) - https://gryonline.wp.pl/files/words_2_0_0_11.cab
O16 - DPF: ‹CCA6CE4C-2199-4A4F-9542-12E0163D6841› (Dialer Class) - https://sessa.isprime.com:81/tel2net/2-PL-0-1.cab
O16 - DPF: ‹D27CDB6E-AE6D-11CF-96B8-444553540000› (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: ‹E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7› (MainControl Class) - https://skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: ‹EF86873F-04C2-4A95-A373-5703C08EFC7B› (Installer Class) - https://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: ‹EFB22865-F3BC-4309-ADFA-C8E078A7F762› (SysWebTelecomInt Class) - https://www.sponsoradulto.com/en/SysWebTelecom.cab
O16 - DPF: ‹F00F4763-7355-4725-82F7-0DA94A256D46› (IMDownloader Class) - https://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: ‹F164ECE9-E6DF-4085-961C-083BD1809319› (Vacpro.global) - https://www.7adpower.com/dialer/global.CAB
O16 - DPF: ‹FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1› (GINBILLARD8 Class) - https://66.98.132.156/g_bin_eng/billard8_2_0_0_17.cab
O16 - DPF: ‹FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5› (GINSNOOKER Class) - https://66.98.132.11/g_bin_eng/snooker_2_0_0_12.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\‹A1DDD7F8-DE13-489C-A88D-60B53D6A4FA6›: NameServer = 10.0.0.1,194.204.159.1,194.204.152.34

28.06.2004
13:21
[2]

axelek [ Konsul ]

wejdz na te stronke, zarejestruj sie na forum i pokaz ten log dla innych ludzi oni ci powiedza co jest nietak

28.06.2004
14:06
[3]

Gandalf-bia造 [ Mithrandir ]

axelek ---> napisz do mnie na gg jak mozesz .

28.06.2004
20:42
[4]

captain_nemo [ Genera ]


odpisalem ci w watku..

28.06.2004
20:51
[5]

[GP] Loonatyk [ Centurion ]

www.wiruszone.net

I skontaktuj sie z tym gostkiem - wie wszystko na temat usuwania wirusow i spyware ! Jego GG : 500005

28.06.2004
21:10
[6]

Walker_ [ Chor嘀y ]

Wywal wszystko co zaczyna si na literk R. Pomo瞠.

06.07.2004
22:06
smile
[7]

Chertan [ Junior ]

Witam

Usu nasepuj鉍e linie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

Przeskanuj np SpyKillerem i wy章cz opcje przywracania systemu

Powinno pom鏂

© 2000-2021 GRY-OnLine S.A.