CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Pomuszcie z log'iem plz.

Pomuszcie z log'iem plz.

Strasznie wolny mam komputer i sie resetuje.

Logfile of HijackThis v1.99.0
Scan saved at 09:24:10, on 2005–01–12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
D:PandaAPVXDWIN.EXE
C:windowssystem32 k.exe
C:Program FilesWindows ServeAdWinServAd.exe
C:WINDOWSSystem32w?wexec.exe
C:Program FilesWindows ServeAdWinServSuit.exe
C:Documents and SettingsRodzinkaDane aplikacjiaaru.exe
C:WINDOWSSystem32inetsrvinetinfo.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
D:Pandapavsrv51.exe
D:PandaPsImSvc.exe
C:WINDOWSSystem32 cpsvcs.exe
C:WINDOWSSystem32snmp.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32mqsvc.exe
D:PandaAVENGINE.EXE
C:WINDOWSSystem32mqtgsvc.exe
D:PandaWebProxy.exe
D:PROGRAMYAvant Browseriexplore.exe
C:WINDOWSSystem32wuauclt.exe
D:PROGRAMYGadu–Gadugg.exe
C:WINDOWSSystem32 mpf00.exe
C:Program FilesBullsEye Networkinargains.exe
D:PROGRAMYhijackthis1.99HijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet Explorer,Search = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.nowfind.net/002/index.html
R1 – HKLMSoftwareMicrosoftInternet Explorer,Search = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.nowfind.net/002/index.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.web––search.com
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.nowfind.net/002/index.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.nowfind.net/002/index.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.search–control.com/search.cgi?id=270
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.nowfind.net/002/index.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.nowfind.net/002/index.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = w3cache.pcmedia.com.pl:8080
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *new–search.net*;*x–google.net*
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: StartBHO Class – {30192F8D–0958–44E6–B54D–331FD39AC959} – C:WINDOWSwebdlg32.dll
O1 – Hosts file is located at: C:WINDOWS sdbhosts
O1 – Hosts: 82.179.166.192 new–search.net
O1 – Hosts: 82.179.166.190 x–google.net
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
O2 – BHO: Search Relevancy – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:PROGRA~1SEARCH~1SEARCH~1.DLL
O2 – BHO: StartBHO Class – {30192F8D–0958–44E6–B54D–331FD39AC959} – C:WINDOWSwebdlg32.dll
O2 – BHO: Tubby – {9EAC0102–5E61–2312–BC2D–544243544243} – C:WINDOWSSystem32TBC.dll
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:Program FilesSideFindsfbho.dll
O2 – BHO: IEHlprObj Class – {CE7C3CF0–4B15–11D1–ABED–709549C10000} – C:Program FilesNetPanelIEHelper.dll (file missing)
O2 – BHO: Cls – {CF021F40–3E14–23A5–CBA2–7173706D1316} – C:WINDOWSSystem32spm1316.dll
O2 – BHO: (no name) – {DDA6A9E3–3127–16F0–0509–4826282B60E1} – C:WINDOWSSystem32wacvqvhb.dll
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSSystem32msbe.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Search Bar – {0E1230F8–EA50–42A9–983C–D22ABC2EED3B} – C:WINDOWSwebdlg32.dll
O3 – Toolbar: Search Toolbar – {9EAC0102–5E61–2312–BC2D–544243544243} – C:WINDOWSSystem32TBC.dll
O3 – Toolbar: ISTbar – {5F1ABCDB–A875–46c1–8345–B72A4567E486} – C:PROGRA~1ISTbaristbar.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [APVXDWIN] "D:PandaAPVXDWIN.EXE" /s
O4 – HKLM..Run: [OSS] c:windowssystem32 k.exe –boot
O4 – HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 – HKLM..Run: [Windows ServeAd] C:Program FilesWindows ServeAdWinServAd.exe
