wirus
:lol:
a więc...jak wiele innych osob mam problem ze spySheriff'em :P iii bardzo prosze o pomos bo moj brat mn9e chyba zabije jak zobaczy co sie dzieje w kompie:D a mam plany na przyszłozc :lol: no i tutaj mam to cos bo nie wiem co to z hijack'a
Logfile of HijackThis v1.99.1
Scan saved at 17:45:19, on 2005–10–05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
C:\WINDOWS\System32\zannrz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\svchost\svchost.exe
C:\WINDOWS\System32\paytime.exe
C:\windows\system32\mdms.exe
C:\WINDOWS\System32\combo.exe
C:\WINDOWS\tool2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\svchost\iexplore.exe
C:\WINDOWS\System32\m?hta.exe
C:\WINDOWS\svchost\svchost.exe
C:\Program Files\rhu\ebwa.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool2.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\WINDOWS\etb\pokapoka73.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Wicenty\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.esearch2005.com/sp2.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.esearch2005.com/sp2.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.esearch2005.com/sp2.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.esearch2005.com/sp2.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {FFE206C1–9B72–D660–9D49–F312813DDFB0} – C:\WINDOWS\htfsklmg.dll
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 – HKLM\..\Run: [BMan] C:\DOCUME~1\ALLUSE~1\DANEAP~1\msw\BMan1.exe
O4 – HKLM\..\Run: [checkrun] C:\windows\system32\elitelyz32.exe
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [HELPER] C:\WINDOWS\System32\temp532.exe –N
O4 – HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 – HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 – HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" –Embedding –boot
O4 – HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\\RegistryController.exe"
O4 – HKLM\..\Run: [winsync] C:\WINDOWS\System32\zannrz.exe reg_run
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2–5A08–4ec2–A72C–DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 – HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 – HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 – HKLM\..\Run: [lsass] C:\windows\system32\elitefpz32.exe
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exe
O4 – HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
O4 – HKLM\..\Run: [System service67] C:\WINDOWS\\etb\pokapoka67.exe
O4 – HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka69.exe
O4 – HKLM\..\Run: [System service70] C:\WINDOWS\\\etb\\pokapoka70.exe
O4 – HKLM\..\Run: [MSDXCheck] C:\WINDOWS\svchost\svchost.exe C:\WINDOWS\svchost\iexplore.exe
O4 – HKLM\..\Run: [System service72] C:\WINDOWS\\\etb\\pokapoka72.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKLM\..\Run: [combo.exe] combo.exe
O4 – HKLM\..\Run: [System service73] C:\WINDOWS\etb\pokapoka73.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [sysformat] C:\WINDOWS\System32\sysformat.exe
O4 – HKCU\..\Run: [Oewdc] C:\WINDOWS\System32\m?hta.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Uepe] C:\Program Files\rhu\ebwa.exe
O4 – HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 – HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O8 – Extra context menu item: Open PDF in Word (PDF Converter 2.0) – res://C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100
O9 – Extra button: (no name) – {9E248641–0E24–4DDB–9A1F–705087832AD6} – C:\WINDOWS\System32\wuauclt.dll
O9 – Extra 'Tools' menuitem: Java – {9E248641–0E24–4DDB–9A1F–705087832AD6} – C:\WINDOWS\System32\wuauclt.dll
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted IP range: 213.159.117.202
O15 – ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 – ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 – ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 – ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 – ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 – DPF: {0D62A517–E7C6–4E1F–A577–07D4AC549A48} (Progetto1.int_ver32) – http://advnt01.com/dialer/int_ver32b.CAB
O16 – DPF: {10000000–1000–0000–1000–000000000000} – file://C:\Program Files\Internet Explorer\ybcdyphc.exe
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540006} (CInstall Class) – http://www.errorguard.com/installation/Install.cab
O16 – DPF: {24311111–1111–1121–1111–111191113457} – file://c:\eied_s7.cab
O16 – DPF: {2F5B39C5–C6F5–447A–A946–48B382C53985} – http://www.pacimedia.com/install/pcs_0025.exe
O16 – DPF: {33331111–1111–1111–1111–611111193457} – file://c:\ex.cab
O16 – DPF: {33331111–1111–1111–1111–611111193458} – file://c:\ex.cab
