Prośba o sprawdzenie loga


(Błażej) #1

Logfile of HijackThis v1.99.1

Scan saved at 16:26:09, on 05-04-11

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\RUNSERVICE.EXE

C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_MON.EXE

C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\RunDLL.exe

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE

C:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\PERFECT SERIES\OPTICAL MOUSE\3.0\MOUSE32A.EXE

C:\PROGRAM FILES\MKS\TEMP\UPD_INST.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_MENU.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_SCAN.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.neostrada.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O1 - Hosts: 80.72.33.110 7exe.wuup.com #2004-12-04 20:14:18

O1 - Hosts: 217.17.46.250 adserver.gadu-gadu.pl #2004-12-04 20:14:18

O1 - Hosts: 217.153.145.235 allegro.pl #2004-12-05 15:26:56

O1 - Hosts: 69.50.241.67 anime-jin.net #2004-12-07 14:00:21

O1 - Hosts: 62.89.101.156 archiwum.pszczolek.com #2004-12-07 14:00:21

O1 - Hosts: 193.110.120.7 arte.internetdsl.pl #2004-12-04 20:14:18

O1 - Hosts: 195.116.130.237 biegajznami.pl #2004-12-07 14:00:21

O1 - Hosts: 64.237.54.98 bigmouthfulls.bangbros1.com #2004-12-04 20:14:18

O1 - Hosts: 62.129.249.128 byss.home.pl #2004-12-04 20:14:19

O1 - Hosts: 217.115.142.116 ed2k.2x4u.de #2004-12-04 20:14:19

O1 - Hosts: 64.237.45.66 erotic.goo.pl #2004-12-04 20:14:19

O1 - Hosts: 67.18.29.158 exit.sexarchiwum.pl #2004-12-04 20:14:19

O1 - Hosts: 193.17.41.24 f.kuchnia.o2.pl #2004-12-04 20:14:19

O1 - Hosts: 80.237.203.106 film.gildia.com #2004-12-07 14:00:21

O1 - Hosts: 212.77.99.3 film.wp.pl #2004-12-05 15:26:56

O1 - Hosts: 65.254.54.122 filmiki-flash.ad.warszawa.pl #2004-12-07 14:00:21

O1 - Hosts: 64.237.45.66 filmy.sexraj.pl #2004-12-04 20:14:19

O1 - Hosts: 64.237.45.66 filmy-erotyczne.joo.pl #2004-12-13 19:25:29

O1 - Hosts: 62.111.180.24 forum.dobreprogramy.pl #2004-12-04 20:14:19

O1 - Hosts: 64.94.17.96 freehost07.websamba.com #2004-12-04 20:14:19

O1 - Hosts: 64.237.45.66 galerie.xfotka.pl #2004-12-07 14:00:21

O1 - Hosts: 213.180.130.210 gronet.tenbit.pl #2004-12-04 20:14:19

O1 - Hosts: 212.77.100.5 gwiazdy.wp.pl #2004-12-04 20:14:20

O1 - Hosts: 69.22.140.68 happytee.mondominishows.com #2004-12-13 19:25:29

O1 - Hosts: 63.251.52.89 happytreefriends.atomfilms.com #2004-12-13 19:25:29

O1 - Hosts: 69.22.140.68 happytreefriends.com #2004-12-13 19:25:29

O1 - Hosts: 66.55.133.195 hot.wetpussyclub.net #2004-12-13 19:25:29

O1 - Hosts: 62.111.180.21 infojama.pl #2004-12-04 20:14:20

O1 - Hosts: 66.55.136.243 insiderpress.pl #2004-12-07 14:00:24

O1 - Hosts: 207.44.160.17 isg09.casalemedia.com #2004-12-13 19:25:29

O1 - Hosts: 209.249.116.141 java.sun.com #2004-12-04 20:14:20

O1 - Hosts: 212.77.100.212 katalog.wp.pl #2004-12-05 15:26:56

O1 - Hosts: 193.17.41.71 ko.kurnik.pl #2004-12-04 20:14:20

O1 - Hosts: 212.77.99.4 ksiazki.wp.pl #2004-12-04 20:14:20

O1 - Hosts: 217.79.151.50 kup.nawijka.wp.pl #2004-12-04 20:14:20

