CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo log z hijackthis

log z hijackthis

Mozecie rzucić na to okiem? thx

Logfile of HijackThis v1.98.2
Scan saved at 11:12:28, on 2004–08–20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32cisvc.exe
C:Program FilesKaspersky LabKaspersky Anti–Virus Personalavpm.exe
C:WINDOWSSystem32scheduler.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32wuam.exe
C:WINDOWSSystem32ekrjwh.exe
C:WINDOWSSystem32videons32.exe
C:WINDOWSSystem32cvmonitor.exe
E:Program FilesProgramyWinampwinampa.exe
C:WINDOWSSystem32P2P NetworkingP2P Networking.exe
C:WINDOWSexplorer.exe
C:WINDOWSSystem32wjview.exe
C:Documents and SettingsAdminDane aplikacjiasra.exe
C:Program FilesClockSyncSync.exe
C:WINDOWSsystem32winmm64.exe
C:WINDOWSSystem32irgg.exe
C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
C:Program FilesWebSavingsfromEbatesWebSavingsfromEbates.exe
C:Program FilesWanadooEspaceWanadoo.exe
C:Program FilesWanadooComComp.exe
C:Program FilesWanadooWatch.exe
C:WINDOWSSystem32cidaemon.exe
E:Program FilesProgramyGadu–Gadugg.exe
E:Program FilesMorpheusmorphexe.exe
E:Program FilesMorpheusmldonkeymlnet.exe
C:Program FilesAheadNero ero.exe
C:WINDOWSSystem32imapi.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsAdminPulpitHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet Explorer,Search = http://nkvd.us/1526/ (obfuscated)
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://countere.com/?a=2&b=cfh
R1 – HKLMSoftwareMicrosoftInternet Explorer,Search = http://nkvd.us/1526/ (obfuscated)
R1 – HKLMSoftwareMicrosoftInternet Explorer,SearchURL = http://countere.com/?a=2&b=cfh
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://nkvd.us/1526/ (obfuscated)
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://nkvd.us/1526/ (obfuscated)
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://countere.com/?a=2&b=cfh
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.heretofind.com/show.php?id=15&q=%s
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = mk:@MSITStore:C:spestart.chm::/start.html#
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://nkvd.us/1526/ (obfuscated)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://countere.com/?a=2&b=cfh
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.heretofind.com/show.php?id=15&q=%s
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = mk:@MSITStore:C:spestart.chm::/start.html#
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://countere.com/?a=2&b=cfh
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://nkvd.us/1526/ (obfuscated)
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://countere.com/?a=2&b=cfh
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://nkvd.us/1526/ (obfuscated)
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,SearchURL = http://countere.com/?a=2&b=cfh
R1 – HKLMSoftwareMicrosoftInternet ExplorerSearchURL,SearchURL = http://countere.com/?a=2&b=cfh
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.neostrada.pl
