bardzo prosze o analize loga
Logfile of HijackThis v1.99.1
Scan saved at 21:15:42, on 05–04–23
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\HEWLETT–PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HEWLETT–PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\EDONKEY2000\EDONKEY2000.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\RHCCCL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADSERV.EXE
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
C:\WINDOWS\SYSTEM\PAYTIME.EXE
C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADKEEP.EXE
C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\PROGRAM FILES\PLANET\WL–8303\RTLWAKE.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\WINDOWS\CALC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER1.EXE
C:\PROGRAM FILES\GADU–GADU\GG.EXE
D:\SOULSEEK\SLSK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O1 – Hosts: 127.0.0.3 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.3 x.full–tgp.net
O1 – Hosts: 127.0.0.3 counter.sexmaniack.com
O1 – Hosts: 127.0.0.3 autoescrowpay.com
O1 – Hosts: 127.0.0.3 www.autoescrowpay.com
O1 – Hosts: 127.0.0.3 www.awmdabest.com
O1 – Hosts: 127.0.0.3 www.sexfiles.nu
O1 – Hosts: 127.0.0.3 awmdabest.com
O1 – Hosts: 127.0.0.3 sexfiles.nu
O1 – Hosts: 127.0.0.3 allforadult.com
O1 – Hosts: 127.0.0.3 www.allforadult.com
O1 – Hosts: 127.0.0.3 www.iframe.biz
O1 – Hosts: 127.0.0.3 iframe.biz
O1 – Hosts: 127.0.0.3 www.newiframe.biz
O1 – Hosts: 127.0.0.3 newiframe.biz
O1 – Hosts: 127.0.0.3 www.vesbiz.biz
O1 – Hosts: 127.0.0.3 vesbiz.biz
O1 – Hosts: 127.0.0.3 www.pizdato.biz
O1 – Hosts: 127.0.0.3 pizdato.biz
O1 – Hosts: 127.0.0.3 www.aaasexypics.com
O1 – Hosts: 127.0.0.3 aaasexypics.com
O1 – Hosts: 127.0.0.3 www.virgin–tgp.net
O1 – Hosts: 127.0.0.3 virgin–tgp.net
O1 – Hosts: 127.0.0.3 www.awmcash.biz
O1 – Hosts: 127.0.0.3 awmcash.biz
O1 – Hosts: 127.0.0.3 buldog–stats.com
O1 – Hosts: 127.0.0.3 www.buldog–stats.com
O1 – Hosts: 127.0.0.3 fregat.drocherway.com
O1 – Hosts: 127.0.0.3 slutmania.biz
O1 – Hosts: 127.0.0.3 www.slutmania.biz
O1 – Hosts: 127.0.0.3 toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.megapornix.com
O1 – Hosts: 127.0.0.3 megapornix.com
O1 – Hosts: 127.0.0.3 www.sp2fucked.biz
O1 – Hosts: 127.0.0.3 sp2fucked.biz
O1 – Hosts: 127.0.0.3 greg–tut.com
O1 – Hosts: 127.0.0.3 www.greg–tut.com
O1 – Hosts: 127.0.0.3 nylonsexy.com
O1 – Hosts: 127.0.0.3 www.nylonsexy.com
O1 – Hosts: 127.0.0.3 vparivalka.com
O1 – Hosts: 127.0.0.3 www.vparivalka.com
O1 – Hosts: 127.0.0.3 iframeprofit.com
O1 – Hosts: 127.0.0.3 www.iframeprofit.com
O1 – Hosts: 127.0.0.3 topsearch10.com
O1 – Hosts: 127.0.0.3 www.topsearch10.com
O1 – Hosts: 127.0.0.3 statscash.biz
O1 – Hosts: 127.0.0.3 www.statscash.biz
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O2 – BHO: (no name) – {A0269420–A638–4509–889C–8FC3CC85DA7E} – C:\WINDOWS\DREXINIT.DLL
O2 – BHO: CeresObj Class – {00000049–8F91–4D9C–9573–F016E7626484} – C:\WINDOWS\CERES.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 – HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE
O4 – HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 – HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe"
O4 – HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [PlaylistNation] C:\PROGRAM FILES\PLAYLISTNATION\Playlistnation.exe /autostart
O4 – HKLM\..\Run: [eDonkey2000] "C:\PROGRAM FILES\EDONKEY2000\EDONKEY2000.EXE" –t
O4 – HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 – HKLM\..\Run: [rhcccl] c:\windows\system\rhcccl.exe
O4 – HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM\..\Run: [Preview AdService] C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADSERV.EXE
O4 – HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe"
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 – HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 – HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" –reg
O4 – HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 – HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot
O4 – HKCU\..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
