Czerwony pulpit: DANGER: SPYWARE
Mam cholerny problem. Przegladajac neta wpieprzyl mi sie jakis spyware. Pulpit zrobil sie czerwony i na srodku wydnieje czarna ramka z wielkim napisem
DANGER: SPYWARE.
Skanowal kompa chyba 5 programami:
– Spybot
– Ad–ware
– Error Guard
Oczywiscie wszystko :P mi usunelo ale pulpit zostal i system chodzi strasznie wolno.
Log z CWSshredder:
**** Run Keys ****
RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
RUN: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
RUN: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
RUN: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
RUN: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
RUN: [PayTime] C:\WINDOWS\System32\paytime.exe
RUN: [Dil] C:\WINDOWS\Gjs.exe
RUN: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
RUN: [_Cat2] C:\WINDOWS\nmstt.exe
RUN: [Vdd] C:\WINDOWS\System32\Rdm.exe
RUN: [Bjn] C:\WINDOWS\Cbm.exe
RUN: [Uee] C:\WINDOWS\Rqt.exe
RUN: [Mfo] C:\WINDOWS\System32\Jvm.exe
RUN: [Bjq] C:\WINDOWS\Stq.exe
RUN: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
RUN: [Lpm] C:\WINDOWS\System32\Rrg.exe
RUN: [Lmp] C:\WINDOWS\Dou.exe
RUN: [Erp] C:\WINDOWS\Osr.exe
RUN: [Gsl] C:\WINDOWS\System32\Alm.exe
RUN: [Igo] C:\WINDOWS\Run.exe
RUN: [Kgn] C:\WINDOWS\System32\Tmv.exe
RUN: [Itq] C:\WINDOWS\Huu.exe
RUN: [Dnn] C:\WINDOWS\System32\Eun.exe
RUN: [Bcr] C:\WINDOWS\Ojf.exe
RUN: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
RUN: [PayTime] C:\WINDOWS\System32\paytime.exe
RUN: [Dil] C:\WINDOWS\Gjs.exe
RUN: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
RUN: [Vdd] C:\WINDOWS\System32\Rdm.exe
RUN: [Bjn] C:\WINDOWS\Cbm.exe
RUN: [Uee] C:\WINDOWS\Rqt.exe
RUN: [Mfo] C:\WINDOWS\System32\Jvm.exe
RUN: [Bjq] C:\WINDOWS\Stq.exe
RUN: [Lpm] C:\WINDOWS\System32\Rrg.exe
RUN: [Lmp] C:\WINDOWS\Dou.exe
RUN: [Erp] C:\WINDOWS\Osr.exe
RUN: [Gsl] C:\WINDOWS\System32\Alm.exe
RUN: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
RUN: [Igo] C:\WINDOWS\Run.exe
RUN: [Kgn] C:\WINDOWS\System32\Tmv.exe
RUN: [Itq] C:\WINDOWS\Huu.exe
RUN: [Dnn] C:\WINDOWS\System32\Eun.exe
RUN: [Bcr] C:\WINDOWS\Ojf.exe
**** Browser Helper Objects ****
BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
BHO: [AcroIEHlprObj Class] C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
BHO: [AcroIEHlprObj Class] C:\WINDOWS\System32\jndg.dll
BHO: [Pop Class] C:\WINDOWS\winsx.dll
**** IE Toolbars ****
TOOLBAR: [&Radio] C:\WINDOWS\System32\msdxm.ocx
TOOLBAR: [FlashGet Bar] C:\PROGRA~1\FLASHGET\fgiebar.dll
TOOLBAR: [FlashGet Bar] C:\PROGRA~1\FLASHGET\fgiebar.dll
**** IE Extensions ****
IEExt: []
IEExt: [FlashGet] C:\PROGRA~1\FLASHGET\flashget.exe
**** Hosts File Entries ****
HOSTS: 127.0.0.3 n–glx.s–redirect.com
HOSTS: 127.0.0.3 x.full–tgp.net
HOSTS: 127.0.0.3 counter.sexmaniack.com
HOSTS: 127.0.0.3 autoescrowpay.com
HOSTS: 127.0.0.3 www.autoescrowpay.com
HOSTS: 127.0.0.3 www.awmdabest.com
HOSTS: 127.0.0.3 www.sexfiles.nu
HOSTS: 127.0.0.3 awmdabest.com
HOSTS: 127.0.0.3 sexfiles.nu
HOSTS: 127.0.0.3 allforadult.com
HOSTS: 127.0.0.3 www.allforadult.com
HOSTS: 127.0.0.3 www.iframe.biz
HOSTS: 127.0.0.3 iframe.biz
HOSTS: 127.0.0.3 www.newiframe.biz
HOSTS: 127.0.0.3 newiframe.biz
HOSTS: 127.0.0.3 www.vesbiz.biz
HOSTS: 127.0.0.3 vesbiz.biz
HOSTS: 127.0.0.3 www.pizdato.biz
HOSTS: 127.0.0.3 pizdato.biz
HOSTS: 127.0.0.3 www.aaasexypics.com
HOSTS: 127.0.0.3 aaasexypics.com
HOSTS: 127.0.0.3 www.virgin–tgp.net
HOSTS: 127.0.0.3 virgin–tgp.net
HOSTS: 127.0.0.3 www.awmcash.biz
HOSTS: 127.0.0.3 awmcash.biz
HOSTS: 127.0.0.3 buldog–stats.com
HOSTS: 127.0.0.3 www.buldog–stats.com
HOSTS: 127.0.0.3 fregat.drocherway.com
HOSTS: 127.0.0.3 slutmania.biz
HOSTS: 127.0.0.3 www.slutmania.biz
HOSTS: 127.0.0.3 toolbarpartner.com
HOSTS: 127.0.0.3 www.toolbarpartner.com
HOSTS: 127.0.0.3 www.megapornix.com
HOSTS: 127.0.0.3 megapornix.com
HOSTS: 127.0.0.3 www.sp2fucked.biz
HOSTS: 127.0.0.3 sp2fucked.biz
HOSTS: 127.0.0.3 greg–tut.com
HOSTS: 127.0.0.3 www.greg–tut.com
HOSTS: 127.0.0.3 nylonsexy.com
HOSTS: 127.0.0.3 www.nylonsexy.com
HOSTS: 127.0.0.3 vparivalka.com
HOSTS: 127.0.0.3 www.vparivalka.com
**** IE Settings ****
Default Page: http://213.159.117.134/index.php
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: http://213.159.117.134/index.php
Search Bar: res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
Search Page: about:blank
**** IE Context Menu (Right click) ****
IEContext: [Download All by FlashGet] C:\Program Files\FlashGet\jc_all.htm
IEContext: [Download using FlashGet] C:\Program Files\FlashGet\jc_link.htm
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9DEAAE7E–EF12–42AA–A242–C77BCD5F4C00}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9DEAAE7E–EF12–42AA–A242–C77BCD5F4C00}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{81056A6F–6D13–4F42–B380–787B0CECB4AE}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{81056A6F–6D13–4F42–B380–787B0CECB4AE}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF073C02–182B–4218–9685–63FB17B49F63}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF073C02–182B–4218–9685–63FB17B49F63}] DATAGRAM 2
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
{33564D57–0000–0010–8000–00AA00389B71} [http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB]
{8AD9C840–044E–11D1–B3E9–00805F499D93} [http://java.sun.com/products/plugin/autodl/jinstall–142–windows–i586.cab]
{CAFEEFAC–0014–0002–0005–ABCDEFFEDCBA} [http://java.sun.com/products/plugin/autodl/jinstall–142–windows–i586.cab]
{D27CDB6E–AE6D–11CF–96B8–444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]
**** Windows Services ****
[Alerter] %SystemRoot%\System32\svchost.exe –k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AntiVirService] C:\Program Files\AVPersonal\AVGUARD.EXE
[AppMgmt] %SystemRoot%\system32\svchost.exe –k netsvcs
[AudioSrv] %SystemRoot%\System32\svchost.exe –k netsvcs
[AVWUpSrv] "C:\Program Files\AVPersonal\AVWUPSRV.EXE"
[BITS] %SystemRoot%\System32\svchost.exe –k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe –k netsvcs
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1–FD88–11D1–960D–00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe –k netsvcs
[Dhcp] %SystemRoot%\System32\svchost.exe –k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe –k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe –k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe –k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe –k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe –k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe –k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe –k netsvcs
