And next log...
Podmienia się strona startowa
log:
Logfile of HijackThis v1.99.0
Scan saved at 18:45:53, on 2004–12–26
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMINTERNAT.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTIME.EXE
C:WINDOWSSYSTEMMSREXE.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESGADU–GADUGG.EXE
C:WINDOWSSYSTEMSYSTIME.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSSYSTEMARAUS.EXE
C:WINDOWSSYSTEMPSTORES.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSPULPITHIJACKTHISHIJACKTHIS.EXE
R1 – HKCUSoftwareMicrosoftInternet Explorer,Search = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = c:searchpage.html
R1 – HKLMSoftwareMicrosoftInternet Explorer,Search = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = c:searchpage.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = c:searchpage.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = c:searchpage.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:PROGRAM FILESADOBEACROBAT 5.0READERACTIVEXACROIEHELPER.OCX
O2 – BHO: TestMyIE2 Class – {FF1BF4C7–4E08–4A28–A43F–9D60A9F7A880} – C:WINDOWSSYSTEMMSHELPER.DLL (file missing)
O2 – BHO: (no name) – {40E9FD4B–4282–382E–FD5A–6B943D9FDBE0} – C:WINDOWSSYSTEMMJKCFJIO.DLL
O3 – Toolbar: @msdxmLC.dll,–1@1045,&Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [PCHealth] C:WINDOWSPCHealthSupportPCHSchd.exe –s
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [SysTime] C:WINDOWSSYSTEMsystime.exe
O4 – HKLM..Run: [System Service] C:WINDOWSSYSTEMMSREXE.EXE
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [zSPGuard] c:program filespjwspguardspguard.exe /s
O4 – HKLM..Run: [WinPatrol] C:PROGRAM FILESBILLP STUDIOSWINPATROLwinpatrol.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – HKCU..Run: [SysTime] C:WINDOWSSYSTEMsystime.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:PROGRA~1MESSEN~1MSMSGS.EXE
O9 – Extra 'Tools' menuitem: MSN Messenger Service – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:PROGRA~1MESSEN~1MSMSGS.EXE
O12 – Plugin for .spop: C:PROGRA~1INTERN~1PluginsNPDocBox.dll
O13 – DefaultPrefix: c:searchpage.html?page=
O13 – WWW Prefix: c:searchpage.html?page=
O13 – Home Prefix: c:searchpage.html?page=
O13 – Mosaic Prefix: c:searchpage.html?page=
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://iframedollars.biz/dl/adv481/x.chm::/load.exe
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://iframedollars.biz/tb/loader2.ocx
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=2732
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesVxDMSTCP: Domain = pl
O17 – HKLMSystemCCSServicesVxDMSTCP: NameServer = 192.168.10.1
O21 – SSODL: OLE Automation Module – {3F143C3A–1457–6CCA–03A7–7AA23B61E40F} – C:WINDOWSSYSTEMchild.dll (file missing)
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSSYSTEMCpknfqgf.dll
Prosze powiedziec ktore mam fix
log:
Logfile of HijackThis v1.99.0
Scan saved at 18:45:53, on 2004–12–26
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMINTERNAT.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTIME.EXE
C:WINDOWSSYSTEMMSREXE.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESGADU–GADUGG.EXE
C:WINDOWSSYSTEMSYSTIME.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSSYSTEMARAUS.EXE
C:WINDOWSSYSTEMPSTORES.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSPULPITHIJACKTHISHIJACKTHIS.EXE
R1 – HKCUSoftwareMicrosoftInternet Explorer,Search = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = c:searchpage.html
R1 – HKLMSoftwareMicrosoftInternet Explorer,Search = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = c:searchpage.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = c:searchpage.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = c:searchpage.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:PROGRAM FILESADOBEACROBAT 5.0READERACTIVEXACROIEHELPER.OCX
O2 – BHO: TestMyIE2 Class – {FF1BF4C7–4E08–4A28–A43F–9D60A9F7A880} – C:WINDOWSSYSTEMMSHELPER.DLL (file missing)
O2 – BHO: (no name) – {40E9FD4B–4282–382E–FD5A–6B943D9FDBE0} – C:WINDOWSSYSTEMMJKCFJIO.DLL
O3 – Toolbar: @msdxmLC.dll,–1@1045,&Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSYSTEMMSDXM.OCX
