CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Prosba o sprawdzenie loga

Prosba o sprawdzenie loga

Niech ktos prosze zerknie czy all jest ok.Dzieki

Logfile of HijackThis v1.97.7
Scan saved at 12:53:43, on 2004–10–31
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
D:ProgramySygatesmc.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32CTsvcCDA.exe
C:WINDOWSsystem32crypserv.exe
C:Program FilesMKSBinNetMonSv.exe
C:Program FilesMKSBinmksmonsv.exe
C:WINDOWSsystem32 vsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesYDPUserAccessManageruseraccess.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb04.exe
C:WINDOWSSystem32alg.exe
C:Program FilesAdaptecEasy CD Creator 5DirectCDDirectCD.exe
C:PROGRA~1PESTPA~1PPControl.exe
C:PROGRA~1PESTPA~1PPMemCheck.exe
C:PROGRA~1PESTPA~1CookiePatrol.exe
C:Program FilesMKSBinmks_menu.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesCommon FilesNokiaNCLToolsNclTray.exe
D:ProgramyNokiaDataLayer.exe
C:WINDOWSsystem32CTHELPER.EXE
C:Program FilesMKSBinmks_scan.exe
D:PROGRA~2Amoumain.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMKSBin etsvst.exe
C:Program FilesCommon FilesNokiaServicesServiceLayer.exe
D:ProgramySpybot – Search & DestroyTeaTimer.exe
D:ProgramyCommonBinWinCinemaMgr.exe
D:ProgramyPopTrayPopTray.exe
C:Program FilesGadu–Gadugg.exe
D:ProgramyFlashGetflashget.exe
D:ProgramySpy SweeperSpySweeper.exe
C:DownloadsSpyHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = ..––==ANIA I MICHO==––..
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – D:ProgramySPYBOT~1SDHelper.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – D:ProgramyFlashGetjccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – D:ProgramyFlashGetfgiebar.dll
O4 – HKLM..Run: [NVRT] C:Program FilesNVRefreshTool vrt.exe /startup
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb04.exe
O4 – HKLM..Run: [AdaptecDirectCD] "C:Program FilesAdaptecEasy CD Creator 5DirectCDDirectCD.exe"
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [PestPatrol Control Center] C:PROGRA~1PESTPA~1PPControl.exe
O4 – HKLM..Run: [PPMemCheck] C:PROGRA~1PESTPA~1PPMemCheck.exe
O4 – HKLM..Run: [CookiePatrol] C:PROGRA~1PESTPA~1CookiePatrol.exe
O4 – HKLM..Run: [MKS_MENU] C:Program FilesMKSBinmks_menu.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [Nokia Tray Application] C:Program FilesCommon FilesNokiaNCLToolsNclTray.exe
O4 – HKLM..Run: [DataLayer] D:ProgramyNokiaDataLayer.exe
O4 – HKLM..Run: [AudioHQ] C:Program FilesCreativeSBLiveAudioHQAHQTB.EXE
O4 – HKLM..Run: [CloneCDElbyCDFL] "D:ProgramyCloneCDElbyCheck.exe" /L ElbyCDFL
O4 – HKLM..Run: [SmcService] D:ProgramySygatesmc.exe –startgui
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [CTHelper] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] D:ProgramySbLive!PROGRAMADGJDet.exe
O4 – HKLM..Run: [WheelMouse] d:PROGRA~2Amoumain.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [NetMonSVStat] C:Program FilesMKSBin etsvst.exe
O4 – HKCU..Run: [SpybotSD TeaTimer] D:ProgramySpybot – Search & DestroyTeaTimer.exe
O4 – Startup: PopTray.lnk = D:ProgramyPopTrayPopTray.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 – Global Startup: InterVideo WinCinema Manager.lnk = D:ProgramyCommonBinWinCinemaMgr.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – D:ProgramyFlashGetjc_link.htm
O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – D:ProgramyFlashGetjc_all.htm
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 – DPF: {27527D31–447B–11D5–A46E–0001023B4289} (CoGSManager Class) – http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
O16 – DPF: {54B52E52–8000–4413–BD67–FC7FE24B59F2} (EARTPatchX Class) – http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095790540619
O16 – DPF: {917623D1–D8E5–11D2–BE8B–00104B06BDE3} (CamImage Class) – http://kamera.szczecinek.net.pl/activex/AxisCamControl.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {9F1C11AA–197B–4942–BA54–47A8489BB47F} – http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38123.4794907407
O16 – DPF: {C2FCEF52–ACE9–11D3–BEBD–00105AA9B6AE} (Symantec RuFSI Registry Information Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Dzieki .pozdro