[ImapiService] C:\WINDOWS\System32\imapi.exe
[KPF4] C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe –k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe –k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe –k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe –k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe –k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe –k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe –k netsvcs
[NVSvc] %SystemRoot%\System32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe –k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe –k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe –k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe –k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost –k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe –k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe –k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe –k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe –k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe –k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe –k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe –k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{F4929167–D5E4–468A–9A9D–3EAD0CEEBF1E}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe –k netsvcs
[TermService] %SystemRoot%\System32\svchost.exe –k netsvcs
[Themes] %SystemRoot%\System32\svchost.exe –k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe –k netsvcs
[uploadmgr] %SystemRoot%\System32\svchost.exe –k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe –k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe –k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe –k LocalService
[winmgmt] %systemroot%\system32\svchost.exe –k netsvcs
[WmdmPmSp] %SystemRoot%\System32\svchost.exe –k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe –k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wuauserv] %SystemRoot%\system32\svchost.exe –k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe –k netsvcs
**** Custom IE Search Items ****
SEARCH: [SearchAssistant] about:blank
SEARCH: [SearchAssistant] about:blank
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
**** Complete IE Options ****
IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] http://213.159.117.134/index.php
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://213.159.117.134/index.php
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] about:blank
IEOPT: [Check_Associations] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [FormSuggest Passwords] yes
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [Save Directory] C:\Program Files\Call of Duty\pb\htm\
IEOPT: [Default_Page_URL] http://213.159.117.134/index.php
IEOPT: [Toolbars_Placement]
IEOPT: [HOMEOldSP] about:blank
IEOPT: [Search Bar] res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [Default_Page_URL] http://213.159.117.134/index.php
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Search Page] about:blank
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] http://213.159.117.134/index.php
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://213.159.117.134/index.php
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Search Bar] res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [HOMEOldSP] about:blank
prosze o jedno: HELP ME!
DANGER: SPYWARE.
Skanowal kompa chyba 5 programami:
– Spybot
– Ad–ware
– Error Guard
Oczywiscie wszystko :P mi usunelo ale pulpit zostal i system chodzi strasznie wolno.
Log z CWSshredder:
**** Run Keys ****
RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
RUN: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
RUN: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
RUN: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
RUN: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
RUN: [PayTime] C:\WINDOWS\System32\paytime.exe
RUN: [Dil] C:\WINDOWS\Gjs.exe
RUN: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
RUN: [_Cat2] C:\WINDOWS\nmstt.exe
RUN: [Vdd] C:\WINDOWS\System32\Rdm.exe
RUN: [Bjn] C:\WINDOWS\Cbm.exe
RUN: [Uee] C:\WINDOWS\Rqt.exe
RUN: [Mfo] C:\WINDOWS\System32\Jvm.exe
RUN: [Bjq] C:\WINDOWS\Stq.exe
RUN: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
RUN: [Lpm] C:\WINDOWS\System32\Rrg.exe
RUN: [Lmp] C:\WINDOWS\Dou.exe
RUN: [Erp] C:\WINDOWS\Osr.exe
RUN: [Gsl] C:\WINDOWS\System32\Alm.exe
RUN: [Igo] C:\WINDOWS\Run.exe
RUN: [Kgn] C:\WINDOWS\System32\Tmv.exe
RUN: [Itq] C:\WINDOWS\Huu.exe
RUN: [Dnn] C:\WINDOWS\System32\Eun.exe
RUN: [Bcr] C:\WINDOWS\Ojf.exe
RUN: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
RUN: [PayTime] C:\WINDOWS\System32\paytime.exe
RUN: [Dil] C:\WINDOWS\Gjs.exe
RUN: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
RUN: [Vdd] C:\WINDOWS\System32\Rdm.exe
RUN: [Bjn] C:\WINDOWS\Cbm.exe
RUN: [Uee] C:\WINDOWS\Rqt.exe
RUN: [Mfo] C:\WINDOWS\System32\Jvm.exe
RUN: [Bjq] C:\WINDOWS\Stq.exe
RUN: [Lpm] C:\WINDOWS\System32\Rrg.exe
RUN: [Lmp] C:\WINDOWS\Dou.exe
RUN: [Erp] C:\WINDOWS\Osr.exe
RUN: [Gsl] C:\WINDOWS\System32\Alm.exe
RUN: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
RUN: [Igo] C:\WINDOWS\Run.exe
RUN: [Kgn] C:\WINDOWS\System32\Tmv.exe
RUN: [Itq] C:\WINDOWS\Huu.exe
RUN: [Dnn] C:\WINDOWS\System32\Eun.exe
RUN: [Bcr] C:\WINDOWS\Ojf.exe
**** Browser Helper Objects ****
BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
BHO: [AcroIEHlprObj Class] C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
BHO: [AcroIEHlprObj Class] C:\WINDOWS\System32\jndg.dll
BHO: [Pop Class] C:\WINDOWS\winsx.dll
**** IE Toolbars ****
TOOLBAR: [&Radio] C:\WINDOWS\System32\msdxm.ocx
TOOLBAR: [FlashGet Bar] C:\PROGRA~1\FLASHGET\fgiebar.dll
TOOLBAR: [FlashGet Bar] C:\PROGRA~1\FLASHGET\fgiebar.dll
**** IE Extensions ****
IEExt: []
IEExt: [FlashGet] C:\PROGRA~1\FLASHGET\flashget.exe
**** Hosts File Entries ****
HOSTS: 127.0.0.3 n–glx.s–redirect.com
HOSTS: 127.0.0.3 x.full–tgp.net
HOSTS: 127.0.0.3 counter.sexmaniack.com
HOSTS: 127.0.0.3 autoescrowpay.com
HOSTS: 127.0.0.3 www.autoescrowpay.com
HOSTS: 127.0.0.3 www.awmdabest.com
HOSTS: 127.0.0.3 www.sexfiles.nu
HOSTS: 127.0.0.3 awmdabest.com
HOSTS: 127.0.0.3 sexfiles.nu
HOSTS: 127.0.0.3 allforadult.com
HOSTS: 127.0.0.3 www.allforadult.com
HOSTS: 127.0.0.3 www.iframe.biz
HOSTS: 127.0.0.3 iframe.biz
HOSTS: 127.0.0.3 www.newiframe.biz
HOSTS: 127.0.0.3 newiframe.biz
HOSTS: 127.0.0.3 www.vesbiz.biz
HOSTS: 127.0.0.3 vesbiz.biz
HOSTS: 127.0.0.3 www.pizdato.biz
HOSTS: 127.0.0.3 pizdato.biz
HOSTS: 127.0.0.3 www.aaasexypics.com
HOSTS: 127.0.0.3 aaasexypics.com
