Czerwony pulpit: DANGER: SPYWARE
Mam cholerny problem. Przegladajac neta wpieprzyl mi sie jakis spyware. Pulpit zrobil sie czerwony i na srodku wydnieje czarna ramka z wielkim napisem
DANGER: SPYWARE.
Skanowal kompa chyba 5 programami:
– Spybot
– Ad–ware
– Error Guard
Oczywiscie wszystko :P mi usunelo ale pulpit zostal i system chodzi strasznie wolno.
Log z CWSshredder:
**** Run Keys ****
RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
RUN: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
RUN: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
RUN: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
RUN: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
RUN: [PayTime] C:\WINDOWS\System32\paytime.exe
RUN: [Dil] C:\WINDOWS\Gjs.exe
RUN: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
RUN: [_Cat2] C:\WINDOWS\nmstt.exe
RUN: [Vdd] C:\WINDOWS\System32\Rdm.exe
RUN: [Bjn] C:\WINDOWS\Cbm.exe
RUN: [Uee] C:\WINDOWS\Rqt.exe
RUN: [Mfo] C:\WINDOWS\System32\Jvm.exe
RUN: [Bjq] C:\WINDOWS\Stq.exe
RUN: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
RUN: [Lpm] C:\WINDOWS\System32\Rrg.exe
RUN: [Lmp] C:\WINDOWS\Dou.exe
RUN: [Erp] C:\WINDOWS\Osr.exe
RUN: [Gsl] C:\WINDOWS\System32\Alm.exe
RUN: [Igo] C:\WINDOWS\Run.exe
RUN: [Kgn] C:\WINDOWS\System32\Tmv.exe
RUN: [Itq] C:\WINDOWS\Huu.exe
RUN: [Dnn] C:\WINDOWS\System32\Eun.exe
RUN: [Bcr] C:\WINDOWS\Ojf.exe
RUN: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
RUN: [PayTime] C:\WINDOWS\System32\paytime.exe
RUN: [Dil] C:\WINDOWS\Gjs.exe
RUN: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
RUN: [Vdd] C:\WINDOWS\System32\Rdm.exe
RUN: [Bjn] C:\WINDOWS\Cbm.exe
RUN: [Uee] C:\WINDOWS\Rqt.exe
RUN: [Mfo] C:\WINDOWS\System32\Jvm.exe
RUN: [Bjq] C:\WINDOWS\Stq.exe
RUN: [Lpm] C:\WINDOWS\System32\Rrg.exe
RUN: [Lmp] C:\WINDOWS\Dou.exe
RUN: [Erp] C:\WINDOWS\Osr.exe
RUN: [Gsl] C:\WINDOWS\System32\Alm.exe
RUN: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
RUN: [Igo] C:\WINDOWS\Run.exe
RUN: [Kgn] C:\WINDOWS\System32\Tmv.exe
RUN: [Itq] C:\WINDOWS\Huu.exe
RUN: [Dnn] C:\WINDOWS\System32\Eun.exe
RUN: [Bcr] C:\WINDOWS\Ojf.exe
**** Browser Helper Objects ****
BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
BHO: [AcroIEHlprObj Class] C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
BHO: [AcroIEHlprObj Class] C:\WINDOWS\System32\jndg.dll
BHO: [Pop Class] C:\WINDOWS\winsx.dll
**** IE Toolbars ****
TOOLBAR: [&Radio] C:\WINDOWS\System32\msdxm.ocx
TOOLBAR: [FlashGet Bar] C:\PROGRA~1\FLASHGET\fgiebar.dll
TOOLBAR: [FlashGet Bar] C:\PROGRA~1\FLASHGET\fgiebar.dll
**** IE Extensions ****
IEExt: []
IEExt: [FlashGet] C:\PROGRA~1\FLASHGET\flashget.exe
**** Hosts File Entries ****
HOSTS: 127.0.0.3 n–glx.s–redirect.com
HOSTS: 127.0.0.3 x.full–tgp.net
HOSTS: 127.0.0.3 counter.sexmaniack.com
HOSTS: 127.0.0.3 autoescrowpay.com
HOSTS: 127.0.0.3 www.autoescrowpay.com
HOSTS: 127.0.0.3 www.awmdabest.com
HOSTS: 127.0.0.3 www.sexfiles.nu
HOSTS: 127.0.0.3 awmdabest.com
HOSTS: 127.0.0.3 sexfiles.nu
HOSTS: 127.0.0.3 allforadult.com
HOSTS: 127.0.0.3 www.allforadult.com
HOSTS: 127.0.0.3 www.iframe.biz
HOSTS: 127.0.0.3 iframe.biz
HOSTS: 127.0.0.3 www.newiframe.biz
HOSTS: 127.0.0.3 newiframe.biz
HOSTS: 127.0.0.3 www.vesbiz.biz
HOSTS: 127.0.0.3 vesbiz.biz
HOSTS: 127.0.0.3 www.pizdato.biz
HOSTS: 127.0.0.3 pizdato.biz
HOSTS: 127.0.0.3 www.aaasexypics.com
HOSTS: 127.0.0.3 aaasexypics.com
HOSTS: 127.0.0.3 www.virgin–tgp.net
HOSTS: 127.0.0.3 virgin–tgp.net
HOSTS: 127.0.0.3 www.awmcash.biz
HOSTS: 127.0.0.3 awmcash.biz
HOSTS: 127.0.0.3 buldog–stats.com
HOSTS: 127.0.0.3 www.buldog–stats.com
HOSTS: 127.0.0.3 fregat.drocherway.com
HOSTS: 127.0.0.3 slutmania.biz
HOSTS: 127.0.0.3 www.slutmania.biz
HOSTS: 127.0.0.3 toolbarpartner.com
HOSTS: 127.0.0.3 www.toolbarpartner.com
HOSTS: 127.0.0.3 www.megapornix.com
HOSTS: 127.0.0.3 megapornix.com
HOSTS: 127.0.0.3 www.sp2fucked.biz