Odpowiedzi: 20

Czysto
Bobi
Dodano
07.11.2004 17:37:47
Logfile of HijackThis v1.97.7
Scan saved at 16:29:11, on 2004–11–07
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMicrosoft OfficeOFFICE11OUTLOOK.EXE
C:Program FilesMicrosoft OfficeOFFICE11WINWORD.EXE
C:Program Filesmozilla.orgMozillamozilla.exe
C:Documents and SettingsWłaścicielMoje dokumentyHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = proxy.satfilm.net.pl:8080
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: Web assistant – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Web assistant – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton Internet SecurityUrlLstCk.exe
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
O4 – HKLM..Run: [WinampAgent] "C:Program FilesWinampWinampa.exe"
O4 – HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKCU..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
mariusz25l
Dodano
07.11.2004 17:31:18
Profilaktycznie. Wielkie dzieki Bobi_robert
safol
Dodano
05.11.2004 23:32:24
Poza smieciami nic powaznego
FIX:
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)

Jesli nie uzywasz wywal:
O12 – Plugin for .djvu: C:Program FilesInternet ExplorerPLUGINS pdjvu.dll

Dzieje sie cos "ciekawego" czy profilaktycznie pytasz??
Bobi
Dodano
05.11.2004 23:19:35
Witam czy moj log jest czysty?

Logfile of HijackThis v1.98.2
Scan saved at 20:43:27, on 2004–11–05
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:Program FilescFoscFosDNT.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:PROGRA~1ALWILS~1Avast4ashmaisv.exe
C:Program Filesone LabsoneAlarmzlclient.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesAutoConnectAutoConnect.exe
C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSsystem32pctspk.exe
C:WINDOWSsystem32oneLabsvsmon.exe
C:Program FilesAzureusAzureus.exe
C:Program FilesJavaj2re1.4.2_05injavaw.exe
C:Program FilesGadu–Gadugg.exe
C:Documents and SettingsCichutaMoje dokumentyhijackthisHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: DAPHelper Class – {0000CC75–ACF3–4cac–A0A9–DD3868E06852} – C:Program FilesDAPDAPBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: DAP Bar – {62999427–33FC–4baf–9C9C–BCE6BD127F08} – C:Program FilesDAPDAPIEBar.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [cFosDNT] C:Program FilescFoscFosDNT.exe
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [ashMaiSv] C:PROGRA~1ALWILS~1Avast4ashmaisv.exe
O4 – HKLM..Run: [Zone Labs Client] "C:Program Filesone LabsoneAlarmzlclient.exe"
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [AutoConnect] C:Program FilesAutoConnectAutoConnect.exe
O4 – Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800–840dslmon.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:PROGRA~1DAPDAP.EXE
O12 – Plugin for .djvu: C:Program FilesInternet ExplorerPLUGINS pdjvu.dll
O16 – DPF: ppctlcab – http://69.44.122.156/scanner/ppctlcab.cab
O16 – DPF: {2FC9A21E–2069–4E47–8235–36318989DB13} (PPSDKActiveXScanner.MainScreen) – http://69.44.122.156/scanner/axscanner.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094821080031
O16 – DPF: {917623D1–D8E5–11D2–BE8B–00104B06BDE3} (CamImage Class) – http://217.173.193.218/activex/AxisCamControl.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{B04762C0–C563–4629–8051–0A0407E4DE23}: NameServer = 194.204.152.34 217.98.63.164
safol
Dodano
05.11.2004 21:54:45
dzieki bardzo szefie, teraz chodzi jak brzytew:)
rayan
Dodano
05.11.2004 17:55:15
Wylacz Przywracanie
Zakoncz proces:
msdev.exe

