CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo prosze sprawdzcie mi loga :/

prosze sprawdzcie mi loga :/

Logfile of HijackThis v1.99.0
Scan saved at 22:25:36, on 2005–02–17
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32Fmctrl.EXE
C:WINDOWSSystem32systime.exe
C:WINDOWSprocess.exe
C:WINDOWSSystem32cmd32.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
D:ProgramyGadu–Gadugg.exe
C:WINDOWSSystem32systime.exe
C:Documents and SettingskamilDane aplikacjieldr.exe
c:125025.exe
c:125025.exe
C:WINDOWSSystem32 undll32.exe
C:WINDOWSSystem32izxczxcr.exe
C:DOCUME~1kamilUSTAWI~1Tempctxad.exe
C:Program FilesInternet Exploreriexplore.exe
c:125932.exe
C:WINDOWSsystem32?hkdsk.exe
C:DOCUME~1kamilUSTAWI~1TempPsUninstaller.exe
C:WINDOWSSystem32dwwin.exe
D:ProgramyAvant Browseravant.exe
C:Documents and SettingskamilPulpitHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1kamilUSTAWI~1Tempse.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1kamilUSTAWI~1Tempse.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
R3 – URLSearchHook: (no name) – {CA0E28FA–1AFD–4C21–A8DC–70EB5BE2F076} – C:Program FilesSurfSideKick 2SskBho.dll
O1 – Hosts file is located at: C:WINDOWS sdbhosts
O1 – Hosts: 82.179.166.164 lender–search.com
O1 – Hosts: 82.179.166.165 hot–searches.com
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O2 – BHO: (no name) – {793DB2E0–2B03–3AF0–28D6–2E879C85B99C} – C:WINDOWSSystem32mtbw.dll
O2 – BHO: Explorer Class – {962F12AE–2773–4BEB–99EA–B5C3AB9A6606} – C:WINDOWSSystem32DSMANA~1.DLL
O2 – BHO: (no name) – {D8A9419B–6FE6–41E4–8ACC–B11737F54E52} – C:WINDOWSSystem32gneb.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: IEMenuExtension toolbar – {6b95678d–30a4–4ff8–a72f–4208340c1f7f} – C:Program FilesIEMenuExtension bextn.dll
O4 – HKLM..Run: [eMusicClient] d:ProgramyWinampeMusiceMusicClient.exe
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [FmctrlTray] Fmctrl.EXE
O4 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKLM..Run: [Service Host] C:WINDOWSSystem32Services{259F9703–945A–4A04–8FA4–59EE9C6AAC04}SVCHOST.EXE
O4 – HKLM..Run: [process.exe] C:WINDOWSprocess.exe
O4 – HKLM..Run: [ControlPanel] C:WINDOWSSystem32cmd32.exe internat.dll,LoadKeyboardProfile
O4 – HKLM..Run: [IE Menu Extension toolbar] rundll32.exe "C:PROGRA~1IEMENU~1 bextn.dll" DllShowTB
O4 – HKLM..Run: [SurfSideKick 2] C:Program FilesSurfSideKick 2Ssk.exe
O4 – HKLM..Run: [sp] rundll32 C:DOCUME~1kamilUSTAWI~1Tempse.dll,DllInstall
O4 – HKLM..RunOnce: [tlc] C:WINDOWSupdate13.js
O4 – HKLM..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Gadu–Gadu] "D:ProgramyGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKCU..Run: [Ahht] C:Documents and SettingskamilDane aplikacjieldr.exe
O4 – HKCU..Run: [SurfSideKick 2] C:Program FilesSurfSideKick 2Ssk.exe
O4 – HKCU..Run: [Tkqa] C:WINDOWSSystem32?hkdsk.exe
O4 – HKCU..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – D:ProgramyAvant BrowserAddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – D:ProgramyAvant BrowserAddToADBlackList.htm
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – D:ProgramyAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – D:ProgramyAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – D:ProgramyAvant BrowserSearch.htm
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://C: osuch.mht!http://213.159.117.203/dl/adv621/x.chm::/load.exe
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://iframedollars.biz/tb/loader2.ocx
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=2732
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O18 – Filter: text/html – {B704A620–328B–471C–848B–02CC7538CEB2} – C:WINDOWSSystem32gneb.dll
O18 – Filter: text/plain – {B704A620–328B–471C–848B–02CC7538CEB2} – C:WINDOWSSystem32gneb.dll
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSSystem32Bdkghl32.dll