O4 – HKLM..Run: [internat.exe] internat.exe
O4 – HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 – HKLM..Run: [PCHealth] C:WINDOWSPCHealthSupportPCHSchd.exe –s
O4 – HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM..Run: [SysTime] C:WINDOWSSYSTEMsystime.exe
O4 – HKLM..Run: [System Service] C:WINDOWSSYSTEMMSREXE.EXE
O4 – HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [zSPGuard] c:program filespjwspguardspguard.exe /s
O4 – HKLM..Run: [WinPatrol] C:PROGRAM FILESBILLP STUDIOSWINPATROLwinpatrol.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:PROGRAM FILESGADU–GADUGG.EXE" /tray
O4 – HKCU..Run: [SysTime] C:WINDOWSSYSTEMsystime.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:PROGRA~1MESSEN~1MSMSGS.EXE
O9 – Extra 'Tools' menuitem: MSN Messenger Service – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:PROGRA~1MESSEN~1MSMSGS.EXE
O12 – Plugin for .spop: C:PROGRA~1INTERN~1PluginsNPDocBox.dll
O13 – DefaultPrefix: c:searchpage.html?page=
O13 – WWW Prefix: c:searchpage.html?page=
O13 – Home Prefix: c:searchpage.html?page=
O13 – Mosaic Prefix: c:searchpage.html?page=
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://iframedollars.biz/dl/adv481/x.chm::/load.exe
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://iframedollars.biz/tb/loader2.ocx
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=2732
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesVxDMSTCP: Domain = pl
O17 – HKLMSystemCCSServicesVxDMSTCP: NameServer = 192.168.10.1
O21 – SSODL: OLE Automation Module – {3F143C3A–1457–6CCA–03A7–7AA23B61E40F} – C:WINDOWSSYSTEMchild.dll (file missing)
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSSYSTEMCpknfqgf.dll
Prosze powiedziec ktore mam fix
Odpowiedzi: 4
Z stroną startową juź sobie poradziłem(za pomocą ad–aware) ale nadal map roblem z wyłączającym się textem.
Ctrl+Alt+Del uruchom Menadźer zadań, wybierasz z listy procesy wymienione przez wins`a a potem wybierasz Zakończ proces.
Jeśli nie usuniesz *.exe czy teź *.dll z HDD to klucze będą ponownie tworzone.
Jeśli nie usuniesz *.exe czy teź *.dll z HDD to klucze będą ponownie tworzone.
Jak usunąć runing proces? Wiekszość śmieci po fixowaniu wraca na miejsce. CW robi mi taki błąd: ( http://dig11.w.interia.pl/CW.bmp )Do tego mam taki problem, źe gdy coś pisze to po kilku sekudach nie moge pisać i musze jeszcze raz kliknąć na pole z textem i tak cały czas.
Po uprzednim wylaczeniu przywracania killiujesz nastepujace pliki:
SYSTIME.EXE
ARAUS.EXE
i fixujesz ponizsze pozycje
na koniec skan CWShredder, zaktualizuj gg do ostatniej wersji (bo widze ze zlapales trojana rozsylanego przez niego)
SYSTIME.EXE
ARAUS.EXE
i fixujesz ponizsze pozycje
C:WINDOWSSYSTEMSYSTIME.EXE
C:WINDOWSSYSTEMSYSTIME.EXE
C:WINDOWSSYSTEMARAUS.EXE
R1 – HKCUSoftwareMicrosoftInternet Explorer,Search = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = c:searchpage.html
R1 – HKLMSoftwareMicrosoftInternet Explorer,Search = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = c:searchpage.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = c:searchpage.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = c:searchpage.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = c:searchpage.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
O2 – BHO: TestMyIE2 Class – {FF1BF4C7–4E08–4A28–A43F–9D60A9F7A880} – C:WINDOWSSYSTEMMSHELPER.DLL (file missing)
O2 – BHO: (no name) – {40E9FD4B–4282–382E–FD5A–6B943D9FDBE0} – C:WINDOWSSYSTEMMJKCFJIO.DLL
O4 – HKLM..Run: [SysTime] C:WINDOWSSYSTEMsystime.exe
O4 – HKCU..Run: [SysTime] C:WINDOWSSYSTEMsystime.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O13 – DefaultPrefix: c:searchpage.html?page=
O13 – WWW Prefix: c:searchpage.html?page=
O13 – Home Prefix: c:searchpage.html?page=
O13 – Mosaic Prefix: c:searchpage.html?page=
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://iframedollars.biz/dl/adv481/x.chm::/load.exe
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://iframedollars.biz/tb/loader2.ocx
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=2732
na koniec skan CWShredder, zaktualizuj gg do ostatniej wersji (bo widze ze zlapales trojana rozsylanego przez niego)
Strona 1 / 1