HOSTS: 127.0.0.3 sp2fucked.biz
HOSTS: 127.0.0.3 greg–tut.com
HOSTS: 127.0.0.3 www.greg–tut.com
HOSTS: 127.0.0.3 nylonsexy.com
HOSTS: 127.0.0.3 www.nylonsexy.com
HOSTS: 127.0.0.3 vparivalka.com
HOSTS: 127.0.0.3 www.vparivalka.com
**** IE Settings ****
Default Page: http://213.159.117.134/index.php
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: http://213.159.117.134/index.php
Search Bar: res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
Search Page: about:blank
**** IE Context Menu (Right click) ****
IEContext: [Download All by FlashGet] C:\Program Files\FlashGet\jc_all.htm
IEContext: [Download using FlashGet] C:\Program Files\FlashGet\jc_link.htm
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9DEAAE7E–EF12–42AA–A242–C77BCD5F4C00}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9DEAAE7E–EF12–42AA–A242–C77BCD5F4C00}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{81056A6F–6D13–4F42–B380–787B0CECB4AE}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{81056A6F–6D13–4F42–B380–787B0CECB4AE}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF073C02–182B–4218–9685–63FB17B49F63}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF073C02–182B–4218–9685–63FB17B49F63}] DATAGRAM 2
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
{33564D57–0000–0010–8000–00AA00389B71} [http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB]
{8AD9C840–044E–11D1–B3E9–00805F499D93} [http://java.sun.com/products/plugin/autodl/jinstall–142–windows–i586.cab]
{CAFEEFAC–0014–0002–0005–ABCDEFFEDCBA} [http://java.sun.com/products/plugin/autodl/jinstall–142–windows–i586.cab]
{D27CDB6E–AE6D–11CF–96B8–444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]
**** Windows Services ****
[Alerter] %SystemRoot%\System32\svchost.exe –k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AntiVirService] C:\Program Files\AVPersonal\AVGUARD.EXE
[AppMgmt] %SystemRoot%\system32\svchost.exe –k netsvcs
[AudioSrv] %SystemRoot%\System32\svchost.exe –k netsvcs
[AVWUpSrv] "C:\Program Files\AVPersonal\AVWUPSRV.EXE"
[BITS] %SystemRoot%\System32\svchost.exe –k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe –k netsvcs
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1–FD88–11D1–960D–00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe –k netsvcs
[Dhcp] %SystemRoot%\System32\svchost.exe –k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe –k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe –k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe –k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe –k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe –k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe –k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe –k netsvcs
[ImapiService] C:\WINDOWS\System32\imapi.exe
[KPF4] C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe –k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe –k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe –k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe –k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe –k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe –k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe –k netsvcs
[NVSvc] %SystemRoot%\System32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe –k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe –k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe –k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe –k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost –k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe –k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe –k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe –k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe –k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe –k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe –k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe –k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{F4929167–D5E4–468A–9A9D–3EAD0CEEBF1E}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe –k netsvcs