O1 - Hosts: 216.127.82.139 landhell.fpp.pl #2004-12-13 19:25:30

O1 - Hosts: 62.87.136.4 magazyn.chip.pl #2004-12-04 20:14:20

O1 - Hosts: 66.90.81.58 mariusz.piwko.pl #2004-12-07 14:00:24

O1 - Hosts: 217.17.36.244 megapanel.gem.pl #2004-12-04 20:14:20

O1 - Hosts: 212.78.204.20 members.lycos.co.uk #2004-12-07 14:00:24

O1 - Hosts: 64.237.45.66 modelki.sexraj.pl #2004-12-13 19:25:30

O1 - Hosts: 217.153.145.235 moto.allegro.pl #2004-12-04 20:14:20

O1 - Hosts: 212.77.100.219 moto.wp.pl #2004-12-05 15:26:56

O1 - Hosts: 212.77.100.168 muzyka.wp.pl #2004-12-04 20:14:20

O1 - Hosts: 212.77.100.167 nawijka.wp.pl #2004-12-04 20:14:20

O1 - Hosts: 195.117.3.84 onephoto.net #2004-12-07 14:00:24

O1 - Hosts: 64.237.45.66 panienki.goo.pl #2004-12-04 20:14:20

O1 - Hosts: 213.218.116.224 partner.wapster.pl #2004-12-04 20:14:20

O1 - Hosts: 213.180.130.206 poczta.onet.pl #2004-12-13 19:25:30

O1 - Hosts: 64.237.45.66 polki-amatorki.goo.pl #2004-12-04 20:14:21

O1 - Hosts: 66.79.179.130 porno.int.pl #2004-12-13 19:25:30

O1 - Hosts: 217.17.44.36 prace.sciaga.pl #2004-12-04 20:14:21

O1 - Hosts: 66.35.250.217 prdownloads.sf.net #2004-12-04 20:14:21

O1 - Hosts: 194.67.1.14 public.ag.ru #2004-12-04 20:14:21

O1 - Hosts: 69.20.69.171 results.cafefind.net #2004-12-04 20:14:21

O1 - Hosts: 212.182.102.165 retro.scene.pl #2004-12-04 20:14:21

O1 - Hosts: 207.44.236.81 sadurski.com #2004-12-07 14:00:24

O1 - Hosts: 193.42.231.67 serwisy.gazeta.pl #2004-12-07 14:00:24

O1 - Hosts: 67.15.36.25 sexfoto.js.pl #2004-12-04 20:14:21

O1 - Hosts: 64.237.45.66 sexmix.pl #2004-12-04 20:14:21

O1 - Hosts: 217.153.57.226 skutery-tuning.pl #2004-12-04 20:14:21

O1 - Hosts: 212.77.100.126 sport.wp.pl #2004-12-05 15:26:56

O1 - Hosts: 66.117.8.10 static.filefront.com #2004-12-13 19:25:30

O1 - Hosts: 212.77.100.224 tv.wp.pl #2004-12-04 20:14:21

O1 - Hosts: 193.109.91.135 viper.pl #2004-12-05 15:26:56

O1 - Hosts: 217.17.41.94 web.gadu-gadu.pl #2004-12-04 20:14:21

O1 - Hosts: 213.205.40.9 web.volftp.mondadori.com #2004-12-04 20:14:21

O1 - Hosts: 207.46.248.113 windowsmedia.com #2004-12-04 20:14:21

O1 - Hosts: 212.77.100.167 wpkontakt.wp.pl #2004-12-04 20:14:21

O1 - Hosts: 195.206.96.72 http://www.1313sex.info #2004-12-04 20:14:22

O1 - Hosts: 193.110.120.7 http://www.21.neostrada.pl #2004-12-04 20:14:22

O1 - Hosts: 207.44.228.33 http://www.ahvids.com #2004-12-07 14:00:24

O1 - Hosts: 217.153.145.235 http://www.allegro.pl #2004-12-04 20:14:22

O1 - Hosts: 66.250.30.140 http://www.anime-gratis.com #2004-12-07 14:00:25

O1 - Hosts: 38.113.198.90 http://www.anime-site.com #2004-12-07 14:00:25

O1 - Hosts: 193.110.121.251 http://www.bajer.pl #2004-12-07 14:00:25

O1 - Hosts: 64.237.45.66 http://www.barti.xfotka.pl #2004-12-13 19:25:30

O1 - Hosts: 69.20.69.171 http://www.benews.net #2004-12-04 20:14:22

O1 - Hosts: 67.15.42.25 http://www.bikepics.com #2004-12-04 20:14:22

O1 - Hosts: 213.181.194.207 http://www.brobin.com.pl #2004-12-07 14:00:25

O1 - Hosts: 212.85.112.177 http://www.bron.pl #2004-12-04 20:14:22

