ibm00001.exe
Ściągnął mi się jakiś trojan i przy włączaniu windowsa wyskakuje komunikat o ibm00001.exe... bardzLogfile of HijackThis v1.99.1
Scan saved at 22:09:28, on 2006–01–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
C:\WINDOWS\System32\leeman.exe
C:\WINDOWS\System32\rtf32.exe
D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\alt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AvltMain.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.828\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O1 – Hosts: 127.0.0.5 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.5 x.full–tgp.net
O1 – Hosts: 127.0.0.5 counter.sexmaniack.com
O1 – Hosts: 127.0.0.5 autoescrowpay.com
O1 – Hosts: 127.0.0.5 www.autoescrowpay.com
O1 – Hosts: 127.0.0.5 www.awmdabest.com
O1 – Hosts: 127.0.0.5 www.sexfiles.nu
O1 – Hosts: 127.0.0.5 awmdabest.com
O1 – Hosts: 127.0.0.5 sexfiles.nu
O1 – Hosts: 127.0.0.5 allforadult.com
O1 – Hosts: 127.0.0.5 www.allforadult.com
O1 – Hosts: 127.0.0.5 www.iframe.biz
O1 – Hosts: 127.0.0.5 iframe.biz
O1 – Hosts: 127.0.0.5 www.newiframe.biz
O1 – Hosts: 127.0.0.5 newiframe.biz
O1 – Hosts: 127.0.0.5 www.vesbiz.biz
O1 – Hosts: 127.0.0.5 vesbiz.biz
O1 – Hosts: 127.0.0.5 www.pizdato.biz
O1 – Hosts: 127.0.0.5 pizdato.biz
O1 – Hosts: 127.0.0.5 www.awmcash.biz
O1 – Hosts: 127.0.0.5 awmcash.biz
O1 – Hosts: 127.0.0.5 buldog–stats.com
O1 – Hosts: 127.0.0.5 www.buldog–stats.com
O1 – Hosts: 127.0.0.5 fregat.drocherway.com
O1 – Hosts: 127.0.0.5 slutmania.biz
O1 – Hosts: 127.0.0.5 www.slutmania.biz
O1 – Hosts: 127.0.0.5 toolbarpartner.com
O1 – Hosts: 127.0.0.5 www.toolbarpartner.com
O1 – Hosts: 127.0.0.5 www.megapornix.com
O1 – Hosts: 127.0.0.5 megapornix.com
O1 – Hosts: 127.0.0.5 www.sp2fucked.biz
O1 – Hosts: 127.0.0.5 sp2fucked.biz
O1 – Hosts: 127.0.0.5 greg–tut.com
O1 – Hosts: 127.0.0.5 www.greg–tut.com
O1 – Hosts: 127.0.0.5 nylonsexy.com
O1 – Hosts: 127.0.0.5 www.nylonsexy.com
O1 – Hosts: 127.0.0.5 vparivalka.com
O1 – Hosts: 127.0.0.5 www.vparivalka.com
O1 – Hosts: 127.0.0.5 iframeprofit.com
O1 – Hosts: 127.0.0.5 www.iframeprofit.com
O1 – Hosts: 127.0.0.5 topsearch10.com
O1 – Hosts: 127.0.0.5 www.topsearch10.com
O1 – Hosts: 127.0.0.5 statscash.biz
O1 – Hosts: 127.0.0.5 www.statscash.biz
O1 – Hosts: 127.0.0.5 vxiframe.biz
O1 – Hosts: 127.0.0.5 www.vxiframe.biz
O1 – Hosts: 127.0.0.5 crazy–toolbar.com
O1 – Hosts: 127.0.0.5 www.crazy–toolbar.com
O1 – Hosts: 127.0.0.5 topcash.biz
O1 – Hosts: 127.0.0.5 www.topcash.biz
O1 – Hosts: 127.0.0.5 loadcash.biz
O1 – Hosts: 127.0.0.5 www.loadcash.biz
O1 – Hosts: 127.0.0.5 txiframe.biz
O1 – Hosts: 127.0.0.5 www.txiframe.biz
O1 – Hosts: 127.0.0.5 procounter.biz
O1 – Hosts: 127.0.0.5 www.procounter.biz
O1 – Hosts: 127.0.0.5 advadmin.biz
O1 – Hosts: 127.0.0.5 www.advadmin.biz
O1 – Hosts: 127.0.0.5 trafficbest.net
O1 – Hosts: 127.0.0.5 www.trafficbest.net
O1 – Hosts: 127.0.0.5 besthvac.com
O1 – Hosts: 127.0.0.5 www.besthvac.com
O1 – Hosts: 127.0.0.5 traff4.com
O1 – Hosts: 127.0.0.5 www.traff4.com
O1 – Hosts: 127.0.0.5 ambush–script.com
O1 – Hosts: 127.0.0.5 www.ambush–script.com
O1 – Hosts: 127.0.0.5 beehappyy.biz
O1 – Hosts: 127.0.0.5 www.beehappyy.biz
O1 – Hosts: 127.0.0.5 tracktraff.cc
O1 – Hosts: 127.0.0.5 www.tracktraff.cc
O1 – Hosts: 127.0.0.5 allcount.net
O1 – Hosts: 127.0.0.5 www.allcount.net
O1 – Hosts: 127.0.0.5 onedayoffer.biz
O1 – Hosts: 127.0.0.5 www.onedayoffer.biz
O2 – BHO: DownloadRedirect Class – {00000000–6CB0–410C–8C3D–8FA8D2011D0A} – D:\Mesh\iMesh5\iMeshBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: C:\WINDOWS\system32\st3.dll – {1B68470C–2DEF–493B–8A4A–8E2D81BE4EA5} – C:\WINDOWS\system32\st3.dll
O2 – BHO: iMeshBar BHO – {5345A7A1–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 – BHO: C:\WINDOWS\adsldpbd.dll – {826B2228–BC09–49F2–B5F8–42CE26B1B711} – C:\WINDOWS\adsldpbd.dll (file missing)
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 – BHO: (no name) – {DA223E41–3F7F–4B2B–8CC8–22C6A1197EEB} – C:\WINDOWS\mpatrol.dll