O16 – DPF: {42B1C70D–9823–41F7–810A–682DA294D868} – ms–its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/kgr.chm::/gcon.exe
O16 – DPF: {47CD99DF–8BCF–4B9B–94EF–02E51B2F79DA} – http://www.alwaysupdatednews.com/install/aun_0019.exe
O16 – DPF: {78AF2F24–A9C3–11D3–BF8C–0060B0FCC122} (AcDcToday) – file://C:\Program Files\AutoCAD LT 2002 Plk\AcDcToday.ocx
O16 – DPF: {AE56372C–B4F5–11D4–A415–00108302FDFD} (NOXLATE–BANR) – file://C:\Program Files\AutoCAD LT 2002 Plk\InstBanr.ocx
O16 – DPF: {DA694446–E25F–11D5–8FF6–0001021C7D4C} (Modem Access) – ms–its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/kgr.chm::/accessmul.ocx
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {F281A59C–7B65–11D3–8617–0010830243BD} (AcPreview Control) – file://C:\Program Files\AutoCAD LT 2002 Plk\AcPreview.ocx
O16 – DPF: {FC67BB52–AAB6–4282–9D51–2DAFFE73AFD0} – http://download.spamextract.com/sx/SpEx2.102995pur_opt/SpamExtractWebInstall.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{F44B0B7E–A569–4E6D–BD58–223886239F63}: NameServer = 194.204.152.34 217.98.63.164
O20 – AppInit_DLLs: PAVWAIT.DLL
O21 – SSODL: SystemCheck2 – {54645654–2225–4455–44A1–9F4543D34545} – C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Unknown owner – C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Unknown owner – C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 – Service: Panda Firewall Service (PAVFIRES) – Unknown owner – C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (file missing)
O23 – Service: Panda anti–virus service (PAVSRV) – Unknown owner – C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe (file missing)
O23 – Service: SAVScan – Unknown owner – C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: Windows 32–bit PnP Driver (winpnp32) – Unknown owner – C:\WINDOWS\System32\winpnp32.exe (file missing)
i..miło mi bedzie jezeli ktos wytłumaczy mi to od podstaw...co z tym zrobic i t d :] z gory dzieki :D :wink:
a więc...jak wiele innych osob mam problem ze spySheriff'em :P iii bardzo prosze o pomos bo moj brat mn9e chyba zabije jak zobaczy co sie dzieje w kompie:D a mam plany na przyszłozc :lol: no i tutaj mam to cos bo nie wiem co to z hijack'a
Logfile of HijackThis v1.99.1
Scan saved at 17:45:19, on 2005–10–05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
C:\WINDOWS\System32\zannrz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\svchost\svchost.exe
C:\WINDOWS\System32\paytime.exe
C:\windows\system32\mdms.exe
C:\WINDOWS\System32\combo.exe
C:\WINDOWS\tool2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\svchost\iexplore.exe
C:\WINDOWS\System32\m?hta.exe
C:\WINDOWS\svchost\svchost.exe
C:\Program Files\rhu\ebwa.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool2.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\WINDOWS\etb\pokapoka73.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Wicenty\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.esearch2005.com/sp2.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.esearch2005.com/sp2.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.esearch2005.com/sp2.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.esearch2005.com/sp2.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {FFE206C1–9B72–D660–9D49–F312813DDFB0} – C:\WINDOWS\htfsklmg.dll
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 – HKLM\..\Run: [BMan] C:\DOCUME~1\ALLUSE~1\DANEAP~1\msw\BMan1.exe
O4 – HKLM\..\Run: [checkrun] C:\windows\system32\elitelyz32.exe
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [HELPER] C:\WINDOWS\System32\temp532.exe –N
O4 – HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 – HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 – HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" –Embedding –boot
O4 – HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\\RegistryController.exe"
O4 – HKLM\..\Run: [winsync] C:\WINDOWS\System32\zannrz.exe reg_run
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2–5A08–4ec2–A72C–DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 – HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 – HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 – HKLM\..\Run: [lsass] C:\windows\system32\elitefpz32.exe
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exe
O4 – HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
O4 – HKLM\..\Run: [System service67] C:\WINDOWS\\etb\pokapoka67.exe
O4 – HKLM\..\Run: [System service68] C:\WINDOWS\\etb\pokapoka68.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka69.exe
O4 – HKLM\..\Run: [System service70] C:\WINDOWS\\\etb\\pokapoka70.exe
O4 – HKLM\..\Run: [MSDXCheck] C:\WINDOWS\svchost\svchost.exe C:\WINDOWS\svchost\iexplore.exe