O1 - Hosts: 81.21.192.133 http://www.carlsberg.pl #2004-12-04 20:14:22

O1 - Hosts: 194.42.46.64 http://www.cartoons.pl #2004-12-07 14:00:25

O1 - Hosts: 64.237.37.222 http://www.cartoons-pic.com #2004-12-07 14:00:25

O1 - Hosts: 67.15.36.34 http://www.cda.up.pl #2004-12-04 20:14:22

O1 - Hosts: 216.39.82.50 http://www.celebritymoviearchive.com #2004-12-13 19:25:30

O1 - Hosts: 67.19.120.140 http://www.celebs.pl #2004-12-04 20:14:22

O1 - Hosts: 64.237.45.66 http://www.cipki.sex.buja.pl #2004-12-13 19:25:30

O1 - Hosts: 213.219.122.23 http://www.clinofob.com #2004-12-07 14:00:26

O1 - Hosts: 212.127.66.209 http://www.cojestgrane.pl #2004-12-07 14:00:26

O1 - Hosts: 12.129.204.104 http://www.comeddy.com #2004-12-07 14:00:26

O1 - Hosts: 67.15.36.34 http://www.darmowe-filmy.pl #2004-12-04 20:14:22

O1 - Hosts: 207.234.147.69 http://www.emuzyka.pl #2004-12-04 20:14:22

O1 - Hosts: 217.74.64.33 http://www.enigmapolice.pl #2004-12-04 20:14:22

O1 - Hosts: 80.72.33.110 http://www.eqi.pl #2004-12-04 20:14:22

O1 - Hosts: 66.90.81.57 http://www.evol.private.pl #2004-12-04 20:14:22

O1 - Hosts: 69.20.69.171 http://www.exactsearch.net #2004-12-04 20:14:22

O1 - Hosts: 195.149.224.205 http://www.fifa2005.hk.pl #2004-12-13 19:25:30

O1 - Hosts: 67.19.119.6 http://www.fifaserwis.com #2004-12-04 20:14:22

O1 - Hosts: 64.237.45.66 http://www.filmy.sexraj.pl #2004-12-04 20:14:22

O1 - Hosts: 64.237.45.66 http://www.filmy-erotyczne.xxxlaski.com #2004-12-13 19:25:30

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL

O4 - HKLM..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe

O4 - HKLM..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe

O4 - HKLM..\Run: [mqqbqsi] C:\WINDOWS\SYSTEM\FILOHVD.EXE

O4 - HKLM..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe

O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM..\RunServices: [LicCtrl] runservice.exe

O4 - HKLM..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE

O4 - HKCU..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU..\Run: [WINCOOL.EXE] C:\PROGRAM FILES\WINTERCOOLER\WINCOOL.EXE

O4 - HKCU..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU..\RunServices: [WINCOOL.EXE] C:\PROGRAM FILES\WINTERCOOLER\WINCOOL.EXE

O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: ProRat V1.8 - {89999700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL

O9 - Extra 'Tools' menuitem: ProRat V1.8 - {89999700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/autoryzacja/mailcfg.ocx

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_36.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_61.cab

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab

O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_23.cab

O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_7.cab

O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/C ... ENoMFC.cab

O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)


(Kuz5) #2

Usuń w trybie awaryjnym :

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page 

R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) 

