Prosze o sprawdzenie loga

przez **niunka** » 02 Wrz 2006, 11:14

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 22:47:32, on 06-08-15 Platform: Windows 98 SE (Win9x 4.10.2222A (SP 2.1a)) MSIE: Internet Explorer v5.00 (5.00.2614.3500) Running processes: C:WINDOWSSYSTEMKERNEL32.DLL C:WINDOWSSYSTEMMSGSRV32.EXE C:WINDOWSSYSTEMMPREXE.EXE C:WINDOWSSYSTEMmmtask.tsk C:WINDOWSEXPLORER.EXE C:WINDOWSMIXER.EXE C:WINDOWSSYSTEMSYSTRAY.EXE C:WINDOWSRunDLL.exe C:WINDOWSSYSTEMDDHELP.EXE C:PROGRAM FILESPALMONEHOTSYNC.EXE C:WINDOWSRUNDLL32.EXE C:WINDOWSSYSTEMWMIEXE.EXE C:PROGRAM FILESOPERAOPERA.EXE C:MOJE DOKUMENTYHIJACKTHIS (1).COM C:PROGRAM FILESWAREOUTWAREOUT.EXE C:PROGRAM FILESSPYSHERIFFSPYSHERIFF.EXE C:WINDOWSCLJVVJMWSOQ.EXE C:PROGRAM FILESSPYWAREQUAKESPYWAREQUAKE.EXE D:PROGRAM FILESSPYAXESPYAXE.EXE C:PROGRAM FILESISTSVCISTSVC.EXE C:WINSTALL.EXE E:PROGRAM FILESSYSPROTECT FREEUSYP.EXE R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.freepharmacyxxx.com/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.eu.microsoft.com/poland/ R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O1 - Hosts: localhost 127.0.0.1 O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRAM FILESFLASHGETJCCATCH.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll O2 - BHO: (no name) - {9A74B59AD-FCBF-4752-8726-932175553D64FE} - C:WINDOWSSystem32dsmljjg.dll O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:WINDOWSSYSTEMALXTB1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRAM FILESFLASHGETFGIEBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:WINDOWSSYSTEMSHDOCVW.DLL O4 - HKLM..Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM..Run: [SystemTray] SysTray.Exe O4 - HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSYSTEMNvCpl.dll,NvStartup O4 - HKCU..Run: [WareOut] C:Program FilesWareOutWareOut.exe O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKCU..Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU..Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU..Run: [Windows installer] C:winstall.exe O4 - HKCU..Run: [SpySheriff] C:Program FilesSpySheriffSpySheriff.exe O4 - HKLM..Run: [Na4gg4jh63lh5^4a80+żÔÇč]Iú" ‹üžC:Program FilesISTsvcistsvc.exe] C:WINDOWScljvvjmwsoq.exe O4 - HKLM..Run: [SpywareQuake] C:Program FilesSpywareQuakeSpywareQuake.exe /h O4 - HKLM..Run: [NI.USYP] "E:Documents and SettingsSERPulpitSysProtectScannerInstall.exe" O4 - HKCU..Run: [SysProtect Free] "E:Program FilesSysProtect FreeUSYP.exe" /scan O4 - HKLM..Run: [SpyAxe] D:Program FilesSpyAxespyaxe.exe /h O4 - Startup: HotSync Manager.lnk = C:Program FilespalmOneHOTSYNC.EXE O8 - Extra context menu item: &Google Search - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmtrans.html O8 - Extra context menu item: Download using FlashGet - C:PROGRAM FILESFLASHGETjc_link.htm O8 - Extra context menu item: Download All by FlashGet - C:PROGRAM FILESFLASHGETjc_all.htm O8 - Extra context menu item: Save with Download Manager... - C:Program FilesJ RiverMedia JukeboxDMDownload.htm O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRAM FILESFLASHGETFLASHGET.EXE O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRAM FILESFLASHGETFLASHGET.EXE O14 - IERESET.INF: SEARCH_PAGE_URL= O14 - IERESET.INF: START_PAGE_URL= O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.i-lookup.com O15 - Trusted Zone: *.offshoreclicks.com O15 - Trusted Zone: *.teensguru.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.123searcherxxx.com O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab O17 - HKLMSystemCCSServicesVxDMSTCP: Domain = dsl.dial.pl O17 - HKLMSystemCCSServicesVxDMSTCP: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLMSystemCCSServicesTcpip..{46ABB8B8-38B0-4D86-853E-582FAD142D5E}: NameServer = 85.255.143.5,85.255.132.54 O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:PROGRAM FILESSPIKURL_WPMSG.DLL O20 - Winlogon Notify: dsmljjg - C:WINDOWSSystem32dsmljjg.dll O20 - Winlogon Notify: App Management - C:WINDOWSsystem323084ikfdsq.dll O20 - Winlogon Notify: Reinstall - C:WINDOWSsystem32qxcff342f4r5d.dll O20 - Winlogon Notify: Shell - C:WINDOWSsystem32456456fgfdg5fds0i.dll O20 - Winlogon Notify: Themes - C:WINDOWSsystem32

log kontrolny :twisted:

przez **Mac** » 02 Wrz 2006, 19:23

Oj czemu czemu. FlashGet co robi na dysku??
To samo google toolbar??
Toolbar alexa??
Ja bym zlikwidował to co poniżej:

O8 - Extra context menu item: &Google Search - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: Download using FlashGet - C:PROGRAM FILESFLASHGETjc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:PROGRAM FILESFLASHGETjc_all.htm
O8 - Extra context menu item: Save with Download Manager... - C:Program FilesJ RiverMedia JukeboxDMDownload.htm
O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/ ... tedata.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/ ... elated.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/ ... review.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/ ... mailto.htm
O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/ ... search.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb
elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb
elated.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRAM FILESFLASHGETFLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRAM FILESFLASHGETFLASHGET.EXE
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.123searcherxxx.com
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab

To by było na tyle. O takie rzeczy cie nie podejrzewałem. A to zielone bardzo mi sie nie podoba. A to czerwone to w ogóle poracha.

przez **pavko89** » 02 Wrz 2006, 19:32

czemu dajesz nieswoje logi tutja prawie wszystko jest nietak
oj niunka nie oszukuj nas

przez **pp3088** » 02 Wrz 2006, 21:52

OMG jaki log. Smitfraud

, WareOut, SpyAxe, rootkit, Apyware Quake i syfu co nie miara lecimy

O4 - HKLM..Run: [SpywareQuake] C:Program FilesSpywareQuakeSpywareQuake.exe /h
O4 - HKLM..Run: [SpyAxe] D:Program FilesSpyAxespyaxe.exe /h

Sciągasz http://noahdfear.geekstogo.com/ to
1. Ściągamy z powyższego linka plik i go uruchamiany. Padnie pytanie o miejsce wypakowania programu a po jego wskazaniu należy tylko kliknąć Start
2. Resetujemy komputer do trybu awaryjnego. Z folderu Smitrem uruchamiany poprzez dwuklik plik RunThis.bat

O1 - Hosts: localhost 127.0.0.1
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.123searcherxxx.com

Ściągasz narzędzie KillTrusted i odpalasz go na samym końcu akcji:) http://www.searchengines.pl/phpbb203/pl ... rusted.zip

C:WINSTALL.EXE

Windows Security Center - Rootkit tu będzie hardkor. Narzie fix i usunięcie pliku, potme zobaczymy.

C:PROGRAM FILESWAREOUTWAREOUT.EXE
O4 - HKCU..Run: [WareOut] C:Program FilesWareOutWareOut.exe

Usuniesz tym czymś http://downloads.subratam.org/Fixwareout.exe

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:PROGRAM FILESSPIKURL_WPMSG.DLL
O20 - Winlogon Notify: dsmljjg - C:WINDOWSSystem32dsmljjg.dll
O20 - Winlogon Notify: App Management - C:WINDOWSsystem323084ikfdsq.dll
O20 - Winlogon Notify: Reinstall - C:WINDOWSsystem32qxcff342f4r5d.dll
O20 - Winlogon Notify: Shell - C:WINDOWSsystem32456456fgfdg5fds0i.dll
O20 - Winlogon Notify: Themes - C:WINDOWSsystem32
O8 - Extra context menu item: &Google Search - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:PROGRAM FILESGOOGLEGOOGLETOOLBAR2.DLL/cmtrans.html
O8 - Extra context menu item: Download using FlashGet - C:PROGRAM FILESFLASHGETjc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:PROGRAM FILESFLASHGETjc_all.htm
O8 - Extra context menu item: Save with Download Manager... - C:Program FilesJ RiverMedia JukeboxDMDownload.htm
O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/ ... tedata.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/ ... elated.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/ ... review.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/ ... mailto.htm
O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/ ... search.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb
elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb
elated.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O4 - HKCU..Run: [Windows installer] C:winstall.exe
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:WINDOWSSYSTEMSHDOCVW.DLL
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.freepharmacyxxx.com/
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {9A74B59AD-FCBF-4752-8726-932175553D64FE} - C:WINDOWSSystem32dsmljjg.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:WINDOWSSYSTEMALXTB1.DLL
O4 - HKCU..Run: [SpySheriff] C:Program FilesSpySheriffSpySheriff.exe
O4 - HKLM..Run: [Na4gg4jh63lh5^4a80+żÔÇč]Iú" ‹üžC:Program FilesISTsvcistsvc.exe C:WINDOWScljvvjmwsoq.exe
O4 - HKCU..Run: [SysProtect Free] "E:Program FilesSysProtect FreeUSYP.exe" /scan

Fix przez HiJack, pogrubione ręcznie z dysku

C:WINDOWSRunDLL.exe

Na 99% trojan udawanie nazwy rundll.exe ;/

C:WINDOWSCLJVVJMWSOQ.EXE
O4 - HKLM..Run: [NI.USYP] "E:Documents and SettingsSERPulpitSysProtectScannerInstall.exe"

Znasz to?

O17 - HKLMSystemCCSServicesTcpip..{46ABB8B8-38B0-4D86-853E-582FAD142D5E}: NameServer = 85.255.143.5,85.255.132.54

A to DNS?

Pzodrawiam i życze powodzenia.

przez **pavko89** » 02 Wrz 2006, 21:54

nie widzisz ze niunka sie zgrywa
win 98 hehe jasne

przez **pp3088** » 02 Wrz 2006, 21:56

Tak czy siak, może to komp kolegi lub koleżanki. Co za róznica??

przez **Yoo!** » 02 Wrz 2006, 22:07

ej, nie znam się na tyle, ale mam pytanie,o co chodzi w tym "sprawdzeniu loga", bo to już któryś temat z kolei, w którym ktoś prosi o sprawdzenie loga, co to jest i do czego to potrzebne,pozdro

przez **pp3088** » 02 Wrz 2006, 22:13

Hmm log=wykres z analizą najważniejszych rzeczy do kompa takich jak strona startowa, autostart, usługi, dnsy, plik host i jego edycje oraz inne ważne pzoycje takie jak choby to co odpala się prz logowaniu. Ludzie go podają aby ktoś określił czy jest czysty-pozbawiony syfu, lub aby ktoś miał bardziej jasne rozejrzenie na infekcje.

przez **niunka** » 03 Wrz 2006, 09:57

Log znalazlam na innej stronce i bylam pod wrazeniem jego zawartosci

wiec postanowilam tu skopiowac,zeby zobaczyc co na niego powiecie

Dlatego tez jest we Free Post i dopisalam na dole

niunka napisał(a):log kontrolny

W tym logu jest praktycznie wszystko nie tak :twisted:

fajnie bylo popatrzec na wasze odpowidzi,nawet na pw dostawalam wiadomosci

Pozdrawiam

przez **pp3088** » 03 Wrz 2006, 11:55

No, cóż co Cię nie zabije to Cię wzmocni. Zobacz na tego loga

Logfile of HijackThis v1.99.0
Scan saved at 02:19:25, on 2005-02-11
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAVPersonalAVGUARD.EXE
C:Program FilesAVPersonalAVWUPSRV.EXE
C:WINDOWSsystem32
tgx32.exe
C:WINDOWSSystem32soft.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesQuickTimeqttask.exe
C:Program FilesAVPersonalAVGNT.EXE
C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe
C:WINDOWSsystem32appcg.exe
C:windowssystem32evpeit.exe
C:WINDOWSSystem32jfdjkswf.exe
C:WINDOWSSystem32dddd.exe
C:WINDOWSisrvsdesktop.exe
C:WINDOWSSystem32ctfmon.exe
C:WINDOWSsystem32svphost.exe
C:WINDOWSSystem32??chost.exe
C:Documents and SettingsgregDane aplikacjiudps.exe
C:Program FilesGadu-Gadugg.exe
C:Program FileseMuleemule.exe
C:windowssystem32calc.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesInternet Exploreriexplore.exe
D:instalkihijackthisodHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSsystem32xbteq.dll/sp.html#93256
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSsystem32xbteq.dll/sp.html#93256
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = res://C:WINDOWSsystem32xbteq.dll/sp.html#93256
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSsystem32xbteq.dll/sp.html#93256
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSsystem32xbteq.dll/sp.html#93256
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSsystem32xbteq.dll/sp.html#93256
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSsystem32xbteq.dll/sp.html#93256
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:WINDOWSSystem32soft.exe
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: googl.de
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: www.googl.de
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: google.se
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /ip.txt was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O1 - Hosts: www.googl.at
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O2 - BHO: ViewSource Class - {00000000-0000-0000-0000-000000000000} - C:WINDOWSSYSTEMMSXSLAB.DLL
O2 - BHO: (no name) - {826C58CD-E09F-AE4D-CBCE-70D975833F7E} - (no file)
O2 - BHO: (no name) - {AF5960F8-3CBB-D88A-7529-172F8B6B82A2} - (no file)
O2 - BHO: (no name) - {C8CD041C-091F-DF8F-452B-B10122D789B7} - C:WINDOWSsystem32atlmz.dll
O2 - BHO: (no name) - {DAA75053-2CC7-DDF8-7C6F-F6FD0A5CB7CA} - (no file)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:WINDOWSsystem32winb2s32.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:WINDOWSsystem32dsktrf.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:WINDOWSsystem32winb2s32.dll
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:WINDOWSDownloaded Program Files
undlg32.dll
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:WINDOWSDownloaded Program Files
undlg32.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:WINDOWSDownloaded Program Files
undlg32.dll
O4 - HKLM..Run: [Windows Automation] mslaugh.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [AVGCtrl] C:Program FilesAVPersonalAVGNT.EXE /min
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe" -osboot
O4 - HKLM..Run: [Windows ControlAd] C:Program FilesWindows ControlAdWinCtlAd.exe
O4 - HKLM..Run: [appcg.exe] C:WINDOWSsystem32appcg.exe
O4 - HKLM..Run: [tibs5] C:WINDOWSSystem32 ibs5.exe
O4 - HKLM..Run: [Web Service] C:WINDOWSSystem32sm.exe
O4 - HKLM..Run: [ffis] C:WINDOWSisrvsffisearch.exe
O4 - HKLM..Run: [evpeit] c:windowssystem32evpeit.exe
O4 - HKLM..Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
O4 - HKLM..Run: [ ] C:WINDOWSsystem32userinit.exe
O4 - HKLM..Run: [sais] c:program files180solutionssais.exe
O4 - HKLM..Run: [apiuk32.exe] C:WINDOWSsystem32apiuk32.exe
O4 - HKLM..Run: [antiware] C:windowssystem32elitehln32.exe
O4 - HKLM..Run: [jfdjkswf] C:WINDOWSSystem32jfdjkswf.exe
O4 - HKLM..Run: [Windows Service] C:WINDOWSSystem32dddd.exe
O4 - HKLM..Run: [Desktop Search] C:WINDOWSisrvsdesktop.exe
