CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Hijackthis oto logi– potrzebuje pomocy

Hijackthis oto logi– potrzebuje pomocy

Witam, caly komp zawalony jakims syfem. :shock:

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCompaqCompaq Management Agentscpqalert.exe
C:WindowsCpqdiagCpqdfwag.exe
C:PROGRA~1CompaqCOMPAQ~1CPQWEB~1WebDmi.exe
C:PROGRA~1SYMANT~1SYMANT~1DefWatch.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:PROGRA~1SYMANT~1SYMANT~1Rtvscan.exe
C:WINDOWSSystem32 cpsvcs.exe
C:Program FilesCompaqCompaq Management AgentsDmiWin32inWin32sl.exe
C:Windowssystem32javahs.exe
C:PROGRA~1CompaqCOMPAQ~1cpqdmi.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C:Program FilesAnalog DevicesSoundMAXSmtray.exe
C:Program FilesCOMPAQEasy Access Button SupportStartEAK.exe
C:WINDOWSsystem32NWTRAY.EXE
C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
C:Program FilesWindows ServeAdWinServAd.exe
C:Windowssystem32 tlt32.exe
C:Program FilesWindows ServeAdWinServSuit.exe
C:PROGRA~1CompaqCOMPAQ~1CHKADMIN.EXE
C:WINDOWSsystem32Rxtwph.exe
C:Program FilesCompaqEasy Access Button SupportCPQEAKSYSTEMTRAY.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesCompaqEasy Access Button SupportCPQEADM.EXE
C:CompaqEAKDRVEAUSBKBD.EXE
C:PROGRA~1CompaqEASYAC~1BttnServ.exe
C:Program FilesGadu–Gadugg.exe
C:Documents and SettingsacichDane aplikacjiebre.exe
C:WindowsSystem32sspfixuk.exe
C:Program FilesSpybot – Search & DestroyTeaTimer.exe
C:WINDOWSsystem32 undll32.exe
C:Program FilesWinZipWZQKPICK.EXE
C:WINDOWSsystem32wpabaln.exe
C:Documents and SettingsacichPulpitHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,SearchURL = http://69.50.184.51/find4u/sp.htm
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.searchmiracle.com/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {F0D6D30E–BA73–7B78–30E2–D479FA6CBF01} – C:WINDOWSaddxl.dll
O3 – Toolbar: YourSiteBar – {86227D9C–0EFE–4f8a–AA55–30386A3F5686} – C:PROGRA~1YOURSI~1ysb.dll
O4 – HKLM..Run: [Smapp] C:Program FilesAnalog DevicesSoundMAXSmtray.exe
O4 – HKLM..Run: [CPQEASYACC] C:Program FilesCOMPAQEasy Access Button SupportStartEAK.exe
O4 – HKLM..Run: [PROMon.exe] PROMon.exe
O4 – HKLM..Run: [NWTRAY] NWTRAY.EXE
O4 – HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
O4 – HKLM..Run: [Windows ServeAd] C:Program FilesWindows ServeAdWinServAd.exe
O4 – HKLM..Run: [ntlt32.exe] C:Windowssystem32 tlt32.exe
O4 – HKLM..Run: [ChkAdmin] C:PROGRA~1CompaqCOMPAQ~1CHKADMIN.EXE
O4 – HKLM..Run: [version] C:WINDOWSsystem32Djpuwc.exe
O4 – HKLM..Run: [secure] C:WINDOWSsystem32Rxtwph.exe
O4 – HKLM..RunServices: [CPQDFWAG] C:WindowsCpqdiagCpqDfwAg.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Eile] C:Documents and SettingsacichDane aplikacjipdoa.exe
O4 – HKCU..Run: [Omgpkd] C:WindowsSystem32sspfixuk.exe
O4 – HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot – Search & DestroyTeaTimer.exe
O4 – HKCU..Run: [Instant Access] rundll32.exe p2esocks_1030.dll,InstantAccess
O4 – HKCU..Run: [Pcnp] C:Documents and SettingsacichDane aplikacjiebre.exe
O4 – HKCU..Run: [Spyware Begone] C:freescanfreescan.exe –FastScan
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 – Global Startup: WinZip Quick Pick.lnk = C:Program FilesWinZipWZQKPICK.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra button: Pardon – {302172A1–A2B4–4402–B1D0–F5D54C3E83C6} – C:Program FilesPardon 2Pardon.exe (file missing)