O4 – HKCU..Run: [Kdslhe] C:WINDOWSSystem32w?wexec.exe
O4 – HKCU..Run: [Gadu–Gadu] "D:PROGRAMYGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Ncae] C:Documents and SettingsRodzinkaDane aplikacjiaaru.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – D:PROGRAMYAvant BrowserAddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – D:PROGRAMYAvant BrowserAddToADBlackList.htm
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – D:PROGRAMYAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – D:PROGRAMYAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – D:PROGRAMYAvant BrowserSearch.htm
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:Program FilesSideFindsidefind.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: Search cracks at CrackSpider.NET – {10954C80–4F0F–11d3–B17C–00C0DFE39736} – http://crackspider.net/ie/btn.php (file missing) (HKCU)
O9 – Extra 'Tools' menuitem: Search cracks at CrackSpider.NET – {10954C80–4F0F–11d3–B17C–00C0DFE39736} – http://crackspider.net/ie/btn.php (file missing) (HKCU)
O13 – DefaultPrefix: http://www.nowfind.net/005/search.php?url=
O13 – WWW Prefix: http://www.nowfind.net/005/search.php?url=
O13 – Home Prefix: http://www.nowfind.net/005/search.php?url=
O13 – Mosaic Prefix: http://www.nowfind.net/005/search.php?url=
O16 – DPF: ING Bank Online – https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 – DPF: {10954C80–4F0F–11D3–B17C–00C0DFE39736} – http://hot.thebugs.ws/fav.exe
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge–c11.cab
O16 – DPF: {1678F7E1–C422–11D0–AD7D–00400515CAAA} (CometCursor Class) – http://files.cometsystems.com/cometcursor/cobrand/comet.cab?0.495701087023300951103031442374
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab
O16 – DPF: {4418DD4D–7265–4C32–BC0A–3FDB3C2DA938} (Protecter Class) – http://www.xxxtoolbar.com/ist/softwares/v3.0/protect_regular.cab
O16 – DPF: {8626DFA9–2BAC–4BDA–8663–8DAA0F942C0D} – http://megapanel.gem.pl/temp/netp/0434/6719/0854/2400/5_0434671908542400.ocx
O16 – DPF: {91433D86–9F27–402C–B5E3–DEBDD122C339} – http://www.netvenda.com/sites/games–intl/pl/games4.cab
O16 – DPF: {92F02779–6D88–4958–8AD3–83C12D86ADC7} – http://www.netsprint.pl/toolbar/komputerswiat/toolbar.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=4205
O16 – DPF: {AD7FAFB0–16D6–40C3–AF27–585D6E6453FD} (loader Class) – http://217.73.66.1/del/loader.cab
O16 – DPF: {F72BC3F0–6C20–4793–9DDA–258589D8A907} – http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 – DPF: {FF521631–31DA–48AC–B4E9–390A7694C906} (EGEGAUTH Class) – http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1031_EN_XP.cab
O17 – HKLMSystemCCSServicesTcpip..{5DC0E1CA–93B3–4F50–97E0–220223827791}: NameServer = 192.168.128.1,192.168.128.254
O18 – Filter: text/html – {B02F4130–B722–4EC8–8E1D–6BE223960969} – C:Documents and SettingsRodzinkaUstawienia lokalneDane aplikacjimicrosoftinternet explorerV0.26.dat
O21 – SSODL: eplrr – {B55CAF93–C150–488C–BD2E–F7F81522C58A} – C:WINDOWSSystem32eplrr3.dll (file missing)
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
O23 – Service: Panda Process Protection Service – Unknown – C:Program FilesCommon FilesPanda SoftwarePavShldpavprsrv.exe
O23 – Service: Panda anti–virus service – Unknown – D:Pandapavsrv51.exe
O23 – Service: Panda IManager Service – Panda Software Internacional – D:PandaPsImSvc.exe
O23 – Service: SoundMAX Agent Service – Analog Devices, Inc. – C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