HOSTS: 127.0.0.3 www.virgin–tgp.net
HOSTS: 127.0.0.3 virgin–tgp.net
HOSTS: 127.0.0.3 www.awmcash.biz
HOSTS: 127.0.0.3 awmcash.biz
HOSTS: 127.0.0.3 buldog–stats.com
HOSTS: 127.0.0.3 www.buldog–stats.com
HOSTS: 127.0.0.3 fregat.drocherway.com
HOSTS: 127.0.0.3 slutmania.biz
HOSTS: 127.0.0.3 www.slutmania.biz
HOSTS: 127.0.0.3 toolbarpartner.com
HOSTS: 127.0.0.3 www.toolbarpartner.com
HOSTS: 127.0.0.3 www.megapornix.com
HOSTS: 127.0.0.3 megapornix.com
HOSTS: 127.0.0.3 www.sp2fucked.biz
HOSTS: 127.0.0.3 sp2fucked.biz
HOSTS: 127.0.0.3 greg–tut.com
HOSTS: 127.0.0.3 www.greg–tut.com
HOSTS: 127.0.0.3 nylonsexy.com
HOSTS: 127.0.0.3 www.nylonsexy.com
HOSTS: 127.0.0.3 vparivalka.com
HOSTS: 127.0.0.3 www.vparivalka.com
**** IE Settings ****
Default Page: http://213.159.117.134/index.php
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: http://213.159.117.134/index.php
Search Bar: res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
Search Page: about:blank
**** IE Context Menu (Right click) ****
IEContext: [Download All by FlashGet] C:\Program Files\FlashGet\jc_all.htm
IEContext: [Download using FlashGet] C:\Program Files\FlashGet\jc_link.htm
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9DEAAE7E–EF12–42AA–A242–C77BCD5F4C00}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9DEAAE7E–EF12–42AA–A242–C77BCD5F4C00}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{81056A6F–6D13–4F42–B380–787B0CECB4AE}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{81056A6F–6D13–4F42–B380–787B0CECB4AE}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF073C02–182B–4218–9685–63FB17B49F63}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF073C02–182B–4218–9685–63FB17B49F63}] DATAGRAM 2
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
{33564D57–0000–0010–8000–00AA00389B71} [http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB]
{8AD9C840–044E–11D1–B3E9–00805F499D93} [http://java.sun.com/products/plugin/autodl/jinstall–142–windows–i586.cab]
{CAFEEFAC–0014–0002–0005–ABCDEFFEDCBA} [http://java.sun.com/products/plugin/autodl/jinstall–142–windows–i586.cab]
{D27CDB6E–AE6D–11CF–96B8–444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]
**** Windows Services ****
[Alerter] %SystemRoot%\System32\svchost.exe –k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AntiVirService] C:\Program Files\AVPersonal\AVGUARD.EXE
[AppMgmt] %SystemRoot%\system32\svchost.exe –k netsvcs
[AudioSrv] %SystemRoot%\System32\svchost.exe –k netsvcs
[AVWUpSrv] "C:\Program Files\AVPersonal\AVWUPSRV.EXE"
[BITS] %SystemRoot%\System32\svchost.exe –k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe –k netsvcs
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1–FD88–11D1–960D–00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe –k netsvcs
[Dhcp] %SystemRoot%\System32\svchost.exe –k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe –k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe –k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe –k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe –k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe –k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe –k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe –k netsvcs
[ImapiService] C:\WINDOWS\System32\imapi.exe
[KPF4] C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe –k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe –k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe –k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe –k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe –k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe –k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe –k netsvcs
[NVSvc] %SystemRoot%\System32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe –k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe –k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe –k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe –k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost –k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe –k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe –k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe –k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe –k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe –k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe –k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe –k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{F4929167–D5E4–468A–9A9D–3EAD0CEEBF1E}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe –k netsvcs
[TermService] %SystemRoot%\System32\svchost.exe –k netsvcs
[Themes] %SystemRoot%\System32\svchost.exe –k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe –k netsvcs
[uploadmgr] %SystemRoot%\System32\svchost.exe –k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe –k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe –k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe –k LocalService
[winmgmt] %systemroot%\system32\svchost.exe –k netsvcs
[WmdmPmSp] %SystemRoot%\System32\svchost.exe –k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe –k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wuauserv] %SystemRoot%\system32\svchost.exe –k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe –k netsvcs
**** Custom IE Search Items ****
SEARCH: [SearchAssistant] about:blank
SEARCH: [SearchAssistant] about:blank
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
**** Complete IE Options ****
IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] http://213.159.117.134/index.php
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://213.159.117.134/index.php
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] about:blank
IEOPT: [Check_Associations] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [FormSuggest Passwords] yes
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [Save Directory] C:\Program Files\Call of Duty\pb\htm\
IEOPT: [Default_Page_URL] http://213.159.117.134/index.php
IEOPT: [Toolbars_Placement]
IEOPT: [HOMEOldSP] about:blank
IEOPT: [Search Bar] res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [Default_Page_URL] http://213.159.117.134/index.php
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Search Page] about:blank
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] http://213.159.117.134/index.php
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://213.159.117.134/index.php
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Search Bar] res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [HOMEOldSP] about:blank
prosze o jedno: HELP ME!
