YOUR SYSTEM IS INFECTED

Witam

Taki komunikat pojawia mi sie na pulpicie. A wszystko za sprawa choerstwa spysheriff, który mi sie niestety samoczynnie zainstalowal. Chyba udalo mi sie to usunac, ale system i tak jest zainfekowany. Skanowanie Panda online wykrylo jeszce kilka wirusów i programów szpiegowskich. Najgorsze w tym wszystkim jest to, ze wszystkie moje programy nie dzialaja. W zasadzie nic nie moge uruchomic, zmienic ustawien Windowsa itp. No i co ja mam poczac?
Czy musze przeinstalowac system?
Pomocy!

MOJ LOG

Logfile of HijackThis v1.99.1
Scan saved at 11:09:22, on 2005–10–21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\PLANET WL–8313\WLANMON.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
D:\hijackthis\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 – HKLM\..\Run: [MouseDrv] C:\DOCUME~1\Barbara\USTAWI~1\Temp\link.txt
O4 – HKLM\..\Run: [bSMqdm] C:\WINDOWS\xoemhbq.exe
O4 – HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe –boot
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: WL–8313 Configuration Utility.lnk = ?
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540013} (CInstall Class) – http://adserver.sharewareonline.com/adserver/Install.cab
O16 – DPF: {31E68DE2–5548–4B23–88F0–C51E6A0F695E} (Microsoft PID Sniffer) – https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 – DPF: {8FCDF9D9–A28B–480F–8C3D–581F119A8AB8} – http://static.zangocash.com/cab/Zango/ie/bridge–c11.cab
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{7DAA37EC–D7B7–45CC–A30A–98B7EA1C1F39}: NameServer = 10.1.4.2,194.204.159.1
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – E:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – E:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: InCD Helper (InCDsrv) – Ahead Software AG – C:\Program Files\Ahead\InCD\InCDsrv.exe

Juz raz usunelam niektore pliki ale dalej nie wiem co mam zrobic z tym ze nie dam rady tepety zmienic!!

hexe_osw

Dodano: 21.10.2005 13:16:07

Zapewniam Cię, źe wszystkie pliki są, ściągnij sobie Pocket Killbox i z jego pomocą usuń.
Pozbędziesz się badziewia to explorer przestanie szaleć.

Bobi

Dodano: 20.10.2005 23:01:38

Nie było wszystkich z tej listy...
I mam jeszcze jeden problem.
Czasem jest tak, źe po kolei zamykają mi sie programy i zostaje tylko tapeta.
Albo uźytkownik mi się ładuje ok. minuty (2 dni temu miałam formata!)
Prosze, pomocy!
To mnie naprawdę denerwuje!

Jessica_Black

Dodano: 20.10.2005 22:34:59

Korzystałąś z przyklejonego tutaj tematu o sprawdzaniu logów?
Wyłaczasz przywracanie i w awaryjnym do usuniecia:
(wytłuszczone pliki usuwasz z dysku)

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

F2 – REG:system.ini: Shell=explorer.exe
O3 – Toolbar: UCmore XP – The Search Accelerator – {44BE0690–5429–47f0–85BB–3FFD8020233E} – D:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 – HKLM\..\Run: [updatedrweb_nt] D:\WINDOWS\System32\updatedrweb_nt.exe
O4 – HKLM\..\Run: [Cryptographic Service] D:\WINDOWS\System32\aylfau.exe
O4 – HKLM\..\Run: [Win32 Csrss Service For Windows] csrssrs.exe
O4 – HKLM\..\Run: [PayTime] D:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\RunServices: [updatedrweb_nt] D:\WINDOWS\System32\updatedrweb_nt.exe
O4 – HKLM\..\RunServices: [Win32 Csrss Service For Windows] csrssrs.exe
O4 – HKLM\..\RunOnce: [Win32 Csrss Service For Windows] csrssrs.exe
O4 – HKCU\..\Run: [Shell] "D:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [updatedrweb_nt] D:\WINDOWS\System32\updatedrweb_nt.exe
O4 – HKCU\..\Run: [SNInstall] D:\WINDOWS\tool2.exe
O4 – HKCU\..\Run: [Win32 Csrss Service For Windows] csrssrs.exe
O4 – HKCU\..\RunOnce: [Win32 Csrss Service For Windows] csrssrs.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O21 – SSODL: SysTray.Exys – {7368D5FC–6F5C–4f5b–B964–E67214F67852} – D:\WINDOWS\System32\ndimgacj.dll

Jeśli sama nie instalowałaś Spyware Doctora bąx masz go w wersji darmowej to usuń dodatkowo:

O4 – HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O2 – BHO: PCTools Site Guard – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 – BHO: PCTools Browser Monitor – {B56A7D7D–6927–48C8–A975–17DF180C71AC} – D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O23 – Service: PC Tools Spyware Doctor (SDhelper) – PC Tools – D:\Program Files\Spyware Doctor\sdhelp.exe

Bobi

Dodano: 20.10.2005 17:22:25

Mam taki sam problem jak reszta: moźe nie jest to spy sheriff, ale teź jest ten pulpit i te kółeczka z kszyźykiem (ale inteligentnie powiedziane :P). Oto mój log z Hijacka (fixa juź uruchomiłam)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
D:\Program Files\VIAudioi\SBADeck\ADeck.exe
D:\Program Files\VIA\RAID\raid_tool.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
D:\WINDOWS\System32\csrssrs.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\AGATA\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: PCTools Site Guard – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 – BHO: PCTools Browser Monitor – {B56A7D7D–6927–48C8–A975–17DF180C71AC} – D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – D:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: UCmore XP – The Search Accelerator – {44BE0690–5429–47f0–85BB–3FFD8020233E} – D:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O4 – HKLM\..\Run: [AudioDeck] D:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 – HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [updatedrweb_nt] D:\WINDOWS\System32\updatedrweb_nt.exe
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Cryptographic Service] D:\WINDOWS\System32\aylfau.exe
O4 – HKLM\..\Run: [Win32 Csrss Service For Windows] csrssrs.exe
O4 – HKLM\..\Run: [PayTime] D:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\RunServices: [updatedrweb_nt] D:\WINDOWS\System32\updatedrweb_nt.exe
O4 – HKLM\..\RunServices: [Win32 Csrss Service For Windows] csrssrs.exe
O4 – HKLM\..\RunOnce: [Win32 Csrss Service For Windows] csrssrs.exe
O4 – HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Shell] "D:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [updatedrweb_nt] D:\WINDOWS\System32\updatedrweb_nt.exe
O4 – HKCU\..\Run: [SNInstall] D:\WINDOWS\tool2.exe
O4 – HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 – HKCU\..\Run: [Win32 Csrss Service For Windows] csrssrs.exe
O4 – HKCU\..\RunOnce: [Win32 Csrss Service For Windows] csrssrs.exe
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – D:\WINDOWS\web\related.htm
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O21 – SSODL: SysTray.Exys – {7368D5FC–6F5C–4f5b–B964–E67214F67852} – D:\WINDOWS\System32\ndimgacj.dll
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – D:\WINDOWS\System32\nvsvc32.exe
O23 – Service: PC Tools Spyware Doctor (SDhelper) – PC Tools – D:\Program Files\Spyware Doctor\sdhelp.exe