Odpowiedzi: 3

Heheheh... znow cała masa :P
Wykład mozna wygłasic albo prace magisterska napisac ale po co

Po 1: Zainstaluj SP2, bo na gołym XP nie ma sie co dziwwic ze jest syfior
Po 2: Wywal te Pande bo jak widac jest bardzo kijowa

Oczywiscie wywalasz wszystko co EL NINO napisal (najlepiej w awaryjnym + odłaczony net) ale mozesz miec problemy z:

>> VX2:
O1 – Hosts: 69.20.16.183 auto.search.msn.com
O1 – Hosts: 69.20.16.183 search.netscape.com
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch

Usuwanie

>> O15 – Trusted IP range
Sciagnij i uruchom DelDomains.inf
Bobi
Dodano
02.02.2005 23:29:44
OTO I ON:

Logfile of HijackThis v1.99.0
Scan saved at 21:44:38, on 2005–02–02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesWindows ServeAdWinServAd.exe
C:Program FilesCommon FilesCMEIICMESys.exe
C:Program FilesWindows ServeAdWinServSuit.exe
D:PROGRAMYShareazaShareaza.exe
C:Documents and SettingsRodzinkaDane aplikacjiaaru.exe
C:Program FilesCommon FilesGMTGMT.exe
C:WINDOWSSystem32driversCDAC11BA.EXE
C:WINDOWSSystem32inetsrvinetinfo.exe
C:WINDOWSSystem32 vsvc32.exe
D:PandaPsImSvc.exe
C:WINDOWSSystem32 cpsvcs.exe
C:WINDOWSSystem32snmp.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32mqsvc.exe
C:WINDOWSSystem32mqtgsvc.exe
C:WINDOWSSYSTEM32 undll32.exe
D:PROGRAMYhijackthis1.99HijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:NavigationFailure
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:NavigationFailure
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:NavigationFailure
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:NavigationFailure
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:NavigationFailure
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = w3cache.pcmedia.com.pl:8080
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {CA0E28FA–1AFD–4C21–A8DC–70EB5BE2F076} – C:Program FilesSurfSideKick 2SskBho.dll
O1 – Hosts: 69.20.16.183 auto.search.msn.com
O1 – Hosts: 69.20.16.183 search.netscape.com
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O1 – Hosts: 69.20.16.183 ieautosearch
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [ControlPanel] C:WINDOWSSystem32cmd32.exe internat.dll,LoadKeyboardProfile
O4 – HKLM..Run: [Windows ServeAd] C:Program FilesWindows ServeAdWinServAd.exe
O4 – HKLM..Run: [Mfucfyoy] C:Program FilesAcuoeuFmavl.exe
O4 – HKLM..Run: [CMESys] "C:Program FilesCommon FilesCMEIICMESys.exe"
O4 – HKLM..Run: [KAVPersonal50] "d:ProgramyKaspersky Anti–Virus Personalkav.exe" /minimize
O4 – HKLM..Run: [SurfSideKick 2] C:Program FilesSurfSideKick 2Ssk.exe
O4 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKLM..Run: [Spoolsv32] spools.exe
O4 – HKLM..Run: [wuviewer] C:WINDOWSSystem32wuviewer.exe
O4 – HKLM..Run: [process.exe] C:WINDOWSprocess.exe
O4 – HKLM..Run: [System Service] C:WINDOWSSystem32msrexe.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..RunServices: [wuviewer] C:WINDOWSSystem32wuviewer.exe
O4 – HKCU..Run: [Gadu–Gadu] "D:PROGRAMYGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Shareaza] "D:PROGRAMYShareazaShareaza.exe" –tray
O4 – HKCU..Run: [SurfSideKick 2] C:Program FilesSurfSideKick 2Ssk.exe
O4 – HKCU..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKCU..Run: [wuviewer] C:WINDOWSSystem32wuviewer.exe
O4 – HKCU..Run: [Ncae] C:Documents and SettingsRodzinkaDane aplikacjiaaru.exe
O4 – Global Startup: GStartup.lnk = C:Program FilesCommon FilesGMTGMT.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 – Global Startup: PrecisionTime.lnk = C:Program FilesPrecisionTimePrecisionTime.exe
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – D:PROGRAMYINCRED~1in esourcesWebMenuImg.htm
O9 – Extra button: WebSpeech – {1CE4DE72–7FCC–4eb8–8F66–AE6A56A0A54D} – C:Program FilesCommon FilesWebSpeech20LgxIEBar.dll
O9 – Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) – {1CE4DE72–7FCC–4eb8–8F66–AE6A56A0A54D} – C:Program FilesCommon FilesWebSpeech20LgxIEBar.dll
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O16 – DPF: ING Bank Online – https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge–c336.cab
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://67.19.185.246/i/8/loader2.ocx
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=3317
O17 – HKLMSystemCCSServicesTcpip..{5DC0E1CA–93B3–4F50–97E0–220223827791}: NameServer = 192.168.128.1,192.168.128.254
O18 – Filter: text/html – {BF43EA3A–745D–41E2–B601–E4E6D089636D} – C:WINDOWSSystem32hfc.dll
O18 – Filter: text/plain – {BF43EA3A–745D–41E2–B601–E4E6D089636D} – C:WINDOWSSystem32hfc.dll
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSSystem32Hoeqpfeh.dll (file missing)
O23 – Service: C–DillaCdaC11BA – Macrovision – C:WINDOWSSystem32driversCDAC11BA.EXE
O23 – Service: kavsvc – Kaspersky Lab – d:ProgramyKaspersky Anti–Virus Personalkavsvc.exe
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
O23 – Service: Panda IManager Service – Panda Software Internacional – D:PandaPsImSvc.exe
O23 – Service: SoundMAX Agent Service – Analog Devices, Inc. – C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
Colos
Dodano
02.02.2005 22:47:23
Nie ma sie czemu dziwić, duzo tego

