--> Archiwum Forum
Michlos [ ! - C - O - O - L - ! ]
Wyskakujące strony :/
Zawsze sciagalem mp3 z https://www.djwitek.prv.pl/ uruchamiajac ja w Operze. blokawala wyskakujace okienka. wczoraj nie chciala sie uruchomic ta wlaczylem ja w IE i pojawilo sie z 20 stron. odrazu avast zaczal szalec i wogole lipa jak nie wiem. skanowalem kompa mks online, ad-adawarem, spybotem w trybie awaryjnym i niby wszytko jest usuniete tylko non stop wlanczaja mi sie samoczynie strony i reklamy w domyslnej przegladarce (opera).
przyklady kilku stron:
https://www.super-stock.com/normal/yyy34.html
https://www.myfuncards.com/?partner=ZUxdm209&spu=true
https://www.cashexchange.org/
https://www.888.com/default.htm?lang=en&SR=688791&flag=1101
https://www.mega-savings.com/normal/yyy34.html
https://www.deal-foryou.com/normal/yyy34.html
https://a.as-us.falkag.net/dat/dlv/aslframe.html?dat=121913&kid=0&xl=0&yl=0&mod=111
https://www.myfuncards.com/?partner=ZUxdm209&spu=true
https://www.searc-h.com/normal/yyy53.html
https://www.ad-w-a-r-e.com/cgi-bin/PopupV3?ID=‹2478F584-D0BA-8E48-8513-F6EAEBEEFBCA›&type=normal&mSkip=1&rnd=11262.
Michlos [ ! - C - O - O - L - ! ]
CWShredder uruchomiony w trybie awaryjnym nic nie znalazl :/
sidney22 [ Maly Krzykacz ]
dziwne sproboj innym on-lineowym
daje namiar:
https://skaner.mks.com.pl/ jest bardzo dobry
Actimel [ I am what I am ]
sidney -->> skanowalem kompa mks online
maciek_ssi [ Electroma ]
pokaz zawartosc pliku host w C:\WINDOWS\system32\drivers\etc\
Michlos [ ! - C - O - O - L - ! ]
Michlos [ ! - C - O - O - L - ! ]
sorka zle zrozumialem
plik host:
127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.page-not-found.net
127.0.0.1 page-not-found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 xads.offeroptimizer.comm
127.0.0.1 search.offeroptimizer.com
127.0.0.1 ximages.offeroptimizer.com
127.0.0.1 xlime.offeroptimizer.com
127.0.0.1 xadsj-o.offeroptimizer.com
127.0.0.1 xadsj.offeroptimizer.com
127.0.0.1 www.offeroptimizer.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com
127.0.0.1 adwave.com
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
127.0.0.1 adwave.com
127.0.0.1 adwave.com
127.0.0.1 adwave.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
wysiu [ ]
To teraz skasuj to wszystko, i wstaw tylko jeden wpis
127.0.0.1 localhost
Michlos [ ! - C - O - O - L - ! ]
HOSTS.bak tez wydaje sie podejrzany:
127.0.0.4 www.vparivalka.com
127.0.0.4 iframeprofit.com
127.0.0.4 www.iframeprofit.com
127.0.0.4 topsearch10.com
127.0.0.4 www.topsearch10.com
127.0.0.4 statscash.biz
127.0.0.4 www.statscash.biz
127.0.0.4 vxiframe.biz
127.0.0.4 www.vxiframe.biz
127.0.0.4 crazy-toolbar.com
127.0.0.4 www.crazy-toolbar.com
127.0.0.4 topcash.biz
127.0.0.4 www.topcash.biz
127.0.0.4 loadcash.biz
127.0.0.4 www.loadcash.biz
127.0.0.4 txiframe.biz
127.0.0.4 www.txiframe.biz
127.0.0.4 procounter.biz
127.0.0.4 www.procounter.biz
127.0.0.4 advadmin.biz
127.0.0.4 www.advadmin.biz
127.0.0.4 trafficbest.net
127.0.0.4 www.trafficbest.net
127.0.0.4 besthvac.com
127.0.0.4 www.besthvac.com
127.0.0.4 traff4.com
127.0.0.4 www.traff4.com
127.0.0.4 ambush-script.com
127.0.0.4 www.ambush-script.com
127.0.0.4 beehappyy.biz
127.0.0.4 www.beehappyy.biz
127.0.0.4 tracktraff.cc
127.0.0.4 www.tracktraff.cc
127.0.0.4 allcount.net
127.0.0.4 www.allcount.net
127.0.0.4 onedayoffer.biz
127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
127.0.0.1 www.page-not-found.net
127.0.0.1 page-not-found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 xads.offeroptimizer.comm
127.0.0.1 search.offeroptimizer.com
127.0.0.1 ximages.offeroptimizer.com
127.0.0.1 xlime.offeroptimizer.com
127.0.0.1 xadsj-o.offeroptimizer.com
127.0.0.1 xadsj.offeroptimizer.com
127.0.0.1 www.offeroptimizer.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com
127.0.0.1 adwave.com
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
127.0.0.1 adwave.com
127.0.0.1 adwave.com
hosts.20051020-090623.backup:
127.0.0.4 n-glx.s-redirect.com
127.0.0.4 counter.sexmaniack.com
127.0.0.4 autoescrowpay.com
127.0.0.4 www.autoescrowpay.com
127.0.0.4 www.awmdabest.com
127.0.0.4 www.sexfiles.nu
127.0.0.4 awmdabest.com
127.0.0.4 sexfiles.nu
127.0.0.4 allforadult.com
127.0.0.4 www.allforadult.com
127.0.0.4 www.iframe.biz
127.0.0.4 iframe.biz
