Log Hijackthis - moze ktos pomoc?


(Ksynon) #1

Witam.

Mam taki problem. Uzywam IE ( teraz Opere, bo IE ma jakiegos robaka co zmienia mi strone startowa. ). IE jest mi potrzebny do obslugi pewnej strony :slight_smile: Nie dziala ona ani pod Opera ani pod Netscape.... Kombinowalem juz wszystkiego, CWShredera, scanowalem system roznymi antywirusami i nic. Wykonalem takze test programem Hijackthis. Moze ktos pomoze znalesc mi w logu blad, co mam usunac etc. Dzieki za kazda pomoc.

Oto log:

Logfile of HijackThis v1.98.1

Scan saved at 10:35:31, on 2004-08-03

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\sstray.exe

C:\WINDOWS\System32\atiptaxx.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

G:\Internet\PopUp Killer\PopUpKiller.EXE

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\System32\Tablet.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

G:\Internet\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\rundll32.exe

G:\Internet\GetRight\getright.exe

C:\WINDOWS\twain_32\CIS600X\WATCH.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Opera7\opera.exe

G:\Multimedia\Winamp\winamp.exe

G:\Internet\The Bat\thebat.exe

C:\WINDOWS\System32\wuauclt.exe

C:\TotalCmd\TOTALCMD.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\DOCUME~1\root\USTAWI~1\Temp\_tc\HIJACK~1.EXE


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\

R3 - URLSearchHook: HyperSearchHook - {5FD3B5CD-F19C-4B81-A0F2-DA5D629568B6} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll

O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [PopUpKiller] G:\Internet\PopUp Killer\PopUpKiller.EXE

O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunServices: [TrojanShield Protector] C:\Program Files\TrojanShield\Port.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "G:\Internet\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\Warez.exe" -h

O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\CIS600X\WATCH.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = G:\Internet\GetRight\getright.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - G:\Internet\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - G:\Internet\GetRight\GRbrowse.htm

O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by WebHancer

O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://super-gals.com/scj/rotation/templates/um2/x.chm::/ad.exe

O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7ADAE5BE-2059-4054-87F9-1DDDB8621B7E}: NameServer = 194.204.152.34 217.98.63.164

(lazikar) #2

Saviola kolega pisze 偶e pr贸bowa艂 ju偶

Teraz prosi o sprawdzenie loga. :?


(Ksynon) #3

Jezeli to mozliwe, to prosze niech ktos przeanalizuje log, bo mi on nic nie mowi... Dzieki.


(system) #4

Cz艂owieku, ale tego na艂apa艂e艣.

Poni偶ej to, co ja bym usun膮艂 bez wahania.

Mo偶e zg艂osi si臋 jeszcze Phylby.

Msz ch艂opie trojana:

C:\WINDOWS\SM1BG.EXE

To Ci niepotrzebne:

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\ctfmon.exe

Usu艅:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com 

R3 - URLSearchHook: HyperSearchHook - {5FD3B5CD-F19C-4B81-A0F2-DA5D629568B6} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll 


O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll

O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll 

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll

Z autostartu wywal:

SM1BG.EXE

C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

O4 - HKLM\..\RunServices: [TrojanShield Protector] C:\Program Files\TrojanShield\Port.exe

(nast臋pny trojan) Przecie偶 masz napisane jak w贸艂:

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by WebHancer

(Adarek) #5

Wy艂anczasz przywracanie system.

Naciskasz Fix i usuwasz

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com 

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\ 

R3 - URLSearchHook: HyperSearchHook - {5FD3B5CD-F19C-4B81-A0F2-DA5D629568B6} - C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll

Jakie艣 badziewne dodatki - usuwasz

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll 

O2 - BHO: HyperBHO - {4B2F5308-2CB0-40E2-8030-59936ED5D22C} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll 

O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll

Blokujesz reklamy z real player

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Blokada na IE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

dalej

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

to jest straszny badziew nazywa sie WebHancer:

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by WebHancer 

O10 - Hijacked Internet access by WebHancer 

O10 - Hijacked Internet access by WebHancer 

O10 - Hijacked Internet access by WebHancer 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by WebHancer