Wylacz przywracanie systemu

Odpal komputer w trybie awaryjnym (F8 po starcie kompa)

Usun z dysku:
rk.exe
C:Program FilesWindows ServeAd
w?wexec.exe
aaru.exe (chyba ze jest Ci znany)
tmpf00.exe
C:Program FilesBullsEye Network
webdlg32.dll
nem220.dll
C:PROGRA~1SEARCH~1
TBC.dll
C:Program FilesSideFind
spm1316.dll
wacvqvhb.dll
msbe.dll
C:PROGRA~1ISTbar
C:Program FilesWeb_Rebates
related.htm



Nastepnie zaznaczasz ptaszkiem i FIX:
R1 – HKCUSoftwareMicrosoftInternet Explorer,Search = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.nowfind.net/002/index.html
R1 – HKLMSoftwareMicrosoftInternet Explorer,Search = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.nowfind.net/002/index.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.web––search.com
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.nowfind.net/002/index.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.nowfind.net/002/index.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.search–control.com/search.cgi?id=270
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.nowfind.net/002/index.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.nowfind.net/002/index.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.nowfind.net/002/index.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = http://www.nowfind.net/002/index.html

R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *new–search.net*;*x–google.net*
R3 – URLSearchHook: StartBHO Class – {30192F8D–0958–44E6–B54D–331FD39AC959} – C:WINDOWSwebdlg32.dll
O1 – Hosts file is located at: C:WINDOWS sdbhosts
O1 – Hosts: 82.179.166.192 new–search.net
O1 – Hosts: 82.179.166.190 x–google.net
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O2 – BHO: Search Relevancy – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:PROGRA~1SEARCH~1SEARCH~1.DLL
O2 – BHO: StartBHO Class – {30192F8D–0958–44E6–B54D–331FD39AC959} – C:WINDOWSwebdlg32.dll
O2 – BHO: Tubby – {9EAC0102–5E61–2312–BC2D–544243544243} – C:WINDOWSSystem32TBC.dll
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:Program FilesSideFindsfbho.dll
O2 – BHO: IEHlprObj Class – {CE7C3CF0–4B15–11D1–ABED–709549C10000} – C:Program FilesNetPanelIEHelper.dll (file missing)
O2 – BHO: Cls – {CF021F40–3E14–23A5–CBA2–7173706D1316} – C:WINDOWSSystem32spm1316.dll
O2 – BHO: (no name) – {DDA6A9E3–3127–16F0–0509–4826282B60E1} – C:WINDOWSSystem32wacvqvhb.dll
O2 – BHO: ADP UrlCatcher Class – {F4E04583–354E–4076–BE7D–ED6A80FD66DA} – C:WINDOWSSystem32msbe.dll
O3 – Toolbar: Search Bar – {0E1230F8–EA50–42A9–983C–D22ABC2EED3B} – C:WINDOWSwebdlg32.dll
O3 – Toolbar: Search Toolbar – {9EAC0102–5E61–2312–BC2D–544243544243} – C:WINDOWSSystem32TBC.dll
O3 – Toolbar: ISTbar – {5F1ABCDB–A875–46c1–8345–B72A4567E486} – C:PROGRA~1ISTbaristbar.dll