O4 – HKLM\..\Run: [System service72] C:\WINDOWS\\\etb\\pokapoka72.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKLM\..\Run: [combo.exe] combo.exe
O4 – HKLM\..\Run: [System service73] C:\WINDOWS\etb\pokapoka73.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [sysformat] C:\WINDOWS\System32\sysformat.exe
O4 – HKCU\..\Run: [Oewdc] C:\WINDOWS\System32\m?hta.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Uepe] C:\Program Files\rhu\ebwa.exe
O4 – HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 – HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O8 – Extra context menu item: Open PDF in Word (PDF Converter 2.0) – res://C:\Program Files\ScanSoft\PDF Converter 2.0 Professional\PDFConv\IEShellExt.dll /100
O9 – Extra button: (no name) – {9E248641–0E24–4DDB–9A1F–705087832AD6} – C:\WINDOWS\System32\wuauclt.dll
O9 – Extra 'Tools' menuitem: Java – {9E248641–0E24–4DDB–9A1F–705087832AD6} – C:\WINDOWS\System32\wuauclt.dll
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted IP range: 213.159.117.202
O15 – ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 – ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 – ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 – ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 – ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 – DPF: {0D62A517–E7C6–4E1F–A577–07D4AC549A48} (Progetto1.int_ver32) – http://advnt01.com/dialer/int_ver32b.CAB
O16 – DPF: {10000000–1000–0000–1000–000000000000} – file://C:\Program Files\Internet Explorer\ybcdyphc.exe
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540006} (CInstall Class) – http://www.errorguard.com/installation/Install.cab
O16 – DPF: {24311111–1111–1121–1111–111191113457} – file://c:\eied_s7.cab
O16 – DPF: {2F5B39C5–C6F5–447A–A946–48B382C53985} – http://www.pacimedia.com/install/pcs_0025.exe
O16 – DPF: {33331111–1111–1111–1111–611111193457} – file://c:\ex.cab
O16 – DPF: {33331111–1111–1111–1111–611111193458} – file://c:\ex.cab
O16 – DPF: {42B1C70D–9823–41F7–810A–682DA294D868} – ms–its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/kgr.chm::/gcon.exe
O16 – DPF: {47CD99DF–8BCF–4B9B–94EF–02E51B2F79DA} – http://www.alwaysupdatednews.com/install/aun_0019.exe
O16 – DPF: {78AF2F24–A9C3–11D3–BF8C–0060B0FCC122} (AcDcToday) – file://C:\Program Files\AutoCAD LT 2002 Plk\AcDcToday.ocx
O16 – DPF: {AE56372C–B4F5–11D4–A415–00108302FDFD} (NOXLATE–BANR) – file://C:\Program Files\AutoCAD LT 2002 Plk\InstBanr.ocx
O16 – DPF: {DA694446–E25F–11D5–8FF6–0001021C7D4C} (Modem Access) – ms–its:mhtml:file://c:\nosuxxx.mht!http://kazaalite.pl/stats/kgr.chm::/accessmul.ocx
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {F281A59C–7B65–11D3–8617–0010830243BD} (AcPreview Control) – file://C:\Program Files\AutoCAD LT 2002 Plk\AcPreview.ocx
O16 – DPF: {FC67BB52–AAB6–4282–9D51–2DAFFE73AFD0} – http://download.spamextract.com/sx/SpEx2.102995pur_opt/SpamExtractWebInstall.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{F44B0B7E–A569–4E6D–BD58–223886239F63}: NameServer = 194.204.152.34 217.98.63.164
O20 – AppInit_DLLs: PAVWAIT.DLL
O21 – SSODL: SystemCheck2 – {54645654–2225–4455–44A1–9F4543D34545} – C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Unknown owner – C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Unknown owner – C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 – Service: Panda Firewall Service (PAVFIRES) – Unknown owner – C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (file missing)
O23 – Service: Panda anti–virus service (PAVSRV) – Unknown owner – C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe (file missing)
O23 – Service: SAVScan – Unknown owner – C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
O23 – Service: Windows 32–bit PnP Driver (winpnp32) – Unknown owner – C:\WINDOWS\System32\winpnp32.exe (file missing)
i..miło mi bedzie jezeli ktos wytłumaczy mi to od podstaw...co z tym zrobic i t d :] z gory dzieki :D :wink:
Odpowiedzi: 1
Tu mamy podstawy pracy z HiJack This –> http://forum.centrumxp.pl/viewtopic.php?t=33140
Tu sprawdzamy logi –> http://forum.centrumxp.pl/viewtopic.php?t=37513
Zas tutaj znajdziesz tematy ze "spySheriff'em" –> http://forum.centrumxp.pl/search.php
Natomiast tutaj dopisujmy tych, ktorzy walą po trzy jednakowe posty –> http://forum.centrumxp.pl/viewtopic.php?p=234594#234594
Tu sprawdzamy logi –> http://forum.centrumxp.pl/viewtopic.php?t=37513
Zas tutaj znajdziesz tematy ze "spySheriff'em" –> http://forum.centrumxp.pl/search.php
Natomiast tutaj dopisujmy tych, ktorzy walą po trzy jednakowe posty –> http://forum.centrumxp.pl/viewtopic.php?p=234594#234594
Strona 1 / 1