Odpowiedzi: 20
MrStan – sprobuj jeszcze tym edytorem hosts w Hijack This
Jesli nadal nic nie bedzie to otworz ten plik i wklej do niego
+ dadaj wpisy o ktorych Ci pisałem wg schematu
To w tym momencie najmniejszy problem
emilos – oprocz file missing juz nic nie widać
Czytałes temat z linku ktory Ci podałem o HAxdoor.C i pozniej o jego usuwaniu ??
Wyszukaj plikow/usług tam wymienionych i usun je
Masz nawet opis jak zrobic plik rejestru usuwajacy ten syf.
Przeczyaj wszystko dokładnie.
Jesli nadal nic nie bedzie to otworz ten plik i wklej do niego
# Copyright (c) 1993–1999 Microsoft Corp.
#
# To jest przykładowy plik HOSTS uźywany przez Microsoft TCP/IP
# w systemie Windows.
# Ten plik zawiera mapowania adresów IP na nazwy komputerów
# Kaźdy wpis powinien być w osobnej linii.
# W pierwszej kolumnie powinny być umieszczone adresy IP, a następnie
# odpowiadające im nazwy komputerów. Adres i nazwa powinny być oddzielone
# co najmniej jedną spacją
#
# Dodatkowo, komentarze (takie jak te) moźna wstawiać w poszczególnych
# liniach lub po nazwie komputera, oznaczając je symbolem '#'.
#
# Na przykład:
#
# 102.54.94.97 rhino.acme.com # serwer źródłowy
# 38.25.63.10 x.acme.com # komputer kliencki x
127.0.0.1 localhost
+ dadaj wpisy o ktorych Ci pisałem wg schematu
To w tym momencie najmniejszy problem
emilos – oprocz file missing juz nic nie widać
Czytałes temat z linku ktory Ci podałem o HAxdoor.C i pozniej o jego usuwaniu ??
Wyszukaj plikow/usług tam wymienionych i usun je
Masz nawet opis jak zrobic plik rejestru usuwajacy ten syf.
Przeczyaj wszystko dokładnie.
Logfile of HijackThis v1.99.1
Scan saved at 12:40:51, on 2005–03–19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\System32\WF2K.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Downloads\HijackThis.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE
O4 – HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKLM\..\Run: [Soltek] C:\WINDOWS\System32\autorun.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O23 – Service: Usługa bramy warstwy aplikacji (ALG) – Unknown owner – C:\WINDOWS\System32\alg.exe (file missing)
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
Scan saved at 12:40:51, on 2005–03–19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\System32\WF2K.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Downloads\HijackThis.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE
O4 – HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 – HKLM\..\Run: [Soltek] C:\WINDOWS\System32\autorun.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O23 – Service: Usługa bramy warstwy aplikacji (ALG) – Unknown owner – C:\WINDOWS\System32\alg.exe (file missing)
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
Nic nie ma pusta stronka widnieje a mnie juz szlak trafia. Jeszcze nie dziala ctrl + alt + delete. :cry:
MrStan – Otwierasz notatnikiem i powinienes miec cos takiego
itd...
Wiec zmieniasz wpisy z trojka na koncu na 127.0.0.1
emilos – pokaz nowego loga
(...)
127.0.0.1 localhost
127.0.0.3 n–glx.s–redirect.com
(...)
itd...
Wiec zmieniasz wpisy z trojka na koncu na 127.0.0.1
emilos – pokaz nowego loga
Ludzie pomorzcie nic a nic nieskutkuje usunąłem wszystkie podejrzane logi w hijack usunalem trojkowe pliki z windows i system32 sciagnalem program do usuwania tej tapety i nic a nic nieskutkuje tapeta jak byla tak jest prawy przycisk niedziala tyle tylko ze komp sie niemuli ........
Teraz tak, edytujesz hosts z C:\WINDOWS\system32\drivers\etc i zmnieniasz 3 na 1 czyli na 127.0.0.1
Otworzylem to notatnikiem i nie ma tam zadnych wpisow co z tym?
Otworzylem to notatnikiem i nie ma tam zadnych wpisow co z tym?
Bez prawoklika to otworz tak :wink:
Panel sterownia/System/Przywracanie systemu zaptaszasz wyłącz przywracanie na wszystkich dyskach i OK
Panel sterownia/System/Przywracanie systemu zaptaszasz wyłącz przywracanie na wszystkich dyskach i OK
Mam maly problem z przywracaniem. Nie moge go wylaczyc pozniewaz prawy przycisk myszy nie dziala, jego funkcja zostala hmm usunieta gdzie klikne prawym nie dziala :/ Jest jakis inny sposob na wylaczenie przywracania?