O4 – HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRAM FILES\GADU–GADU\GG.EXE" /tray
O4 – Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Startup: PLANET WL–8303.lnk = C:\Program Files\PLANET\WL–8303\RtlWake.exe
O4 – Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxmk044YYPL
O8 – Extra context menu item: Ebates – file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by WebHancer
O12 – Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 – Plugin for .pca: C:\PROGRA~1\INTERN~1\PLUGINS\nppcaplg.dll
O12 – Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 – Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 – Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: RaptisoftGameLoader – http://www.raptisoft.com/webgames/raptisoftgameloader.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 – DPF: {E95CF138–A587–4C54–8175–3AD80997CB14} (GINSOCCER Class) – http://67.15.101.3/g_bin/pl/soccer_2_0_0_7.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C4} (GameDesire Pool Training) – http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C3} (GameDesire Pool 14) – http://67.15.101.3/g_bin/pl/billard14_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C6} (GameDesire Pool 8UK) – http://67.15.101.3/g_bin/pl/billard8UK_2_0_0_21.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/pl/boards_2_0_0_19.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://C:osuch.mht!http://81.222.131.59/dl/adv662/x.chm::/load.exe
O17 – HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.54.1
O18 – Filter: text/html – {B72F75B8–93F3–429D–B13E–660B206D897A} – (no file)
Scan saved at 21:15:42, on 05–04–23
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\HEWLETT–PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HEWLETT–PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\EDONKEY2000\EDONKEY2000.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\RHCCCL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADSERV.EXE
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
C:\WINDOWS\SYSTEM\PAYTIME.EXE
C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADKEEP.EXE
C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\PROGRAM FILES\PLANET\WL–8303\RTLWAKE.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\WINDOWS\CALC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER1.EXE
C:\PROGRAM FILES\GADU–GADU\GG.EXE
D:\SOULSEEK\SLSK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O1 – Hosts: 127.0.0.3 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.3 x.full–tgp.net
O1 – Hosts: 127.0.0.3 counter.sexmaniack.com
O1 – Hosts: 127.0.0.3 autoescrowpay.com
O1 – Hosts: 127.0.0.3 www.autoescrowpay.com
O1 – Hosts: 127.0.0.3 www.awmdabest.com
O1 – Hosts: 127.0.0.3 www.sexfiles.nu
O1 – Hosts: 127.0.0.3 awmdabest.com
O1 – Hosts: 127.0.0.3 sexfiles.nu
O1 – Hosts: 127.0.0.3 allforadult.com
O1 – Hosts: 127.0.0.3 www.allforadult.com
O1 – Hosts: 127.0.0.3 www.iframe.biz
O1 – Hosts: 127.0.0.3 iframe.biz
O1 – Hosts: 127.0.0.3 www.newiframe.biz
O1 – Hosts: 127.0.0.3 newiframe.biz
O1 – Hosts: 127.0.0.3 www.vesbiz.biz
O1 – Hosts: 127.0.0.3 vesbiz.biz
O1 – Hosts: 127.0.0.3 www.pizdato.biz
O1 – Hosts: 127.0.0.3 pizdato.biz
O1 – Hosts: 127.0.0.3 www.aaasexypics.com
O1 – Hosts: 127.0.0.3 aaasexypics.com
O1 – Hosts: 127.0.0.3 www.virgin–tgp.net
O1 – Hosts: 127.0.0.3 virgin–tgp.net
O1 – Hosts: 127.0.0.3 www.awmcash.biz
O1 – Hosts: 127.0.0.3 awmcash.biz
O1 – Hosts: 127.0.0.3 buldog–stats.com
O1 – Hosts: 127.0.0.3 www.buldog–stats.com
O1 – Hosts: 127.0.0.3 fregat.drocherway.com
O1 – Hosts: 127.0.0.3 slutmania.biz
O1 – Hosts: 127.0.0.3 www.slutmania.biz
O1 – Hosts: 127.0.0.3 toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.megapornix.com
O1 – Hosts: 127.0.0.3 megapornix.com
O1 – Hosts: 127.0.0.3 www.sp2fucked.biz
O1 – Hosts: 127.0.0.3 sp2fucked.biz
O1 – Hosts: 127.0.0.3 greg–tut.com
O1 – Hosts: 127.0.0.3 www.greg–tut.com
O1 – Hosts: 127.0.0.3 nylonsexy.com
O1 – Hosts: 127.0.0.3 www.nylonsexy.com
O1 – Hosts: 127.0.0.3 vparivalka.com
O1 – Hosts: 127.0.0.3 www.vparivalka.com
O1 – Hosts: 127.0.0.3 iframeprofit.com
O1 – Hosts: 127.0.0.3 www.iframeprofit.com
O1 – Hosts: 127.0.0.3 topsearch10.com
