tyziek
(Tyziek)
9 Październik 2005 09:16
#1
Takiego syfa to ze świecą szukać Proszę o sprawdzenie loga kolegi. Nie znam się na tym tak bardzo szczegółowo, ale coś tam dziame i widze jaki tu syf. On to chyba hodował Musze mu to doprowadzić do stanu używalności
Logfile of HijackThis v1.99.1 Scan saved at 12:13:54, on 2005-10-08 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cmdtel.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\gry\QuickTime\qttask.exe C:\Program Files\Media Access\MediaAccK.exe C:\WINDOWS\System32\5o9bljn3.exe C:\Program Files\Internet Optimizer\optimize.exe C:\Program Files\Ysvq\Hesk.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\WINDOWS\System32\combo.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu\Gadu-Gadu\gg.exe C:\Program Files\Media Access\MediaAccess.exe C:\winstall.exe C:\WINDOWS\tool2.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\SpySheriff\SpySheriff.exe C:\Program Files\Gadu-Gadu\Gadu-Gadu\gg.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\WinRAR\WinRAR.exe C:\Documents and Settings\Wolski\Pulpit\Programy internetowe\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: Shell=explorer.exe “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe” O1 - Hosts: 127.0.0.4 n-glx.s-redirect.com O1 - Hosts: 127.0.0.4 x.full-tgp.net O1 - Hosts: 127.0.0.4 counter.sexmaniack.com O1 - Hosts: 127.0.0.4 autoescrowpay.com O1 - Hosts: 127.0.0.4 http://www.autoescrowpay.com O1 - Hosts: 127.0.0.4 http://www.awmdabest.com O1 - Hosts: 127.0.0.4 http://www.sexfiles.nu O1 - Hosts: 127.0.0.4 awmdabest.com O1 - Hosts: 127.0.0.4 sexfiles.nu O1 - Hosts: 127.0.0.4 allforadult.com O1 - Hosts: 127.0.0.4 http://www.allforadult.com O1 - Hosts: 127.0.0.4 http://www.iframe.biz O1 - Hosts: 127.0.0.4 iframe.biz O1 - Hosts: 127.0.0.4 http://www.newiframe.biz O1 - Hosts: 127.0.0.4 newiframe.biz O1 - Hosts: 127.0.0.4 http://www.vesbiz.biz O1 - Hosts: 127.0.0.4 vesbiz.biz O1 - Hosts: 127.0.0.4 http://www.pizdato.biz O1 - Hosts: 127.0.0.4 pizdato.biz O1 - Hosts: 127.0.0.4 http://www.aaasexypics.com O1 - Hosts: 127.0.0.4 aaasexypics.com O1 - Hosts: 127.0.0.4 http://www.virgin-tgp.net O1 - Hosts: 127.0.0.4 virgin-tgp.net O1 - Hosts: 127.0.0.4 http://www.awmcash.biz O1 - Hosts: 127.0.0.4 awmcash.biz O1 - Hosts: 127.0.0.4 buldog-stats.com O1 - Hosts: 127.0.0.4 http://www.buldog-stats.com O1 - Hosts: 127.0.0.4 fregat.drocherway.com O1 - Hosts: 127.0.0.4 slutmania.biz O1 - Hosts: 127.0.0.4 http://www.slutmania.biz O1 - Hosts: 127.0.0.4 toolbarpartner.com O1 - Hosts: 127.0.0.4 http://www.toolbarpartner.com O1 - Hosts: 127.0.0.4 http://www.megapornix.com O1 - Hosts: 127.0.0.4 megapornix.com O1 - Hosts: 127.0.0.4 http://www.sp2fucked.biz O1 - Hosts: 127.0.0.4 sp2fucked.biz O1 - Hosts: 127.0.0.4 greg-tut.com O1 - Hosts: 127.0.0.4 http://www.greg-tut.com O1 - Hosts: 127.0.0.4 nylonsexy.com O1 - Hosts: 127.0.0.4 http://www.nylonsexy.com O1 - Hosts: 127.0.0.4 vparivalka.com O1 - Hosts: 127.0.0.4 http://www.vparivalka.com O1 - Hosts: 127.0.0.4 iframeprofit.com O1 - Hosts: 127.0.0.4 http://www.iframeprofit.com O1 - Hosts: 127.0.0.4 topsearch10.com O1 - Hosts: 127.0.0.4 http://www.topsearch10.com O1 - Hosts: 127.0.0.4 statscash.biz O1 - Hosts: 127.0.0.4 http://www.statscash.biz O1 - Hosts: 127.0.0.4 vxiframe.biz O1 - Hosts: 127.0.0.4 http://www.vxiframe.biz O1 - Hosts: 127.0.0.4 crazy-toolbar.com O1 - Hosts: 127.0.0.4 http://www.crazy-toolbar.com O1 - Hosts: 127.0.0.4 topcash.biz O1 - Hosts: 127.0.0.4 http://www.topcash.biz O1 - Hosts: 127.0.0.4 loadcash.biz O1 - Hosts: 127.0.0.4 http://www.loadcash.biz O1 - Hosts: 127.0.0.4 txiframe.biz O1 - Hosts: 127.0.0.4 http://www.txiframe.biz O1 - Hosts: 127.0.0.4 procounter.biz O1 - Hosts: 127.0.0.4 http://www.procounter.biz O1 - Hosts: 127.0.0.4 advadmin.biz O1 - Hosts: 127.0.0.4 http://www.advadmin.biz O1 - Hosts: 127.0.0.4 trafficbest.net O1 - Hosts: 127.0.0.4 http://www.trafficbest.net O1 - Hosts: 127.0.0.4 besthvac.com O1 - Hosts: 127.0.0.4 http://www.besthvac.com O1 - Hosts: 127.0.0.4 traff4.com O1 - Hosts: 127.0.0.4 http://www.traff4.com O1 - Hosts: 127.0.0.4 ambush-script.com O1 - Hosts: 127.0.0.4 http://www.ambush-script.com O1 - Hosts: 127.0.0.4 beehappyy.biz O1 - Hosts: 127.0.0.4 http://www.beehappyy.biz O1 - Hosts: 127.0.0.4 tracktraff.cc O1 - Hosts: 127.0.0.4 http://www.tracktraff.cc O1 - Hosts: 127.0.0.4 allcount.net O1 - Hosts: 127.0.0.4 http://www.allcount.net O1 - Hosts: 127.0.0.4 onedayoffer.biz O1 - Hosts: 127.0.0.4 http://www.onedayoffer.biz O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [internat.exe] internat.exe O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [Kernel32] C:\WINDOWS\SYSTEM\Kernel32.dll O4 - HKLM…\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [QuickTime Task] “C:\gry\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM…\Run: [5o9bljn3] C:\WINDOWS\System32\5o9bljn3.exe O4 - HKLM…\Run: [internet Optimizer] “C:\Program Files\Internet Optimizer\optimize.exe” O4 - HKLM…\Run: [Wkkfm] C:\Program Files\Ysvq\Hesk.exe O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s O4 - HKLM…\Run: [combo.exe] combo.exe O4 - HKLM…\Run: [WinService32] svchost O4 - HKLM…\Run: [WinLiveUpdate] C:\Program Files\Common Files\Microsoft Shared\DAO\system32_\svchost.exe O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [shell] “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe” O4 - HKCU…\Run: [Windows installer] C:\winstall.exe O4 - HKCU…\Run: [sNInstall] C:\WINDOWS\tool2.exe O4 - HKCU…\Run: [spySheriff] C:\Program Files\SpySheriff\SpySheriff.exe O4 - Startup: FOLDER.HTT O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: FOLDER.HTT O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Media … e-c403.cab O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_63.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.3/g_bin/pl/slots90_2_0_0_24.cab O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_37.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_03) - O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (HbtInstObj) - http://installs.hotbar.com/installs/hbt … btools.cab O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) - O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_24.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab O17 - HKLM\System\CCS\Services\Tcpip…{B9A1D4E3-7835-4A18-8B40-64885C6DF0EB}: NameServer = 194.204.152.34 217.98.63.164 O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll O23 - Service: Loading Outpost Connections (KDE) - Unknown owner - C:\WINDOWS\System32\cmdtel.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
aju
(aju)
9 Październik 2005 10:28
#2
Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)
Pliki pogrubione usuwasz ręcznie z dysku
Przeskanuj i wywal wszystko co znajdą
http://www.pandasoftware.com/activescan … cipal.htm/
http://skaner.mks.com.pl/
http://dobreprogramy.pl/index.php?dz=2&id=107&t=55/
http://dobreprogramy.pl/index.php?dz=2&id=188&t=55/
Po zabiegach nowy log
Złączono Posta : 09.10.2005 (Nie) 12:30
:x
asterisk
(Asterisk)
9 Październik 2005 13:50
#3
Co ma wspólnego z pytaniem ??
Na tym forum automatów nie polecamy
Przecież po to Autor pyta, że nie jest w stanie podjąć decyzji
Po “ciekawych” stronach ten Kolega surfuje :x
Gutek
(Gutek)
9 Październik 2005 18:07
#4
aju musi zobaczyć jak usunąć SpySheriff i postąpić ze wskazówkami.
Jeszcze:
Wpis R3 nie usuwasz hijackiem tylko usuniesz Registrar Lite