Z góry dziękuję za pomoc

Jessica_Black

Dodano: 20.10.2005 16:18:27

Zostalo jeszcze kilka smieci. Uzyj automatu i usun to co wskaze. Juz wiesz w jaki sposob.

EL NINO

Dodano: 17.10.2005 20:43:19

moj log po wykasowaniu tamtych:
Logfile of HijackThis v1.99.1
Scan saved at 18:26:17, on 2005–10–17
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
F:\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
G:\programy\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ppp.PPP–A6JNL78ULPL.000\Pulpit\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar3.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar3.dll
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WinampAgent] F:\Winamp\winampa.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [KonektorTP] "c:\program files\konektortp\konektortp.exe" tray
O4 – HKLM\..\Run: [DAEMON Tools–1033] "F:\Gry\Sims2\ss\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [bO.y–ŻŚ] C:\WINDOWS\smroeym.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 – HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – Global Startup: WinZip Quick Pick.lnk = G:\programy\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: ShopperReports – Compare travel rates – {946B3E9E–E21A–49c8–9F63–900533FAFE14} – C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll (file missing)
O9 – Extra button: ShopperReports – Compare product prices – {E77EDA01–3C56–4a96–8D08–02B42891C169} – C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll (file missing)
O14 – IERESET.INF: START_PAGE_URL=http://www.encyklopedia.pl/
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {A6916797–7ABD–4F07–93AE–098B6F543129} (CO2Player Class) – http://www.lemontv.pl/lmctrlp.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{303BDD86–C59E–4C80–BF97–54056DD60F68}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Microsoft Windows Update (Microsoft Update) – Unknown owner – C:\WINDOWS\System32\scvvhost.exe" –netsvcs (file missing)
O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe

goska3a

Dodano: 17.10.2005 20:26:32

Bobi:
Nie jestem pewny co do:
O21 – SSODL: Data Access Objects (DAO) 3.5 – {6A3B4732–D7BB–4A3A–E964–E41E0A97A929} – c:\program files\common files\microsoft shared\dao\ycqw32.dll

Wszystkie znaki na ziemi i niebie wskazuja ze to nie jest systemowe. IMO syf i trzeba usunac.

EL NINO

Dodano: 17.10.2005 19:24:25

Zasyfiony masz system strasznie. Brak Service Packów. Ogólne zaniedbania, ale co ja sie odzywac będę.

– Wytłuszczone pliki znikają z dysku, jeśli nie będzie ich widac uźyj Pocket Killbox
– Zaznaczasz podane nizej wpisy i klikasz fix checked
– Wszystko robisz po uruchomieniu systemu w trybie awaryjnym

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php

R3 – Default URLSearchHook is missing
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem220.dll (file missing)
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – c:\program files\180searchassistant\saishook.dll (file missing)
O2 – BHO: ShprRprts – {2A8A997F–BB9F–48F6–AA2B–2762D50F9289} – C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O2 – BHO: HbTools – {74CC49F7–EB32–4A08–B204–948962A6E3DB} – C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
O2 – BHO: (no name) – {9C5875B8–93F3–429D–FF34–660B206D897A} – C:\WINDOWS\System32\performent011.dll (file missing)
O2 – BHO: (no name) – {B75F75B8–93F3–429D–FF34–660B206D897A} – C:\WINDOWS\System32\zolker011.dll (file missing)

O3 – Toolbar: DashBar Toolbar – {CC90CDA0–74A0–45b4–80EF–D89CA8C249B8} – C:\Program Files\DashBar\DashBar21.dll (file missing)
O3 – Toolbar: H&otbar – {74CC49F7–EB32–4A08–B204–948962A6E3DB} – C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
O3 – Toolbar: YourSiteBar – {86227D9C–0EFE–4f8a–AA55–30386A3F5686} – C:\Program Files\YourSiteBar\ysb.dll (file missing)
O3 – Toolbar: ZToolbar – {A6790AA5–C6C7–4BCF–A46D–0FDAC4EA90EB} – C:\WINDOWS\System32\ztoolb011.dll (file missing)

O4 – HKLM\..\Run: [Winsock2 driver] WXMRC32.EXE
O4 – HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe
O4 – HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 – HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 – HKLM\..\Run: [pCYZ6N] C:\WINDOWS\smroeym.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [jjovoyjr] C:\WINDOWS\System32\krjhxbzo.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.0.0\HbtOEAddOn.exe
O4 – HKLM\..\Run: [Explorer32] C:\WINDOWS\System32\efsdfgxg.exe
O4 – HKLM\..\Run: [Dswmgmh] C:\Program Files\Icdksn\Cnxc.exe
O4 – HKLM\..\Run: [czibqh] C:\WINDOWS\czibqh.exe
O4 – HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 – HKLM\..\Run: [bO.y–ŻŚ] C:\WINDOWS\smroeym.exe
O4 – HKLM\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 – HKLM\..\Run: [WheelsMouse] "C:\DOCUME~1\PPPPPP~1.000\USTAWI~1\Temp\12.scr" /S
O4 – HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 – HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 – HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe
O4 – HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe
O4 – HKLM\..\RunServices: [Explorer64] C:\WINDOWS\System32\efsdfgxg.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 – HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:\Program Files\SideFind\sidefind.dll (file missing)
O9 – Extra button: 50 FREE MP3s! – {686C970F–1D7D–4469–85D1–4B35763B56CC} – http://www.emusic.com?fref=149133 (file missing)
O9 – Extra button: ShopperReports – Compare travel rates – {946B3E9E–E21A–49c8–9F63–900533FAFE14} – C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 – Extra button: PartyPoker.com – {B7FE5D70–9AA2–40F1–9C6B–12A255F085E1} – C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 – Extra 'Tools' menuitem: PartyPoker.com – {B7FE5D70–9AA2–40F1–9C6B–12A255F085E1} – C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: ShopperReports – Compare product prices – {E77EDA01–3C56–4a96–8D08–02B42891C169} – C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll

O16 – DPF: {11111111–1111–1111–1111–111111111111} – mhtml:file://C:NXSFT.MHT!http://69.31.82.26:80/iex/ofile.exe?url=http://69.31.82.26:80/rdgPL10.exe
O16 – DPF: {11111111–1111–1111–1111–111111111123} – file://c:\Recycled\1.exe
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c5.cab
O16 – DPF: {1A8C6DD1–E0DE–33FC–B47F–41020E9971F7} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {22E8E461–D03A–73E0–4C0C–6B8D0BBC0662} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {24311111–1111–1121–1111–111191113457} – file://c:\eied_s7.cab
O16 – DPF: {2FF973B3–01E7–3732–FB91–01EA03C420A2} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {33331111–1111–1111–1111–611111193457} – file://c:\ex.cab
O16 – DPF: {33331111–1111–1111–1111–611111193458} – file://c:\ex.cab
O16 – DPF: {33331111–1111–1111–1111–622221193458} – file://c:\ex.cab
O16 – DPF: {3B9BE7A4–37D9–599A–0ADD–19D012D14D43} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {42F2C9BA–614F–47C0–B3E3–ECFD34EED658} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3x.cab
O16 – DPF: {43331111–1111–1111–1111–611111195622} – file://c:\ex.cab
O16 – DPF: {451047CB–C7F1–5760–2E83–085D19BC3153} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {49DDCEAE–D994–409E–9280–778B46841332} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {56336BCB–3D8A–11D6–A00B–0050DA18DE71} (RdxIE Class) – http://software–dl.real.com/240ae8c4b5923a604819/netzip/RdxIE601.cab
O16 – DPF: {59155F0F–C917–1FC0–3FCB–5A0232CE34F4} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {5E45DE11–78AC–4B4E–791B–50A23DE6B35F} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {64311111–1111–1121–1111–111191113457} – file://c:\eied_s7.cab
O16 – DPF: {644AC657–B376–49A3–837B–7F8B13E4C6C8} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {B1953AD6–C50E–11D3–B020–00A0C9251384} (O2C–Player (ELECO Software GmbH)) – http://www.o2c.de/download/o2cplayer.cab
O16 – DPF: {B7E76C25–791F–432E–BDB7–748D01A93FC2} (VacPro.int_ver30) – http://advnt01.com/dialer/int_ver30.CAB
O16 – DPF: {DB893839–10F0–4AF9–92FA–B23528F530AF} – http://deposito.hostance.net/dialer/1064475.exe

O21 – SSODL: SystemCheck2 – {54645654–2225–4455–44A1–9F4543D34546} – C:\WINDOWS\System32\vbsys2.dll
O21 – SSODL: GCBBCBEB – {328B756A–7DFC–01A8–2BB0–26E5400C3035} – C:\WINDOWS\System32\Lfkeploc.dll (file missing)
O21 – SSODL: mtklefa – {35F0B5C4–DC6B–4398–6680–7F94F6C67A34} – C:\WINDOWS\System32\hvhjau32.dll (file missing)

O23 – Service: Microsoft Windows Update (Microsoft Update) – Unknown owner – C:\WINDOWS\System32\scvvhost.exe" –netsvcs (file missing)
O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe

Usuwanie usług z pomocą sc było wielokrotnie na forum przerabiane.

Nie jestem pewny co do:

O21 – SSODL: Data Access Objects (DAO) 3.5 – {6A3B4732–D7BB–4A3A–E964–E41E0A97A929} – c:\program files\common files\microsoft shared\dao\ycqw32.dll

Na razie zostaw.

Podsumowując, więcej badziewia niź reszty wpisów. Będzie cholernie trudno. Po całej zabawie podajesz nowy log.
P.S. Naet nie wiem czemu takie śmietnik sprawdzam.

Bobi

Dodano: 17.10.2005 19:19:08

damiancore:
wrzuc swojegologa tu i spróbuj zrobic jak pisze tu

no tak.ale jak to wykasowac??
bo mi sie wyswietla ze nie moge :(

goska3a

Dodano: 17.10.2005 18:44:45

wrzuc swojegologa tu i spróbuj zrobic jak pisze tu

damiancore

Dodano: 16.10.2005 17:37:14

moja notka z hijack this!i co ja mam teraz zrobic?