[TermService] %SystemRoot%\System32\svchost.exe –k netsvcs
[Themes] %SystemRoot%\System32\svchost.exe –k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe –k netsvcs
[uploadmgr] %SystemRoot%\System32\svchost.exe –k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe –k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe –k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe –k LocalService
[winmgmt] %systemroot%\system32\svchost.exe –k netsvcs
[WmdmPmSp] %SystemRoot%\System32\svchost.exe –k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe –k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wuauserv] %SystemRoot%\system32\svchost.exe –k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe –k netsvcs
**** Custom IE Search Items ****
SEARCH: [SearchAssistant] about:blank
SEARCH: [SearchAssistant] about:blank
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
**** Complete IE Options ****
IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] http://213.159.117.134/index.php
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://213.159.117.134/index.php
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] about:blank
IEOPT: [Check_Associations] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [FormSuggest Passwords] yes
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [Save Directory] C:\Program Files\Call of Duty\pb\htm\
IEOPT: [Default_Page_URL] http://213.159.117.134/index.php
IEOPT: [Toolbars_Placement]
IEOPT: [HOMEOldSP] about:blank
IEOPT: [Search Bar] res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [Default_Page_URL] http://213.159.117.134/index.php
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Search Page] about:blank
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] http://213.159.117.134/index.php
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://213.159.117.134/index.php
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Search Bar] res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [HOMEOldSP] about:blank
prosze o jedno: HELP ME!
DANGER: SPYWARE.
Skanowal kompa chyba 5 programami:
– Spybot
– Ad–ware
– Error Guard
Oczywiscie wszystko :P mi usunelo ale pulpit zostal i system chodzi strasznie wolno.
Log z CWSshredder:
**** Run Keys ****
RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
RUN: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
RUN: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
RUN: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
RUN: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
RUN: [PayTime] C:\WINDOWS\System32\paytime.exe
RUN: [Dil] C:\WINDOWS\Gjs.exe
RUN: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
RUN: [_Cat2] C:\WINDOWS\nmstt.exe
RUN: [Vdd] C:\WINDOWS\System32\Rdm.exe
RUN: [Bjn] C:\WINDOWS\Cbm.exe
RUN: [Uee] C:\WINDOWS\Rqt.exe
RUN: [Mfo] C:\WINDOWS\System32\Jvm.exe
RUN: [Bjq] C:\WINDOWS\Stq.exe
RUN: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
RUN: [Lpm] C:\WINDOWS\System32\Rrg.exe
RUN: [Lmp] C:\WINDOWS\Dou.exe
RUN: [Erp] C:\WINDOWS\Osr.exe
RUN: [Gsl] C:\WINDOWS\System32\Alm.exe
RUN: [Igo] C:\WINDOWS\Run.exe
RUN: [Kgn] C:\WINDOWS\System32\Tmv.exe
RUN: [Itq] C:\WINDOWS\Huu.exe
RUN: [Dnn] C:\WINDOWS\System32\Eun.exe
RUN: [Bcr] C:\WINDOWS\Ojf.exe
RUN: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
RUN: [PayTime] C:\WINDOWS\System32\paytime.exe
RUN: [Dil] C:\WINDOWS\Gjs.exe
RUN: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
RUN: [Vdd] C:\WINDOWS\System32\Rdm.exe
RUN: [Bjn] C:\WINDOWS\Cbm.exe
RUN: [Uee] C:\WINDOWS\Rqt.exe
RUN: [Mfo] C:\WINDOWS\System32\Jvm.exe
RUN: [Bjq] C:\WINDOWS\Stq.exe
RUN: [Lpm] C:\WINDOWS\System32\Rrg.exe