O9 – Extra 'Tools' menuitem: Pardon – {302172A1–A2B4–4402–B1D0–F5D54C3E83C6} – C:Program FilesPardon 2Pardon.exe (file missing)
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O15 – Trusted Zone: *.05p.com
O15 – Trusted Zone: *.awmdabest.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.frame.crazywinnings.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.scoobidoo.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.static.topconverting.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.05p.com (HKLM)
O15 – Trusted Zone: *.awmdabest.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.scoobidoo.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.static.topconverting.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted IP range: 206.161.125.149
O15 – Trusted IP range: 206.161.125.149 (HKLM)
O16 – DPF: v2cab – http://searchmiracle.com/cab/v2cab.cab
O16 – DPF: {00000EF1–0786–4633–87C6–1AA7A44296DA} – http://www.addictivetechnologies.net/DM0/cab/17kd11fg.cab
O16 – DPF: {03C543A1–C090–418F–A1D0–FB96380D601D} – http://www.msado.soczysta.pl/wejscie.exe
O16 – DPF: {10000000–1000–0000–1000–000000000000} – file://C:Program FilesInternet Explorerfuovhgkc.exe
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://213.159.117.133/dl/traff/x.chm::/load.exe
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://c: osuch.mht!http://www.awmdabest.com/bltd/116.chm::/file.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=4ee1cae38ba3878e9eecabd7ed570ec56d32d820ee236f08cd80640c904e40287d54696570d0340c3432e4069acbf04ca9281b7f4b:d9153716a5b53d9922b36b447e607517
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {771A1334–6B08–4A6B–AEDC–CF994BA2CEBE} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 – DPF: {91433D86–9F27–402C–B5E3–DEBDD122C339} – http://www.netvenda.com/sites/games–intl/pl/games4.cab
O16 – DPF: {A67BA5E3–5B79–11D6–A711–00C12601EADE} – http://www.sexshow.peel.pl/dekoder/filmy_nowe.exe
O16 – DPF: {EE8B6D5F–FEF2–11D0–B13F–00A024798EF3} – http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 – DPF: {F0BC061F–DAF9–4533–8011–53BCB4C10307} – http://install.flexview.de/InstallationsAssistent.ocx
O16 – DPF: {F72BC3F0–6C20–4793–9DDA–258589D8A907} – http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
O16 – DPF: {FF521631–31DA–48AC–B4E9–390A7694C906} – http://akamai.downloadv3.com/binaries/P2EClient/1030/EGAUTH_1030_1_149_EN_XP.cab
O17 – HKLMSystemCCSServicesTcpip..{1B3AC003–AD77–439F–A661–09C403D010BD}: NameServer = 217.30.129.149,217.30.137.200
O23 – Service: Compaq Local Alerter – Hewlett–Packard Company – C:Program FilesCompaqCompaq Management Agentscpqalert.exe
O23 – Service: Compaq Remote Diagnostics Enabling Agent – Compaq Computer Corporation – C:WindowsCpqdiagCpqdfwag.exe
O23 – Service: cpqdmi – Compaq Computer Corporation – C:PROGRA~1CompaqCOMPAQ~1cpqdmi.exe
O23 – Service: Compaq DMI Web Agent – Compaq Computer Corporation – C:PROGRA~1CompaqCOMPAQ~1CPQWEB~1WebDmi.exe
O23 – Service: DefWatch – Symantec Corporation – C:PROGRA~1SYMANT~1SYMANT~1DefWatch.exe
O23 – Service: Intel(R) NMS – Intel Corporation – C:WindowsSystem32NMSSvc.exe
O23 – Service: Klient Symantec AntiVirus – Symantec Corporation – C:PROGRA~1SYMANT~1SYMANT~1Rtvscan.exe
O23 – Service: Win32Sl – Intel – C:Program FilesCompaqCompaq Management AgentsDmiWin32inWin32sl.exe
O23 – Service: Workstation NetLogon Service – Unknown – C:Windowssystem32javahs.exe


