CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo onka IE otwieraja sie same

onka IE otwieraja sie same

IE otwieta sie sam i wlacza rózne strony erotyczne.
Porsze o sprawdzenie loga:

Logfile of HijackThis v1.97.7
Scan saved at 14:30:29, on 2004–12–04
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32 undll32.exe
C:WINDOWSExplorer.EXE
C:Program FilesISTsvcistsvc.exe
C:WINDOWSmmups.exe
C:WINDOWSsuploads.exe
C:Program FilesWindows AdServiceWinAdServ.exe
C:Documents and SettingsuzytkownikDane aplikacjilpwe.exe
C:WINDOWSSystem32??oolsv.exe
C:Program FilesWindows AdServiceWinAdSlave.exe
C:Program FilesBullsEye Networkinargains.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesNeostrada TPNeostradaTP.exe
C:Program FilesNeostrada TPComComp.exe
C:Program FilesNeostrada TPWatch.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsuzytkownikPulpitNowy folderHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://szukaj.wp.pl
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchmiracle.com/sp.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://searchmiracle.com/sp.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.neostrada.pl
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {CA0E28FA–1AFD–4C21–A8DC–70EB5BE2F076} – C:Program FilesSurfSideKick 2SskBho.dll
O1 – Hosts: 69.20.16.183 auto.search.msn.com
O1 – Hosts: 69.20.16.183 search.netscape.com
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O3 – Toolbar: &EliteBar – {825CF5BD–8862–4430–B771–0C15C5CA8DEF} – C:WINDOWSEliteToolBarEliteToolBar version 58.dll
O4 – HKLM..Run: [Start Upping] svchostings.exe
O4 – HKLM..Run: [kalvsys] C:windowssystem32kalvpya32.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [180ax] c:windows180ax.exe
O4 – HKLM..Run: [anqv] c:windowsanqv.exe
O4 – HKLM..Run: [mediamotor.exe] C:WINDOWSmmups.exe
O4 – HKLM..Run: [loads.exe] C:WINDOWSsuploads.exe
O4 – HKLM..Run: [SurfSideKick 2] C:Program FilesSurfSideKick 2Ssk.exe
O4 – HKLM..Run: [Windows AdService] C:Program FilesWindows AdServiceWinAdServ.exe
O4 – HKLM..RunServices: [Start Upping] svchostings.exe
O4 – HKCU..Run: [Start Upping] svchostings.exe
O4 – HKCU..Run: [Ueea] C:Documents and SettingsuzytkownikDane aplikacjilpwe.exe
O4 – HKCU..Run: [Ottx] C:WINDOWSSystem32??oolsv.exe
O4 – HKCU..Run: [SurfSideKick 2] C:Program FilesSurfSideKick 2Ssk.exe
O4 – HKCU..RunServices: [Windows Monitor] winmon.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 – Extra button: SideFind (HKLM)
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O10 – Unknown file in Winsock LSP: c:windowssystem32aklsp.dll
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=3ac5b2950f56d0e180368084a4ecfc1bd6342cd4dce6d15648d3c18f7f646f2794794194078c614e2ecc71f5d7f2698c5af737:e61bc907ca2ab9fd65ffc46f2c8bb38b
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://static.topconverting.com/activex/loader2.ocx
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E0CE16CB–741C–4B24–8D04–A817856E07F4} (IObjSafety.DemoCtl) – http://cabs.media–motor.net/cabs/diamond.cab
O17 – HKLMSystemCCSServicesTcpip..{037CC401–5B7F–4C09–8540–EDD32EB9F359}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLMSystemCS1ServicesTcpip..{037CC401–5B7F–4C09–8540–EDD32EB9F359}: NameServer = 194.204.152.34 217.98.63.164

z góry dziekuje i pozdrawiam

Odpowiedzi: 1

Duzo tego
Wylacz przywracanie

Zakoncz procesy:
istsvc.exe
mmups.exe
suploads.exe
WinAdServ.exe
lpwe.exe
??oolsv.exe
WinAdSlave.exe
bargains.exe

Pozbadz sie plikow/katalogow i wpisow:

R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://szukaj.wp.pl
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchmiracle.com/sp.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://searchmiracle.com/sp.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.neostrada.pl
O1 – Hosts: 69.20.16.183 auto.search.msn.com
O1 – Hosts: 69.20.16.183 search.netscape.com
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O3 – Toolbar: &EliteBar – {825CF5BD–8862–4430–B771–0C15C5CA8DEF} – C:WINDOWSEliteToolBarEliteToolBar version 58.dll
O4 – HKLM..Run: [Start Upping] svchostings.exe
O4 – HKLM..Run: [kalvsys] C:windowssystem32kalvpya32.exe
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [180ax] c:windows180ax.exe
O4 – HKLM..Run: [anqv] c:windowsanqv.exe
O4 – HKLM..Run: [mediamotor.exe] C:WINDOWSmmups.exe
O4 – HKLM..Run: [loads.exe] C:WINDOWSsuploads.exe
O4 – HKLM..Run: [Windows AdService] C:Program FilesWindows AdServiceWinAdServ.exe
O4 – HKLM..RunServices: [Start Upping] svchostings.exe
O4 – HKCU..Run: [Start Upping] svchostings.exe
O4 – HKCU..Run: [Ueea] C:Documents and SettingsuzytkownikDane aplikacjilpwe.exe
O4 – HKCU..Run: [Ottx] C:WINDOWSSystem32??oolsv.exe

O4 – HKCU..RunServices: [Windows Monitor] winmon.exe
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=3ac5b2950f56d0e180368084a4ecfc1bd6342cd4dce6d15648d3c18f7f646f2794794194078c614e2ecc71f5d7f2698c5af737:e61bc907ca2ab9fd65ffc46f2c8bb38b
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab

Pare z nich zapewne znajdziesz w dodaj/usun, odinstaluj i posprzataj

Bobi

Dodano: 04.12.2004 16:23:20

kfiatek

Dodano:: 04.12.2004 15:54:59
Komentarzy:: 1

Strona 1 / 1