RUN: [Lmp] C:\WINDOWS\Dou.exe
RUN: [Erp] C:\WINDOWS\Osr.exe
RUN: [Gsl] C:\WINDOWS\System32\Alm.exe
RUN: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
RUN: [Igo] C:\WINDOWS\Run.exe
RUN: [Kgn] C:\WINDOWS\System32\Tmv.exe
RUN: [Itq] C:\WINDOWS\Huu.exe
RUN: [Dnn] C:\WINDOWS\System32\Eun.exe
RUN: [Bcr] C:\WINDOWS\Ojf.exe
**** Browser Helper Objects ****
BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
BHO: [AcroIEHlprObj Class] C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
BHO: [AcroIEHlprObj Class] C:\WINDOWS\System32\jndg.dll
BHO: [Pop Class] C:\WINDOWS\winsx.dll
**** IE Toolbars ****
TOOLBAR: [&Radio] C:\WINDOWS\System32\msdxm.ocx
TOOLBAR: [FlashGet Bar] C:\PROGRA~1\FLASHGET\fgiebar.dll
TOOLBAR: [FlashGet Bar] C:\PROGRA~1\FLASHGET\fgiebar.dll
**** IE Extensions ****
IEExt: []
IEExt: [FlashGet] C:\PROGRA~1\FLASHGET\flashget.exe
**** Hosts File Entries ****
HOSTS: 127.0.0.3 n–glx.s–redirect.com
HOSTS: 127.0.0.3 x.full–tgp.net
HOSTS: 127.0.0.3 counter.sexmaniack.com
HOSTS: 127.0.0.3 autoescrowpay.com
HOSTS: 127.0.0.3 www.autoescrowpay.com
HOSTS: 127.0.0.3 www.awmdabest.com
HOSTS: 127.0.0.3 www.sexfiles.nu
HOSTS: 127.0.0.3 awmdabest.com
HOSTS: 127.0.0.3 sexfiles.nu
HOSTS: 127.0.0.3 allforadult.com
HOSTS: 127.0.0.3 www.allforadult.com
HOSTS: 127.0.0.3 www.iframe.biz
HOSTS: 127.0.0.3 iframe.biz
HOSTS: 127.0.0.3 www.newiframe.biz
HOSTS: 127.0.0.3 newiframe.biz
HOSTS: 127.0.0.3 www.vesbiz.biz
HOSTS: 127.0.0.3 vesbiz.biz
HOSTS: 127.0.0.3 www.pizdato.biz
HOSTS: 127.0.0.3 pizdato.biz
HOSTS: 127.0.0.3 www.aaasexypics.com
HOSTS: 127.0.0.3 aaasexypics.com
HOSTS: 127.0.0.3 www.virgin–tgp.net
HOSTS: 127.0.0.3 virgin–tgp.net
HOSTS: 127.0.0.3 www.awmcash.biz
HOSTS: 127.0.0.3 awmcash.biz
HOSTS: 127.0.0.3 buldog–stats.com
HOSTS: 127.0.0.3 www.buldog–stats.com
HOSTS: 127.0.0.3 fregat.drocherway.com
HOSTS: 127.0.0.3 slutmania.biz
HOSTS: 127.0.0.3 www.slutmania.biz
HOSTS: 127.0.0.3 toolbarpartner.com
HOSTS: 127.0.0.3 www.toolbarpartner.com
HOSTS: 127.0.0.3 www.megapornix.com
HOSTS: 127.0.0.3 megapornix.com
HOSTS: 127.0.0.3 www.sp2fucked.biz
HOSTS: 127.0.0.3 sp2fucked.biz
HOSTS: 127.0.0.3 greg–tut.com
HOSTS: 127.0.0.3 www.greg–tut.com
HOSTS: 127.0.0.3 nylonsexy.com
HOSTS: 127.0.0.3 www.nylonsexy.com
HOSTS: 127.0.0.3 vparivalka.com
HOSTS: 127.0.0.3 www.vparivalka.com
**** IE Settings ****
Default Page: http://213.159.117.134/index.php
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: http://213.159.117.134/index.php
Search Bar: res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
Search Page: about:blank
**** IE Context Menu (Right click) ****
IEContext: [Download All by FlashGet] C:\Program Files\FlashGet\jc_all.htm
IEContext: [Download using FlashGet] C:\Program Files\FlashGet\jc_link.htm
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9DEAAE7E–EF12–42AA–A242–C77BCD5F4C00}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9DEAAE7E–EF12–42AA–A242–C77BCD5F4C00}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{81056A6F–6D13–4F42–B380–787B0CECB4AE}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{81056A6F–6D13–4F42–B380–787B0CECB4AE}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF073C02–182B–4218–9685–63FB17B49F63}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{AF073C02–182B–4218–9685–63FB17B49F63}] DATAGRAM 2
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
{33564D57–0000–0010–8000–00AA00389B71} [http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB]
{8AD9C840–044E–11D1–B3E9–00805F499D93} [http://java.sun.com/products/plugin/autodl/jinstall–142–windows–i586.cab]
{CAFEEFAC–0014–0002–0005–ABCDEFFEDCBA} [http://java.sun.com/products/plugin/autodl/jinstall–142–windows–i586.cab]
{D27CDB6E–AE6D–11CF–96B8–444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]