Wywal z HDD:
msdev.exe

Z loga leci:
04 – HKLM..Run: [msdev] msdev.exe
O4 – HKLM..RunServices: [msdev] msdev.exe
O4 – HKCU..Run: [msdev] msdev.exe
O4 – HKLM..RunOnce: [msdev] msdev.exe
O4 – HKCU..RunOnce: [msdev] msdev.exe

Włacz Przywracanie
Bobi
Dodano
05.11.2004 16:07:45
eehh dzis to samo, wirus Rbot> tego nie da sie usunac( mks sie odnosi do tego pliku msdev.exe) a jak ktos wie to prosilbym instrukcje po polsku: moze jeszcze raz log:

Logfile of HijackThis v1.97.7
Scan saved at 14:04:12, on 2004–11–05
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32 vsvc32.exe
C:WINDOWSSystem32msdev.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMcAfeeMcAfee VirusScanAvsynmgr.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1NEOSTR~1CnxMon.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:PROGRA~1NEOSTR~1TaskbarIcon.exe
C:Program FilesWinampwinampa.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:WINDOWSSystem32ctfmon.exe
D:GrySteamSteam.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesMcAfeeMcAfee Shared ComponentsInstant UpdaterRuLaunch.exe
C:WINDOWSSystem32devldr32.exe
C:Program FilesMcAfeeMcAfee VirusScanVsStat.exe
C:Program FilesMcAfeeMcAfee VirusScanVshwin32.exe
C:Program FilesCommon FilesNetwork AssociatesMcShieldMcshield.exe
C:Program FilesMcAfeeMcAfee VirusScanAvconsol.exe
C:Program FilesOperaopera.exe
C:DownloadshjtHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: McAfee VirusScan – {ACB1E670–3217–45C4–A021–6B829A8A27CB} – C:Program FilesMcAfeeMcAfee VirusScanVSCShellExtension.dll
O4 – HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe
O4 – HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [ashMaiSv] C:PROGRA~1ALWILS~1Avast4ashmaisv.exe
O4 – HKLM..Run: [msdev] msdev.exe
O4 – HKLM..Run: [McAfee Guardian] "C:Program FilesMcAfeeMcAfee Shared ComponentsGuardianCMGRDIAN.EXE" /SU
O4 – HKLM..RunServices: [msdev] msdev.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Steam] D:GrySteamSteam.exe –silent
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O4 – HKCU..Run: [msdev] msdev.exe
O4 – HKCU..Run: [McAfee.InstantUpdate.Monitor] "C:Program FilesMcAfeeMcAfee Shared ComponentsInstant UpdaterRuLaunch.exe" /STARTMONITOR
O4 – HKLM..RunOnce: [msdev] msdev.exe
O4 – HKCU..RunOnce: [msdev] msdev.exe
O4 – Global Startup: PrecisionTime.lnk = C:Program FilesPrecisionTimePrecisionTime.exe
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{1F0DDA9F–8BFD–4030–A98F–67AB30FFFC44}: NameServer = 194.204.159.1,213.77.21.150

oczywiscie uzycie procesora 100% to chodzi jak bardzo slaby komputerek(
rayan
Dodano
05.11.2004 15:06:46
rayan:
czy te wpisy moga powodowac jakis ruch łącza
Oczywiscie. To robaki. Na tego "winusb.exe" M$ wydal nawet specjalne patche. Tu info w jednym kawalku –> http://www.freelists.org/archives/virusinfo/09–2004/msg00001.html
EL NINO
Dodano
05.11.2004 00:15:30
rayan:
Skanowalem mks i znalazlo cos takiego: wootbot.gen.90730.MX ale tego nie dalo sie usunac.

