CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Prosze o sprawdzenie loga

Prosze o sprawdzenie loga

Logfile of HijackThis v1.99.0
Scan saved at 10:14:52, on 2005–02–04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32 elcmd.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32hicom.exe
C:WINDOWSsystem32 undll32.exe
C:WINDOWSSystem32 etdc.exe
C:WINDOWSSystem32RUNDLL32.EXE
D:ProgramyWinampwinampa.exe
C:WINDOWSSystem32Fmctrl.EXE
C:Program FilesJavaj2re1.4.2_06injusched.exe
C:WINDOWSSystem32systime.exe
C:Program FilesInternet Optimizeroptimize.exe
C:WINDOWSSystem32hiden.exe
C:WINDOWSSystem32ieexec.exe
C:WINDOWSSystem32ctfmon.exe
D:ProgramyGadu–Gadugg.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSSystem32systime.exe
C:WINDOWSSystem32windllsys32.exe
C:Documents and SettingskamilDane aplikacjiurim.exe
C:WINDOWSSystem32 ?skmgr.exe
D:ProgramyPopTrayPopTray.exe
D:ProgramyAvant Browseravant.exe
C:Program FilesWebSiteViewer124491.dlr
C:Documents and SettingskamilPulpitHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3263
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.allwebsearcher.com/?said=1211
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.allwebsearcher.com/?said=1211
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.allwebsearcher.com/?said=1211
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
R3 – URLSearchHook: (no name) – _{08C06D61–F1F3–4799–86F8–BE1A89362C85} – (no file)
F2 – REG:system.ini: Shell=explorer.exe C:WINDOWSSystem32 etdc.exe
O1 – Hosts: 127.0.0.3 www.greg–tut.com
O1 – Hosts: 127.0.0.3 nylonsexy.com
O1 – Hosts: 127.0.0.3 www.nylonsexy.com
O1 – Hosts: 127.0.0.3 vparivalka.com
O1 – Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com
O1 – Hosts: 127.0.0.3 www.awmdabest.com
O1 – Hosts: 127.0.0.3 www.sexfiles.nu
O1 – Hosts: 127.0.0.3 awmdabest.com
O1 – Hosts: 127.0.0.3 sexfiles.nu
O1 – Hosts: 127.0.0.3 www.greg–tut.com
O1 – Hosts: 127.0.0.3 nylonsexy.com
O1 – Hosts: 127.0.0.3 www.nylonsexy.com
O1 – Hosts: 127.0.0.3 vparivalka.com
O1 – Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com
O1 – Hosts: 127.0.0.3 www.awmdabest.com
O1 – Hosts: 127.0.0.3 www.sexfiles.nu
O1 – Hosts: 127.0.0.3 awmdabest.com
O1 – Hosts: 127.0.0.3 sexfiles.nu
O1 – Hosts: 127.0.0.3 allforadult.com
O1 – Hosts: 127.0.0.3 www.allforadult.com
O1 – Hosts: 127.0.0.3 www.iframe.biz
O1 – Hosts: 127.0.0.3 iframe.biz
O1 – Hosts: 127.0.0.3 www.newiframe.biz
O1 – Hosts: 127.0.0.3 newiframe.biz
O1 – Hosts: 127.0.0.3 www.vesbiz.biz
O1 – Hosts: 127.0.0.3 vesbiz.biz
O1 – Hosts: 127.0.0.3 www.pizdato.biz
O1 – Hosts: 127.0.0.3 pizdato.biz
O1 – Hosts: 127.0.0.3 www.aaasexypics.com
O1 – Hosts: 127.0.0.3 aaasexypics.com
O1 – Hosts: 127.0.0.3 www.virgin–tgp.net
O1 – Hosts: 127.0.0.3 virgin–tgp.net
O1 – Hosts: 127.0.0.3 www.awmcash.biz
O1 – Hosts: 127.0.0.3 awmcash.biz
O1 – Hosts: 127.0.0.3 buldog–stats.com
O1 – Hosts: 127.0.0.3 www.buldog–stats.com
O1 – Hosts: 127.0.0.3 fregat.drocherway.com
O1 – Hosts: 127.0.0.3 slutmania.biz
O1 – Hosts: 127.0.0.3 www.slutmania.biz
O1 – Hosts: 127.0.0.3 toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.megapornix.com
O1 – Hosts: 127.0.0.3 megapornix.com
O1 – Hosts: 127.0.0.3 www.sp2fucked.biz
O1 – Hosts: 127.0.0.3 sp2fucked.biz
O1 – Hosts: 127.0.0.3 greg–tut.com
O1 – Hosts: http://213.159.117.203/dkprogs/hosts.txt127.0.0.1 www.trendmicro.com
O1 – Hosts: 69.20.16.183 auto.search.msn.com
O1 – Hosts: 69.20.16.183 search.netscape.com
O1 – Hosts: 69.20.16.183 ieautosearch
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FLASHGETfgiebar.dll
O3 – Toolbar: IEMenuExtension toolbar – {6b95678d–30a4–4ff8–a72f–4208340c1f7f} – C:Program FilesIEMenuExtension bextn.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [WinampAgent] d:ProgramyWinampwinampa.exe
O4 – HKLM..Run: [eMusicClient] d:ProgramyWinampeMusiceMusicClient.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [FmctrlTray] Fmctrl.EXE
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_06injusched.exe
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [load32] C:WINDOWSSystem32 etda.exe
O4 – HKLM..Run: [hiden.exe] hiden.exe
O4 – HKLM..Run: [IE Menu Extension toolbar] rundll32.exe "C:PROGRA~1IEMENU~1 bextn.dll" DllShowTB
O4 – HKLM..Run: [ieexec.exe] ieexec.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "D:ProgramyGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [SysTime] C:WINDOWSSystem32systime.exe