Prosze o pomoc .

Odpowiedzi: 20

A na serio – nie łaź po dzikich stronach bo się wkopiesz w powaźniejsze problemy i będziesz musiał formatować dyski, co zresztą jest przyjemne, jak się ma duźo czasu :P
Miłego weekendu :!:
Dziadek Piotr
Dodano
28.01.2005 19:25:55
:lol: UCHO!
Wystąpię do Sądu o odszkodowanie od Ciebie, bośmy z źoną prawie popękali ze śmiechu!!! Trzymaj się! PZDR z Łodzi :mrgreen:
Piotr Kłys
Dodano
28.01.2005 18:59:58
ktos juz tutaj kiedys napisal, ze jak sie chodzi na panienki to trza se kupic prezerwatywe :–)
Ucho
Dodano
28.01.2005 17:12:58
El NINO JESTES WIELKI.

Dziekuje, bede na przyszlosc bardziej pilnowal.

Jeszcze raz wielkie dzieki za pomoc .
Clone
Dodano
28.01.2005 13:14:06
Wejdz do rejestru i z klucza
HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsoneMapDomains\r usun zarowno frame.crazywinnings.com, jak i to drugie. Odszukaj to rowniez w kluczu HKLM.
Ponadto zerknij do :
HKEY_USERSS–1–5–21–1165327035–67128948–623648099–3979SoftwareMicrosoftWindowsCurrentVersionInternet SettingsoneMapDomains

Co do tych exe i dll, sprawdz i usun jesli beda:
C:Windowssystem32javahs.exe
C:Program FilesWindows ServeAdWinServAd.exe
C:Windowssystem32 tlt32.exe
C:Program FilesWindows ServeAdWinServSuit.exe
C:WINDOWSsystem32Rxtwph.exe
C:Documents and SettingsacichDane aplikacjiebre.exe
C:WindowsSystem32sspfixuk.exe
C:WINDOWSaddxl.dll
C:PROGRA~1YOURSI~1ysb.dll
C:WINDOWSsystem32Djpuwc.exe
C:Documents and SettingsacichDane aplikacjipdoa.exe
p2esocks_1030.dll
EL NINO
Dodano
28.01.2005 12:55:42
Te 015 logi caly czas wracaja na meisjce . :(

Usunac pliki exe ??? te z hijack–a ? :D

Pozdrawiam Clone
Clone
Dodano
28.01.2005 12:36:41
Zostalo to:

O15 – Trusted Zone: *.frame.crazywinnings.com
O15 – Trusted Zone: *.static.topconverting.com
O15 – Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 – Trusted Zone: *.static.topconverting.com (HKLM)
O16 – DPF: {91433D86–9F27–402C–B5E3–DEBDD122C339} – http://www.netvenda.com/sites/games–intl/pl/games4.cab
O16 – DPF: {EE8B6D5F–FEF2–11D0–B13F–00A024798EF3} – http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 – DPF: {F0BC061F–DAF9–4533–8011–53BCB4C10307} – http://install.flexview.de/InstallationsAssistent.ocx


Usunales z dysku pliki exe i dll podane wyzej ? Przeszukaj dysk.
EL NINO
Dodano
28.01.2005 12:28:46
Juz jest o niebo lepiej :) wszedlem na forum z zainfekowanego kompa hahaha –.–
Podaje nowe logi