Logfile of HijackThis v1.99.1
Scan saved at 14:12:08, on 2005–10–16
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
F:\Winamp\winampa.exe
C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HbTools\Bin\4.7.0.0\HbtOEAddOn.exe
C:\WINDOWS\System32\efsdfgxg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\winstall.exe
C:\winstall.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
G:\programy\WinZip\WZQKPICK.EXE
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
F:\Winamp\winamp.exe
C:\Program Files\Gadu–Gadu\Gadu–Gadu\gg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
G:\PROGRAMY\WINZIP\winzip32.exe
C:\Documents and Settings\ppp.PPP–A6JNL78ULPL.000\Pulpit\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – Default URLSearchHook is missing
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 – BHO: BHObj Class – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem220.dll (file missing)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – c:\program files\180searchassistant\saishook.dll (file missing)
O2 – BHO: ShprRprts – {2A8A997F–BB9F–48F6–AA2B–2762D50F9289} – C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O2 – BHO: HbTools – {74CC49F7–EB32–4A08–B204–948962A6E3DB} – C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
O2 – BHO: (no name) – {9C5875B8–93F3–429D–FF34–660B206D897A} – C:\WINDOWS\System32\performent011.dll (file missing)
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar3.dll
O2 – BHO: (no name) – {B75F75B8–93F3–429D–FF34–660B206D897A} – C:\WINDOWS\System32\zolker011.dll (file missing)
O3 – Toolbar: DashBar Toolbar – {CC90CDA0–74A0–45b4–80EF–D89CA8C249B8} – C:\Program Files\DashBar\DashBar21.dll (file missing)
O3 – Toolbar: H&otbar – {74CC49F7–EB32–4A08–B204–948962A6E3DB} – C:\Program Files\HbTools\Bin\4.7.0.0\HbtHostIE.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: YourSiteBar – {86227D9C–0EFE–4f8a–AA55–30386A3F5686} – C:\Program Files\YourSiteBar\ysb.dll (file missing)
O3 – Toolbar: ZToolbar – {A6790AA5–C6C7–4BCF–A46D–0FDAC4EA90EB} – C:\WINDOWS\System32\ztoolb011.dll (file missing)
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar3.dll
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [Winsock2 driver] WXMRC32.EXE
O4 – HKLM\..\Run: [WinampAgent] F:\Winamp\winampa.exe
O4 – HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe
O4 – HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 – HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 – HKLM\..\Run: [pCYZ6N] C:\WINDOWS\smroeym.exe
O4 – HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [KonektorTP] "c:\program files\konektortp\konektortp.exe" tray
O4 – HKLM\..\Run: [jjovoyjr] C:\WINDOWS\System32\krjhxbzo.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.0.0\HbtOEAddOn.exe
O4 – HKLM\..\Run: [Explorer32] C:\WINDOWS\System32\efsdfgxg.exe
O4 – HKLM\..\Run: [Dswmgmh] C:\Program Files\Icdksn\Cnxc.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "F:\Gry\Sims2\ss\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [czibqh] C:\WINDOWS\czibqh.exe
O4 – HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [bO.y–ŻŚ] C:\WINDOWS\smroeym.exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [Microsoft Windows Update] scvvhost.exe
O4 – HKLM\..\Run: [WheelsMouse] "C:\DOCUME~1\PPPPPP~1.000\USTAWI~1\Temp\12.scr" /S
O4 – HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 – HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 – HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe
O4 – HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe
O4 – HKLM\..\RunServices: [Explorer64] C:\WINDOWS\System32\efsdfgxg.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 – HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 – HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 – HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 – HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – Global Startup: WinZip Quick Pick.lnk = G:\programy\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:\Program Files\SideFind\sidefind.dll (file missing)
O9 – Extra button: 50 FREE MP3s! – {686C970F–1D7D–4469–85D1–4B35763B56CC} – http://www.emusic.com?fref=149133 (file missing)
O9 – Extra button: ShopperReports – Compare travel rates – {946B3E9E–E21A–49c8–9F63–900533FAFE14} – C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 – Extra button: PartyPoker.com – {B7FE5D70–9AA2–40F1–9C6B–12A255F085E1} – C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 – Extra 'Tools' menuitem: PartyPoker.com – {B7FE5D70–9AA2–40F1–9C6B–12A255F085E1} – C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: ShopperReports – Compare product prices – {E77EDA01–3C56–4a96–8D08–02B42891C169} – C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O14 – IERESET.INF: START_PAGE_URL=http://www.encyklopedia.pl/
O16 – DPF: {11111111–1111–1111–1111–111111111111} – mhtml:file://C:NXSFT.MHT!http://69.31.82.26:80/iex/ofile.exe?url=http://69.31.82.26:80/rdgPL10.exe
O16 – DPF: {11111111–1111–1111–1111–111111111123} – file://c:\Recycled\1.exe
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c5.cab
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {1A8C6DD1–E0DE–33FC–B47F–41020E9971F7} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {22E8E461–D03A–73E0–4C0C–6B8D0BBC0662} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {24311111–1111–1121–1111–111191113457} – file://c:\eied_s7.cab
O16 – DPF: {2FF973B3–01E7–3732–FB91–01EA03C420A2} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {33331111–1111–1111–1111–611111193457} – file://c:\ex.cab
O16 – DPF: {33331111–1111–1111–1111–611111193458} – file://c:\ex.cab
O16 – DPF: {33331111–1111–1111–1111–622221193458} – file://c:\ex.cab
O16 – DPF: {3B9BE7A4–37D9–599A–0ADD–19D012D14D43} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {42F2C9BA–614F–47C0–B3E3–ECFD34EED658} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_mp3x.cab
O16 – DPF: {43331111–1111–1111–1111–611111195622} – file://c:\ex.cab
O16 – DPF: {451047CB–C7F1–5760–2E83–085D19BC3153} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {49DDCEAE–D994–409E–9280–778B46841332} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {56336BCB–3D8A–11D6–A00B–0050DA18DE71} (RdxIE Class) – http://software–dl.real.com/240ae8c4b5923a604819/netzip/RdxIE601.cab
O16 – DPF: {59155F0F–C917–1FC0–3FCB–5A0232CE34F4} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {5E45DE11–78AC–4B4E–791B–50A23DE6B35F} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {64311111–1111–1121–1111–111191113457} – file://c:\eied_s7.cab
O16 – DPF: {644AC657–B376–49A3–837B–7F8B13E4C6C8} – http://69.31.82.26/1/gdnPL10.exe
O16 – DPF: {A6916797–7ABD–4F07–93AE–098B6F543129} (CO2Player Class) – http://www.lemontv.pl/lmctrlp.cab
O16 – DPF: {B1953AD6–C50E–11D3–B020–00A0C9251384} (O2C–Player (ELECO Software GmbH)) – http://www.o2c.de/download/o2cplayer.cab
O16 – DPF: {B7E76C25–791F–432E–BDB7–748D01A93FC2} (VacPro.int_ver30) – http://advnt01.com/dialer/int_ver30.CAB
O16 – DPF: {DB893839–10F0–4AF9–92FA–B23528F530AF} – http://deposito.hostance.net/dialer/1064475.exe
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{303BDD86–C59E–4C80–BF97–54056DD60F68}: NameServer = 194.204.152.34 217.98.63.164
O21 – SSODL: SystemCheck2 – {54645654–2225–4455–44A1–9F4543D34546} – C:\WINDOWS\System32\vbsys2.dll
O21 – SSODL: GCBBCBEB – {328B756A–7DFC–01A8–2BB0–26E5400C3035} – C:\WINDOWS\System32\Lfkeploc.dll (file missing)
O21 – SSODL: mtklefa – {35F0B5C4–DC6B–4398–6680–7F94F6C67A34} – C:\WINDOWS\System32\hvhjau32.dll (file missing)
O21 – SSODL: Data Access Objects (DAO) 3.5 – {6A3B4732–D7BB–4A3A–E964–E41E0A97A929} – c:\program files\common files\microsoft shared\dao\ycqw32.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Microsoft Windows Update (Microsoft Update) – Unknown owner – C:\WINDOWS\System32\scvvhost.exe" –netsvcs (file missing)
O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe

goska3a

Dodano: 16.10.2005 16:16:00

goska3a:
mam problem!na pulpicie wyswietla mi sie your computer ....!dalabym rade to usunac gdyby ktos napisal mi jak zainstalowac\sciagnac hijack this!??
prosze pomocy :?