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: MxTargetObj Class – {0000607D–D204–42C7–8E46–216055BF9918} – C:WINDOWSmxTarget.dll
O2 – BHO: CExtension Object – {0019C3E2–DD48–4A6D–ABCD–8D32436323D9} – C:WINDOWSxxs5.dll
O2 – BHO: MyQuickSearch Search Assistant BHO – {04011C11–2F3B–44ed–977C–270CA669C6B2} – C:Program FilesMyQuickSearchSrchAstt1.binMQSSRCAS.DLL (file missing)
O2 – BHO: myBar BHO – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar1.binMYBAR.DLL
O2 – BHO: mqsBar BHO – {0E677221–E309–4341–81BD–3CC3018BF5B3} – C:Program FilesMyQuickSearchar1.binMQSBAR.DLL (file missing)
O2 – BHO: FavoriteMan Class – {139D88E5–C372–469D–B4C5–1FE00852AB9B} – C:WINDOWSSystem32ofrg.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:Program FilesSpybot – Search & DestroySDHelper.dll
O2 – BHO: (no name) – {69A1645F–E51E–7DC0–8756–645508A22F4C} – C:WINDOWSSystem32 zxds.dll
O2 – BHO: Invisible Class – {7DD896A9–7AEB–430F–955B–CD125604FDCB} – C:WINDOWSSystem32vern32.dll
O2 – BHO: (no name) – {83DE62E0–5805–11D8–9B25–00E04C60FAF2} – C:WINDOWS2_0_1browserhelper2.dll
O2 – BHO: brdg Class – {9C691A33–7DDA–4C2F–BE4C–C176083F35CF} – C:WINDOWSSystem32ridge.dll
O2 – BHO: NLS UrlCatcher Class – {AEECBFDA–12FA–4881–BDCE–8C3E1CE4B344} – C:WINDOWSSystem32 vms.dll
O2 – BHO: CB UrlCatcher Class – {CE188402–6EE7–4022–8868–AB25173A3E14} – C:WINDOWSSystem32mscb.dll
O2 – BHO: Url Catcher – {CE31A1F7–3D90–4874–8FBE–A5D97F8BC8F1} – C:WINDOWSSystem32apuc.dll
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSSystem32msbe.dll
O2 – BHO: OsbornTech Popup Blocker – {FF1BF4C7–4E08–4A28–A43F–9D60A9F7A880} – C:WINDOWSSystem32mshelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: &SearchBar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar1.binMYBAR.DLL
O3 – Toolbar: My &Quick Search – {0E677229–E309–4341–81BD–3CC3018BF5B3} – C:Program FilesMyQuickSearchar1.binMQSBAR.DLL (file missing)
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [Microsoft Update Time] wuam.exe
O4 – HKLM..Run: [Microsoft Windows Update] wupdate.exe
O4 – HKLM..Run: [AVPCC] "C:Program FilesKaspersky LabKaspersky Anti–Virus Personalavpcc.exe" /wait
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [lvumtapvema] C:WINDOWSSystem32ekrjwh.exe
O4 – HKLM..Run: [WhenUSave] "C:Program FilesSaveSave.exe"
O4 – HKLM..Run: [Windows Video Drivers] videons32.exe
O4 – HKLM..Run: [Windows Config] svchosts.exe
O4 – HKLM..Run: [cvmonitor.exe] cvmonitor.exe
O4 – HKLM..Run: [WinampAgent] E:Program FilesProgramyWinampwinampa.exe
O4 – HKLM..Run: [Service Scheduler] scheduler.exe
O4 – HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSSystem32ridge.dll",Load
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 – HKLM..Run: [WebSavingsfromEbates] wjview /cp:p "C:Program FilesWebSavingsfromEbatesSystemCode" Main lp: "C:Program FilesWebSavingsfromEbates"
O4 – HKLM..Run: [bxxs5] RunDLL32.EXE C:WINDOWSxxs5.dll,DllRun
O4 – HKLM..Run: [Hotbar] C:Program FilesHotbarin4.5.0.0HbInst.exe /Upgrade