Multum robactwa
Wylacz przywracanie
Zakoncz procesy:
paytime.exe
nmstt.exe
Rrg.exe
paytime.exe
ntddetect.exe
FIX + usuwasz pliki z dysku:
Teraz tak, edytujesz hosts z C:\WINDOWS\system32\drivers\etc i zmnieniasz 3 na 1 czyli na 127.0.0.1
draw32.dll – to z kolei tez Haxdoor tyle ze C, link ten sam co kolega wyzej
Mała rada na koniec, kopnij w dupe tego AVPersonal i zainstaluj cos innego
Wylacz przywracanie
Zakoncz procesy:
paytime.exe
nmstt.exe
Rrg.exe
paytime.exe
ntddetect.exe
FIX + usuwasz pliki z dysku:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {72C134EA–13B5–4713–8412–A29507D449A3} – C:\WINDOWS\System32\jndg.dll
O2 – BHO: Pop Class – {A9AEE0DD–89E1–40EE–8749–A18650CC2175} – C:\WINDOWS\winsx.dll
03 – Toolbar: (no name) – {0E1230F8–EA50–42A9–983C–D22ABC2EED3B} – (no file)
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [Dil] C:\WINDOWS\Gjs.exe
O4 – HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe
O4 – HKLM\..\Run: [Vdd] C:\WINDOWS\System32\Rdm.exe
O4 – HKLM\..\Run: [Bjn] C:\WINDOWS\Cbm.exe
O4 – HKLM\..\Run: [Uee] C:\WINDOWS\Rqt.exe
O4 – HKLM\..\Run: [Mfo] C:\WINDOWS\System32\Jvm.exe
O4 – HKLM\..\Run: [Bjq] C:\WINDOWS\Stq.exe
O4 – HKLM\..\Run: [Lpm] C:\WINDOWS\System32\Rrg.exe
O4 – HKLM\..\Run: [Lmp] C:\WINDOWS\Dou.exe
O4 – HKLM\..\Run: [Erp] C:\WINDOWS\Osr.exe
O4 – HKLM\..\Run: [Gsl] C:\WINDOWS\System32\Alm.exe
O4 – HKLM\..\Run: [Igo] C:\WINDOWS\Run.exe
O4 – HKLM\..\Run: [Kgn] C:\WINDOWS\System32\Tmv.exe
O4 – HKLM\..\Run: [Itq] C:\WINDOWS\Huu.exe
O4 – HKLM\..\Run: [Dnn] C:\WINDOWS\System32\Eun.exe
O4 – HKLM\..\Run: [Bcr] C:\WINDOWS\Ojf.exe
O4 – HKLM\..\Run: [Gjm] C:\WINDOWS\Gih.exe
O4 – HKLM\..\Run: [Fvt] C:\WINDOWS\Ita.exe
O4 – HKLM\..\Run: [Jkb] C:\WINDOWS\Rdm.exe
O4 – HKLM\..\Run: [Arh] C:\WINDOWS\System32\Kbk.exe
O4 – HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [Dil] C:\WINDOWS\Gjs.exe
O4 – HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKCU\..\Run: [Vdd] C:\WINDOWS\System32\Rdm.exe
O4 – HKCU\..\Run: [Bjn] C:\WINDOWS\Cbm.exe
O4 – HKCU\..\Run: [Uee] C:\WINDOWS\Rqt.exe
O4 – HKCU\..\Run: [Mfo] C:\WINDOWS\System32\Jvm.exe
O4 – HKCU\..\Run: [Bjq] C:\WINDOWS\Stq.exe
O4 – HKCU\..\Run: [Lpm] C:\WINDOWS\System32\Rrg.exe
O4 – HKCU\..\Run: [Lmp] C:\WINDOWS\Dou.exe
O4 – HKCU\..\Run: [Erp] C:\WINDOWS\Osr.exe
O4 – HKCU\..\Run: [Gsl] C:\WINDOWS\System32\Alm.exe
O4 – HKCU\..\Run: [Igo] C:\WINDOWS\Run.exe
O4 – HKCU\..\Run: [Kgn] C:\WINDOWS\System32\Tmv.exe
O4 – HKCU\..\Run: [Itq] C:\WINDOWS\Huu.exe
O4 – HKCU\..\Run: [Dnn] C:\WINDOWS\System32\Eun.exe
O4 – HKCU\..\Run: [Bcr] C:\WINDOWS\Ojf.exe
O4 – HKCU\..\Run: [Gjm] C:\WINDOWS\Gih.exe
O4 – HKCU\..\Run: [Fvt] C:\WINDOWS\Ita.exe
O4 – HKCU\..\Run: [Jkb] C:\WINDOWS\Rdm.exe
O4 – HKCU\..\Run: [Arh] C:\WINDOWS\System32\Kbk.exe
O18 – Filter: text/html – {74F71391–EB49–4856–9D19–867A5270488D} – C:\WINDOWS\System32\jndg.dll
O18 – Filter: text/plain – {74F71391–EB49–4856–9D19–867A5270488D} – C:\WINDOWS\System32\jndg.dll
O20 – Winlogon Notify: draw32 – C:\WINDOWS\SYSTEM32\draw32.dll
Teraz tak, edytujesz hosts z C:\WINDOWS\system32\drivers\etc i zmnieniasz 3 na 1 czyli na 127.0.0.1
O1 – Hosts: 127.0.0.3 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.3 x.full–tgp.net
O1 – Hosts: 127.0.0.3 counter.sexmaniack.com
O1 – Hosts: 127.0.0.3 autoescrowpay.com
O1 – Hosts: 127.0.0.3 www.autoescrowpay.com
O1 – Hosts: 127.0.0.3 www.awmdabest.com
O1 – Hosts: 127.0.0.3 www.sexfiles.nu
O1 – Hosts: 127.0.0.3 awmdabest.com
O1 – Hosts: 127.0.0.3 sexfiles.nu
O1 – Hosts: 127.0.0.3 allforadult.com
O1 – Hosts: 127.0.0.3 www.allforadult.com
O1 – Hosts: 127.0.0.3 www.iframe.biz
O1 – Hosts: 127.0.0.3 iframe.biz
O1 – Hosts: 127.0.0.3 www.newiframe.biz
O1 – Hosts: 127.0.0.3 newiframe.biz
O1 – Hosts: 127.0.0.3 www.vesbiz.biz
O1 – Hosts: 127.0.0.3 vesbiz.biz
O1 – Hosts: 127.0.0.3 www.Pamela.biz
O1 – Hosts: 127.0.0.3 Pamela.biz
O1 – Hosts: 127.0.0.3 www.aaasexypics.com
O1 – Hosts: 127.0.0.3 aaasexypics.com
O1 – Hosts: 127.0.0.3 www.virgin–tgp.net
O1 – Hosts: 127.0.0.3 virgin–tgp.net
O1 – Hosts: 127.0.0.3 www.awmcash.biz
O1 – Hosts: 127.0.0.3 awmcash.biz
O1 – Hosts: 127.0.0.3 buldog–stats.com
O1 – Hosts: 127.0.0.3 www.buldog–stats.com
O1 – Hosts: 127.0.0.3 fregat.drocherway.com
O1 – Hosts: 127.0.0.3 slutmania.biz
O1 – Hosts: 127.0.0.3 www.slutmania.biz
O1 – Hosts: 127.0.0.3 toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.megapornix.com
O1 – Hosts: 127.0.0.3 megapornix.com
O1 – Hosts: 127.0.0.3 www.sp2fucked.biz
O1 – Hosts: 127.0.0.3 sp2fucked.biz
O1 – Hosts: 127.0.0.3 greg–tut.com