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WindowsCpqdiagCpqdfwag.exe
C:PROGRA~1SYMANT~1SYMANT~1DefWatch.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WindowsSystem32NMSSvc.exe
C:Program FilesEset od32krn.exe
C:PROGRA~1SYMANT~1SYMANT~1Rtvscan.exe
C:WINDOWSSystem32 cpsvcs.exe
C:WINDOWSExplorer.EXE
C:Program FilesAnalog DevicesSoundMAXSmtray.exe
C:Program FilesCOMPAQEasy Access Button SupportStartEAK.exe
C:WINDOWSsystem32NWTRAY.EXE
C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
C:Program FilesEset od32kui.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesSpybot – Search & DestroyTeaTimer.exe
C:freescanfreescan.exe
C:Program FilesCompaqEasy Access Button SupportCPQEAKSYSTEMTRAY.EXE
C:Program FilesCompaqEasy Access Button SupportCPQEADM.EXE
C:CompaqEAKDRVEAUSBKBD.EXE
C:PROGRA~1CompaqEASYAC~1BttnServ.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsacichPulpitHijackThis.exe
C:WINDOWSsystem32wscntfy.exe

O4 – HKLM..Run: [Smapp] C:Program FilesAnalog DevicesSoundMAXSmtray.exe
O4 – HKLM..Run: [CPQEASYACC] C:Program FilesCOMPAQEasy Access Button SupportStartEAK.exe
O4 – HKLM..Run: [PROMon.exe] PROMon.exe
O4 – HKLM..Run: [NWTRAY] NWTRAY.EXE
O4 – HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~1vptray.exe
O4 – HKLM..Run: [nod32kui] "C:Program FilesEset od32kui.exe" /WAITSERVICE
O4 – HKLM..RunServices: [CPQDFWAG] C:WindowsCpqdiagCpqDfwAg.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot – Search & DestroyTeaTimer.exe
O4 – HKCU..Run: [Spyware Begone] C:freescanfreescan.exe –FastScan
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O15 – Trusted Zone: *.frame.crazywinnings.com
O15 – Trusted Zone: *.static.topconverting.com
O15 – Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 – Trusted Zone: *.static.topconverting.com (HKLM)
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {91433D86–9F27–402C–B5E3–DEBDD122C339} – http://www.netvenda.com/sites/games–intl/pl/games4.cab
O16 – DPF: {EE8B6D5F–FEF2–11D0–B13F–00A024798EF3} – http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 – DPF: {F0BC061F–DAF9–4533–8011–53BCB4C10307} – http://install.flexview.de/InstallationsAssistent.ocx
O17 – HKLMSystemCCSServicesTcpip..{1B3AC003–AD77–439F–A661–09C403D010BD}: NameServer = 217.30.129.149,217.30.137.200
O23 – Service: Compaq Remote Diagnostics Enabling Agent – Compaq Computer Corporation – C:WindowsCpqdiagCpqdfwag.exe
O23 – Service: DefWatch – Symantec Corporation – C:PROGRA~1SYMANT~1SYMANT~1DefWatch.exe
O23 – Service: Intel(R) NMS – Intel Corporation – C:WindowsSystem32NMSSvc.exe
O23 – Service: NOD32 Kernel Service – Unknown – C:Program FilesEset od32krn.exe
O23 – Service: Klient Symantec AntiVirus – Symantec Corporation – C:PROGRA~1SYMANT~1SYMANT~1Rtvscan.exe
Clone
Dodano
28.01.2005 12:18:52
Pominales Marcinie kilka rzeczy, jak rowniez narobisz bigosu usuwajac inne.