**** Windows Services ****
[Alerter] %SystemRoot%\System32\svchost.exe –k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AntiVirService] C:\Program Files\AVPersonal\AVGUARD.EXE
[AppMgmt] %SystemRoot%\system32\svchost.exe –k netsvcs
[AudioSrv] %SystemRoot%\System32\svchost.exe –k netsvcs
[AVWUpSrv] "C:\Program Files\AVPersonal\AVWUPSRV.EXE"
[BITS] %SystemRoot%\System32\svchost.exe –k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe –k netsvcs
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1–FD88–11D1–960D–00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe –k netsvcs
[Dhcp] %SystemRoot%\System32\svchost.exe –k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe –k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe –k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe –k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe –k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe –k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe –k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe –k netsvcs
[ImapiService] C:\WINDOWS\System32\imapi.exe
[KPF4] C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe –k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe –k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe –k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe –k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe –k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe –k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe –k netsvcs
[NVSvc] %SystemRoot%\System32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe –k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe –k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe –k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe –k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost –k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe –k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe –k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe –k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe –k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe –k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe –k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe –k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{F4929167–D5E4–468A–9A9D–3EAD0CEEBF1E}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe –k netsvcs
[TermService] %SystemRoot%\System32\svchost.exe –k netsvcs
[Themes] %SystemRoot%\System32\svchost.exe –k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe –k netsvcs
[uploadmgr] %SystemRoot%\System32\svchost.exe –k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe –k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe –k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe –k LocalService
[winmgmt] %systemroot%\system32\svchost.exe –k netsvcs
[WmdmPmSp] %SystemRoot%\System32\svchost.exe –k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe –k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wuauserv] %SystemRoot%\system32\svchost.exe –k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe –k netsvcs
**** Custom IE Search Items ****
SEARCH: [SearchAssistant] about:blank
SEARCH: [SearchAssistant] about:blank
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
**** Complete IE Options ****
IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] http://213.159.117.134/index.php
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://213.159.117.134/index.php
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] about:blank
IEOPT: [Check_Associations] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] no
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [FormSuggest Passwords] yes
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [Save Directory] C:\Program Files\Call of Duty\pb\htm\
IEOPT: [Default_Page_URL] http://213.159.117.134/index.php
IEOPT: [Toolbars_Placement]