O1 – Hosts: 127.0.0.3 www.greg–tut.com
O1 – Hosts: 127.0.0.3 nylonsexy.com
O1 – Hosts: 127.0.0.3 www.nylonsexy.com
O1 – Hosts: 127.0.0.3 vparivalka.com
O1 – Hosts: 127.0.0.3 www.vparivalka.com
draw32.dll – to z kolei tez Haxdoor tyle ze C, link ten sam co kolega wyzej
Mała rada na koniec, kopnij w dupe tego AVPersonal i zainstaluj cos innego
Log z HT v1.99.1
Logfile of HijackThis v1.99.1
Scan saved at 11:05:42, on 2005–03–19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\nmstt.exe
C:\WINDOWS\System32\Rrg.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\ntddetect.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Opera7\Opera.exe
G:\formacik\hyhyhyy\format\virusy\FixBlast.exe
C:\Desktop\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O1 – Hosts: 127.0.0.3 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.3 x.full–tgp.net
O1 – Hosts: 127.0.0.3 counter.sexmaniack.com
O1 – Hosts: 127.0.0.3 autoescrowpay.com
O1 – Hosts: 127.0.0.3 www.autoescrowpay.com
O1 – Hosts: 127.0.0.3 www.awmdabest.com
O1 – Hosts: 127.0.0.3 www.sexfiles.nu
O1 – Hosts: 127.0.0.3 awmdabest.com
O1 – Hosts: 127.0.0.3 sexfiles.nu
O1 – Hosts: 127.0.0.3 allforadult.com
O1 – Hosts: 127.0.0.3 www.allforadult.com
O1 – Hosts: 127.0.0.3 www.iframe.biz
O1 – Hosts: 127.0.0.3 iframe.biz
O1 – Hosts: 127.0.0.3 www.newiframe.biz
O1 – Hosts: 127.0.0.3 newiframe.biz
O1 – Hosts: 127.0.0.3 www.vesbiz.biz
O1 – Hosts: 127.0.0.3 vesbiz.biz
O1 – Hosts: 127.0.0.3 www.pizdato.biz
O1 – Hosts: 127.0.0.3 pizdato.biz
O1 – Hosts: 127.0.0.3 www.aaasexypics.com
O1 – Hosts: 127.0.0.3 aaasexypics.com
O1 – Hosts: 127.0.0.3 www.virgin–tgp.net
O1 – Hosts: 127.0.0.3 virgin–tgp.net
O1 – Hosts: 127.0.0.3 www.awmcash.biz
O1 – Hosts: 127.0.0.3 awmcash.biz
O1 – Hosts: 127.0.0.3 buldog–stats.com
O1 – Hosts: 127.0.0.3 www.buldog–stats.com
O1 – Hosts: 127.0.0.3 fregat.drocherway.com
O1 – Hosts: 127.0.0.3 slutmania.biz
O1 – Hosts: 127.0.0.3 www.slutmania.biz
O1 – Hosts: 127.0.0.3 toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.megapornix.com
O1 – Hosts: 127.0.0.3 megapornix.com
O1 – Hosts: 127.0.0.3 www.sp2fucked.biz
O1 – Hosts: 127.0.0.3 sp2fucked.biz
O1 – Hosts: 127.0.0.3 greg–tut.com
O1 – Hosts: 127.0.0.3 www.greg–tut.com
O1 – Hosts: 127.0.0.3 nylonsexy.com
O1 – Hosts: 127.0.0.3 www.nylonsexy.com
O1 – Hosts: 127.0.0.3 vparivalka.com
O1 – Hosts: 127.0.0.3 www.vparivalka.com
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: (no name) – {72C134EA–13B5–4713–8412–A29507D449A3} – C:\WINDOWS\System32\jndg.dll
O2 – BHO: Pop Class – {A9AEE0DD–89E1–40EE–8749–A18650CC2175} – C:\WINDOWS\winsx.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 – Toolbar: (no name) – {0E1230F8–EA50–42A9–983C–D22ABC2EED3B} – (no file)
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [Dil] C:\WINDOWS\Gjs.exe
O4 – HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe
O4 – HKLM\..\Run: [Vdd] C:\WINDOWS\System32\Rdm.exe
O4 – HKLM\..\Run: [Bjn] C:\WINDOWS\Cbm.exe
O4 – HKLM\..\Run: [Uee] C:\WINDOWS\Rqt.exe
O4 – HKLM\..\Run: [Mfo] C:\WINDOWS\System32\Jvm.exe
O4 – HKLM\..\Run: [Bjq] C:\WINDOWS\Stq.exe
O4 – HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 – HKLM\..\Run: [Lpm] C:\WINDOWS\System32\Rrg.exe
O4 – HKLM\..\Run: [Lmp] C:\WINDOWS\Dou.exe
O4 – HKLM\..\Run: [Erp] C:\WINDOWS\Osr.exe
O4 – HKLM\..\Run: [Gsl] C:\WINDOWS\System32\Alm.exe
O4 – HKLM\..\Run: [Igo] C:\WINDOWS\Run.exe
O4 – HKLM\..\Run: [Kgn] C:\WINDOWS\System32\Tmv.exe
O4 – HKLM\..\Run: [Itq] C:\WINDOWS\Huu.exe
O4 – HKLM\..\Run: [Dnn] C:\WINDOWS\System32\Eun.exe
O4 – HKLM\..\Run: [Bcr] C:\WINDOWS\Ojf.exe
O4 – HKLM\..\Run: [Gjm] C:\WINDOWS\Gih.exe
O4 – HKLM\..\Run: [Fvt] C:\WINDOWS\Ita.exe
O4 – HKLM\..\Run: [Jkb] C:\WINDOWS\Rdm.exe
O4 – HKLM\..\Run: [Arh] C:\WINDOWS\System32\Kbk.exe
O4 – HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [Dil] C:\WINDOWS\Gjs.exe
O4 – HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKCU\..\Run: [Vdd] C:\WINDOWS\System32\Rdm.exe
O4 – HKCU\..\Run: [Bjn] C:\WINDOWS\Cbm.exe
O4 – HKCU\..\Run: [Uee] C:\WINDOWS\Rqt.exe
O4 – HKCU\..\Run: [Mfo] C:\WINDOWS\System32\Jvm.exe
O4 – HKCU\..\Run: [Bjq] C:\WINDOWS\Stq.exe
O4 – HKCU\..\Run: [Lpm] C:\WINDOWS\System32\Rrg.exe
O4 – HKCU\..\Run: [Lmp] C:\WINDOWS\Dou.exe
O4 – HKCU\..\Run: [Erp] C:\WINDOWS\Osr.exe
O4 – HKCU\..\Run: [Gsl] C:\WINDOWS\System32\Alm.exe
O4 – HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 – HKCU\..\Run: [Igo] C:\WINDOWS\Run.exe
O4 – HKCU\..\Run: [Kgn] C:\WINDOWS\System32\Tmv.exe
O4 – HKCU\..\Run: [Itq] C:\WINDOWS\Huu.exe
O4 – HKCU\..\Run: [Dnn] C:\WINDOWS\System32\Eun.exe
