Sprawdzi mi ktoś Hijacka?

IP: *.internetdsl.tpnet.pl 08.11.04, 11:59
Logfile of HijackThis v1.98.2
Scan saved at 12:37:06, on 04-11-05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
C:\PROGRAM FILES\WINDOWS ADTOOLS\WINRATCHET.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES1.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
C:\WINDOWS\2_0_1browserhelper2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\SYSTEM\\NVCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1
\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [LexStart] LexStart.EXE
O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS
ADTOOLS\WINADTOOLS.EXE
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\\nvsvc.exe -runservice
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM
FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) - security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
its:mhtml:file://c:\nosuxyz.mht!
213.158.119.18/auto/loudtorg.chm::/bridge-c46.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1
    • Gość: Logan Jeszcze raz proszę o pomoc. IP: *.internetdsl.tpnet.pl 10.11.04, 16:50
    • kalinowski11 Re: Sprawdzi mi ktoś Hijacka? 10.11.04, 17:15
      > O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
      > C:\WINDOWS\2_0_1browserhelper2.dll
      > O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS
      > ADTOOLS\WINADTOOLS.EXE
      > O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
      > O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
      > O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM
      > FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
      > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      > C:\WINDOWS\web\related.htm
      > O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      > 00aa003c157a} - C:\WINDOWS\web\related.htm
      > O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
      > its:mhtml:file://c:\nosuxyz.mht!
      > 213.158.119.18/auto/loudtorg.chm::/bridge-c46.cab

      To do usunięcia , ale myślę że powinien tu jeszcze zajrzeć Netsec .

      Pozdrawiam .
    • netsec Re: Sprawdzi mi ktoś Hijacka? 12.11.04, 00:52
      Usuń w Panelu sterowania Dodaj/Usuń programy Wind Updates i rabates i inne.
      Wklej nowy log z HiJack.
      • Gość: tomi Re: Sprawdzi mi ktoś Hijacka? IP: *.netkomp.net / 80.51.197.* 12.11.04, 12:14
        netsec czy moglbys podac numer gg? Chcialem ogolnie z Toba pogadac na temat
        tych wirusow na kompie.
        • netsec Re: Sprawdzi mi ktoś Hijacka? 12.11.04, 21:17
          2673785
          • Gość: Logan Re: Sprawdzi mi ktoś Hijacka? IP: *.internetdsl.tpnet.pl 15.11.04, 13:24
            Logfile of HijackThis v1.98.2
            Scan saved at 13:23:44, on 04-11-15
            Platform: Windows 98 Gold (Win9x 4.10.1998)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

            Running processes:
            C:\WINDOWS\SYSTEM\KERNEL32.DLL
            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
            C:\WINDOWS\SYSTEM\SPOOL32.EXE
            C:\WINDOWS\SYSTEM\MPREXE.EXE
            C:\WINDOWS\SYSTEM\MSTASK.EXE
            C:\WINDOWS\SYSTEM\NVSVC.EXE
            C:\WINDOWS\SYSTEM\LEXBCES.EXE
            C:\WINDOWS\SYSTEM\RPCSS.EXE
            C:\WINDOWS\SYSTEM\mmtask.tsk
            C:\WINDOWS\EXPLORER.EXE
            C:\WINDOWS\TASKMON.EXE
            C:\WINDOWS\SYSTEM\INTERNAT.EXE
            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
            C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
            C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE
            C:\PROGRAM FILES\WINDOWS ADTOOLS\WINRATCHET.EXE
            C:\TEMP\MSBB.EXE
            C:\WINDOWS\TWXIF.EXE
            C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
            C:\WINDOWS\SYSTEM\DDHELP.EXE
            C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.wp.pl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
            O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
            C:\WINDOWS\2_0_1browserhelper2.dll
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\SYSTEM\MSDXM.OCX
            O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
            O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
            O4 - HKLM\..\Run: [internat.exe] internat.exe
            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
            O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
            powrprof.dll,LoadCurrentPwrScheme
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
            C:\WINDOWS\SYSTEM\\NVCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1
            \NAVAPW32.EXE /LOADQUIET
            O4 - HKLM\..\Run: [LexStart] LexStart.EXE
            O4 - HKLM\..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS
            ADTOOLS\WINADTOOLS.EXE
            O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
            O4 - HKLM\..\Run: [twxif] C:\WINDOWS\twxif.exe
            O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
            powrprof.dll,LoadCurrentPwrScheme
            O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
            O4 - HKLM\..\RunServices: [NVSvc] C:\WINDOWS\SYSTEM\\nvsvc.exe -runservice
            O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office\OSA9.EXE
            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
            C:\WINDOWS\web\related.htm
            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
            00aa003c157a} - C:\WINDOWS\web\related.htm
            O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} -
            C:\Program Files\IrfanView\Ebay\Ebay.htm
            O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
            O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
            Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
            O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
            security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
            O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
            www.bph.pl/pi/components/SignActivX.cab
            O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
            its:mhtml:file://c:\nosuxyz.mht!
            213.158.119.18/auto/loudtorg.chm::/bridge-c46.cab
            O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.204.159.1

            Niestety nie znalazłem jakoś Windows Update.
      • Gość: L Re: Sprawdzi mi ktoś Hijacka? IP: *.internetdsl.tpnet.pl 12.11.04, 15:51
      • Gość: Logan Do poniedziałku IP: *.internetdsl.tpnet.pl 12.11.04, 15:57
        Dobra, ale będę to musiał zrobić dopiero w poniedziałek. Powiedz mi jeszcze co
        to są za inne programy?
        Pozdrawiam
        • Gość: Co z tym Hijackiem Re: Do poniedziałku IP: *.internetdsl.tpnet.pl 18.11.04, 16:04
Pełna wersja