Czysc Clone:


C:Windowssystem32javahs.exe
C:Program FilesWindows ServeAdWinServAd.exe
C:Windowssystem32 tlt32.exe
C:Program FilesWindows ServeAdWinServSuit.exe
C:WINDOWSsystem32Rxtwph.exe
C:Documents and SettingsacichDane aplikacjiebre.exe
C:WindowsSystem32sspfixuk.exe

R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,SearchURL = http://69.50.184.51/find4u/sp.htm
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.searchmiracle.com/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: (no name) – {F0D6D30E–BA73–7B78–30E2–D479FA6CBF01} – C:WINDOWSaddxl.dll
O3 – Toolbar: YourSiteBar – {86227D9C–0EFE–4f8a–AA55–30386A3F5686} – C:PROGRA~1YOURSI~1ysb.dll
O4 – HKLM..Run: [Windows ServeAd] C:Program FilesWindows ServeAdWinServAd.exe
O4 – HKLM..Run: [ntlt32.exe] C:Windowssystem32 tlt32.exe
O4 – HKLM..Run: [version] C:WINDOWSsystem32Djpuwc.exe
O4 – HKLM..Run: [secure] C:WINDOWSsystem32Rxtwph.exe
O4 – HKCU..Run: [Eile] C:Documents and SettingsacichDane aplikacjipdoa.exe
O4 – HKCU..Run: [Omgpkd] C:WindowsSystem32sspfixuk.exe
O4 – HKCU..Run: [Instant Access] rundll32.exe p2esocks_1030.dll,InstantAccess
O4 – HKCU..Run: [Pcnp] C:Documents and SettingsacichDane aplikacjiebre.exe
O9 – Extra button: Pardon – {302172A1–A2B4–4402–B1D0–F5D54C3E83C6} – C:Program FilesPardon 2Pardon.exe (file missing)
O9 – Extra 'Tools' menuitem: Pardon – {302172A1–A2B4–4402–B1D0–F5D54C3E83C6} – C:Program FilesPardon 2Pardon.exe (file missing)
O15 – Trusted Zone: *.05p.com
O15 – Trusted Zone: *.awmdabest.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.frame.crazywinnings.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.scoobidoo.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.static.topconverting.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.05p.com (HKLM)
O15 – Trusted Zone: *.awmdabest.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.scoobidoo.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.static.topconverting.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted IP range: 206.161.125.149
O15 – Trusted IP range: 206.161.125.149 (HKLM)
O16 – DPF: v2cab – http://searchmiracle.com/cab/v2cab.cab
O16 – DPF: {00000EF1–0786–4633–87C6–1AA7A44296DA} – http://www.addictivetechnologies.net/DM0/cab/17kd11fg.cab
O16 – DPF: {10000000–1000–0000–1000–000000000000} – file://C:Program FilesInternet Explorerfuovhgkc.exe
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://213.159.117.133/dl/traff/x.chm::/load.exe
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://c: osuch.mht!http://www.awmdabest.com/bltd/116.chm::/file.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=4ee1cae38ba3878e9eecabd7ed570ec56d32d820ee236f08cd80640c904e40287d54696570d0340c3432e4069acbf04ca9281b7f4b:d9153716a5b53d9922b36b447e607517
O16 – DPF: {771A1334–6B08–4A6B–AEDC–CF994BA2CEBE} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 – DPF: {A67BA5E3–5B79–11D6–A711–00C12601EADE} – http://www.sexshow.peel.pl/dekoder/filmy_nowe.exe
O16 – DPF: {F72BC3F0–6C20–4793–9DDA–258589D8A907} – http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
O16 – DPF: {FF521631–31DA–48AC–B4E9–390A7694C906} – http://akamai.downloadv3.com/binaries/P2EClient/1030/EGAUTH_1030_1_149_EN_XP.cab
O23 – Service: Workstation NetLogon Service – Unknown – C:Windowssystem32javahs.exe



To chyba rowniez nie jest program do otwierania folderow ? :wink:
O16 – DPF: {03C543A1–C090–418F–A1D0–FB96380D601D} – http://www.msado.soczysta.pl/wejscie.exe
EL NINO
Dodano
28.01.2005 11:52:07