tu i tu

damiancore

Dodano: 15.10.2005 18:13:50

mam problem!na pulpicie wyswietla mi sie your computer ....!dalabym rade to usunac gdyby ktos napisal mi jak zainstalowac\sciagnac hijack this!??
prosze pomocy :?

goska3a

Dodano: 15.10.2005 18:09:02

_krzychu_:

...ale pozostaje problem dziwnego pliku .exe tworzonego w Windows\Temp...

Odpowiem sobie sam – moźe komuś się ta wiedza przyda. Przede wszystkim, dzięki temu wątkowi wyczyściłem prawidłowo system, a owe dziwne pliki, to sprawka TrendMicro OfficeScan :) , czyli wszystko OK.

_krzychu_

Dodano: 14.10.2005 15:09:24

Tu dwa piwka, tam dwa piwka i moźe wkońcu prowiant na jakąś większą imprezę sę zbierze :P
Tak serio to nagabywania nie potrzeba.
– wyłaczasz przywracanie
– zakańczasz procesy:
winstall.exe
tool2.exe
SpySheriff.exe
– usuwasz:

F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 – HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://C:\nosuch.mht!http://traffsale.biz/dl/adv435/x.chm::/load.exe
O20 – Winlogon Notify: style32 – C:\WINDOWS\

Czytasz więcej o Repsamo i Stylderze.
Musisz zlokalizować plik w wariacji q*******_disk.dll bądz q*******.dll (jak poniźej) lub winstyle3.dll
W celu zlokalizowania nazwy dll–ki przejdziesz w rejestrze do klucza HKEY_CLASSES_ROOT\CLSID\{6AC3806F–8B39–4746–9C38–6B01CB7331FF} tam w którymś z podkluczy będzie wartosc, w danych będzie nazwa biblioteki. Usuniesz ja z pomoca Pocket Killbox'a.
W starszych postach były teź fixy na Stydlera i Repsamo, znajdziesz je sobie.

Bobi

Dodano: 12.10.2005 23:42:47

ja się za chwile ropłaczę ... co sie dziej mam to swiństwo, ale co to wogóle jest hijack????

ellad

Dodano: 12.10.2005 21:49:12

Witam na forum.
Coraz częściej spotykam tego rodzaju problemy i przyznam, źe miewam z ich rozwiązaniem pewne kłopoty.
Mój log :

Logfile of HijackThis v1.99.1
Scan saved at 18:26:48, on 2005–10–12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One–Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\OpenOffice\program\soffice.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
A:\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 – HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 – HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 – HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 – HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" –servicehelper
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 – HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One–Touch\OneTouch.EXE
O4 – HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 – HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 – HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 – HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" –HideWindow
O4 – HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice\program\quickstart.exe
O23 – Service: HP Configuration Interface Service (HPConfig) – Hewlett–Packard – C:\WINDOWS\system32\HPConfig.exe
O23 – Service: HPWirelessMgr – Hewlett–Packard Co. – C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 – Service: Skanowanie w czasie rzeczywistym OfficeScanNT (ntrtscan) – Trend Micro Inc. – C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 – Service: Zapora osobista OfficeScanNT (OfcPfwSvc) – Trend Micro Inc. – C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 – Service: Odbiornik OfficeScanNT (tmlisten) – Trend Micro Inc. – C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 – Service: VNC Server (winvnc) – Unknown owner – C:\Program Files\TightVNC\WinVNC.exe" –service (file missing)

Udało się większość usunąć (log jest z obecnego stanu systemu), ale pozostaje problem dziwnego pliku .exe tworzonego w Windows\Temp (np. L9X867.exe) i uruchamianego wraz z systemem. W tym logu go nie widać, ale nie o skutek mi chodzi, co o przyczynę. Nadto oczywiście nie moźna zmienić tapety pulpitu. Jeśli ktoś ma jakieś sugestie, chętnie poczytam.

_krzychu_

Dodano: 12.10.2005 20:33:20

xtomay, masz przyjacielu kupe, ale to kupe róznorakiego badziwia, od CWSów zaczynając na trojanach kończąc, nie wiem czy jest sens abyś samodzielnie tego loga sprawdzał.
Zainstalowany Avast i AVG... nic to.

1. Wyłaczasz w pierwszej kolejnosci przywracanie
2. Sciągasz CWShreddera i FxIstbar
3. Uruchamiasz te programy po przełączeniu się na tryb awaryjny.
4. Odinstalowywujesz z Dodaj/Usuń jeśli bedzie: Internet Optimizer, Media Gateway, SurfAccuracy(?)
5. Wyhaczasz wszelkie wpisy które wymienie nizej i klikasz w Hijacku fix checked
6. Pliki lub katalogi pogrubione przeze mnie niźej usuwasz z dysku ręcznie, bądz to przy pomocy programu Pocket Killbox po reboocie systemu.