Odpowiedzi: 7

Zobacz sobie czy w procesach nie masz:
spoolsrv32.exe
runoledb32.exe
bo to od tego syfu ktorego chyba sie jeszcze nie pozbyles

PS: Zainstaluj sobie jakiegos antywirusa bo bedziesz musial szkodnii tepic codziennie tym bardziej ze Service Pack'ow nie masz
Bobi
Dodano
19.02.2005 12:58:35
ale mam jeszce jedna prosbe,co mam zrobic zeby mi to zniklo...
–=MC=–
Dodano
19.02.2005 12:49:39
Bobi_robert:
PS: Jak bedziesz miał zamiar formata robic to nie pisz mi o tym, oszczedze sobie troche zdrowia


heh nie dygaj zrobilem tak jak napisales i wszystko funguje! dzienx! yo
–=MC=–
Dodano
19.02.2005 12:43:38
mariusz25l uspokoj sie, niezłe czystki w systemie chcesz zrobić, jak nie masz pewnosci to nie pisz

Wylacz przywracanie

Zakoncz procesy:
process.exe
cmd32.exe
AdTools.exe
istsvc.exe
salm.exe
lmnln.exe
optimize.exe
AdToolsKeep.exe
powerscan.exe
ap9h4qmo.exe
WebRebates0.exe
izxczxcr.exe

Usuwsz łacznie z plikami i całymi katalogami w Program Files:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:Program FilesSideFindsfbho.dll
O2 – BHO: (no name) – {A9DD744F–18A0–43F2–8AB3–B9CF2486BD3A} – C:WINDOWSSystem32limn.dll
O3 – Toolbar: ISTbar – {5F1ABCDB–A875–46c1–8345–B72A4567E486} – C:PROGRA~1ISTbaristbar.dll
O4 – HKLM..Run: [Service Host] C:WINDOWSSystem32Services{259F9703–945A–4A04–8FA4–59EE9C6AAC04}SVCHOST.EXE
O4 – HKLM..Run: [process.exe] C:WINDOWSprocess.exe
O4 – HKLM..Run: [ControlPanel] C:WINDOWSSystem32cmd32.exe internat.dll,LoadKeyboardProfile
O4 – HKLM..Run: [AdTools Service] C:Program FilesAdTools ServiceAdTools.exe
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [salm] c: empsalm.exe
O4 – HKLM..Run: [RgFyyK] C:WINDOWSlmnln.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [Power Scan] C:Program FilesPower Scanpowerscan.exe
O4 – HKLM..Run: [ap9h4qmo] C:WINDOWSSystem32ap9h4qmo.exe
O4 – HKLM..Run: [kpcdcd] C:WINDOWSkpcdcd.exe
O4 – HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
O4 – HKLM..RunOnce: [OLEDb Service] C:WINDOWSSystem32 unoledb32.exe
O4 – HKCU..Run: [Tkqa] C:WINDOWSSystem32?hkdsk.exe
O4 – HKCU..Run: [Ahht] C:Documents and SettingskamilDane aplikacjieldr.exe
O4 – HKCU..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
O4 – HKCU..RunOnce: [OLEDb Service] C:WINDOWSSystem32 unoledb32.exe
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:Program FilesSideFindsidefind.dll
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge–c18.cab
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://67.19.185.246/i/8/loader2.ocx
O16 – DPF: {7C559105–9ECF–42B8–B3F7–832E75EDD959} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=3548
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O18 – Filter: text/html – {30875ED9–E1A2–4906–9493–A59F53C58B67} – C:WINDOWSSystem32limn.dll
O18 – Filter: text/plain – {30875ED9–E1A2–4906–9493–A59F53C58B67} – C:WINDOWSSystem32limn.dll


PS: Jak bedziesz miał zamiar formata robic to nie pisz mi o tym, oszczedze sobie troche zdrowia
Bobi
Dodano
19.02.2005 09:49:08
Do usunięcia