:arrow: http://www.f–secure.com/v–descs/wootbot.shtml
Tu masz Utility

Jak recznie:
Symatec
:arrow: http://www.symantec.com/avcenter/venc/data/backdoor.sdbot.ae.html
Bobi
Dodano
04.11.2004 23:22:58
Nic mi o tym nie wiadomo NINO ale moze mlodszy brat :] acha jeszcze jedno czy te wpisy moga powodowac jakis ruch łącza, nic nie robie(wszytsko pozamykane) a COS z neo korzysta.
Skanowalem mks i znalazlo cos takiego: wootbot.gen.90730.MX ale tego nie dalo sie usunac. ojjj i uzycie procesora 100 % wogole zuzycie pamieci jest spore o wiele. Pomozecie ??:)
rayan
Dodano
04.11.2004 23:10:03
Usun:
C:WINDOWSSystem32SndMon32.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
O4 – HKLM..Run: [WIN USB 2.0] winusb.exe
O4 – HKLM..Run: [Windows AdTools] C:Program FilesWindows AdToolsWinAdTools.exe
O4 – HKLM..Run: [Windows Sound Manager] SndMon32.exe
O4 – HKLM..RunServices: [WIN USB 2.0] winusb.exe
O4 – HKLM..RunServices: [Windows Sound Manager] SndMon32.exe
O4 – HKCU..Run: [WIN USB 2.0] winusb.exe
O4 – HKLM..RunOnce: [Windows Sound Manager] SndMon32.exe
O4 – Global Startup: GStartup.lnk = C:Program FilesCommon FilesGMTGMT.exe


Instalowales O4 – Global Startup: PrecisionTime.lnk = C:Program FilesPrecisionTimePrecisionTime.exe ?
EL NINO
Dodano
04.11.2004 22:15:30
Mozna o analize Logu:

Logfile of HijackThis v1.97.7
Scan saved at 20:24:09, on 2004–11–04
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1NEOSTR~1CnxMon.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:PROGRA~1NEOSTR~1TaskbarIcon.exe
C:Program FilesWinampwinampa.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:PROGRA~1ALWILS~1Avast4ashmaisv.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32 vsvc32.exe
C:WINDOWSsystem32spupdsvc.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSSystem32devldr32.exe
C:WINDOWSsystem32 undll32.exe
C:PROGRA~1NEOSTR~1NeostradaTP.exe
C:PROGRA~1NEOSTR~1ComComp.exe
C:PROGRA~1NEOSTR~1Watch.exe
C:WINDOWSSystem32SndMon32.exe
C:WINDOWSsystem32cmd.exe
C:WINDOWSsystem32cmd.exe
C:Program FilesInternet Exploreriexplore.exe
C:DownloadshjtHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:PROGRA~1NEOSTR~1SEARCH~1.DLL
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe
O4 – HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [ashMaiSv] C:PROGRA~1ALWILS~1Avast4ashmaisv.exe
O4 – HKLM..Run: [WIN USB 2.0] winusb.exe
O4 – HKLM..Run: [Windows AdTools] C:Program FilesWindows AdToolsWinAdTools.exe
O4 – HKLM..Run: [Windows Sound Manager] SndMon32.exe
O4 – HKLM..RunServices: [WIN USB 2.0] winusb.exe
O4 – HKLM..RunServices: [Windows Sound Manager] SndMon32.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Steam] D:GrySteamSteam.exe –silent
O4 – HKCU..Run: [WIN USB 2.0] winusb.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O4 – HKLM..RunOnce: [Windows Sound Manager] SndMon32.exe
O4 – Global Startup: GStartup.lnk = C:Program FilesCommon FilesGMTGMT.exe
O4 – Global Startup: PrecisionTime.lnk = C:Program FilesPrecisionTimePrecisionTime.exe
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O16 – DPF: {166B1BCA–3F9C–11CF–8075–444553540000} (Shockwave ActiveX Control) – http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{1F0DDA9F–8BFD–4030–A98F–67AB30FFFC44}: NameServer = 194.204.159.1,213.77.21.150
O17 – HKLMSystemCCSServicesTcpip..{DC61ADA4–2EC9–4F8F–9789–A8C7C25F4347}: NameServer = 194.204.152.34 217.98.63.164