O4 – HKCU\..\Run: [Bcr] C:\WINDOWS\Ojf.exe
O4 – HKCU\..\Run: [Gjm] C:\WINDOWS\Gih.exe
O4 – HKCU\..\Run: [Fvt] C:\WINDOWS\Ita.exe
O4 – HKCU\..\Run: [Jkb] C:\WINDOWS\Rdm.exe
O4 – HKCU\..\Run: [Arh] C:\WINDOWS\System32\Kbk.exe
O4 – Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O18 – Filter: text/html – {74F71391–EB49–4856–9D19–867A5270488D} – C:\WINDOWS\System32\jndg.dll
O18 – Filter: text/plain – {74F71391–EB49–4856–9D19–867A5270488D} – C:\WINDOWS\System32\jndg.dll
O20 – Winlogon Notify: draw32 – C:\WINDOWS\SYSTEM32\draw32.dll
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:05:42, on 2005–03–19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\nmstt.exe
C:\WINDOWS\System32\Rrg.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\ntddetect.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Opera7\Opera.exe
G:\formacik\hyhyhyy\format\virusy\FixBlast.exe
C:\Desktop\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O1 – Hosts: 127.0.0.3 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.3 x.full–tgp.net
O1 – Hosts: 127.0.0.3 counter.sexmaniack.com
O1 – Hosts: 127.0.0.3 autoescrowpay.com
O1 – Hosts: 127.0.0.3 www.autoescrowpay.com
O1 – Hosts: 127.0.0.3 www.awmdabest.com
O1 – Hosts: 127.0.0.3 www.sexfiles.nu
O1 – Hosts: 127.0.0.3 awmdabest.com
O1 – Hosts: 127.0.0.3 sexfiles.nu
O1 – Hosts: 127.0.0.3 allforadult.com
O1 – Hosts: 127.0.0.3 www.allforadult.com
O1 – Hosts: 127.0.0.3 www.iframe.biz
O1 – Hosts: 127.0.0.3 iframe.biz
O1 – Hosts: 127.0.0.3 www.newiframe.biz
O1 – Hosts: 127.0.0.3 newiframe.biz
O1 – Hosts: 127.0.0.3 www.vesbiz.biz
O1 – Hosts: 127.0.0.3 vesbiz.biz
O1 – Hosts: 127.0.0.3 www.pizdato.biz
O1 – Hosts: 127.0.0.3 pizdato.biz
O1 – Hosts: 127.0.0.3 www.aaasexypics.com
O1 – Hosts: 127.0.0.3 aaasexypics.com
O1 – Hosts: 127.0.0.3 www.virgin–tgp.net
O1 – Hosts: 127.0.0.3 virgin–tgp.net
O1 – Hosts: 127.0.0.3 www.awmcash.biz
O1 – Hosts: 127.0.0.3 awmcash.biz
O1 – Hosts: 127.0.0.3 buldog–stats.com
O1 – Hosts: 127.0.0.3 www.buldog–stats.com
O1 – Hosts: 127.0.0.3 fregat.drocherway.com
O1 – Hosts: 127.0.0.3 slutmania.biz
O1 – Hosts: 127.0.0.3 www.slutmania.biz
O1 – Hosts: 127.0.0.3 toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.megapornix.com
O1 – Hosts: 127.0.0.3 megapornix.com
O1 – Hosts: 127.0.0.3 www.sp2fucked.biz
O1 – Hosts: 127.0.0.3 sp2fucked.biz
O1 – Hosts: 127.0.0.3 greg–tut.com
O1 – Hosts: 127.0.0.3 www.greg–tut.com
O1 – Hosts: 127.0.0.3 nylonsexy.com
O1 – Hosts: 127.0.0.3 www.nylonsexy.com
O1 – Hosts: 127.0.0.3 vparivalka.com
O1 – Hosts: 127.0.0.3 www.vparivalka.com
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: (no name) – {72C134EA–13B5–4713–8412–A29507D449A3} – C:\WINDOWS\System32\jndg.dll
O2 – BHO: Pop Class – {A9AEE0DD–89E1–40EE–8749–A18650CC2175} – C:\WINDOWS\winsx.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 – Toolbar: (no name) – {0E1230F8–EA50–42A9–983C–D22ABC2EED3B} – (no file)
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [Dil] C:\WINDOWS\Gjs.exe
O4 – HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe
O4 – HKLM\..\Run: [Vdd] C:\WINDOWS\System32\Rdm.exe
O4 – HKLM\..\Run: [Bjn] C:\WINDOWS\Cbm.exe
O4 – HKLM\..\Run: [Uee] C:\WINDOWS\Rqt.exe
O4 – HKLM\..\Run: [Mfo] C:\WINDOWS\System32\Jvm.exe
O4 – HKLM\..\Run: [Bjq] C:\WINDOWS\Stq.exe
O4 – HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 – HKLM\..\Run: [Lpm] C:\WINDOWS\System32\Rrg.exe
O4 – HKLM\..\Run: [Lmp] C:\WINDOWS\Dou.exe
O4 – HKLM\..\Run: [Erp] C:\WINDOWS\Osr.exe
O4 – HKLM\..\Run: [Gsl] C:\WINDOWS\System32\Alm.exe
O4 – HKLM\..\Run: [Igo] C:\WINDOWS\Run.exe
O4 – HKLM\..\Run: [Kgn] C:\WINDOWS\System32\Tmv.exe
O4 – HKLM\..\Run: [Itq] C:\WINDOWS\Huu.exe
O4 – HKLM\..\Run: [Dnn] C:\WINDOWS\System32\Eun.exe
O4 – HKLM\..\Run: [Bcr] C:\WINDOWS\Ojf.exe
O4 – HKLM\..\Run: [Gjm] C:\WINDOWS\Gih.exe
O4 – HKLM\..\Run: [Fvt] C:\WINDOWS\Ita.exe
O4 – HKLM\..\Run: [Jkb] C:\WINDOWS\Rdm.exe
O4 – HKLM\..\Run: [Arh] C:\WINDOWS\System32\Kbk.exe
O4 – HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [Dil] C:\WINDOWS\Gjs.exe
O4 – HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 – HKCU\..\Run: [Vdd] C:\WINDOWS\System32\Rdm.exe
O4 – HKCU\..\Run: [Bjn] C:\WINDOWS\Cbm.exe
O4 – HKCU\..\Run: [Uee] C:\WINDOWS\Rqt.exe
O4 – HKCU\..\Run: [Mfo] C:\WINDOWS\System32\Jvm.exe
O4 – HKCU\..\Run: [Bjq] C:\WINDOWS\Stq.exe
O4 – HKCU\..\Run: [Lpm] C:\WINDOWS\System32\Rrg.exe
O4 – HKCU\..\Run: [Lmp] C:\WINDOWS\Dou.exe
O4 – HKCU\..\Run: [Erp] C:\WINDOWS\Osr.exe
O4 – HKCU\..\Run: [Gsl] C:\WINDOWS\System32\Alm.exe
