pecet: Re: Pomoc potrzebna ale na grupie o win98 nic. wiec wiem ze ntg

Autor: Denver <dimka(cut)_at_wp.pl>
Data: Mon 08 Nov 2004 - 22:40:15 MET
Message-ID: <cmop4j$j4i$1@atlantis.news.tpi.pl>

UWAGA JEJ LOG Z Hijack this:

Logfile of HijackThis v1.97.7
Scan saved at 22:21:53, on 04-11-08
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\DELFIN\PROMULGATE\PGMONITR.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTIME.EXE
C:\WINDOWS\SYSTEM\CSMSS.EXE
C:\WINDOWS\SYSTEM\MSREXE.EXE
C:\PROGRAM FILES\GADU-GADU\GG.EXE
C:\WINDOWS\SYSTEM\SYSTIME.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINCLT.EXE
C:\PROGRAM FILES\TROJANSHIELD\ANTITROJ.EXE
C:\PROGRAM FILES\TROJANSHIELD\ST.EXE
C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
C:\WINDOWS\PULPIT\HIJACKTHIS.EXE
Dacza (22:35)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Łącza
R3 - URLSearchHook: (no name) - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no
file)
F1 - win.ini: run=hpfsched
Dacza (22:37)

O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} -
C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME2.DLL
O2 - BHO: (no name) - {00041A26-7033-432C-94C7-6371DE343822} - (no file)
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} -
C:\PROGRAM FILES\RECOMMENDED HOTFIX - 421701D\V15\RH.DLL (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} -
C:\WINDOWS\SYSTEM\APUC.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} -
C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
C:\WINDOWS\SYSTEM\MSBE.DLL (file missing)
O2 - BHO: (no name) - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -
C:\WINDOWS\SYSTEM\NVMS.DLL (file missing)
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} -
C:\WINDOWS\SYSTEM\MSCB.DLL (file missing)
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
Files\NewDotNet\newdotnet6_38.dll
Ja (22:37)
no i juz sa nasze stronki
Dacza (22:38)

O2 - BHO: (no name) - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - C:\PROGRAM
FILES\IESEARCHTOOLBAR\IESEARCHTOOLBAR.DLL
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} -
C:\WINDOWS\QUESTMOD.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} -
C:\PROGRAM FILES\IESEARCHTOOLBAR\IESEARCHTOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Creative Launcher] C:\Program
Files\Creative\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PromulGate] "C:\Program
Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program
Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
O4 - HKLM\..\Run: [Search-Exe] "C:\PROGRAM FILES\SE\V11\SE.EXE" /H
O4 - HKLM\..\Run: [Winad Client] C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [tsxehor] C:\WINDOWS\tsxehor.exe
O4 - HKLM\..\Run: [vsdkzip] C:\WINDOWS\vsdkzip.exe
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
O4 - HKLM\..\Run: [spoolsvr32] c:\windows\system\csmss.exe
O4 - HKLM\..\Run: [System Service] C:\WINDOWS\SYSTEM\MSREXE.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
Dacza (22:39)

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
O4 - HKCU\..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE
O4 - HKCU\..\Run: [sp] C:\sp.exe
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\SYSTEM\systime.exe
O4 - HKCU\..\Run: [sr64] C:\WINDOWS\SYSTEM\SR64\FHCIEMDO.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master
4.1\CM_camera.exe
O4 - Startup: TrojanShield.lnk = C:\Program Files\TrojanShield\Init.exe
O8 - Extra context menu item: Web Rebates - file/C:\PROGRAM
FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM
FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM
FILES\FLASHGET\jc_all.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
Dacza (22:39)

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
Dacza (22:39)

O16 - DPF: Win32 Classes - file/C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38040.4339236111
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) -
http://install.power-url.de/StarInstall.ocx
O16 - DPF: {10000000-1000-0000-1000-000000000000} -
ms-its:mhtml:file/C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_file.php?bt=ie&p=6b9c442a9949bf8ad9dcbead7aab24e4ee2c2b2cc91e96b0f4b3f3f506b69ce3fbe9896014dda3849c64ba4680c530e31fba2cde:d67d638db8d329b6c9bbe42a0d3312ff
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -
http://www.whenusearch.com/WUInstSEWC.cab
O16 - DPF: {D772D92A-30F8-457D-B63B-1C1BEEE4F514} (WebInstCtrl Class) -
http://freepopupblocker.duble.com/tool/WebInstAx.cab

begin 666 kwasny.gif
M1TE&.#EA#P`/`-4M``````@(`! 8""$I""$Q$'N<.G^@/(.D/H>H0(RM0I2X
M1IS#2J3.3JC33ZS94+#>4K3D4[CI5+WO5K_Q5\'S6,/U6L7W6LCY6LKZ6LS[
M6L[\6M+]9];^==K_@][_D.+_GN;_K.?_L>K_N][>WNS_P.__R_#_T/+_U?7_
MW^_OY^_O[_?W]____P``````````````````````````````````````````
M`````````````````````````````````"'_"TY%5%-#05!%,BXP`P$````A
M^00%```M`"P`````#P`/```&B\"64 @H%H?(5I$4\FPPA$ 2@#(QG1C+9#"D
MGDHB$%8+D2I-)>:'H[E4) ^!DD02A8J;(B7B8 0`(2$@'QT;&6X3$ T*11X>
M1H=:$0\,"7AY+"QZ<(L(11@8`)DL*T4-"PD&`$H6`"JO*BDC``D'JTH31KI%
9!;=*$ \.#0P*M;U3`,0)"*J^R$9)00``.P``
`
end
Received on Mon Nov 8 22:45:24 2004

To archiwum zostało wygenerowane przez hypermail 2.1.8 : Mon 08 Nov 2004 - 22:51:13 MET