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O2 – BHO: (no name) – {00000000–0000–0000–0000–000000000000} – (no file)
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – c:\windows\msbbhook.dll
O2 – BHO: C:\WINDOWS\adsldpbc.dll – {405132A4–5DD1–4BA8–A181–95C8D435093A} – C:\WINDOWS\adsldpbc.dll
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – C:\WINDOWS\system32\appwiz.dll (file missing)
O2 – BHO: (no name) – {8D82BB89–B58C–4F21–9C5D–377F65947806} – C:\WINDOWS\slassac.dll
O2 – BHO: BHObj Class – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:\WINDOWS\wsem303.dll (file missing)
O2 – BHO: C:\WINDOWS\system32\winstyle3.dll – {B212D577–05B7–4963–911E–4A8588160DFA} – C:\WINDOWS\system32\winstyle3.dll
O2 – BHO: IEHelperObject – {C68AE9C0–0909–4DDC–B661–C1AFB9F5AE53} – C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVICODEC.OCX
O2 – BHO: C:\WINDOWS\adsldpbc.dll – {FE53252F–7CFF–4C39–A525–672E8F3B61ED} – C:\WINDOWS\adsldpbc.dll

O3 – Toolbar: ISTbar – {FAA356E4–D317–42a6–AB41–A3021C6E7D52} – C:\Program Files\ISTbar\istbarcm.dll (file missing)

O4 – HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 – HKLM\..\Run: [combo.exe] combo.exe
O4 – HKLM\..\Run: [7u8aekvr] C:\WINDOWS\System32\7u8aekvr.exe
O4 – HKLM\..\Run: [msbb] c:\windows\msbb.exe
O4 – HKLM\..\Run: [Ychyng] C:\Program Files\Khpja\Zznhlh.exe
O4 – HKLM\..\Run: [enejehkt] C:\WINDOWS\enejehkt.exe
O4 – Global Startup: Reboot.exe

O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:\Program Files\SideFind\sidefind.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O15 – Trusted Zone: http://ny.contentmatch.net (HKLM)

O16 – DPF: Win32 Classes –
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/180solutions/ie/bridge–c18.cab
O16 – DPF: {42F2C9BA–614F–47C0–B3E3–ECFD34EED658} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_download.cab
O16 – DPF: {7C559105–9ECF–42B8–B3F7–832E75EDD959} (Installer Class) – http://www.tbcode.com/ist/softwares/v4.0/0006_cracks.cab
O16 – DPF: {99410CDE–6F16–42ce–9D49–3807F78F0287} (ClientInstaller Class) – http://www.180searchassistant.com/180saax.cab
O16 – DPF: {C68AE9C0–0909–4DDC–B661–C1AFB9F5AE53} (IEHelperObject) – http://dd.xo.pl/avicodec.ocx

Stydler:

O20 – Winlogon Notify: style2 – C:\WINDOWS\q3257183.dll
O20 – Winlogon Notify: style32 – C:\WINDOWS\system32\winstyle3.dll

Haxdoor.AG

O20 – Winlogon Notify: tcpG4T – tcpG4T.dll (file missing)

Prox.c

O21 – SSODL: SysTray.Excn – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – C:\WINDOWS\System32\nibcjbnm.dll (file missing)
O21 – SSODL: SysTray.Exlv – {5368DCFC–4F5C–4f5b–B134–E67294FC78E9} – C:\WINDOWS\System32\dnkboffg.dll (file missing)

O23 – Service: Loading Outpost Connections (KDE) – Unknown owner – C:\WINDOWS\System32\cmdtel.exe (file missing)

Start – Uruchom – CMD
Wpisujesz: sc stop KDE
sc delete KDE

Otwierasz notatnikem plik hosts z C:\WINDOWS\system32\drivers\etc
Ctrl+H, Znajdź: 127.0.0.4, Zamień: 127.0.0.1, Zamień wszystko
Ctrl+S i Alt+F4.

O1 – Hosts: 127.0.0.4 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.4 x.full–tgp.net
O1 – Hosts: 127.0.0.4 counter.sexmaniack.com
O1 – Hosts: 127.0.0.4 autoescrowpay.com
O1 – Hosts: 127.0.0.4 www.autoescrowpay.com
O1 – Hosts: 127.0.0.4 www.awmdabest.com
O1 – Hosts: 127.0.0.4 www.sexfiles.nu
O1 – Hosts: 127.0.0.4 awmdabest.com
O1 – Hosts: 127.0.0.4 sexfiles.nu
O1 – Hosts: 127.0.0.4 allforadult.com
O1 – Hosts: 127.0.0.4 www.allforadult.com
O1 – Hosts: 127.0.0.4 www.iframe.biz
O1 – Hosts: 127.0.0.4 iframe.biz
O1 – Hosts: 127.0.0.4 www.newiframe.biz
O1 – Hosts: 127.0.0.4 newiframe.biz
O1 – Hosts: 127.0.0.4 www.vesbiz.biz
O1 – Hosts: 127.0.0.4 vesbiz.biz
O1 – Hosts: 127.0.0.4 www.Pamela.biz
O1 – Hosts: 127.0.0.4 Pamela.biz
O1 – Hosts: 127.0.0.4 www.aaasexypics.com
O1 – Hosts: 127.0.0.4 aaasexypics.com
O1 – Hosts: 127.0.0.4 www.virgin–tgp.net
O1 – Hosts: 127.0.0.4 virgin–tgp.net
O1 – Hosts: 127.0.0.4 www.awmcash.biz
O1 – Hosts: 127.0.0.4 awmcash.biz
O1 – Hosts: 127.0.0.4 buldog–stats.com
O1 – Hosts: 127.0.0.4 www.buldog–stats.com
O1 – Hosts: 127.0.0.4 fregat.drocherway.com
O1 – Hosts: 127.0.0.4 slutmania.biz
O1 – Hosts: 127.0.0.4 www.slutmania.biz
O1 – Hosts: 127.0.0.4 toolbarpartner.com
O1 – Hosts: 127.0.0.4 www.toolbarpartner.com
O1 – Hosts: 127.0.0.4 www.megapornix.com
O1 – Hosts: 127.0.0.4 megapornix.com
O1 – Hosts: 127.0.0.4 www.sp2fucked.biz
O1 – Hosts: 127.0.0.4 sp2fucked.biz
O1 – Hosts: 127.0.0.4 greg–tut.com
O1 – Hosts: 127.0.0.4 www.greg–tut.com
O1 – Hosts: 127.0.0.4 nylonsexy.com
O1 – Hosts: 127.0.0.4 www.nylonsexy.com
O1 – Hosts: 127.0.0.4 vparivalka.com
O1 – Hosts: 127.0.0.4 www.vparivalka.com
O1 – Hosts: 127.0.0.4 iframeprofit.com
O1 – Hosts: 127.0.0.4 www.iframeprofit.com
O1 – Hosts: 127.0.0.4 topsearch10.com
O1 – Hosts: 127.0.0.4 www.topsearch10.com
O1 – Hosts: 127.0.0.4 statscash.biz
O1 – Hosts: 127.0.0.4 www.statscash.biz
O1 – Hosts: 127.0.0.4 vxiframe.biz
O1 – Hosts: 127.0.0.4 www.vxiframe.biz
O1 – Hosts: 127.0.0.4 crazy–toolbar.com
O1 – Hosts: 127.0.0.4 www.crazy–toolbar.com
O1 – Hosts: 127.0.0.4 topcash.biz
O1 – Hosts: 127.0.0.4 www.topcash.biz
O1 – Hosts: 127.0.0.4 loadcash.biz
O1 – Hosts: 127.0.0.4 www.loadcash.biz
O1 – Hosts: 127.0.0.4 txiframe.biz
O1 – Hosts: 127.0.0.4 www.txiframe.biz
O1 – Hosts: 127.0.0.4 procounter.biz
O1 – Hosts: 127.0.0.4 www.procounter.biz
O1 – Hosts: 127.0.0.4 advadmin.biz
O1 – Hosts: 127.0.0.4 www.advadmin.biz
O1 – Hosts: 127.0.0.4 trafficbest.net
O1 – Hosts: 127.0.0.4 www.trafficbest.net
O1 – Hosts: 127.0.0.4 besthvac.com
O1 – Hosts: 127.0.0.4 www.besthvac.com
O1 – Hosts: 127.0.0.4 traff4.com
O1 – Hosts: 127.0.0.4 www.traff4.com
O1 – Hosts: 127.0.0.4 ambush–script.com
O1 – Hosts: 127.0.0.4 www.ambush–script.com
O1 – Hosts: 127.0.0.4 beehappyy.biz
O1 – Hosts: 127.0.0.4 www.beehappyy.biz
O1 – Hosts: 127.0.0.4 tracktraff.cc
O1 – Hosts: 127.0.0.4 www.tracktraff.cc
O1 – Hosts: 127.0.0.4 allcount.net
O1 – Hosts: 127.0.0.4 www.allcount.net
O1 – Hosts: 127.0.0.4 onedayoffer.biz
O1 – Hosts: 127.0.0.4 www.onedayoffer.biz127.0.0.1 downloads1.kaspersky–labs.com