C:WINDOWSExplorer.EXE
C:WINDOWSSystem32Fmctrl.EXE
C:WINDOWSprocess.exe
C:Program FilesAdTools ServiceAdTools.exe
C:Program FilesISTsvcistsvc.exe
C: empsalm.exe
C:WINDOWSlmnln.exe
C:Program FilesInternet Optimizeroptimize.exe
C:Program FilesAdTools ServiceAdToolsKeep.exe
C:WINDOWSSystem32ap9h4qmo.exe
C:Program FilesWeb_RebatesWebRebates0.exe
C:WINDOWSSystem32ctfmon.exe
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 67.19.185.246 (HKLM)
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
mariusz25l
Dodano
19.02.2005 01:42:17
mam prosbe sprawdzcie mi jeszcez raz bo mi sie tyle tego narobilo ze juz nie moge...

Logfile of HijackThis v1.99.0
Scan saved at 23:37:59, on 2005–02–18
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32Fmctrl.EXE
C:WINDOWSprocess.exe
C:WINDOWSSystem32cmd32.exe
C:Program FilesAdTools ServiceAdTools.exe
C:Program FilesISTsvcistsvc.exe
C: empsalm.exe
C:WINDOWSlmnln.exe
C:Program FilesInternet Optimizeroptimize.exe
C:Program FilesAdTools ServiceAdToolsKeep.exe
C:Program FilesPower Scanpowerscan.exe
C:WINDOWSSystem32ap9h4qmo.exe
C:Program FilesWeb_RebatesWebRebates0.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
D:ProgramyGadu–Gadugg.exe
C:Documents and SettingskamilDane aplikacjieldr.exe
C:WINDOWSSystem32izxczxcr.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingskamilPulpitHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1kamilUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O2 – BHO: BAHelper Class – {A3FDD654–A057–4971–9844–4ED8E67DBBB8} – C:Program FilesSideFindsfbho.dll
O2 – BHO: (no name) – {A9DD744F–18A0–43F2–8AB3–B9CF2486BD3A} – C:WINDOWSSystem32limn.dll
O3 – Toolbar: ISTbar – {5F1ABCDB–A875–46c1–8345–B72A4567E486} – C:PROGRA~1ISTbaristbar.dll
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [FmctrlTray] Fmctrl.EXE
O4 – HKLM..Run: [Service Host] C:WINDOWSSystem32Services{259F9703–945A–4A04–8FA4–59EE9C6AAC04}SVCHOST.EXE
O4 – HKLM..Run: [process.exe] C:WINDOWSprocess.exe
O4 – HKLM..Run: [ControlPanel] C:WINDOWSSystem32cmd32.exe internat.dll,LoadKeyboardProfile
O4 – HKLM..Run: [AdTools Service] C:Program FilesAdTools ServiceAdTools.exe
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [salm] c: empsalm.exe
O4 – HKLM..Run: [RgFyyK] C:WINDOWSlmnln.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [Power Scan] C:Program FilesPower Scanpowerscan.exe
O4 – HKLM..Run: [ap9h4qmo] C:WINDOWSSystem32ap9h4qmo.exe
O4 – HKLM..Run: [kpcdcd] C:WINDOWSkpcdcd.exe
O4 – HKLM..Run: [WebRebates0] "C:Program FilesWeb_RebatesWebRebates0.exe"
O4 – HKLM..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
O4 – HKLM..RunOnce: [OLEDb Service] C:WINDOWSSystem32 unoledb32.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Gadu–Gadu] "D:ProgramyGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Tkqa] C:WINDOWSSystem32?hkdsk.exe
O4 – HKCU..Run: [Ahht] C:Documents and SettingskamilDane aplikacjieldr.exe
O4 – HKCU..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
O4 – HKCU..RunOnce: [OLEDb Service] C:WINDOWSSystem32 unoledb32.exe
O8 – Extra context menu item: Download All by FlashGet – D:ProgramyFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – D:ProgramyFlashGetjc_link.htm
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:Program FilesSideFindsidefind.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:ProgramyFlashGetflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – D:ProgramyFlashGetflashget.exe