Jeszcz e wpisy szpieg贸w

JeO16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://super-gals.com/scj/rotation/templates/um2/x.chm::/ad.exe 

O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab 

Jszcz e wpisy szpieg贸w

Powszystkim restartujesz kompa , robisz scan i wklejasz nowego tu loga i m贸wisz jak sie komp i IE zachowuje. To wzsystko przez programy p2p i Yahoo! Tego nie ruszaj - na razie

C:\WINDOWS\SM1BG.EXE

To co艣 od USB ? wiesz??http://www.windowsstartup.com/wso/detail.php?id=3759Tego te偶 nie ruszaj

O4 - HKLM\..\RunServices: [TrojanShield Protector] C:\Program Files\TrojanShield\Port.exe )

To nie 偶den trojan jak pisz dedlus tylko co艣 odwrotnego

TrojanShield -Anti-Trojan


(fiesta) #6

Cytowany przez Lazikara OT :arrow: KOSZ


(system) #7

Faktycznie pomyli艂em si臋 z tym

SM1BG.EXE. To co艣 z iTunes albo Napstera.

No, ale port.exe to syf:

http://www.pestpatrol.com/PestInfo/G/GateCrasher.asp


(Adarek) #8
No, ale port.exe to syf:

Nie to jest z programu TrojanShield

http://www.centrumxp.pl/download/progra ... php?id=134

Pisze - TrojanShield Protector -wydaje mi sie zdzia艂a艂 na port .exe i juz

go nie ma.


(Ksynon) #9

Zrobilem to co napisaliscie, jednak nie usunalem takich elementow jak new.net czy webhancer, poniewaz nie mozna ich usunac ( po usunieciu i tak widnieja na liscie ). Co zrobic?

Oto log:

Logfile of HijackThis v1.98.1

Scan saved at 08:55:01, on 2004-08-04

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\System32\Tablet.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\sstray.exe

C:\WINDOWS\System32\atiptaxx.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

G:\Internet\PopUp Killer\PopUpKiller.EXE

C:\WINDOWS\SM1BG.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

G:\Internet\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Warez P2P Client\Warez.exe

G:\Internet\GetRight\getright.exe

C:\WINDOWS\twain_32\CIS600X\WATCH.exe

C:\TotalCmd\TOTALCMD.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\DOCUME~1\root\USTAWI~1\Temp\_tc\HIJACK~1.EXE


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [PopUpKiller] G:\Internet\PopUp Killer\PopUpKiller.EXE

O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

O4 - HKLM\..\RunServices: [TrojanShield Protector] C:\Program Files\TrojanShield\Port.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "G:\Internet\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\Warez.exe" -h

O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\CIS600X\WATCH.exe

O4 - Global Startup: GetRight - Tray Icon.lnk = G:\Internet\GetRight\getright.exe

O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - G:\Internet\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - G:\Internet\GetRight\GRbrowse.htm

O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by WebHancer

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by WebHancer

O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

(Adarek) #10

Przeg grzebaniem w systemie pbierz te programy co napisa艂em na dole.

  1. Wy艂膮czasz Przywracanie systemu.

  2. Start do trybu awaryjnego.

  3. Fix checked w Hijacku z wyj膮tkiem wpis贸w O10

    O4 - HKLM..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

  4. Przechodzisz do Dodaj/Usu艅 i deinstalujesz soft o nazwie, New.Net.

  5. Kasujesz z C:\Program Files foldery tego dziadostwa.

  6. Przelatujesz sys jakim艣 narz臋dziem anty.

  7. Jest 藕le bo ten O10 dalej siedzi. Jest z艂amany 艂a艅cuch Winsock . Po usuni臋ciu tego syfu mo偶e pa艣膰 net.

NIE mo偶esz usuwa膰 tych wpis贸w O10 poprzez Hijacka. Musisz polecie膰 osobnym narz臋dziem winsockfix.exe.

http://www.mvps.org/winhelp2002/unwanted.htm

oraz programem

LSP-Fix.