Bobi

Dodano: 12.10.2005 18:05:47

WITAM! Mam problem z ta tapeta ktorej nie mozna zmienic w zaden sposob! Pousuwalem wirusy ale ona nadal jest... zrobilem SCAN w HijackThis, oto co mi wyszlo:

Logfile of HijackThis v1.99.1
Scan saved at 19:57:54, on 2005–10–11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\System32\7u8aekvr.exe
C:\windows\msbb.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Gadu–Gadu\gg.exe
D:\Avant Browser\avant.exe
C:\Documents and Settings\Tomek\Moje dokumenty\hijack\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O1 – Hosts: 127.0.0.4 n–glx.s–redirect.com
O1 – Hosts: 127.0.0.4 x.full–tgp.net
O1 – Hosts: 127.0.0.4 counter.sexmaniack.com
O1 – Hosts: 127.0.0.4 autoescrowpay.com
O1 – Hosts: 127.0.0.4 www.autoescrowpay.com
O1 – Hosts: 127.0.0.4 www.awmdabest.com
O1 – Hosts: 127.0.0.4 www.sexfiles.nu
O1 – Hosts: 127.0.0.4 awmdabest.com
O1 – Hosts: 127.0.0.4 sexfiles.nu
O1 – Hosts: 127.0.0.4 allforadult.com
O1 – Hosts: 127.0.0.4 www.allforadult.com
O1 – Hosts: 127.0.0.4 www.iframe.biz
O1 – Hosts: 127.0.0.4 iframe.biz
O1 – Hosts: 127.0.0.4 www.newiframe.biz
O1 – Hosts: 127.0.0.4 newiframe.biz
O1 – Hosts: 127.0.0.4 www.vesbiz.biz
O1 – Hosts: 127.0.0.4 vesbiz.biz
O1 – Hosts: 127.0.0.4 www.pizdato.biz
O1 – Hosts: 127.0.0.4 pizdato.biz
O1 – Hosts: 127.0.0.4 www.aaasexypics.com
O1 – Hosts: 127.0.0.4 aaasexypics.com
O1 – Hosts: 127.0.0.4 www.virgin–tgp.net
O1 – Hosts: 127.0.0.4 virgin–tgp.net
O1 – Hosts: 127.0.0.4 www.awmcash.biz
O1 – Hosts: 127.0.0.4 awmcash.biz
O1 – Hosts: 127.0.0.4 buldog–stats.com
O1 – Hosts: 127.0.0.4 www.buldog–stats.com
O1 – Hosts: 127.0.0.4 fregat.drocherway.com
O1 – Hosts: 127.0.0.4 slutmania.biz
O1 – Hosts: 127.0.0.4 www.slutmania.biz
O1 – Hosts: 127.0.0.4 toolbarpartner.com
O1 – Hosts: 127.0.0.4 www.toolbarpartner.com
O1 – Hosts: 127.0.0.4 www.megapornix.com
O1 – Hosts: 127.0.0.4 megapornix.com
O1 – Hosts: 127.0.0.4 www.sp2fucked.biz
O1 – Hosts: 127.0.0.4 sp2fucked.biz
O1 – Hosts: 127.0.0.4 greg–tut.com
O1 – Hosts: 127.0.0.4 www.greg–tut.com
O1 – Hosts: 127.0.0.4 nylonsexy.com
O1 – Hosts: 127.0.0.4 www.nylonsexy.com
O1 – Hosts: 127.0.0.4 vparivalka.com
O1 – Hosts: 127.0.0.4 www.vparivalka.com
O1 – Hosts: 127.0.0.4 iframeprofit.com
O1 – Hosts: 127.0.0.4 www.iframeprofit.com
O1 – Hosts: 127.0.0.4 topsearch10.com
O1 – Hosts: 127.0.0.4 www.topsearch10.com
O1 – Hosts: 127.0.0.4 statscash.biz
O1 – Hosts: 127.0.0.4 www.statscash.biz
O1 – Hosts: 127.0.0.4 vxiframe.biz
O1 – Hosts: 127.0.0.4 www.vxiframe.biz
O1 – Hosts: 127.0.0.4 crazy–toolbar.com
O1 – Hosts: 127.0.0.4 www.crazy–toolbar.com
O1 – Hosts: 127.0.0.4 topcash.biz
O1 – Hosts: 127.0.0.4 www.topcash.biz
O1 – Hosts: 127.0.0.4 loadcash.biz
O1 – Hosts: 127.0.0.4 www.loadcash.biz
O1 – Hosts: 127.0.0.4 txiframe.biz
O1 – Hosts: 127.0.0.4 www.txiframe.biz
O1 – Hosts: 127.0.0.4 procounter.biz
O1 – Hosts: 127.0.0.4 www.procounter.biz
O1 – Hosts: 127.0.0.4 advadmin.biz
O1 – Hosts: 127.0.0.4 www.advadmin.biz
O1 – Hosts: 127.0.0.4 trafficbest.net
O1 – Hosts: 127.0.0.4 www.trafficbest.net
O1 – Hosts: 127.0.0.4 besthvac.com
O1 – Hosts: 127.0.0.4 www.besthvac.com
O1 – Hosts: 127.0.0.4 traff4.com
O1 – Hosts: 127.0.0.4 www.traff4.com
O1 – Hosts: 127.0.0.4 ambush–script.com
O1 – Hosts: 127.0.0.4 www.ambush–script.com
O1 – Hosts: 127.0.0.4 beehappyy.biz
O1 – Hosts: 127.0.0.4 www.beehappyy.biz
O1 – Hosts: 127.0.0.4 tracktraff.cc
O1 – Hosts: 127.0.0.4 www.tracktraff.cc
O1 – Hosts: 127.0.0.4 allcount.net
O1 – Hosts: 127.0.0.4 www.allcount.net
O1 – Hosts: 127.0.0.4 onedayoffer.biz
O1 – Hosts: 127.0.0.4 www.onedayoffer.biz127.0.0.1 downloads1.kaspersky–labs.com
O2 – BHO: (no name) – {00000000–0000–0000–0000–000000000000} – (no file)
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – c:\windows\msbbhook.dll