O4 – HKLM..RunServices: [Microsoft Update Time] wuam.exe
O4 – HKLM..RunServices: [Microsoft Update Machine] ewy.exe
O4 – HKLM..RunServices: [Microsoft Update] wuagtrd.exe
O4 – HKLM..RunServices: [Windows Guard] waumgrd.exe
O4 – HKLM..RunServices: [Microsoft Windows Update] wupdate.exe
O4 – HKLM..RunServices: [Microsoft IT Update] winsyst32.exe
O4 – HKLM..RunServices: [Microsoft–Updates] svxhost.exe
O4 – HKLM..RunServices: [Microsoft Services] lsrv.exe
O4 – HKLM..RunServices: [Windows Video Drivers] videons32.exe
O4 – HKLM..RunServices: [Windows Config] svchosts.exe
O4 – HKLM..RunServices: [cvmonitor.exe] cvmonitor.exe
O4 – HKLM..RunServices: [Service Scheduler] scheduler.exe
O4 – HKCU..Run: [Microsoft Windows Update] wupdate.exe
O4 – HKCU..Run: [Microsoft Update Time] wuam.exe
O4 – HKCU..Run: [Tste] C:Documents and SettingsAdminDane aplikacjiasra.exe
O4 – HKCU..Run: [ClockSync] "C:Program FilesClockSyncSync.exe" /q
O4 – HKCU..Run: [eZmmod] C:PROGRA~1ezulammod.exe
O4 – HKCU..Run: [rate.exe] C:WINDOWSSystem32i11r54n4.exe
O4 – HKCU..Run: [ssgrate.exe] C:WINDOWSSystem32sysdoor.exe
O4 – HKCU..Run: [SpywareGuard] C:WINDOWSsystem32winmm64.exe
O4 – HKCU..Run: [Bamww] C:WINDOWSSystem32irgg.exe
O4 – HKCU..Run: [Gadu–Gadu] "E:Program FilesProgramyGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Morpheus] "E:Program FilesMorpheusMorpheus.exe" –min
O4 – Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://F:OFFICE~1OFFICE11EXCEL.EXE/3000
O8 – Extra context menu item: Web Savings – file://C:Program FilesWebSavingsfromEbatesSystemTempebateswebsavings_script0.htm
O9 – Extra button: (no name) – {237AA178–C3BC–4f67–A8BB–D8BC14BA0B89} – (no file)
O9 – Extra button: Corel Network monitor worker – {5CFA152B–655B–4E56–876F–EF24AA052A80} – (no file)
O9 – Extra 'Tools' menuitem: Corel Network monitor worker – {5CFA152B–655B–4E56–876F–EF24AA052A80} – (no file)
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – F:OFFICE~1OFFICE11REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: (no name) – {237AA178–C3BC–4f67–A8BB–D8BC14BA0B89} – (no file) (HKCU)
O9 – Extra button: Corel Network monitor worker – {5CFA152B–655B–4E56–876F–EF24AA052A80} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Corel Network monitor worker – {5CFA152B–655B–4E56–876F–EF24AA052A80} – (no file) (HKCU)
O12 – Plugin for .ofb: C:PROGRA~1INTERN~1PLUGINSNPONFLOW.DLL
O13 – DefaultPrefix: http://www.heretofind.com/show.php?id=15&q=
O13 – WWW Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 – Home Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 – Mosaic Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 – Gopher Prefix: http://www.heretofind.com/show.php?id=15&q=
O16 – DPF: {12398DD6–40AA–4C40–A4EC–A42CFC0DE797} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 – DPF: {1D6711C8–7154–40BB–8380–3DEA45B69CBF} (Web P2P Installer) –
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab
O17 – HKLMSystemCCSServicesTcpip..{6523232C–4F16–40EB–B76D–EBCD47CEE36E}: NameServer = 194.204.152.34 217.98.63.164






Wole nie schranic.

Odpowiedzi: 8

Jezei nie znasz odpowiedzi na jakies pytanie kliknij tu– www.google.pl :wink:

Pierwszy przyklejony temat w owym dziale.
McScr@by
Dodano
19.10.2004 23:58:05
ze tak zapytam przy okazji co to jest hijack???? do czego to sluzy i czemu oni podaja jakies logi a wy im cos tam poprawiacie i jak moge na tym skozystac???
Maciek®
Dodano
19.10.2004 21:55:59
Usun:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,SearchURL = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://prosearching.com/searchbar.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.magicsearch.ws
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = about:blank
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.i–lookup.com
O15 – Trusted Zone: *.offshoreclicks.com
O15 – Trusted Zone: *.teensguru.com
O15 – Trusted Zone: *.xxxtoolbar.com
EL NINO
Dodano
24.08.2004 01:19:07
Witam
Korzystajac z tematu podlacze sie z moim logiem kilka rzeczy ktorych bylem pewnien juz usunalem

Logfile of HijackThis v1.97.7
Scan saved at 22:57:38, on 2004–08–23
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32RunDll32.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesLogitechMouseWaresystemem_exec.exe
C:Program FilesNorton AntiVirus avapsvc.exe
C:Program FilesNorton AntiVirusAdvToolsNPROTECT.EXE
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32ScsiAccess.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSexplorer.exe
C:Program FilesInternet Exploreriexplore.exe
E: oznePROGRAMYXP toolsavHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,SearchURL = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://prosearching.com/searchbar.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.allegro.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.magicsearch.ws
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [DAEMON Tools–1033] "C:Program FilesD–Toolsdaemon.exe" –lang 1033
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [ccRegVfy] "C:Program FilesCommon FilesSymantec SharedccRegVfy.exe"
O4 – HKLM..Run: [Advanced Tools Check] C:PROGRA~1NORTON~1AdvToolsADVCHK.EXE
O4 – HKLM..Run: [CloneCDTray] "C:Program FilesSlySoftCloneCDCloneCDTray.exe" /s
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 – Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 – Global Startup: Kodak EasyShare software.lnk = C:Program FilesKodakKodak EasyShare softwareinEasyShare.exe
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.i–lookup.com
O15 – Trusted Zone: *.offshoreclicks.com
O15 – Trusted Zone: *.teensguru.com
O15 – Trusted Zone: *.xxxtoolbar.com
O16 – DPF: {02BF25D5–8C17–4B23–BC80–D3488ABDDC6B} (QuickTime Object) – http://www.apple.com/qtactivex/qtplugin.cab
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GINROULETTE Class) – http://gryonline.wp.pl/files/roulette_2_0_0_6.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 – DPF: {4539348E–01D7–11D5–9A39–0080C8D85044} (GINSLOTS90 Class) – http://gryonline.wp.pl/files/slots90_2_0_0_9.cab
O16 – DPF: {5D8844F9–1CB8–11D2–A0A0–00600859EB9F} (PatchCtl Class) – file://C:Program FilesEA SPORTSFIFA 2004update.1.1patchx2.cab
O16 – DPF: {5F874A6F–8B34–433D–BA4B–47AC91C0567F} (MailCfg Control) – https://poczta.wp.pl/autoryzacja/mailcfg2.ocx
O16 – DPF: {70B410C0–BADA–11D4–8308–0080C8D7ED4A} (GINBRIDGE Class) – http://gryonline.wp.pl/files/bridge_2_0_0_6.cab
O16 – DPF: {776290B9–F53C–4676–8DAF–3DBEFC297308} (GING358 Class) – http://gryonline.wp.pl/files/G358_2_0_0_6.cab
O16 – DPF: {80B410C0–BADA–11D4–8308–0080C8D7ED4A} (GINTHOUSAND Class) – http://gryonline.wp.pl/files/tysiac_2_0_0_6.cab
O16 – DPF: {80DD2229–B8E4–4C77–B72F–F22972D723EA} (AvxScanOnline Control) – http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GINPOKER Class) – http://gryonline.wp.pl/files/poker_2_0_0_7.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GINSLOTS70 Class) – http://gryonline.wp.pl/files/slots70_2_0_0_9.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GINMARBLESY Class) – http://gryonline.wp.pl/files/marbles_2_0_0_6.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GINWORDS Class) – http://gryonline.wp.pl/files/words_2_0_0_18.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {D8089245–3211–40F6–819B–9E5E92CD61A2} (FlashXControl Object) – https://register3.valueactive.com/mpp_202/webolr/OCX/FlashAX.cab
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GINSLOTS80 Class) – http://gryonline.wp.pl/files/slots80_2_0_0_9.cab



Pozdrawiam
dariuszwwa
Dodano
24.08.2004 01:02:44
Ja powiedziałem gościowi źe jeźeli chce miec ten system to chyba całą miałbym u niego to robić... no i sie zgodził na formate
BAJA
Dodano
22.08.2004 23:18:31
Napisz chociaz czy wszystko sie dalo usunac bo tyle syfu to chyba na oczy nie widzialem... :D
Pozdr.
extrim
Dodano
22.08.2004 16:58:49
Dzieki za odpowiedz.... całe szczescie ze to nie mój sys... uff.. ja temu gościowi jak zobaczyłem ten log poradzilem formate ale on sie uparł... juz chyba ze 3 lata ma tego samego sysa – bez usuwanaia spywaru, wirósów, trojanów, instalowania łatek, defragmentowania dysku a nawet bez zwyklego scandiska – a mówiąc krótko to jest kompletnt debil


THX
BAJA
Dodano
22.08.2004 00:26:35
No stary chyba rekord z tym logiem padł :shock: .
Duźo róźych rzeczy analizowałem i usuwałem w róźnych miejscach, ale ten log nadaje się na zawody :P :mrgreen:

Fix :
C:WINDOWSSystem32scheduler.exe ? ( własna anlaiza pliku wykonywalnego – proces moźe być systemowy, powiązany z Java, lub jakiś Malware( bardzo prawdopodobne po kluczach Run ).
Jednoznaczna analiza raczej po logu nie moźliwa.

C:WINDOWSSystem32wuam.exe
C:WINDOWSSystem32ekrjwh.exe
C:WINDOWSSystem32videons32.exe
C:WINDOWSSystem32cvmonitor.exe
C:WINDOWSSystem32P2P NetworkingP2P Networking.exe
C:Documents and SettingsAdminDane aplikacjiasra.exe ( własna analiza – brak info )
C:Program FilesClockSyncSync.exe
C:WINDOWSsystem32winmm64.exe
C:WINDOWSSystem32irgg.exe
C:Program FilesWebSavingsfromEbatesWebSavingsfromEbates.exe
E:Program FilesMorpheusmorphexe.exe
C:WINDOWSSystem32imapi.exe ?
R1 – HKCUSoftwareMicrosoftInternet Explorer,Search = http://nkvd.us/1526/ (obfuscated)
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://countere.com/?a=2&b=cfh
R1 – HKLMSoftwareMicrosoftInternet Explorer,Search = http://nkvd.us/1526/ (obfuscated)
R1 – HKLMSoftwareMicrosoftInternet Explorer,SearchURL = http://countere.com/?a=2&b=cfh
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://nkvd.us/1526/ (obfuscated)
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://nkvd.us/1526/ (obfuscated)
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://countere.com/?a=2&b=cfh
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.heretofind.com/show.php?id=15&q=%s
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = mk:@MSITStore:C:spestart.chm::/start.html#
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://nkvd.us/1526/ (obfuscated)
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://countere.com/?a=2&b=cfh
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.heretofind.com/show.php?id=15&q=%s
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = mk:@MSITStore:C:spestart.chm::/start.html#
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://countere.com/?a=2&b=cfh
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://nkvd.us/1526/ (obfuscated)
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://countere.com/?a=2&b=cfh
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://nkvd.us/1526/ (obfuscated)
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,SearchURL = http://countere.com/?a=2&b=cfh
R1 – HKLMSoftwareMicrosoftInternet ExplorerSearchURL,SearchURL = http://countere.com/?a=2&b=cfh
O2 – BHO: MxTargetObj Class – {0000607D–D204–42C7–8E46–216055BF9918} – C:WINDOWSmxTarget.dll
O2 – BHO: CExtension Object – {0019C3E2–DD48–4A6D–ABCD–8D32436323D9} – C:WINDOWSxxs5.dll
O2 – BHO: MyQuickSearch Search Assistant BHO – {04011C11–2F3B–44ed–977C–270CA669C6B2} – C:Program FilesMyQuickSearchSrchAstt1.binMQSSRCAS.DLL (file missing)
O2 – BHO: myBar BHO – {0494D0D1–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar1.binMYBAR.DLL
O2 – BHO: mqsBar BHO – {0E677221–E309–4341–81BD–3CC3018BF5B3} – C:Program FilesMyQuickSearchar1.binMQSBAR.DLL (file missing)
O2 – BHO: FavoriteMan Class – {139D88E5–C372–469D–B4C5–1FE00852AB9B} – C:WINDOWSSystem32ofrg.dll
O2 – BHO: (no name) – {69A1645F–E51E–7DC0–8756–645508A22F4C} – C:WINDOWSSystem32 zxds.dll
O2 – BHO: Invisible Class – {7DD896A9–7AEB–430F–955B–CD125604FDCB} – C:WINDOWSSystem32vern32.dll
O2 – BHO: (no name) – {83DE62E0–5805–11D8–9B25–00E04C60FAF2} – C:WINDOWS2_0_1browserhelper2.dll
O2 – BHO: brdg Class – {9C691A33–7DDA–4C2F–BE4C–C176083F35CF} – C:WINDOWSSystem32ridge.dll
O2 – BHO: NLS UrlCatcher Class – {AEECBFDA–12FA–4881–BDCE–8C3E1CE4B344} – C:WINDOWSSystem32 vms.dll
O2 – BHO: CB UrlCatcher Class – {CE188402–6EE7–4022–8868–AB25173A3E14} – C:WINDOWSSystem32mscb.dll
O2 – BHO: Url Catcher – {CE31A1F7–3D90–4874–8FBE–A5D97F8BC8F1} – C:WINDOWSSystem32apuc.dll
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSSystem32msbe.dll
O3 – Toolbar: &SearchBar – {0494D0D9–F8E0–41ad–92A3–14154ECE70AC} – C:Program FilesMyWaymyBar1.binMYBAR.DLL
O3 – Toolbar: My &Quick Search – {0E677229–E309–4341–81BD–3CC3018BF5B3} – C:Program FilesMyQuickSearchar1.binMQSBAR.DLL (file missing)
O4 – HKLM..Run: [Microsoft Update Time] wuam.exe
O4 – HKLM..Run: [Microsoft Windows Update] wupdate.exe
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [lvumtapvema] C:WINDOWSSystem32ekrjwh.exe
O4 – HKLM..Run: [WhenUSave] "C:Program FilesSaveSave.exe"
O4 – HKLM..Run: [Windows Video Drivers] videons32.exe
O4 – HKLM..Run: [Windows Config] svchosts.exe
O4 – HKLM..Run: [cvmonitor.exe] cvmonitor.exe
O4 – HKLM..Run: [Service Scheduler] scheduler.exe ?
O4 – HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSSystem32ridge.dll",Load
O4 – HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe
O4 – HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 – HKLM..Run: [WebSavingsfromEbates] wjview /cp:p "C:Program FilesWebSavingsfromEbatesSystemCode" Main lp: "C:Program FilesWebSavingsfromEbates"
O4 – HKLM..Run: [bxxs5] RunDLL32.EXE C:WINDOWSxxs5.dll,DllRun
O4 – HKLM..Run: [Hotbar] C:Program FilesHotbarin4.5.0.0HbInst.exe /Upgrade
O4 – HKLM..RunServices: [Microsoft Update Time] wuam.exe
O4 – HKLM..RunServices: [Microsoft Update Machine] ewy.exe
O4 – HKLM..RunServices: [Microsoft Update] wuagtrd.exe
O4 – HKLM..RunServices: [Windows Guard] waumgrd.exe
O4 – HKLM..RunServices: [Microsoft Windows Update] wupdate.exe
O4 – HKLM..RunServices: [Microsoft IT Update] winsyst32.exe
O4 – HKLM..RunServices: [Microsoft–Updates] svxhost.exe
O4 – HKLM..RunServices: [Microsoft Services] lsrv.exe
O4 – HKLM..RunServices: [Windows Video Drivers] videons32.exe
O4 – HKLM..RunServices: [Windows Config] svchosts.exe
O4 – HKLM..RunServices: [cvmonitor.exe] cvmonitor.exe
O4 – HKLM..RunServices: [Service Scheduler] scheduler.exe ?
O4 – HKCU..Run: [Microsoft Windows Update] wupdate.exe
O4 – HKCU..Run: [Microsoft Update Time] wuam.exe
O4 – HKCU..Run: [Tste] C:Documents and SettingsAdminDane aplikacjiasra.exe ?
O4 – HKCU..Run: [ClockSync] "C:Program FilesClockSyncSync.exe" /q
O4 – HKCU..Run: [eZmmod] C:PROGRA~1ezulammod.exe
O4 – HKCU..Run: [rate.exe] C:WINDOWSSystem32i11r54n4.exe
O4 – HKCU..Run: [ssgrate.exe] C:WINDOWSSystem32sysdoor.exe
O4 – HKCU..Run: [SpywareGuard] C:WINDOWSsystem32winmm64.exe
O4 – HKCU..Run: [Bamww] C:WINDOWSSystem32irgg.exe
O4 – HKCU..Run: [Morpheus] "E:Program FilesMorpheusMorpheus.exe" –min
O8 – Extra context menu item: Web Savings – file://C:Program FilesWebSavingsfromEbatesSystemTempebateswebsavings_script0.htm
O9 – Extra button: (no name) – {237AA178–C3BC–4f67–A8BB–D8BC14BA0B89} – (no file)
O9 – Extra button: Corel Network monitor worker – {5CFA152B–655B–4E56–876F–EF24AA052A80} – (no file)
O9 – Extra 'Tools' menuitem: Corel Network monitor worker – {5CFA152B–655B–4E56–876F–EF24AA052A80} – (no file)
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – F:OFFICE~1OFFICE11REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: (no name) – {237AA178–C3BC–4f67–A8BB–D8BC14BA0B89} – (no file) (HKCU)
O9 – Extra button: Corel Network monitor worker – {5CFA152B–655B–4E56–876F–EF24AA052A80} – (no file) (HKCU)
O9 – Extra 'Tools' menuitem: Corel Network monitor worker – {5CFA152B–655B–4E56–876F–EF24AA052A80} – (no file) (HKCU)
O12 – Plugin for .ofb: C:PROGRA~1INTERN~1PLUGINSNPONFLOW.DLL
O13 – DefaultPrefix: http://www.heretofind.com/show.php?id=15&q=
O13 – WWW Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 – Home Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 – Mosaic Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 – Gopher Prefix: http://www.heretofind.com/show.php?id=15&q=
O16 – DPF: {12398DD6–40AA–4C40–A4EC–A42CFC0DE797} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 – DPF: {1D6711C8–7154–40BB–8380–3DEA45B69CBF} (Web P2P Installer) –
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab


Resumując :

Kuuupa Spyware, Adware.
Pare Trojan, Robaków i wirusów.

Usuwanie :

Nie będę Tobie pisał dokładnie co usunąc, bo troche tego jest.
Napisze co masz zrobić w standardowy sposób.

Wyłącz przywracanie systemu,
Tryb awaryjny,
Fix wszystkie wpisy,
zakończ procesy w Task`u te występujące .exe z logu,
Wyszukaj zaznaczając ukryte i usun wszystkie w/w (.exe, .dll, .cab, itd ).

Po w/w procesach znjdziesz info o dodatkowej procedurze usuwania infekcji w google.
McScr@by
Dodano
21.08.2004 11:31:16
BAJA
Dodano:
20.08.2004 13:14:57
Komentarzy:
8
Strona 1 / 1