O1 – Hosts: 127.0.0.3 www.topsearch10.com
O1 – Hosts: 127.0.0.3 statscash.biz
O1 – Hosts: 127.0.0.3 www.statscash.biz
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O2 – BHO: (no name) – {A0269420–A638–4509–889C–8FC3CC85DA7E} – C:\WINDOWS\DREXINIT.DLL
O2 – BHO: CeresObj Class – {00000049–8F91–4D9C–9573–F016E7626484} – C:\WINDOWS\CERES.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 – HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE
O4 – HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 – HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe"
O4 – HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [PlaylistNation] C:\PROGRAM FILES\PLAYLISTNATION\Playlistnation.exe /autostart
O4 – HKLM\..\Run: [eDonkey2000] "C:\PROGRAM FILES\EDONKEY2000\EDONKEY2000.EXE" –t
O4 – HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 – HKLM\..\Run: [rhcccl] c:\windows\system\rhcccl.exe
O4 – HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM\..\Run: [Preview AdService] C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADSERV.EXE
O4 – HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe"
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 – HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 – HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" –reg
O4 – HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 – HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot
O4 – HKCU\..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
O4 – HKCU\..\Run: [Skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRAM FILES\GADU–GADU\GG.EXE" /tray
O4 – Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Startup: PLANET WL–8303.lnk = C:\Program Files\PLANET\WL–8303\RtlWake.exe
O4 – Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxmk044YYPL
O8 – Extra context menu item: Ebates – file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by WebHancer
O12 – Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 – Plugin for .pca: C:\PROGRA~1\INTERN~1\PLUGINS\nppcaplg.dll
O12 – Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 – Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 – Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: RaptisoftGameLoader – http://www.raptisoft.com/webgames/raptisoftgameloader.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 – DPF: {E95CF138–A587–4C54–8175–3AD80997CB14} (GINSOCCER Class) – http://67.15.101.3/g_bin/pl/soccer_2_0_0_7.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C4} (GameDesire Pool Training) – http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C3} (GameDesire Pool 14) – http://67.15.101.3/g_bin/pl/billard14_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C6} (GameDesire Pool 8UK) – http://67.15.101.3/g_bin/pl/billard8UK_2_0_0_21.cab
O16 – DPF: {AC120B1D–9411–4111–AF52–118052D85D45} (GameDesire Darts Games) – http://67.15.101.3/g_bin/pl/darts_2_0_0_29.cab
O16 – DPF: {41ACD49D–1974–791A–0981–AA9872721044} (GINBOARDS Class) – http://67.15.101.3/g_bin/pl/boards_2_0_0_19.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://C:osuch.mht!http://81.222.131.59/dl/adv662/x.chm::/load.exe
O17 – HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.54.1
O18 – Filter: text/html – {B72F75B8–93F3–429D–B13E–660B206D897A} – (no file)
Odpowiedzi: 9
dziadek1988 24 Kwietnia 2005, 18:37:50:
Tak i juź wszystko śmiga. Dzięki.
sorry ale jakis nie przytomny jestem :D
Przy odinstalowywaniu z Dodaj/usun nie powinien.przepraszam ale czy przy usunieciu new.neta i webhancera hijackiem nie utraci on neta? :P
Tak i juź wszystko śmiga. Dzięki.
a adaware dysk skanowałeś?
wszystko jest ok tylko to ze sie strony pornograficzne włanczają :/
trzeba chyba LSPfix uźyć. zresztą dziwne źe jeszcze wogóle ma neta :]
przepraszam ale czy przy usunieciu new.neta i webhancera hijackiem nie utraci on neta? :P
Sprawdz czy mozesz odinstalowac ponizsze programy z Dodaj/usun. Jesli nie, wylacz takie procesy i usun pliki z folderami (z Program files).
New.Net rowniez.
Zaznacz i usun w HiJacku wpisy, jak i rowniez pliki z dysku:
Wyedytuj w Notatniku plik HOSTS i zamien 127.0.0.3 na 127.0.0.1
New.Net rowniez.