O4 – HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 – HKCU\..\Run: [Igo] C:\WINDOWS\Run.exe
O4 – HKCU\..\Run: [Kgn] C:\WINDOWS\System32\Tmv.exe
O4 – HKCU\..\Run: [Itq] C:\WINDOWS\Huu.exe
O4 – HKCU\..\Run: [Dnn] C:\WINDOWS\System32\Eun.exe
O4 – HKCU\..\Run: [Bcr] C:\WINDOWS\Ojf.exe
O4 – HKCU\..\Run: [Gjm] C:\WINDOWS\Gih.exe
O4 – HKCU\..\Run: [Fvt] C:\WINDOWS\Ita.exe
O4 – HKCU\..\Run: [Jkb] C:\WINDOWS\Rdm.exe
O4 – HKCU\..\Run: [Arh] C:\WINDOWS\System32\Kbk.exe
O4 – Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O18 – Filter: text/html – {74F71391–EB49–4856–9D19–867A5270488D} – C:\WINDOWS\System32\jndg.dll
O18 – Filter: text/plain – {74F71391–EB49–4856–9D19–867A5270488D} – C:\WINDOWS\System32\jndg.dll
O20 – Winlogon Notify: draw32 – C:\WINDOWS\SYSTEM32\draw32.dll
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Kerio Personal Firewall 4 (KPF4) – Kerio Technologies – C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
@emilos – nie powielaj postow, wiemy o co chodzi
W Hijacku zaznaczasz podany wpis i klikasz w FIX CHECKED, przeciez Adaś juz Ci to napisał
Podałem Ci link do strony z opisem tego syfu. Wejdz tam, poszukaj na dysku wymienionych tam plikow i jesli beda usun je.
Pamietaj o wersji, Ty masz C
Update: Znow zonk Ad@$, ten link juz podałem wyzej :mrgreen:
W Hijacku zaznaczasz podany wpis i klikasz w FIX CHECKED, przeciez Adaś juz Ci to napisał
Podałem Ci link do strony z opisem tego syfu. Wejdz tam, poszukaj na dysku wymienionych tam plikow i jesli beda usun je.
Pamietaj o wersji, Ty masz C
Update: Znow zonk Ad@$, ten link juz podałem wyzej :mrgreen:
w tym wypadku samo zaptaszenie nic nie da.
http://www.searchengines.pl/phpbb203/index.php?showtopic=12510&view=findpost&p=132561
http://www.searchengines.pl/phpbb203/index.php?showtopic=12510&view=findpost&p=132561
w tym wypadku samo zaptaszenie nic nie da.
http://www.searchengines.pl/phpbb203/index.php?showtopic=12510&view=findpost&p=132561
http://www.searchengines.pl/phpbb203/index.php?showtopic=12510&view=findpost&p=132561
A *** tam Adaś, kurna zes nie odroznił pliku od karty WinFasta od syfu. :P
Poza tym odnosnie Haxdoora tez nie skłaniałbym sie tylko do kosmetyki. Gnojek zostawia sporo niewidocznych plikow i usług.
Wiecej w linku do searchengines
PS: Zem dzisiaj pifka jeszcze nie szczelił wiec nie gadaj :wink:
Poza tym odnosnie Haxdoora tez nie skłaniałbym sie tylko do kosmetyki. Gnojek zostawia sporo niewidocznych plikow i usług.
Wiecej w linku do searchengines
PS: Zem dzisiaj pifka jeszcze nie szczelił wiec nie gadaj :wink:
C:\WINDOWS\System32\WF2K.EXE –> to jest od karty graficznej ...
a powiedz mi jeszcze jak to sfiksuj bo ja sie zbytnio nie orientuje ??:>
a powiedz mi jeszcze jak to sfiksuj bo ja sie zbytnio nie orientuje ??:>
zaptasz i fix checked
P.S. Tym razem byłem szybszy od Ciebie Bobi – i to bez RedBulla :mrgreen:
P.S. Tym razem byłem szybszy od Ciebie Bobi – i to bez RedBulla :mrgreen:
Oprocz pozostalosci po Backdoor.Haxdoor.C czyli:
Poczytaj o nim tutaj
O20 – Winlogon Notify: draw32 – draw32.dll (file missing)
Poczytaj o nim tutaj
C:\WINDOWS\System32\WF2K.EXE – to jest od karty graficznej
a zadam jasze glupie pytanie sfiksuj tzn co amm zrobic :)??:>
a zadam jasze glupie pytanie sfiksuj tzn co amm zrobic :)??:>
imo log jest czysty
tego tylko bym nie był pewien:
i sprawa estetyczna – to sfixuj
tego tylko bym nie był pewien:
C:\WINDOWS\System32\WF2K.EXE
i sprawa estetyczna – to sfixuj
O20 – Winlogon Notify: draw32 – draw32.dll (file missing)
czesc mam identyczny problem z czerwonym pulpitem o tyle tylko ze ja juz wywalilem wszystko co mnie niepokoilo czy moglibyscie mi pomoc i powiedziec co mozna wywalic z tego ??:> z gory dzieki
Logfile of HijackThis v1.99.1
Scan saved at 10:43:09, on 2005–03–19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WF2K.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Downloads\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE
O4 – HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O20 – Winlogon Notify: draw32 – draw32.dll (file missing)
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:43:09, on 2005–03–19
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WF2K.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Downloads\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O4 – HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE
O4 – HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O20 – Winlogon Notify: draw32 – draw32.dll (file missing)
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe