Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    ponowna prośba do netsec'a

    IP: *.neoplus.adsl.tpnet.pl 23.10.04, 19:28
    ponownie wklejam log z hijacka, zrobiłam co kazałeś , ale na moje oko to
    chyba powinam usunąć jeszcze kilka rzeczy(te wszytskie O16?)ale dzieki bogu
    nie ładuje mi się już strona startowa nieproszona..
    jesli można to prosze o rade jakas..
    dzieki z góry


    Logfile of HijackThis v1.98.2
    Scan saved at 18:48:51, on 2004-10-23
    Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Gadu-Gadu\gg.exe
    E:\WINDOWS\System32\rundll32.exe
    E:\Program Files\Norton AntiVirus\navapsvc.exe
    E:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    E:\WINDOWS\System32\nvsvc32.exe
    C:\xp-AntiSpy\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.onet.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    E:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    E:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
    res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    E:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
    00401C608501} - E:\WINDOWS\System32\msjava.dll
    O16 - DPF: {046A77FA-C9E9-6CE2-43AF-779D54C24FDA} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {059C78F6-DA84-73CF-E19A-265F6EAF23A9} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {3C29CF04-153C-6940-0596-7C9E7C4A865E} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {3D48DEE4-42DE-1DCE-98A7-5F4146E92859} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {3DE0A225-212F-2165-1F1E-52C85AE01815} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {3DE3E12C-14A9-468C-E501-167F3F748C43} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {3DF7F99C-7724-1B57-5FB8-27EB5758188F} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {40F9E567-8F6B-5EE3-61FA-211A283176E2} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {412700CB-5180-1AD8-9056-66D253C138AE} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {41780347-41B5-1E10-3E8F-6FBE4DB49BCB} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {43320F57-B515-0EFC-154F-65E61583FE80} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {464CD230-2DB6-1759-9F94-510119F00BAB} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {46637446-8308-3E95-7F93-30BE228E1B8A} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {46659F1F-1E72-1E40-1B3E-164B11239F17} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {46EAA29D-11E8-6992-0801-3787387F0E8B} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {46F94D63-1789-2971-3362-2C5F4D24A55A} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {480E004A-A188-3812-170E-326B0FB80388} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {485D9976-CA45-5306-171A-7BA1742C036C} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {4ACA294B-3FB5-16E6-E36F-233B5B9E7E10} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {4AF0D80F-BE8E-60D7-EFCF-09C86A7F527A} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {4C813BA4-D910-6A3B-009A-04646787AD1D} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {4D1D1284-5980-0CF0-8ABC-405205AE07F4} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {4D216787-1F34-4FDC-183C-0E4C636C5EED} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {4EB70A83-9AF5-7218-8A31-51D0679D7463} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {4EB82730-79EC-785D-1A03-54AC713929D4} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {4EC73BD9-BF66-4EF5-F1C4-7EAF060B13BD} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {526A7EAC-E8B6-580D-1441-196F43B7F70D} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {52E37927-D8C4-7C09-CEEC-65F102906350} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {53A3C77D-1594-0529-CDC3-33C527DA5502} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {576C8A6E-FC51-5C05-2D48-68B439AAEC6E} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {592506A7-70B2-016A-4C78-423220F5947D} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {59F71C8D-34B4-66DD-6EA7-26AC79030040} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {5E25643D-25C6-4871-1540-2FAD7AADF49A} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) -
    https://poczta.wp.pl/autoryzacja/mailcfg2.ocx
    O16 - DPF: {61DC7C75-A7DA-23E6-2E8E-01ED768747B6} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {6266ACAA-1C11-368C-83B5-4D2751D6C6FC} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {62D1CCEC-39AA-33E5-1AE1-447E52D1CB2C} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {63E1942F-10E5-4DC0-3022-290F5BDAEC2D} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {648D30F9-2609-66F9-A8D2-1B1B7F1454E2} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {655A13D1-A6BD-7A18-43E3-5A256695660F} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {6861B286-145B-34FA-A211-1A8F67E23AFA} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {690AEC17-6AEC-4CC3-4D2A-582951F1C90C} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {69BFBF67-456A-34E6-6C65-4E82382FB967} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {6B28C397-36A2-077A-3475-673D09B939E1} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {6C37960B-F9B6-1EBF-01BA-6D265ECB41F1} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {6EBFA827-91EE-422E-C2A0-267101DC9ACE} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {6F08DF16-BA07-517A-E0B3-6E382056ED62} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {70298DE7-C0B4-09CB-AB7A-0DCC00FEC6B9} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {70F5DC0E-9531-2A13-FA12-2F8756B8CFB1} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {723910D0-A366-7A6D-8A41-2D803C317195} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {73C7E77C-7D3A-7186-CF17-168856CED409} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {74D409C7-5358-451A-6C12-051D25959036} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {764BB3A1-4247-39B0-C6A3-4E644B7972B4} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {76CB485C-B89B-29E4-807F-182F6FE8105E} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {7CBBA007-D3FD-7F3E-B7B7-6A8453EAEE92} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {7E8BEB85-8FB7-05B8-B9D1-408E7D65560E} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {7FEF0F87-641B-314B-D9BA-55C719CC7874} -
    http://213.159.117.150/1/rdgPL10.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
    Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
    http://skaner.mks.com.pl/SkanerOnline.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
    http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322

    Obserwuj wątek
      • netsec Re: ponowna prośba do netsec'a 23.10.04, 22:56
        Dokładnie usuń w HiJackThis te pozycje:
        O16 - DPF: {046A77FA-C9E9-6CE2-43AF-779D54C24FDA} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {059C78F6-DA84-73CF-E19A-265F6EAF23A9} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {3C29CF04-153C-6940-0596-7C9E7C4A865E} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {3D48DEE4-42DE-1DCE-98A7-5F4146E92859} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {3DE0A225-212F-2165-1F1E-52C85AE01815} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {3DE3E12C-14A9-468C-E501-167F3F748C43} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {3DF7F99C-7724-1B57-5FB8-27EB5758188F} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {40F9E567-8F6B-5EE3-61FA-211A283176E2} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {412700CB-5180-1AD8-9056-66D253C138AE} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {41780347-41B5-1E10-3E8F-6FBE4DB49BCB} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {43320F57-B515-0EFC-154F-65E61583FE80} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {464CD230-2DB6-1759-9F94-510119F00BAB} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {46637446-8308-3E95-7F93-30BE228E1B8A} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {46659F1F-1E72-1E40-1B3E-164B11239F17} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {46EAA29D-11E8-6992-0801-3787387F0E8B} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {46F94D63-1789-2971-3362-2C5F4D24A55A} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {480E004A-A188-3812-170E-326B0FB80388} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {485D9976-CA45-5306-171A-7BA1742C036C} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {4ACA294B-3FB5-16E6-E36F-233B5B9E7E10} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {4AF0D80F-BE8E-60D7-EFCF-09C86A7F527A} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {4C813BA4-D910-6A3B-009A-04646787AD1D} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {4D1D1284-5980-0CF0-8ABC-405205AE07F4} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {4D216787-1F34-4FDC-183C-0E4C636C5EED} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {4EB70A83-9AF5-7218-8A31-51D0679D7463} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {4EB82730-79EC-785D-1A03-54AC713929D4} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {4EC73BD9-BF66-4EF5-F1C4-7EAF060B13BD} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {526A7EAC-E8B6-580D-1441-196F43B7F70D} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {52E37927-D8C4-7C09-CEEC-65F102906350} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {53A3C77D-1594-0529-CDC3-33C527DA5502} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {576C8A6E-FC51-5C05-2D48-68B439AAEC6E} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {592506A7-70B2-016A-4C78-423220F5947D} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {59F71C8D-34B4-66DD-6EA7-26AC79030040} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {5E25643D-25C6-4871-1540-2FAD7AADF49A} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) -
        https://poczta.wp.pl/autoryzacja/mailcfg2.ocx
        O16 - DPF: {61DC7C75-A7DA-23E6-2E8E-01ED768747B6} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {6266ACAA-1C11-368C-83B5-4D2751D6C6FC} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {62D1CCEC-39AA-33E5-1AE1-447E52D1CB2C} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {63E1942F-10E5-4DC0-3022-290F5BDAEC2D} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {648D30F9-2609-66F9-A8D2-1B1B7F1454E2} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {655A13D1-A6BD-7A18-43E3-5A256695660F} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {6861B286-145B-34FA-A211-1A8F67E23AFA} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {690AEC17-6AEC-4CC3-4D2A-582951F1C90C} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {69BFBF67-456A-34E6-6C65-4E82382FB967} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {6B28C397-36A2-077A-3475-673D09B939E1} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {6C37960B-F9B6-1EBF-01BA-6D265ECB41F1} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {6EBFA827-91EE-422E-C2A0-267101DC9ACE} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {6F08DF16-BA07-517A-E0B3-6E382056ED62} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {70298DE7-C0B4-09CB-AB7A-0DCC00FEC6B9} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {70F5DC0E-9531-2A13-FA12-2F8756B8CFB1} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {723910D0-A366-7A6D-8A41-2D803C317195} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {73C7E77C-7D3A-7186-CF17-168856CED409} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {74D409C7-5358-451A-6C12-051D25959036} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {764BB3A1-4247-39B0-C6A3-4E644B7972B4} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {76CB485C-B89B-29E4-807F-182F6FE8105E} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {7CBBA007-D3FD-7F3E-B7B7-6A8453EAEE92} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {7E8BEB85-8FB7-05B8-B9D1-408E7D65560E} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {7FEF0F87-641B-314B-D9BA-55C719CC7874} -
        http://213.159.117.150/1/rdgPL10.exe
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
        Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        http://skaner.mks.com.pl/SkanerOnline.cab
        O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class

        i wklej nowy log.

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.