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O10 – Unknown file in Winsock LSP: d:programyps spyware & adware removerapptoport.dll
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge–c18.cab
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://67.19.185.246/i/8/loader2.ocx
O16 – DPF: {7C559105–9ECF–42B8–B3F7–832E75EDD959} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=3548
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O18 – Filter: text/html – {30875ED9–E1A2–4906–9493–A59F53C58B67} – C:WINDOWSSystem32limn.dll
O18 – Filter: text/plain – {30875ED9–E1A2–4906–9493–A59F53C58B67} – C:WINDOWSSystem32limn.dll
–=MC=–
Dodano
19.02.2005 00:40:25
Do usuniecia:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1kamilUSTAWI~1Tempse.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:DOCUME~1kamilUSTAWI~1Tempse.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
R3 – URLSearchHook: (no name) – {CA0E28FA–1AFD–4C21–A8DC–70EB5BE2F076} – C:Program FilesSurfSideKick 2SskBho.dll
O1 – Hosts file is located at: C:WINDOWS sdbhosts
O1 – Hosts: 82.179.166.164 lender–search.com
O1 – Hosts: 82.179.166.165 hot–searches.com
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:WINDOWS em220.dll
O2 – BHO: (no name) – {793DB2E0–2B03–3AF0–28D6–2E879C85B99C} – C:WINDOWSSystem32mtbw.dll
O2 – BHO: Explorer Class – {962F12AE–2773–4BEB–99EA–B5C3AB9A6606} – C:WINDOWSSystem32DSMANA~1.DLL
O2 – BHO: (no name) – {D8A9419B–6FE6–41E4–8ACC–B11737F54E52} – C:WINDOWSSystem32gneb.dll
O3 – Toolbar: IEMenuExtension toolbar – {6b95678d–30a4–4ff8–a72f–4208340c1f7f} – C:Program FilesIEMenuExtension bextn.dll
O4 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKLM..Run: [Service Host] C:WINDOWSSystem32Services{259F9703–945A–4A04–8FA4–59EE9C6AAC04}SVCHOST.EXE
O4 – HKLM..Run: [process.exe] C:WINDOWSprocess.exe
O4 – HKLM..Run: [ControlPanel] C:WINDOWSSystem32cmd32.exe internat.dll,LoadKeyboardProfile
O4 – HKLM..Run: [IE Menu Extension toolbar] rundll32.exe "C:PROGRA~1IEMENU~1 bextn.dll" DllShowTB
O4 – HKLM..Run: [SurfSideKick 2] C:Program FilesSurfSideKick 2Ssk.exe
O4 – HKLM..Run: [sp] rundll32 C:DOCUME~1kamilUSTAWI~1Tempse.dll,DllInstall
O4 – HKLM..RunOnce: [tlc] C:WINDOWSupdate13.js
O4 – HKLM..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
O4 – HKCU..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKCU..Run: [Ahht] C:Documents and SettingskamilDane aplikacjieldr.exe
O4 – HKCU..Run: [SurfSideKick 2] C:Program FilesSurfSideKick 2Ssk.exe
O4 – HKCU..Run: [Tkqa] C:WINDOWSSystem32?hkdsk.exe
O4 – HKCU..RunOnce: [Srv32 spool service] C:WINDOWSSystem32spoolsrv32.exe
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 67.19.185.246
O15 – Trusted IP range: 67.19.185.246 (HKLM)
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://C: osuch.mht!http://213.159.117.203/dl/adv621/x.chm::/load.exe
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:foo.mht!http://82.179.166.130/e9xr2.chm::/file.exe
O16 – DPF: {79849612–A98F–45B8–95E9–4D13C7B6B35C} (Loader2 Control) – http://iframedollars.biz/tb/loader2.ocx
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab?refid=2732
O18 – Filter: text/html – {B704A620–328B–471C–848B–02CC7538CEB2} – C:WINDOWSSystem32gneb.dll
O18 – Filter: text/plain – {B704A620–328B–471C–848B–02CC7538CEB2} – C:WINDOWSSystem32gneb.dll
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSSystem32Bdkghl32.dll

Połataj rowniez system
Bobi
Dodano
17.02.2005 23:37:43
–=MC=–
Dodano:
17.02.2005 23:25:57
Komentarzy:
7
Strona 1 / 1