Gandalf-bia³y [ Mithrandir ]
hijackthis -- kto sie zna na tym programie ?
Mam pewien problem z about.blank i próbuje sie go pozbyc
Niech mi ktos napisze kto sie zna ktorych mam sie plikow pozbyc
Logfile of HijackThis v1.97.7
Scan saved at 12:38:48, on 2004-06-28
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\mks-onet\bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Gadu-Gadu\gg.exe
C:\Piotras\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.wp.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = £¹cza
R3 - URLSearchHook: (no name) - 0428FFC7-1931-45b7-95CB-3CBB919777E1 - (no file)
R3 - URLSearchHook: IncrediFindBHO Class - 5D60FF48-95BE-4956-B4C6-6BB168A70310 - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - 000006B1-19B5-414A-849F-2A3C64AE6939 - C:\WINDOWS\bi.dll (file missing)
O2 - BHO: (no name) - 00000EF1-0786-4633-87C6-1AA7A44296DA - C:\WINDOWS\System32\ATPART~1.DLL (file missing)
O2 - BHO: (no name) - 0000CC75-ACF3-4cac-A0A9-DD3868E06852 - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: NavErrRedir Class - 00D6A7E7-4A97-456f-848A-3B75BF7554D7 - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL (file missing)
O2 - BHO: (no name) - 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3 - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NavErrRedir Class - 5D60FF48-95BE-4956-B4C6-6BB168A70310 - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - 71ED4FBA-4024-4bbe-91DC-9704C93F453E - (no file)
O2 - BHO: (no name) - 83DE62E0-5805-11D8-9B25-00E04C60FAF2 - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - 9C691A33-7DDA-4C2F-BE4C-C176083F35CF - C:\WINDOWS\Downloaded Program Files\bridge.dll (file missing)
O2 - BHO: (no name) - BBA9637C-6B8B-463D-8011-4974F989DF0F - C:\WINDOWS\System32\gpapa.dll
O2 - BHO: (no name) - f21e06ff-ed9e-455c-89ae-a3fbd896c97d - C:\DOCUME~1\Kris\DANEAP~1\oamzouqsts.dll (file missing)
O3 - Toolbar: &Radio - 8E718888-423F-11D2-876E-00A0C9082467 - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 00000EF1-0786-4633-87C6-1AA7A44296DA (F1 Organizer Class) - https://www.addictivetechnologies.net/DM0/cab/fngrbng.cab
O16 - DPF: 018B7EC3-EECA-11D3-8E71-0000E82C6C0D (Installer Class) - https://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: 0191ABF4-9421-435E-9FFD-CD827A2A82D8 (SBITAX7Ctrl Class) - https://www.movie-browser.com/tl7000.dll
O16 - DPF: 02C20140-76F8-4763-83D5-B660107B7A90 (Moniker32 Class) - https://63.219.181.7/cax.cab
O16 - DPF: 166B1BCA-3F9C-11CF-8075-444553540000 (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: 1D6711C8-7154-40BB-8380-3DEA45B69CBF (Web P2P Installer) -
O16 - DPF: 33564D57-0000-0010-8000-00AA00389B71 - https://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: 37A49D66-2735-4BB9-8503-82BA5E2333D0 (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 - DPF: 91413D86-9F27-402C-B5E3-DEBDD122C339 - https://content2.netvenda.com/sites/games-intl/pl/games4.cab
O16 - DPF: 91433D86-9F27-402C-B5E3-DEBDD122C339 - https://www.netvenda.com/sites/games-intl/pl/games4.cab
O16 - DPF: 9AA73F41-EC64-489E-9A73-9CD52E528BC4 (ZoneAxRcMgr Class) - https://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: 9C691A33-7DDA-4C2F-BE4C-C176083F35CF (brdg Class) - https://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: 9EB320CE-BE1D-4304-A081-4B4665414BEF (MediaTicketsInstaller Control) - https://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A (WTHoster Class) - https://install.wildtangent.com/bgn/partners/nike/nikefz4/install.cab
O16 - DPF: AC120B1D-9411-4111-AF52-118052D85D45 (GINDARTS Class) - https://66.98.132.11/g_bin_eng/darts_2_0_0_21.cab
O16 - DPF: BFA1F11D-3121-AFE1-4112-894323212DAC (GINWORDS Class) - https://gryonline.wp.pl/files/words_2_0_0_11.cab
O16 - DPF: CCA6CE4C-2199-4A4F-9542-12E0163D6841 (Dialer Class) - https://sessa.isprime.com:81/tel2net/2-PL-0-1.cab
O16 - DPF: D27CDB6E-AE6D-11CF-96B8-444553540000 (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7 (MainControl Class) - https://skaner.mks.com.pl/SkanerOnline.cab
O16 - DPF: EF86873F-04C2-4A95-A373-5703C08EFC7B (Installer Class) - https://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: EFB22865-F3BC-4309-ADFA-C8E078A7F762 (SysWebTelecomInt Class) - https://www.sponsoradulto.com/en/SysWebTelecom.cab
O16 - DPF: F00F4763-7355-4725-82F7-0DA94A256D46 (IMDownloader Class) - https://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: F164ECE9-E6DF-4085-961C-083BD1809319 (Vacpro.global) - https://www.7adpower.com/dialer/global.CAB
O16 - DPF: FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1 (GINBILLARD8 Class) - https://66.98.132.156/g_bin_eng/billard8_2_0_0_17.cab
O16 - DPF: FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5 (GINSNOOKER Class) - https://66.98.132.11/g_bin_eng/snooker_2_0_0_12.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\A1DDD7F8-DE13-489C-A88D-60B53D6A4FA6: NameServer = 10.0.0.1,194.204.159.1,194.204.152.34
axelek [ Konsul ]
wejdz na te stronke, zarejestruj sie na forum i pokaz ten log dla innych ludzi oni ci powiedza co jest nietak
Gandalf-bia³y [ Mithrandir ]
axelek ---> napisz do mnie na gg jak mozesz .
captain_nemo [ Genera� ]
odpisalem ci w watku..
[GP] Loonatyk [ Centurion ]
www.wiruszone.net
I skontaktuj sie z tym gostkiem - wie wszystko na temat usuwania wirusow i spyware ! Jego GG : 500005
Walker_ [ Chor��y ]
Wywal wszystko co zaczyna siê na literkê R. Pomo¿e.
Chertan [ Junior ]
Witam
Usuñ nasepuj¹ce linie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\APOKAL~1\USTAWI~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
Przeskanuj np SpyKillerem i wy³¹cz opcje przywracania systemu
Powinno pomóc