Odpowiedzi: 1

Tego sie pozbywasz:

C:WINDOWSSystem32 etdc.exe
C:WINDOWSSystem32systime.exe
C:Program FilesInternet Optimizeroptimize.exe
C:WINDOWSSystem32ieexec.exe
C:WINDOWSSystem32systime.exe
C:WINDOWSSystem32windllsys32.exe
C:Documents and SettingskamilDane aplikacjiurim.exe
C:WINDOWSSystem32 ?skmgr.exe
C:Program FilesWebSiteViewer124491.dlr

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3263
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.allwebsearcher.com/?said=1211
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.allwebsearcher.com/?said=1211
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.allwebsearcher.com/?said=1211
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
R3 – URLSearchHook: (no name) – _{08C06D61–F1F3–4799–86F8–BE1A89362C85} – (no file)
F2 – REG:system.ini: Shell=explorer.exe C:WINDOWSSystem32 etdc.exe
O1 – Hosts: 69.20.16.183 auto.search.msn.com
O1 – Hosts: 69.20.16.183 search.netscape.com
O1 – Hosts: 69.20.16.183 ieautosearch
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O3 – Toolbar: IEMenuExtension toolbar – {6b95678d–30a4–4ff8–a72f–4208340c1f7f} – C:Program FilesIEMenuExtension bextn.dll
O4 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [load32] C:WINDOWSSystem32 etda.exe
O4 – HKLM..Run: [IE Menu Extension toolbar] rundll32.exe "C:PROGRA~1IEMENU~1 bextn.dll" DllShowTB
O4 – HKLM..Run: [ieexec.exe] ieexec.exe
O4 – HKCU..Run: [SysTime] C:WINDOWSSystem32systime.exe



W tych wpisach pliku HOSTS zmienisz trojke na jedynke:
O1 – Hosts: 127.0.0.3 www.greg–tut.com
O1 – Hosts: 127.0.0.3 nylonsexy.com
O1 – Hosts: 127.0.0.3 www.nylonsexy.com
O1 – Hosts: 127.0.0.3 vparivalka.com
O1 – Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com
O1 – Hosts: 127.0.0.3 www.awmdabest.com
O1 – Hosts: 127.0.0.3 www.sexfiles.nu
O1 – Hosts: 127.0.0.3 awmdabest.com
O1 – Hosts: 127.0.0.3 sexfiles.nu
O1 – Hosts: 127.0.0.3 www.greg–tut.com
O1 – Hosts: 127.0.0.3 nylonsexy.com
O1 – Hosts: 127.0.0.3 www.nylonsexy.com
O1 – Hosts: 127.0.0.3 vparivalka.com
O1 – Hosts: 127.0.0.3 www.vparivalka.comtoescrowpay.com
O1 – Hosts: 127.0.0.3 www.awmdabest.com
O1 – Hosts: 127.0.0.3 www.sexfiles.nu
O1 – Hosts: 127.0.0.3 awmdabest.com
O1 – Hosts: 127.0.0.3 sexfiles.nu
O1 – Hosts: 127.0.0.3 allforadult.com
O1 – Hosts: 127.0.0.3 www.allforadult.com
O1 – Hosts: 127.0.0.3 www.iframe.biz
O1 – Hosts: 127.0.0.3 iframe.biz
O1 – Hosts: 127.0.0.3 www.newiframe.biz
O1 – Hosts: 127.0.0.3 newiframe.biz
O1 – Hosts: 127.0.0.3 www.vesbiz.biz
O1 – Hosts: 127.0.0.3 vesbiz.biz
O1 – Hosts: 127.0.0.3 www.pizdato.biz
O1 – Hosts: 127.0.0.3 www.pizdato.biz
O1 – Hosts: 127.0.0.3 www.aaasexypics.com
O1 – Hosts: 127.0.0.3 aaasexypics.com
O1 – Hosts: 127.0.0.3 www.virgin–tgp.net
O1 – Hosts: 127.0.0.3 virgin–tgp.net
O1 – Hosts: 127.0.0.3 www.awmcash.biz
O1 – Hosts: 127.0.0.3 awmcash.biz
O1 – Hosts: 127.0.0.3 buldog–stats.com
O1 – Hosts: 127.0.0.3 www.buldog–stats.com
O1 – Hosts: 127.0.0.3 fregat.drocherway.com
O1 – Hosts: 127.0.0.3 slutmania.biz
O1 – Hosts: 127.0.0.3 www.slutmania.biz
O1 – Hosts: 127.0.0.3 toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.toolbarpartner.com
O1 – Hosts: 127.0.0.3 www.megapornix.com
O1 – Hosts: 127.0.0.3 megapornix.com
O1 – Hosts: 127.0.0.3 www.sp2fucked.biz
O1 – Hosts: 127.0.0.3 sp2fucked.biz
O1 – Hosts: 127.0.0.3 greg–tut.com

A ten wpis w HOSTS modyfikujesz:
O1 – Hosts: http://213.159.117.203/dkprogs/hosts.txt127.0.0.1 www.trendmicro.com

tworzac:
127.0.0.1 213.159.117.203

Uzywasz telneta ?
EL NINO
Dodano
04.02.2005 11:40:13
dziadek1988
Dodano:
04.02.2005 11:20:27
Komentarzy:
1
Strona 1 / 1