O4 - HKLM..RunOnce: [ntgx32.exe] C:WINDOWSsystem32
tgx32.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [svphost.exe] C:WINDOWSsystem32svphost.exe
O4 - HKCU..Run: [Ubsj] C:WINDOWSSystem32??chost.exe
O4 - HKCU..Run: [Aidr] C:Documents and SettingsgregDane aplikacjiudps.exe
O4 - HKCU..Run: [Web Service] C:WINDOWSSystem32sm.exe
O4 - HKCU..Run: [Windows Service] C:WINDOWSSystem32dddd.exe
O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray
O4 - HKCU..Run: [eMuleAutoStart] C:Program FileseMuleemule.exe -AutoStart
O4 - HKLM..Run: [Windows SyncroAd] C:PROGRAM FILESWINDOWS SYNCROADSYNCROAD.EXE
O4 - HKLM..Run: [Windows AdControl] C:Program FilesWindows AdControlWinAdCtl.exe
O4 - HKLM..Run: [Windows AdTools] C:Program FilesWindows AdToolsWinAdTools.exe
O4 - HKLM..Run: [Windows TaskAd] C:Program FilesWindows TaskAdWinTaskAd.exe
O4 - HKLM..Run: [Windows AdService] C:Program FilesWindows AdServiceWinAdServ.exe
O4 - HKLM..Run: [Windows ControlAd] C:Program FilesWindows ControlAdWinCtlAd.exe
O4 - HKLM..Run: [Windows ServeAd] C:Program FilesWindows ServeAdWinServAd.exe
O4 - HKLM..Run: [DeskAd Service] C:Program FilesDeskAd ServiceDeskAdServ.exe
O4 - HKLM..Run: [Windows AdStatus] C:Program FilesWindows AdStatusWinStat.exe
O4 - HKLM..Run: [AdTools Service] C:Program FilesAdTools ServiceAdTools.exe
O4 - HKLM..Run: [Windows FormatAd] C:Program FilesWindows FormatAdWinForm.exe
O4 - HKCU..Run: [Ysxr] C:WINDOWSSystem32??chost.exe
O4 - HKCU..Run: [Slu] C:WINDOWSSystem32??chost.exe
O4 - HKCU..Run: [Lqjogrt] C:WINDOWSSystem32??plorer.exe
O4 - HKCU..Run: [Upwzxru] C:WINDOWSSystem32??plorer.exe
O4 - HKCU..Run: [Mcbqh] C:WINNTsystem32 ?skmgr.exe
O4 - HKCU..Run: [ÿ_zskwxfpzbyp[xeps]mi50inkrwksz_] d:windowssystem32\_zskwrkni05im]spex[pybzpfxw.exe
O4 - HKCU..Run: [WhenUSave] "C:Program FilesSaveSave.exe"
O4 - HKCU..Run: [SurfSideKick 3] C:Program FilesSurfSideKick 3Ssk.exe
O4 - HKCU..Run: [AXVenore] "C:Program FilesAXVenoreAXVenore.exe"
O4 - HKCU..Run: [PECarlin] "C:Program FilesPECarlinPECarlin.exe"
O4 - HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,ClientStartup -s
O8 - Extra context menu item: &Google Search - res://C:Program FilesGooglegoogletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:Program FilesGooglegoogletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:Program FilesGooglegoogletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:Program FilesGooglegoogletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:Program FilesGooglegoogletoolbar.dll/cmtrans.html
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2fucked.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O17 - HKLMSystemCCSServicesTcpip..{10CD7263-28E8-404C-A427-388106DCC27E}: NameServer = 10.0.0.2
O17 - HKLMSystemCS1ServicesTcpip..{10CD7263-28E8-404C-A427-388106DCC27E}: NameServer = 10.0.0.2
O17 - HKLMSystemCS2ServicesTcpip..{10CD7263-28E8-404C-A427-388106DCC27E}: NameServer = 10.0.0.2
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - (no file)
O20 - Winlogon Notify: artm_newreg - D:Documents and SettingsAll UsersDokumentySettingsartm_new.dll
O20 - AppInit_DLLs: CLKERN.DLL
O20 - Winlogon Notify: winuai32 - D:WINDOWSSYSTEM32winuai32.dll
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:Program FilesAVPersonalAVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:Program FilesAVPersonalAVWUPSRV.EXE
O23 - Service: Network Security Service (NSS) - Unknown - C:WINDOWSieye.exe
O23 - Service: ZESOFT - Unknown - D:WINDOWSzeta.exe (file missing)
O23 - Service: Power Manager - Unknown - D:WINDOWSsvchost.exe (file missing)

Autentyk, dostałem taki do jednego kolesia:) I jeszcze mówił: zobacz czy coś jest ja dziś już usuwałem robaki i inne syfy. Widąć jak usuwał:D

A tu mała lista:
Purity Szan(pytajnikowiec)
WindUpdates typu "AD"
iwantsearch.com
vroomsearch.com
Trojan.Admincash
Trojan CWS Home Search i kilka innych odmian
Robak Blaster
TROJ_AGENT.CS
180 Solution
Desktop Search
Dialer tibs
WhenU Save
SurfSideKick 3
New.net

Prosze o sprawdzenie loga

Prosze o sprawdzenie loga

Re: Prosze o sprawdzenie loga

Kto jest na forum