C:Program FilesWindows ServeAdWinServAd.exe
C:Windowssystem32 tlt32.exe
C:WINDOWSsystem32Rxtwph.exe
C:Documents and SettingsacichDane aplikacjiebre.exe
C:WindowsSystem32sspfixuk.exe
1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSsystem32yvxnx.dll/sp.html#12345
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,SearchURL = http://69.50.184.51/find4u/sp.htm
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.searchmiracle.com/
O2 – BHO: (no name) – {F0D6D30E–BA73–7B78–30E2–D479FA6CBF01} – C:WINDOWSaddxl.dll
O3 – Toolbar: YourSiteBar – {86227D9C–0EFE–4f8a–AA55–30386A3F5686} – C:PROGRA~1YOURSI~1ysb.dll
O4 – HKLM..Run: [Windows ServeAd] C:Program FilesWindows ServeAdWinServAd.exe
O4 – HKLM..Run: [ntlt32.exe] C:Windowssystem32 tlt32.exe
O4 – HKLM..Run: [version] C:WINDOWSsystem32Djpuwc.exe
O4 – HKLM..Run: [secure] C:WINDOWSsystem32Rxtwph.exe
O4 – HKCU..Run: [Eile] C:Documents and SettingsacichDane aplikacjipdoa.exe
O4 – HKCU..Run: [Omgpkd] C:WindowsSystem32sspfixuk.exe
O4 – HKCU..Run: [Pcnp] C:Documents and SettingsacichDane aplikacjiebre.exe
O15 – Trusted Zone: *.05p.com
O15 – Trusted Zone: *.awmdabest.com
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.frame.crazywinnings.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.scoobidoo.com
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.static.topconverting.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.05p.com (HKLM)
O15 – Trusted Zone: *.awmdabest.com (HKLM)
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.scoobidoo.com (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.static.topconverting.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O16 – DPF: v2cab – http://searchmiracle.com/cab/v2cab.cab
O16 – DPF: {00000EF1–0786–4633–87C6–1AA7A44296DA} – http://www.addictivetechnologies.net/DM0/cab/17kd11fg.cab
O16 – DPF: {03C543A1–C090–418F–A1D0–FB96380D601D} – http://www.msado.soczysta.pl/wejscie.exe
O16 – DPF: {10000000–1000–0000–1000–000000000000} – file://C:Program FilesInternet Explorerfuovhgkc.exe
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://213.159.117.133/dl/traff/x.chm::/load.exe
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://c: osuch.mht!http://www.awmdabest.com/bltd/116.chm::/file.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=4ee1cae38ba3878e9eecabd7ed570ec56d32d820ee236f08cd80640c904e40287d54696570d0340c3432e4069acbf04ca9281b7f4b:d9153716a5b53d9922b36b447e607517
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {771A1334–6B08–4A6B–AEDC–CF994BA2CEBE} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 – DPF: {91433D86–9F27–402C–B5E3–DEBDD122C339} – http://www.netvenda.com/sites/games–intl/pl/games4.cab
O16 – DPF: {A67BA5E3–5B79–11D6–A711–00C12601EADE} – http://www.sexshow.peel.pl/dekoder/filmy_nowe.exe
O16 – DPF: {EE8B6D5F–FEF2–11D0–B13F–00A024798EF3} – http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 – DPF: {F0BC061F–DAF9–4533–8011–53BCB4C10307} – http://install.flexview.de/InstallationsAssistent.ocx
O16 – DPF: {F72BC3F0–6C20–4793–9DDA–258589D8A907} – http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
O16 – DPF: {FF521631–31DA–48AC–B4E9–390A7694C906} – http://akamai.downloadv3.com/binaries/P2EClient/1030/EGAUTH_1030_1_149_EN_XP.cab
O17 – HKLMSystemCCSServicesTcpip..{1B3AC003–AD77–439F–A661–09C403D010BD}: NameServer = 217.30.129.149,217.30.137.200
O23 – Service: Compaq Local Alerter – Hewlett–Packard Company – C:Program FilesCompaqCompaq Management Agentscpqalert.exe
O23 – Service: Compaq Remote Diagnostics Enabling Agent – Compaq Computer Corporation – C:WindowsCpqdiagCpqdfwag.exe
O23 – Service: Workstation NetLogon Service – Unknown – C:Windowssystem32javahs.exe