Dzieki ;)
rayan
Dodano
04.11.2004 21:43:45
Wielkie dzięki!!!!!!!!
cybrarian
Dodano
04.11.2004 20:29:40
Uruchom Task manager, wylacz procesy o nazwach takich jak nizej, usun ponizesz wpisy w HJ, odszukaj na dysku pliki wszystkie jakie tu znajdziesz i usun. Usun foldery z zawartoscia:
C:Program FilesWin Comm\r C:Program FilesWeb_Rebates\r


C:WINDOWSSystem32internet.exe
C:WINDOWSSystem32zkvkkr.exe
C:Program FilesWin CommWinComm.exe
C:Program FilesWeb_RebatesWebRebates0.exe
C:WINDOWSSystem32sres32.exe
C:WINDOWSsrchupdt.exe
C:Program FilesWin CommWinLock.exe
C:Documents and SettingsadminDane aplikacjictlo.exe
C:Program FilesWeb_RebatesWebRebates1.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
O3 – Toolbar: Searchfst Class – {000277A3–7D84–406a–9799–D12A81594693} – C:WINDOWSsrchfst.dll
O3 – Toolbar: Games toolbar – {02ffc86e–283e–4faa–95d6–addca024f30a} – C:Program FilesGames bGame.dll
O4 – HKLM..Run: [blah service] internet.exe
O4 – HKLM..Run: [wesxzzl] C:WINDOWSSystem32zkvkkr.exe
O4 – HKLM..Run: [conscorr] C:WINDOWSconscorr.exe
O4 – HKLM..Run: [Win Comm] C:Program FilesWin CommWinComm.exe
O4 – HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..Run: [cbylepif] C:WINDOWScbylepif.exe
O4 – HKLM..Run: [OEM32 Tools] sres32.exe
O4 – HKLM..Run: [Sys29] C:windowssystem32winjvo32.exe
O4 – HKLM..Run: [SrchfstUpdate] C:WINDOWSsrchupdt.exe
O4 – HKLM..Run: [Games toolbar] rundll32.exe "C:PROGRA~1GAMES bGame.dll" DllShowTB
O4 – HKLM..RunServices: [blah service] internet.exe
O4 – HKLM..RunServices: [OEM32 Tools] sres32.exe
O4 – HKCU..Run: [OEM32 Tools] sres32.exe
O4 – HKCU..Run: [Atta] C:Documents and SettingsadminDane aplikacjictlo.exe
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 – Extra button: SideFind (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 – DPF: v3cab – http://searchmiracle.com/cab/v3cab.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=b2588948792fc346e365469fde3784a 2a62799c4dda3472d882f4f92662099b10c07a283a4035164c34a762ea468276ebeafc4:1dde2c5aa672757d85c667d265bce627
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 – DPF: {771A1334–6B08–4A6B–AEDC–CF994BA2CEBE} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://static.topconverting.com/activex/loader2.ocx
O16 – DPF: {91433D86–9F27–402C–B5E3–DEBDD122C339} – http://www.netvenda.com/sites/games–intl/pl/games4.cab
EL NINO
Dodano
04.11.2004 13:17:53
Uźyłem Hijackthis (po zmasowanym ataku trojanów i wirusów – część usunięta) i dostałem taki log, jak niźej. Parę rzeczy mi się nie podoba, ale chcę się upewnić. :oops:
Logfile of HijackThis v1.97.7
Scan saved at 10:59:35, on 2004–11–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSsoundman.exe
C:Program FilesWinampWinampa.exe
C:PROGRA~1A4TechMouseAmoumain.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSSystem32internet.exe
C:WINDOWSSystem32zkvkkr.exe
C:Program FilesWin CommWinComm.exe
C:Program FilesWeb_RebatesWebRebates0.exe
C:WINDOWSSystem32sres32.exe
C:WINDOWSsrchupdt.exe
C:Program FilesWin CommWinLock.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Documents and SettingsadminDane aplikacjictlo.exe
C:Program FilesWeb_RebatesWebRebates1.exe
C:WINDOWSSystem32wuauclt.exe