O2 – BHO: C:\WINDOWS\adsldpbc.dll – {405132A4–5DD1–4BA8–A181–95C8D435093A} – C:\WINDOWS\adsldpbc.dll
O2 – BHO: (no name) – {78364D99–A640–4ddf–B91A–67EFF8373045} – C:\WINDOWS\system32\appwiz.dll (file missing)
O2 – BHO: (no name) – {8D82BB89–B58C–4F21–9C5D–377F65947806} – C:\WINDOWS\slassac.dll
O2 – BHO: BHObj Class – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:\WINDOWS\wsem303.dll (file missing)
O2 – BHO: C:\WINDOWS\system32\winstyle3.dll – {B212D577–05B7–4963–911E–4A8588160DFA} – C:\WINDOWS\system32\winstyle3.dll
O2 – BHO: IEHelperObject – {C68AE9C0–0909–4DDC–B661–C1AFB9F5AE53} – C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVICODEC.OCX
O2 – BHO: C:\WINDOWS\adsldpbc.dll – {FE53252F–7CFF–4C39–A525–672E8F3B61ED} – C:\WINDOWS\adsldpbc.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 – Toolbar: ISTbar – {FAA356E4–D317–42a6–AB41–A3021C6E7D52} – C:\Program Files\ISTbar\istbarcm.dll (file missing)
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 – HKLM\..\Run: [combo.exe] combo.exe
O4 – HKLM\..\Run: [7u8aekvr] C:\WINDOWS\System32\7u8aekvr.exe
O4 – HKLM\..\Run: [msbb] c:\windows\msbb.exe
O4 – HKLM\..\Run: [Ychyng] C:\Program Files\Khpja\Zznhlh.exe
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 – HKLM\..\Run: [enejehkt] C:\WINDOWS\enejehkt.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Reboot.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – D:\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – D:\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: Otwórz w nowym Avant Browser – D:\Avant Browser\OpenInNewBrowser.htm
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – D:\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Podświetl – D:\Avant Browser\Highlight.htm
O8 – Extra context menu item: Szukaj – D:\Avant Browser\Search.htm
O9 – Extra button: SideFind – {10E42047–DEB9–4535–A118–B3F6EC39B807} – C:\Program Files\SideFind\sidefind.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: *.coolwebsearch.com
O15 – Trusted Zone: *.searchmeup.com
O15 – Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 – DPF: Win32 Classes –
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/180solutions/ie/bridge–c18.cab
O16 – DPF: {42F2C9BA–614F–47C0–B3E3–ECFD34EED658} (Installer Class) – http://www.ysbweb.com/ist/softwares/v4.0/ysb_download.cab
O16 – DPF: {7C559105–9ECF–42B8–B3F7–832E75EDD959} (Installer Class) – http://www.tbcode.com/ist/softwares/v4.0/0006_cracks.cab
O16 – DPF: {99410CDE–6F16–42ce–9D49–3807F78F0287} (ClientInstaller Class) – http://www.180searchassistant.com/180saax.cab
O16 – DPF: {C68AE9C0–0909–4DDC–B661–C1AFB9F5AE53} (IEHelperObject) – http://dd.xo.pl/avicodec.ocx
O17 – HKLM\System\CCS\Services\Tcpip\..\{4188A143–7FE3–4BE7–8DCD–E60802B79DF1}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLM\System\CS1\Services\Tcpip\..\{4188A143–7FE3–4BE7–8DCD–E60802B79DF1}: NameServer = 194.204.159.1,194.204.152.34
O17 – HKLM\System\CS2\Services\Tcpip\..\{4188A143–7FE3–4BE7–8DCD–E60802B79DF1}: NameServer = 194.204.159.1,194.204.152.34
O20 – Winlogon Notify: style2 – C:\WINDOWS\q3257183.dll
O20 – Winlogon Notify: style32 – C:\WINDOWS\system32\winstyle3.dll
O20 – Winlogon Notify: tcpG4T – tcpG4T.dll (file missing)
O21 – SSODL: SysTray.Excn – {1722ECFF–4356–4f5b–B534–E67294FE75E9} – C:\WINDOWS\System32\nibcjbnm.dll (file missing)
O21 – SSODL: SysTray.Exlv – {5368DCFC–4F5C–4f5b–B134–E67294FC78E9} – C:\WINDOWS\System32\dnkboffg.dll (file missing)
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 – Service: Loading Outpost Connections (KDE) – Unknown owner – C:\WINDOWS\System32\cmdtel.exe (file missing)

Co mam robic??

xtomay

Dodano: 11.10.2005 22:12:13

YOUR SYSTEM IS INFECTED

Odpowiedzi: 20