Na początek wywal to.
przy takiej ilości syfu moźna coś przeoczyć więc po uporządkowaniu daj jeszcze raz loga.
MarcinX
Dodano
28.01.2005 11:28:10
wykopsaj GG i załóź sobie MSN Messengera, 6 albo bete 7 (z lewej strony na MSN download), chodzi nie jak GG tylko pod meilem – i ma więcej funkcji i jest przyjemniejszy – co juź kwestią gustu. Trzymaj się mocno i nie marudź, tylko wyczyść co moźesz i nie łaź po wrednych stronach. A'propo: masz SP2? I nie wyłączyłeś zapory w XP? I nie zezwalałeś na formanty activX? Przeanalizuj, od kiedy masz problemy i co zrobiłeś, źe Ci zamuliło kompa. Hej.
Piotr Kłys
Dodano
28.01.2005 11:14:34
aha, jeszcze jedno: głęboka analiza zajmuje kilka minut – w zaleźności od partycji, które zaznaczysz. Zaznacz wszystkie i zeskanuj jeszcze ra, apotem – zastosuj opcję wylecz. Drugi program, kóy sobie załóź ze strony: http://www.centrumxp.pl/download/programy/katalog.php?nazwa=antispyware&kategoria=0&sortuj=ilosc
i zainstaluj i zaznacz scan nie inteligentny, tylko głęboki. Baw się dobrze.
Piotr Kłys
Dodano
28.01.2005 11:09:56
Caly czas mam trojany w pamieci operacyjnej i nod nie moze ich wyleczyc.
Dalej nie dziala IE :(
GG tez ma problemy caly czas...
Clone
Dodano
28.01.2005 11:04:13
W ustawieniach konfiguracyjnych zaznacz dla poszczególnych opcji "wylecz", jak nie moźe – "usuń", jak nie wolno "kwarantanna".
W lewym panelu gdzie jest wybór obszarów zbiorów i pamięci przewiń wszystkich pięć po kolei w kaźdej zaznacz w. ustawienia. Zrób to dla wszystkich modułów: AMON, DMON. IMON i NOD. Załóź głęboką heurystykę i ...wio. Hej. :mrgreen:
Piotr Kłys
Dodano
28.01.2005 10:56:45
Poza tym trojanow jest duzo duzo :)
ale chyba te inne wyleczy....
Clone
Dodano
28.01.2005 10:40:50
hum
Zainstalowalem i na dzien dobry wykryl trojana w swojej pamieci ktorego nie moze usunac :)
win32/small.DC .
Jakies sugestie ?
Clone
Dodano
28.01.2005 10:40:11
:P Nie Placu Wolności, tylko na Placu Czerwonym, nie samochody, tylko rowery, nie rozdają, tylko kradną, a poza tym wszystko się zgadza :lol:
Piotr Kłys
Dodano
28.01.2005 10:11:40
n sie wkradło :)
Clone
Dodano
28.01.2005 10:08:56
Co to jest NOD32n? Nie mogę go namierzyć. A jakiego masz NOD'a? Ściągnij go sobie jeszcze raz ze strony, którą Ci podałem i zarejestruj go. Jak będziesz miał problemy z NOD'em skontaktuj się mailem z malkowski.t@dagma.pl i opisz co jest nie tak.
Piotr Kłys
Dodano
28.01.2005 10:07:44
To nie NOD32 a NAV :) mala pomylka –.–
Clone
Dodano
28.01.2005 10:01:33
Clone
Dodano:
28.01.2005 09:38:42
Komentarzy:
20
Strona 1 / 2