O1 - Hosts: 80.72.33.110 7exe.wuup.com #2004-12-04 20:14:18 

O1 - Hosts: 217.17.46.250 adserver.gadu-gadu.pl #2004-12-04 20:14:18 

O1 - Hosts: 217.153.145.235 allegro.pl #2004-12-05 15:26:56 

O1 - Hosts: 69.50.241.67 anime-jin.net #2004-12-07 14:00:21 

O1 - Hosts: 62.89.101.156 archiwum.pszczolek.com #2004-12-07 14:00:21 

O1 - Hosts: 193.110.120.7 arte.internetdsl.pl #2004-12-04 20:14:18 

O1 - Hosts: 195.116.130.237 biegajznami.pl #2004-12-07 14:00:21 

O1 - Hosts: 64.237.54.98 bigmouthfulls.bangbros1.com #2004-12-04 20:14:18 

O1 - Hosts: 62.129.249.128 byss.home.pl #2004-12-04 20:14:19 

O1 - Hosts: 217.115.142.116 ed2k.2x4u.de #2004-12-04 20:14:19 

O1 - Hosts: 64.237.45.66 erotic.goo.pl #2004-12-04 20:14:19 

O1 - Hosts: 67.18.29.158 exit.sexarchiwum.pl #2004-12-04 20:14:19 

O1 - Hosts: 193.17.41.24 f.kuchnia.o2.pl #2004-12-04 20:14:19 

O1 - Hosts: 80.237.203.106 film.gildia.com #2004-12-07 14:00:21 

O1 - Hosts: 212.77.99.3 film.wp.pl #2004-12-05 15:26:56 

O1 - Hosts: 65.254.54.122 filmiki-flash.ad.warszawa.pl #2004-12-07 14:00:21 

O1 - Hosts: 64.237.45.66 filmy.sexraj.pl #2004-12-04 20:14:19 

O1 - Hosts: 64.237.45.66 filmy-erotyczne.joo.pl #2004-12-13 19:25:29 

O1 - Hosts: 62.111.180.24 forum.dobreprogramy.pl #2004-12-04 20:14:19 

O1 - Hosts: 64.94.17.96 freehost07.websamba.com #2004-12-04 20:14:19 

O1 - Hosts: 64.237.45.66 galerie.xfotka.pl #2004-12-07 14:00:21 

O1 - Hosts: 213.180.130.210 gronet.tenbit.pl #2004-12-04 20:14:19 

O1 - Hosts: 212.77.100.5 gwiazdy.wp.pl #2004-12-04 20:14:20 

O1 - Hosts: 69.22.140.68 happytee.mondominishows.com #2004-12-13 19:25:29 

O1 - Hosts: 63.251.52.89 happytreefriends.atomfilms.com #2004-12-13 19:25:29 

O1 - Hosts: 69.22.140.68 happytreefriends.com #2004-12-13 19:25:29 

O1 - Hosts: 66.55.133.195 hot.wetpussyclub.net #2004-12-13 19:25:29 

O1 - Hosts: 62.111.180.21 infojama.pl #2004-12-04 20:14:20 

O1 - Hosts: 66.55.136.243 insiderpress.pl #2004-12-07 14:00:24 

O1 - Hosts: 207.44.160.17 isg09.casalemedia.com #2004-12-13 19:25:29 

O1 - Hosts: 209.249.116.141 java.sun.com #2004-12-04 20:14:20 

O1 - Hosts: 212.77.100.212 katalog.wp.pl #2004-12-05 15:26:56 

O1 - Hosts: 193.17.41.71 ko.kurnik.pl #2004-12-04 20:14:20 

O1 - Hosts: 212.77.99.4 ksiazki.wp.pl #2004-12-04 20:14:20 

O1 - Hosts: 217.79.151.50 kup.nawijka.wp.pl #2004-12-04 20:14:20 

O1 - Hosts: 216.127.82.139 landhell.fpp.pl #2004-12-13 19:25:30 

O1 - Hosts: 62.87.136.4 magazyn.chip.pl #2004-12-04 20:14:20 

O1 - Hosts: 66.90.81.58 mariusz.piwko.pl #2004-12-07 14:00:24 

O1 - Hosts: 217.17.36.244 megapanel.gem.pl #2004-12-04 20:14:20 

O1 - Hosts: 212.78.204.20 members.lycos.co.uk #2004-12-07 14:00:24 

O1 - Hosts: 64.237.45.66 modelki.sexraj.pl #2004-12-13 19:25:30 

O1 - Hosts: 217.153.145.235 moto.allegro.pl #2004-12-04 20:14:20 

O1 - Hosts: 212.77.100.219 moto.wp.pl #2004-12-05 15:26:56 

O1 - Hosts: 212.77.100.168 muzyka.wp.pl #2004-12-04 20:14:20 

O1 - Hosts: 212.77.100.167 nawijka.wp.pl #2004-12-04 20:14:20 

O1 - Hosts: 195.117.3.84 onephoto.net #2004-12-07 14:00:24 

O1 - Hosts: 64.237.45.66 panienki.goo.pl #2004-12-04 20:14:20 

O1 - Hosts: 213.218.116.224 partner.wapster.pl #2004-12-04 20:14:20 

O1 - Hosts: 213.180.130.206 poczta.onet.pl #2004-12-13 19:25:30 

O1 - Hosts: 64.237.45.66 polki-amatorki.goo.pl #2004-12-04 20:14:21 

O1 - Hosts: 66.79.179.130 porno.int.pl #2004-12-13 19:25:30 

O1 - Hosts: 217.17.44.36 prace.sciaga.pl #2004-12-04 20:14:21 