O2 – BHO: (no name) – {EEE7178C–BBC3–4153–9DDE–CD0E9AB1B5B6} – C:\WINDOWS\adsldpbg.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: (no name) – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – (no file)
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O3 – Toolbar: iMeshBar – {5345A7A9–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 – HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA Lite\Kazaa.exe /SYSTRAY
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKLM\..\Run: [rtf32.exe] rtf32.exe
O4 – HKLM\..\Run: [Anti–Blaxx Manager] D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\RunServices: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe –autorun
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
O4 – HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Pobierz stronę WEB z Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: Pobierz wszystko z Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Pobierz z Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Pobierz zaznaczenie z Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/d007/mailcfg.ocx
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
O20 – Winlogon Notify: st3i – C:\WINDOWS\q52211328.dll (file missing)
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – (no file)
O21 – SSODL: SysTray.Exsn – {2368D1FC–2F5C–4f1b–B124–E67214FC78E2} – C:\WINDOWS\System32\ofaaplho.dll
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 – Service: Panda Pavkre (Pavkre) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 – Service: Panda PavProt (PavProt) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 – Service: Panda Preventium+ Service (PREVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: SecuROM User Access Service (V7) (UserAccess7) – Unknown owner – C:\WINDOWS\System32\UAService7.exe
o proszę o pomoc mój log:
Scan saved at 22:09:28, on 2006–01–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D–Tools\daemon.exe
C:\WINDOWS\System32\leeman.exe
C:\WINDOWS\System32\rtf32.exe
D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\alt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AvltMain.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.828\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O1 – Hosts: 127.0.0.5 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.5 x.full–tgp.net
O1 – Hosts: 127.0.0.5 counter.sexmaniack.com
O1 – Hosts: 127.0.0.5 autoescrowpay.com
O1 – Hosts: 127.0.0.5 www.autoescrowpay.com
O1 – Hosts: 127.0.0.5 www.awmdabest.com
O1 – Hosts: 127.0.0.5 www.sexfiles.nu
O1 – Hosts: 127.0.0.5 awmdabest.com
O1 – Hosts: 127.0.0.5 sexfiles.nu
O1 – Hosts: 127.0.0.5 allforadult.com
O1 – Hosts: 127.0.0.5 www.allforadult.com
O1 – Hosts: 127.0.0.5 www.iframe.biz
O1 – Hosts: 127.0.0.5 iframe.biz
O1 – Hosts: 127.0.0.5 www.newiframe.biz
O1 – Hosts: 127.0.0.5 newiframe.biz
O1 – Hosts: 127.0.0.5 www.vesbiz.biz
O1 – Hosts: 127.0.0.5 vesbiz.biz
O1 – Hosts: 127.0.0.5 www.pizdato.biz
O1 – Hosts: 127.0.0.5 pizdato.biz
O1 – Hosts: 127.0.0.5 www.awmcash.biz
O1 – Hosts: 127.0.0.5 awmcash.biz
O1 – Hosts: 127.0.0.5 buldog–stats.com
O1 – Hosts: 127.0.0.5 www.buldog–stats.com
O1 – Hosts: 127.0.0.5 fregat.drocherway.com
O1 – Hosts: 127.0.0.5 slutmania.biz
O1 – Hosts: 127.0.0.5 www.slutmania.biz
O1 – Hosts: 127.0.0.5 toolbarpartner.com
O1 – Hosts: 127.0.0.5 www.toolbarpartner.com
O1 – Hosts: 127.0.0.5 www.megapornix.com
O1 – Hosts: 127.0.0.5 megapornix.com
O1 – Hosts: 127.0.0.5 www.sp2fucked.biz
O1 – Hosts: 127.0.0.5 sp2fucked.biz
O1 – Hosts: 127.0.0.5 greg–tut.com
O1 – Hosts: 127.0.0.5 www.greg–tut.com
O1 – Hosts: 127.0.0.5 nylonsexy.com
O1 – Hosts: 127.0.0.5 www.nylonsexy.com
O1 – Hosts: 127.0.0.5 vparivalka.com
O1 – Hosts: 127.0.0.5 www.vparivalka.com
O1 – Hosts: 127.0.0.5 iframeprofit.com
O1 – Hosts: 127.0.0.5 www.iframeprofit.com
O1 – Hosts: 127.0.0.5 topsearch10.com
O1 – Hosts: 127.0.0.5 www.topsearch10.com
O1 – Hosts: 127.0.0.5 statscash.biz