IEOPT: [HOMEOldSP] about:blank
IEOPT: [Search Bar] res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [Default_Page_URL] http://213.159.117.134/index.php
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Search Page] about:blank
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] http://213.159.117.134/index.php
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://213.159.117.134/index.php
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Search Bar] res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [HOMEOldSP] about:blank
prosze o jedno: HELP ME!
Odpowiedzi: 1
Do usuniecia:
+ jeszcze wiele więcej rzeczy
Zapodaj log z Hijack This bo zanim bym wszystko powymieniał gdzie recznie pousuwac to zaszłoby troche
RUN: [PayTime] C:\WINDOWS\System32\paytime.exe
RUN: [Dil] C:\WINDOWS\Gjs.exe
RUN: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
RUN: [_Cat2] C:\WINDOWS\nmstt.exe
RUN: [Vdd] C:\WINDOWS\System32\Rdm.exe
RUN: [Bjn] C:\WINDOWS\Cbm.exe
RUN: [Uee] C:\WINDOWS\Rqt.exe
RUN: [Mfo] C:\WINDOWS\System32\Jvm.exe
RUN: [Bjq] C:\WINDOWS\Stq.exe
RUN: [Lpm] C:\WINDOWS\System32\Rrg.exe
RUN: [Lmp] C:\WINDOWS\Dou.exe
RUN: [Erp] C:\WINDOWS\Osr.exe
RUN: [Gsl] C:\WINDOWS\System32\Alm.exe
RUN: [Igo] C:\WINDOWS\Run.exe
RUN: [Kgn] C:\WINDOWS\System32\Tmv.exe
RUN: [Itq] C:\WINDOWS\Huu.exe
RUN: [Dnn] C:\WINDOWS\System32\Eun.exe
RUN: [Bcr] C:\WINDOWS\Ojf.exe
exe
RUN: [PayTime] C:\WINDOWS\System32\paytime.exe
RUN: [Dil] C:\WINDOWS\Gjs.exe
RUN: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
RUN: [Vdd] C:\WINDOWS\System32\Rdm.exe
RUN: [Bjn] C:\WINDOWS\Cbm.exe
RUN: [Uee] C:\WINDOWS\Rqt.exe
RUN: [Mfo] C:\WINDOWS\System32\Jvm.exe
RUN: [Bjq] C:\WINDOWS\Stq.exe
RUN: [Lpm] C:\WINDOWS\System32\Rrg.exe
RUN: [Lmp] C:\WINDOWS\Dou.exe
RUN: [Erp] C:\WINDOWS\Osr.exe
RUN: [Gsl] C:\WINDOWS\System32\Alm.exe
RUN: [Igo] C:\WINDOWS\Run.exe
RUN: [Kgn] C:\WINDOWS\System32\Tmv.exe
RUN: [Itq] C:\WINDOWS\Huu.exe
RUN: [Dnn] C:\WINDOWS\System32\Eun.exe
RUN: [Bcr] C:\WINDOWS\Ojf.exe
BHO: [AcroIEHlprObj Class] C:\WINDOWS\System32\jndg.dll
BHO: [Pop Class] C:\WINDOWS\winsx.dll
HOSTS: 127.0.0.3 n–glx.s–redirect.com
HOSTS: 127.0.0.3 x.full–tgp.net
HOSTS: 127.0.0.3 counter.sexmaniack.com
HOSTS: 127.0.0.3 autoescrowpay.com
HOSTS: 127.0.0.3 www.autoescrowpay.com
HOSTS: 127.0.0.3 www.awmdabest.com
HOSTS: 127.0.0.3 www.sexfiles.nu
HOSTS: 127.0.0.3 awmdabest.com
HOSTS: 127.0.0.3 sexfiles.nu
HOSTS: 127.0.0.3 allforadult.com
HOSTS: 127.0.0.3 www.allforadult.com
HOSTS: 127.0.0.3 www.iframe.biz
HOSTS: 127.0.0.3 iframe.biz
HOSTS: 127.0.0.3 www.newiframe.biz
HOSTS: 127.0.0.3 newiframe.biz
HOSTS: 127.0.0.3 www.vesbiz.biz
HOSTS: 127.0.0.3 vesbiz.biz
HOSTS: 127.0.0.3 www.Pamela.biz
HOSTS: 127.0.0.3 Pamela.biz
HOSTS: 127.0.0.3 www.aaasexypics.com
HOSTS: 127.0.0.3 aaasexypics.com
HOSTS: 127.0.0.3 www.virgin–tgp.net
HOSTS: 127.0.0.3 virgin–tgp.net
HOSTS: 127.0.0.3 www.awmcash.biz
HOSTS: 127.0.0.3 awmcash.biz
HOSTS: 127.0.0.3 buldog–stats.com
HOSTS: 127.0.0.3 www.buldog–stats.com
HOSTS: 127.0.0.3 fregat.drocherway.com
HOSTS: 127.0.0.3 slutmania.biz
HOSTS: 127.0.0.3 www.slutmania.biz
HOSTS: 127.0.0.3 toolbarpartner.com
HOSTS: 127.0.0.3 www.toolbarpartner.com
HOSTS: 127.0.0.3 www.megapornix.com
HOSTS: 127.0.0.3 megapornix.com
HOSTS: 127.0.0.3 www.sp2fucked.biz
HOSTS: 127.0.0.3 sp2fucked.biz
HOSTS: 127.0.0.3 greg–tut.com
HOSTS: 127.0.0.3 www.greg–tut.com
HOSTS: 127.0.0.3 nylonsexy.com
HOSTS: 127.0.0.3 www.nylonsexy.com
HOSTS: 127.0.0.3 vparivalka.com
HOSTS: 127.0.0.3 www.vparivalka.com
Default Page: http://213.159.117.134/index.php
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: http://213.159.117.134/index.php
Search Bar: res://C:\DOCUME~1\Ziomas\USTAWI~1\Temp\se.dll/sp.html
Search Page: about:blank
+ jeszcze wiele więcej rzeczy
Zapodaj log z Hijack This bo zanim bym wszystko powymieniał gdzie recznie pousuwac to zaszłoby troche