O1 - Hosts: 66.35.250.217 prdownloads.sf.net #2004-12-04 20:14:21 

O1 - Hosts: 194.67.1.14 public.ag.ru #2004-12-04 20:14:21 

O1 - Hosts: 69.20.69.171 results.cafefind.net #2004-12-04 20:14:21 

O1 - Hosts: 212.182.102.165 retro.scene.pl #2004-12-04 20:14:21 

O1 - Hosts: 207.44.236.81 sadurski.com #2004-12-07 14:00:24 

O1 - Hosts: 193.42.231.67 serwisy.gazeta.pl #2004-12-07 14:00:24 

O1 - Hosts: 67.15.36.25 sexfoto.js.pl #2004-12-04 20:14:21 

O1 - Hosts: 64.237.45.66 sexmix.pl #2004-12-04 20:14:21 

O1 - Hosts: 217.153.57.226 skutery-tuning.pl #2004-12-04 20:14:21 

O1 - Hosts: 212.77.100.126 sport.wp.pl #2004-12-05 15:26:56 

O1 - Hosts: 66.117.8.10 static.filefront.com #2004-12-13 19:25:30 

O1 - Hosts: 212.77.100.224 tv.wp.pl #2004-12-04 20:14:21 

O1 - Hosts: 193.109.91.135 viper.pl #2004-12-05 15:26:56 

O1 - Hosts: 217.17.41.94 web.gadu-gadu.pl #2004-12-04 20:14:21 

O1 - Hosts: 213.205.40.9 web.volftp.mondadori.com #2004-12-04 20:14:21 

O1 - Hosts: 207.46.248.113 windowsmedia.com #2004-12-04 20:14:21 

O1 - Hosts: 212.77.100.167 wpkontakt.wp.pl #2004-12-04 20:14:21 

O1 - Hosts: 195.206.96.72 www.1313sex.info #2004-12-04 20:14:22 

O1 - Hosts: 193.110.120.7 www.21.neostrada.pl #2004-12-04 20:14:22 

O1 - Hosts: 207.44.228.33 www.ahvids.com #2004-12-07 14:00:24 

O1 - Hosts: 217.153.145.235 www.allegro.pl #2004-12-04 20:14:22 

O1 - Hosts: 66.250.30.140 www.anime-gratis.com #2004-12-07 14:00:25 

O1 - Hosts: 38.113.198.90 www.anime-site.com #2004-12-07 14:00:25 

O1 - Hosts: 193.110.121.251 www.bajer.pl #2004-12-07 14:00:25 

O1 - Hosts: 64.237.45.66 www.barti.xfotka.pl #2004-12-13 19:25:30 

O1 - Hosts: 69.20.69.171 www.benews.net #2004-12-04 20:14:22 

O1 - Hosts: 67.15.42.25 www.bikepics.com #2004-12-04 20:14:22 

O1 - Hosts: 213.181.194.207 www.brobin.com.pl #2004-12-07 14:00:25 

O1 - Hosts: 212.85.112.177 www.bron.pl #2004-12-04 20:14:22 

O1 - Hosts: 81.21.192.133 www.carlsberg.pl #2004-12-04 20:14:22 

O1 - Hosts: 194.42.46.64 www.cartoons.pl #2004-12-07 14:00:25 

O1 - Hosts: 64.237.37.222 www.cartoons-pic.com #2004-12-07 14:00:25 

O1 - Hosts: 67.15.36.34 www.cda.up.pl #2004-12-04 20:14:22 

O1 - Hosts: 216.39.82.50 www.celebritymoviearchive.com #2004-12-13 19:25:30 

O1 - Hosts: 67.19.120.140 www.celebs.pl #2004-12-04 20:14:22 

O1 - Hosts: 64.237.45.66 www.cipki.sex.buja.pl #2004-12-13 19:25:30 

O1 - Hosts: 213.219.122.23 www.clinofob.com #2004-12-07 14:00:26 

O1 - Hosts: 212.127.66.209 www.cojestgrane.pl #2004-12-07 14:00:26 

O1 - Hosts: 12.129.204.104 www.comeddy.com #2004-12-07 14:00:26 

O1 - Hosts: 67.15.36.34 www.darmowe-filmy.pl #2004-12-04 20:14:22 

O1 - Hosts: 207.234.147.69 www.emuzyka.pl #2004-12-04 20:14:22 

O1 - Hosts: 217.74.64.33 www.enigmapolice.pl #2004-12-04 20:14:22 

O1 - Hosts: 80.72.33.110 www.eqi.pl #2004-12-04 20:14:22 

O1 - Hosts: 66.90.81.57 www.evol.private.pl #2004-12-04 20:14:22 

O1 - Hosts: 69.20.69.171 www.exactsearch.net #2004-12-04 20:14:22 

O1 - Hosts: 195.149.224.205 www.fifa2005.hk.pl #2004-12-13 19:25:30 

O1 - Hosts: 67.19.119.6 www.fifaserwis.com #2004-12-04 20:14:22 

O1 - Hosts: 64.237.45.66 www.filmy.sexraj.pl #2004-12-04 20:14:22 

O1 - Hosts: 64.237.45.66 www.filmy-erotyczne.xxxlaski.com #2004-12-13 19:25:30 

O4 - HKLM\..\Run: [mqqbqsi] C:\WINDOWS\SYSTEM\FILOHVD.EXE 

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s 

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Wpisy 010 usuwasz programem :arrow: LSPFix (odpal program i napisz nazwy plików jakie znajdą sie w sekwencji Keep a my ci powiemy jaki plik i jak go usunąć )

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net

Na koniec wklej nowego loga


(Qbek50) #3

na koniec radzę przejechać kompa:

Ad-Aware:

http://dobreprogramy.pl/index.php?dz=2&id=107&t=55

SpyBot Search&Destroy:

Trojan Scan:

http://www.windowsecurity.com/trojanscan/

PestPatrol:

http://www.idg.pl/ftp/pobierz/pc/3538.html

wywalić syf i dać ponownego loga do kontroli :stuck_out_tongue:


(Błażej) #4

Oto one:

rnr20.dll

newdotnet6_38.dll

mswsosp.dll

msafd.dll

rsvpsp.dll

i jeszcze jedno. Jak usunąć tamte wpisy w trybie awaryjnym ?


(boczi) #5

Włączając Hijacka i klikając, "zaptaszając" wybrane i klikając Fix.

To usuń.


(Damian) #6

Tylko, że programem LspFIX


(Błażej) #7

A teraz jak ?

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\RUNSERVICE.EXE

C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_MENU.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_MON.EXE

C:\PROGRAM FILES\MKS\BIN\ABREGMON.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\LVCOMS.EXE

C:\WINDOWS\RunDLL.exe

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\MKS\BIN\MKS_SCAN.EXE

C:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE

C:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.neostrada.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL

O4 - HKLM..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

O4 - HKLM..\Run: [MKS_MON] C:\Program Files\MKS\Bin\mks_mon.exe

O4 - HKLM..\Run: [ABREGMON] C:\PROGRAM FILES\MKS\BIN\ABregmon.exe

O4 - HKLM..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe

O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM..\RunServices: [LicCtrl] runservice.exe

O4 - HKLM..\RunServices: [ABNetMon] C:\PROGRAM FILES\MKS\BIN\NETMONSV.EXE

O4 - HKCU..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU..\Run: [WINCOOL.EXE] C:\PROGRAM FILES\WINTERCOOLER\WINCOOL.EXE

O4 - HKCU..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY

O4 - HKCU..\RunServices: [WINCOOL.EXE] C:\PROGRAM FILES\WINTERCOOLER\WINCOOL.EXE

O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm

O9 - Extra button: ProRat V1.8 - {89999700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL

O9 - Extra 'Tools' menuitem: ProRat V1.8 - {89999700-cba3-4071-b251-47cb894244cd} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) - http://poczta.wp.pl/autoryzacja/mailcfg.ocx

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_36.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_61.cab

O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab

O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_23.cab

O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_7.cab

O16 - DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} (Creative Product Registration ActiveX Control Module) - http://www.creative.com/register/OCXs/C ... ENoMFC.cab

O21 - SSODL: DDE Control Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)


(Qbek50) #8

kasacja:

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

tym:

http://www.cexx.org/lspfix.htm

jeszcze to:

O4 - HKLM..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s


(Kuz5) #9

Widze że nie skasowałeś za pomocą programu LSP-Fix pliku newdotnet6_38.dll także skasuj go.

Odpal LSP-Fix zaznacz "I know what I'm doing" następnie w okienku Keep zaznacz plik który chcesz usunąć i za pomocą strzałki (>>) przenieś go do okienka Remover i kliknij Finish