O1 – Hosts: 127.0.0.5 www.statscash.biz
O1 – Hosts: 127.0.0.5 vxiframe.biz
O1 – Hosts: 127.0.0.5 www.vxiframe.biz
O1 – Hosts: 127.0.0.5 crazy–toolbar.com
O1 – Hosts: 127.0.0.5 www.crazy–toolbar.com
O1 – Hosts: 127.0.0.5 topcash.biz
O1 – Hosts: 127.0.0.5 www.topcash.biz
O1 – Hosts: 127.0.0.5 loadcash.biz
O1 – Hosts: 127.0.0.5 www.loadcash.biz
O1 – Hosts: 127.0.0.5 txiframe.biz
O1 – Hosts: 127.0.0.5 www.txiframe.biz
O1 – Hosts: 127.0.0.5 procounter.biz
O1 – Hosts: 127.0.0.5 www.procounter.biz
O1 – Hosts: 127.0.0.5 advadmin.biz
O1 – Hosts: 127.0.0.5 www.advadmin.biz
O1 – Hosts: 127.0.0.5 trafficbest.net
O1 – Hosts: 127.0.0.5 www.trafficbest.net
O1 – Hosts: 127.0.0.5 besthvac.com
O1 – Hosts: 127.0.0.5 www.besthvac.com
O1 – Hosts: 127.0.0.5 traff4.com
O1 – Hosts: 127.0.0.5 www.traff4.com
O1 – Hosts: 127.0.0.5 ambush–script.com
O1 – Hosts: 127.0.0.5 www.ambush–script.com
O1 – Hosts: 127.0.0.5 beehappyy.biz
O1 – Hosts: 127.0.0.5 www.beehappyy.biz
O1 – Hosts: 127.0.0.5 tracktraff.cc
O1 – Hosts: 127.0.0.5 www.tracktraff.cc
O1 – Hosts: 127.0.0.5 allcount.net
O1 – Hosts: 127.0.0.5 www.allcount.net
O1 – Hosts: 127.0.0.5 onedayoffer.biz
O1 – Hosts: 127.0.0.5 www.onedayoffer.biz
O2 – BHO: DownloadRedirect Class – {00000000–6CB0–410C–8C3D–8FA8D2011D0A} – D:\Mesh\iMesh5\iMeshBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: C:\WINDOWS\system32\st3.dll – {1B68470C–2DEF–493B–8A4A–8E2D81BE4EA5} – C:\WINDOWS\system32\st3.dll
O2 – BHO: iMeshBar BHO – {5345A7A1–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 – BHO: C:\WINDOWS\adsldpbd.dll – {826B2228–BC09–49F2–B5F8–42CE26B1B711} – C:\WINDOWS\adsldpbd.dll (file missing)
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 – BHO: (no name) – {DA223E41–3F7F–4B2B–8CC8–22C6A1197EEB} – C:\WINDOWS\mpatrol.dll
O2 – BHO: (no name) – {EEE7178C–BBC3–4153–9DDE–CD0E9AB1B5B6} – C:\WINDOWS\adsldpbg.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: (no name) – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – (no file)
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O3 – Toolbar: iMeshBar – {5345A7A9–805A–4923–B505–86B2FEBA3FE0} – C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 – HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA Lite\Kazaa.exe /SYSTRAY
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKLM\..\Run: [rtf32.exe] rtf32.exe
O4 – HKLM\..\Run: [Anti–Blaxx Manager] D:\FIFA 2006\Anti–Blaxx\Anti–Blaxx.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\RunServices: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe –autorun
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [leeman] C:\WINDOWS\System32\leeman.exe
O4 – HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
O4 – HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Pobierz stronę WEB z Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: Pobierz wszystko z Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Pobierz z Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Pobierz zaznaczenie z Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/d007/mailcfg.ocx
O20 – Winlogon Notify: st3 – C:\WINDOWS\system32\st3.dll
O20 – Winlogon Notify: st3i – C:\WINDOWS\q52211328.dll (file missing)
O21 – SSODL: SysTray.Excn2 – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – (no file)
O21 – SSODL: SysTray.Exsn – {2368D1FC–2F5C–4f1b–B124–E67214FC78E2} – C:\WINDOWS\System32\ofaaplho.dll
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 – Service: Panda Pavkre (Pavkre) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 – Service: Panda PavProt (PavProt) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 – Service: Panda Preventium+ Service (PREVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: SecuROM User Access Service (V7) (UserAccess7) – Unknown owner – C:\WINDOWS\System32\UAService7.exe
o proszę o pomoc mój log:
Odpowiedzi: 1
http://forum.centrumxp.pl/viewtopic.php?t=37513 – tutaj masz instrukcję do sprawdzania. Sporo tego masz.