O4 – HKLM..Run: [OSS] c:windowssystem32 k.exe –boot
O4 – HKLM..Run: [Windows ServeAd] C:Program FilesWindows ServeAdWinServAd.exe
O4 – HKCU..Run: [Kdslhe] C:WINDOWSSystem32w?wexec.exe
O4 – HKCU..Run: [Ncae] C:Documents and SettingsRodzinkaDane aplikacjiaaru.exe
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:Program FilesSideFindsidefind.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: Search cracks at CrackSpider.NET – {10954C80–4F0F–11d3–B17C–00C0DFE39736} – http://crackspider.net/ie/btn.php (file missing) (HKCU)
O9 – Extra 'Tools' menuitem: Search cracks at CrackSpider.NET – {10954C80–4F0F–11d3–B17C–00C0DFE39736} – http://crackspider.net/ie/btn.php (file missing) (HKCU)
O13 – DefaultPrefix: http://www.nowfind.net/005/search.php?url=
O13 – WWW Prefix: http://www.nowfind.net/005/search.php?url=
O13 – Home Prefix: http://www.nowfind.net/005/search.php?url=
O13 – Mosaic Prefix: http://www.nowfind.net/005/search.php?url=
O16 – DPF: {10954C80–4F0F–11D3–B17C–00C0DFE39736} – http://hot.thebugs.ws/fav.exe
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge–c11.cab
O16 – DPF: {1678F7E1–C422–11D0–AD7D–00400515CAAA} (CometCursor Class) – http://files.cometsystems.com/cometcursor/cobrand/comet.cab?0.495701087023300951103031442374
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_cracks.cab
O16 – DPF: {4418DD4D–7265–4C32–BC0A–3FDB3C2DA938} (Protecter Class) – http://www.xxxtoolbar.com/ist/softwares/v3.0/protect_regular.cab
O16 – DPF: {8626DFA9–2BAC–4BDA–8663–8DAA0F942C0D} – http://megapanel.gem.pl/temp/netp/0434/6719/0854/2400/5_0434671908542400.ocx
O16 – DPF: {91433D86–9F27–402C–B5E3–DEBDD122C339} – http://www.netvenda.com/sites/games–intl/pl/games4.cab
O16 – DPF: {92F02779–6D88–4958–8AD3–83C12D86ADC7} – http://www.netsprint.pl/toolbar/komputerswiat/toolbar.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=4205
O16 – DPF: {AD7FAFB0–16D6–40C3–AF27–585D6E6453FD} (loader Class) – http://217.73.66.1/del/loader.cab
O16 – DPF: {F72BC3F0–6C20–4793–9DDA–258589D8A907} – http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 – DPF: {FF521631–31DA–48AC–B4E9–390A7694C906} (EGEGAUTH Class) – http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1031_EN_XP.cab
O18 – Filter: text/html – {B02F4130–B722–4EC8–8E1D–6BE223960969} – C:Documents and SettingsRodzinkaUstawienia lokalneDane aplikacjimicrosoftinternet explorerV0.26.dat
O21 – SSODL: eplrr – {B55CAF93–C150–488C–BD2E–F7F81522C58A} – C:WINDOWSSystem32eplrr3.dll (file missing)

Teraz mozesz wlaczyc przywracanie i uruchomic normalnie

Na wszelki wypadek przeskanuj Ad–awere, SpyBotem...
Wkej nowy log zobaczy sie czy wszystko przytepiles
Bobi
Dodano
12.01.2005 12:15:40
Colos
Dodano:
12.01.2005 10:38:16
Komentarzy:
3
Strona 1 / 1