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\RHCCCL.EXE
C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADSERV.EXE
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
C:\WINDOWS\SYSTEM\PAYTIME.EXE
C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADKEEP.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER1.EXE
Zaznacz i usun w HiJacku wpisy, jak i rowniez pliki z dysku:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50193
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O2 – BHO: (no name) – {A0269420–A638–4509–889C–8FC3CC85DA7E} – C:\WINDOWS\DREXINIT.DLL
O2 – BHO: CeresObj Class – {00000049–8F91–4D9C–9573–F016E7626484} – C:\WINDOWS\CERES.DLL
O4 – HKLM\..\Run: [rhcccl] c:\windows\system\rhcccl.exe
O4 – HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM\..\Run: [Preview AdService] C:\PROGRAM FILES\PREVIEW ADSERVICE\PREVADSERV.EXE
O4 – HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EbatesMoeMoneyMaker0.exe"
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 – HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 – HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 – HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot
O4 – Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxmk044YYPL
O8 – Extra context menu item: Ebates – file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by WebHancer
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by WebHancer
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://C:osuch.mht!http://81.222.131.59/dl/adv662/x.chm::/load.exe
O18 – Filter: text/html – {B72F75B8–93F3–429D–B13E–660B206D897A} – (no file)
Wyedytuj w Notatniku plik HOSTS i zamien 127.0.0.3 na 127.0.0.1
O1 – Hosts: 127.0.0.3 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.3 x.full–tgp.net
O1 – Hosts: 127.0.0.3 counter.sexmaniack.com
O1 – Hosts: 127.0.0.3 autoescrowpay.com
O1 – Hosts: 127.0.0.3 www.autoescrowpay.com
O1 – Hosts: 127.0.0.3 www.awmdabest.com
O1 – Hosts: 127.0.0.3 www.sexfiles.nu
O1 – Hosts: 127.0.0.3 awmdabest.com
O1 – Hosts: 127.0.0.3 sexfiles.nu
O1 – Hosts: 127.0.0.3 allforadult.com
O1 – Hosts: 127.0.0.3 www.allforadult.com
O1 – Hosts: 127.0.0.3 www.iframe.biz
O1 – Hosts: 127.0.0.3 iframe.biz
O1 – Hosts: 127.0.0.3 www.newiframe.biz
O1 – Hosts: 127.0.0.3 newiframe.biz
O1 – Hosts: 127.0.0.3 www.vesbiz.biz
O1 – Hosts: 127.0.0.3 vesbiz.biz
O1 – Hosts: 127.0.0.3 www.Pamela.biz
O1 – Hosts: 127.0.0.3 Pamela.biz
O1 – Hosts: 127.0.0.3 www.aaasexypics.com
O1 – Hosts: 127.0.0.3 aaasexypics.com
O1 – Hosts: 127.0.0.3 www.virgin–tgp.net
O1 – Hosts: 127.0.0.3 virgin–tgp.net
O1 – Hosts: 127.0.0.3 www.awmcash.biz
O1 – Hosts: 127.0.0.3 awmcash.biz
O1 – Hosts: 127.0.0.3 buldog–stats.com
O1 – Hosts: 127.0.0.3 www.buldog–stats.com
O1 – Hosts: 127.0.0.3 fregat.drocherway.com
O1 – Hosts: 127.0.0.3 slutmania.biz
O1 – Hosts: 127.0.0.3 www.slutmania.biz
O1 – Hosts: 127.0.0.3 toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.megapornix.com
O1 – Hosts: 127.0.0.3 megapornix.com
O1 – Hosts: 127.0.0.3 www.sp2fucked.biz
O1 – Hosts: 127.0.0.3 sp2fucked.biz
O1 – Hosts: 127.0.0.3 greg–tut.com
O1 – Hosts: 127.0.0.3 www.greg–tut.com
O1 – Hosts: 127.0.0.3 nylonsexy.com
O1 – Hosts: 127.0.0.3 www.nylonsexy.com
O1 – Hosts: 127.0.0.3 vparivalka.com
O1 – Hosts: 127.0.0.3 www.vparivalka.com
O1 – Hosts: 127.0.0.3 iframeprofit.com
O1 – Hosts: 127.0.0.3 www.iframeprofit.com
O1 – Hosts: 127.0.0.3 topsearch10.com
O1 – Hosts: 127.0.0.3 www.topsearch10.com
O1 – Hosts: 127.0.0.3 statscash.biz
O1 – Hosts: 127.0.0.3 www.statscash.biz
Strona 1 / 1