F:ProgramyWindowsNarzedzioweSpywareHijackThisHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:Program FilesSpybot – Search & DestroySDHelper.dll
O3 – Toolbar: Searchfst Class – {000277A3–7D84–406a–9799–D12A81594693} – C:WINDOWSsrchfst.dll
O3 – Toolbar: Games toolbar – {02ffc86e–283e–4faa–95d6–addca024f30a} – C:Program FilesGames bGame.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [SoundMan] soundman.exe
O4 – HKLM..Run: [WinampAgent] "C:Program FilesWinampWinampa.exe"
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TechMouseAmoumain.exe
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [blah service] internet.exe
O4 – HKLM..Run: [wesxzzl] C:WINDOWSSystem32zkvkkr.exe
O4 – HKLM..Run: [conscorr] C:WINDOWSconscorr.exe
O4 – HKLM..Run: [Win Comm] C:Program FilesWin CommWinComm.exe
O4 – HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..Run: [cbylepif] C:WINDOWScbylepif.exe
O4 – HKLM..Run: [OEM32 Tools] sres32.exe
O4 – HKLM..Run: [Sys29] C:windowssystem32winjvo32.exe
O4 – HKLM..Run: [SrchfstUpdate] C:WINDOWSsrchupdt.exe
O4 – HKLM..Run: [Games toolbar] rundll32.exe "C:PROGRA~1GAMES bGame.dll" DllShowTB
O4 – HKLM..Run: [UsbD] C:Program FilesWindows Media Playerwmplayer.exe
O4 – HKLM..RunServices: [blah service] internet.exe
O4 – HKLM..RunServices: [OEM32 Tools] sres32.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [OEM32 Tools] sres32.exe
O4 – HKCU..Run: [Atta] C:Documents and SettingsadminDane aplikacjictlo.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 – Extra button: SideFind (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 – Extra button: Messenger (HKLM)
O9 – Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 – Plugin for .au: C:Program FilesInternet ExplorerPLUGINS pqtplugin2.dll
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 – DPF: v3cab – http://searchmiracle.com/cab/v3cab.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=b2588948792fc346e365469fde3784a2a62799c4dda 3472d882f4f92662099b10c07a283a4035164c34a762ea468276ebeafc4:1dde2c5aa672757d85c667d265bce627
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098867429640
O16 – DPF: {771A1334–6B08–4A6B–AEDC–CF994BA2CEBE} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://static.topconverting.com/activex/loader2.ocx
O16 – DPF: {91433D86–9F27–402C–B5E3–DEBDD122C339} – http://www.netvenda.com/sites/games–intl/pl/games4.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 – HKLMSystemCCSServicesTcpip..{513E9B08–B863–4E74–B203–80A0E21C658C}: NameServer =
O17 – HKLMSystemCS2ServicesTcpip..{513E9B08–B863–4E74–B203–80A0E21C658C}: NameServer =
O17 – HKLMSystemCS3ServicesTcpip..{513E9B08–B863–4E74–B203–80A0E21C658C}: NameServer =
cybrarian
Dodano
04.11.2004 12:09:31
dzieki wielkie. :lol:
sirchaser
Dodano
31.10.2004 15:48:55
Nic. Tak ma byc.
EL NINO
Dodano
31.10.2004 15:29:23
a co z tymi svchost??
sirchaser
Dodano
31.10.2004 15:14:00
sirchaser:
ctfmon.exe i cthelper.exe
One sa OK.

W logu nic nie ma.
DSO–Exploit: znajdziesz w kilku tematach opis.
Mozesz usuwac wszystko z wszystkich Temp.
Mozesz usuwac cala zawartosc Prefetch.
EL NINO
Dodano
31.10.2004 15:12:33
sirchaser
Dodano:
31.10.2004 13:59:02
Komentarzy:
20
Strona 1 / 2