http://www.majorgeeks.com/download4180.html


(Marona18) #11
Logfile of HijackThis v1.97.7

Scan saved at 12:54:02, on 2004-08-06

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\MKS\Bin\NetMonSv.exe

C:\Program Files\MKS\Bin\mksmonsv.exe

C:\Program Files\MKS\Bin\mks_scan.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\RunDll32.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Wanadoo\taskbaricon.exe

C:\Program Files\MKS\Bin\mks_menu.exe

C:\winread.exe

C:\WINDOWS\System32\scvhost.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\WINDOWS\System32\wamgrd.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Akademia Biznesu\Pulpit\Programy\mks vir 2004\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe

O4 - HKLM\..\Run: [Microsoft Update] muamgrd.exe

O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM\..\Run: [Services] C:\winread.exe

O4 - HKLM\..\Run: [regsrv] scvhost.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Microsoft Service Host] svchost2.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] scvhost.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Update] wamgrd.exe

O4 - HKLM\..\RunServices: [Microsoft Update] muamgrd.exe

O4 - HKLM\..\RunServices: [regsrv] scvhost.exe

O4 - HKLM\..\RunServices: [Microsoft Service Host] svchost2.exe

O4 - HKLM\..\RunServices: [Microsoft Update Machine] scvhost.exe

O4 - HKLM\..\RunServices: [Windows Update] wamgrd.exe

O4 - HKCU\..\Run: [Microsoft Update] muamgrd.exe

O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [Microsoft Service Host] svchost2.exe

O4 - HKCU\..\Run: [Microsoft Update Machine] scvhost.exe

O4 - HKCU\..\Run: [Windows Update] wamgrd.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Badanie (HKLM)

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38182.2522685185

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3942B0E-E127-441D-8307-B3741B98A81E}: NameServer = 194.204.152.34 217.98.63.164

(Adarek) #12

Masz strasznie ci臋偶ki przypadek

http://www.searchengines.pl/phpbb203/in ... opic=14185

Jesli to nowe c贸wno to tylko...


(Ksynon) #13

Zrobilem to co pisaliscie. Usunalem ssearcha z IE oraz webhancera. Zostal chyba tylko new.net. Probowalem go wywalic LSPFixem - nie doczytalem i usunalem wszystko i siadl mi TCPIP - naszczescie mialem kopie zapasowa i wszystko juz jest ok. W LSPFixie mam takie cos jak:

  • mswsock.dll ( TCPIP )

  • winrnr.dll ( NTDS )

  • NEWDOT~1.dll ( Protocol Handler )

Co mam usunac? Gdy usune ten ostatni to po uruchomieniu kompa znowu sie pojawia.

Oto moj log:

Logfile of HijackThis v1.98.1

Scan saved at 10:14:50, on 2004-08-07

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\Tablet.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\sstray.exe

C:\WINDOWS\System32\atiptaxx.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

G:\Internet\PopUp Killer\PopUpKiller.EXE

C:\WINDOWS\System32\ctfmon.exe

G:\Internet\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

G:\Internet\The Bat\thebat.exe

C:\Program Files\Opera7\opera.exe

C:\Program Files\Yahoo!\Messenger\YPager.exe

C:\TotalCmd\TOTALCMD.EXE

H:\install\HijackThis.exe


O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [New.net Startup] rundll32

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [PopUpKiller] G:\Internet\PopUp Killer\PopUpKiller.EXE

O4 - HKLM\..\RunServices: [TrojanShield Protector] C:\Program Files\TrojanShield\Port.exe

O4 - HKLM\..\RunServices: [WindowsRegKey update] 16winupdate32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "G:\Internet\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [SpywareGuard] C:\WINDOWS\system32\winproc32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunOnce: [The Bat!] G:\Internet\The Bat\thebat.exe

O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html

O8 - Extra context menu item: Download with GetRight - G:\Internet\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - G:\Internet\GetRight\GRbrowse.htm

O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7ADAE5BE-2059-4054-87F9-1DDDB8621B7E}: NameServer = 194.204.152.34 217.98.63.164

Dzieki za kazda pomoc.


(Adarek) #14

No i tym LSP-Fix nie da sie wywalic NEWDOT~1.dll ?- komp w trybie awaryjnym.