127.0.0.4 www.newiframe.biz
127.0.0.4 newiframe.biz
127.0.0.4 www.vesbiz.biz
127.0.0.4 vesbiz.biz
127.0.0.4 www.pizdato.biz
127.0.0.4 pizdato.biz
127.0.0.4 www.aaasexypics.com
127.0.0.4 aaasexypics.com
127.0.0.4 www.virgin-tgp.net
127.0.0.4 virgin-tgp.net
127.0.0.4 www.awmcash.biz
127.0.0.4 awmcash.biz
127.0.0.4 buldog-stats.com
127.0.0.4 www.buldog-stats.com
127.0.0.4 fregat.drocherway.com
127.0.0.4 slutmania.biz
127.0.0.4 www.slutmania.biz
127.0.0.4 toolbarpartner.com
127.0.0.4 www.toolbarpartner.com
127.0.0.4 www.megapornix.com
127.0.0.4 megapornix.com
127.0.0.4 www.sp2fucked.biz
127.0.0.4 sp2fucked.biz
127.0.0.4 greg-tut.com
127.0.0.4 www.greg-tut.com
127.0.0.4 nylonsexy.com
127.0.0.4 www.nylonsexy.com
127.0.0.4 vparivalka.com
127.0.0.4 www.vparivalka.com
127.0.0.4 iframeprofit.com
127.0.0.4 www.iframeprofit.com
127.0.0.4 topsearch10.com
127.0.0.4 www.topsearch10.com
127.0.0.4 statscash.biz
127.0.0.4 www.statscash.biz
127.0.0.4 vxiframe.biz
127.0.0.4 www.vxiframe.biz
127.0.0.4 crazy-toolbar.com
127.0.0.4 www.crazy-toolbar.com
127.0.0.4 topcash.biz
127.0.0.4 www.topcash.biz
127.0.0.4 loadcash.biz
127.0.0.4 www.loadcash.biz
127.0.0.4 txiframe.biz
127.0.0.4 www.txiframe.biz
127.0.0.4 procounter.biz
127.0.0.4 www.procounter.biz
127.0.0.4 advadmin.biz
127.0.0.4 www.advadmin.biz
127.0.0.4 trafficbest.net
127.0.0.4 www.trafficbest.net
127.0.0.4 besthvac.com
127.0.0.4 www.besthvac.com
127.0.0.4 traff4.com
127.0.0.4 www.traff4.com
127.0.0.4 ambush-script.com
127.0.0.4 www.ambush-script.com
127.0.0.4 beehappyy.biz
127.0.0.4 www.beehappyy.biz
127.0.0.4 tracktraff.cc
127.0.0.4 www.tracktraff.cc
127.0.0.4 allcount.net
127.0.0.4 www.allcount.net
127.0.0.4 onedayoffer.biz
127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
127.0.0.1 www.page-not-found.net
127.0.0.1 page-not-found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 xads.offeroptimizer.comm
127.0.0.1 search.offeroptimizer.com
127.0.0.1 ximages.offeroptimizer.com
127.0.0.1 xlime.offeroptimizer.com
127.0.0.1 xadsj-o.offeroptimizer.com
127.0.0.1 xadsj.offeroptimizer.com
127.0.0.1 www.offeroptimizer.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com
127.0.0.1 adwave.com
# Start of entries inserted by Spybot - Search & Destroy
# End of entries inserted by Spybot - Search & Destroy
te pliki tez zamienic?
Michlos [ ! - C - O - O - L - ! ]
zamienilem tego hosts ale odrazu od nowa sie pojawiaja nastepne:
127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
127.0.0.1 www.page-not-found.net
127.0.0.1 page-not-found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 xads.offeroptimizer.comm
127.0.0.1 search.offeroptimizer.com
127.0.0.1 ximages.offeroptimizer.com
127.0.0.1 xlime.offeroptimizer.com
127.0.0.1 xadsj-o.offeroptimizer.com
127.0.0.1 xadsj.offeroptimizer.com
127.0.0.1 www.offeroptimizer.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com
maciek_ssi [ Electroma ]
spoko, tez tak mam, probowalem pare spyware'ow, ale nic nie pomaga, zobacz ile masz uruchomionych iexplore.exe
btw. mks wykryl u mnie jako trojan.qhost.ce
127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
127.0.0.1 www.page-not-found.net
127.0.0.1 page-not-found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 xads.offeroptimizer.comm
127.0.0.1 search.offeroptimizer.com
127.0.0.1 ximages.offeroptimizer.com
127.0.0.1 xlime.offeroptimizer.com
127.0.0.1 xadsj-o.offeroptimizer.com
127.0.0.1 xadsj.offeroptimizer.com
127.0.0.1 www.offeroptimizer.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com
127.0.0.1 adwave.com
Michlos [ ! - C - O - O - L - ! ]
w procesach zadnego
maciek_ssi [ Electroma ]
a masz taki pliczek w C:\WINDOWS\system32\cNrds.dll ?
Michlos [ ! - C - O - O - L - ! ]
nie. a powinienem?
Michlos [ ! - C - O - O - L - ! ]
z tych stron to najwiecej jest takich
https://www.super-stock.com/normal/yyy34.html
przy czym to pogrubione jest rozne a co za tym idze rozne stronki
maciek_ssi [ Electroma ]
nie wiem, czy pownienes miec, ja mam i iexplore.exe otwierajace sie po 20 razy i ten plik, zaraz go umorduje pod dosem i zdam relacje
mozdzek14 [ Marszałek ]
Jezus Maria ... co za skomplikowana sprawa ... ;)
maciek_ssi [ Electroma ]
nic nie dalo, plik usuniety, ale prawdopodobnie siedzi gdzies indziej
Michlos [ ! - C - O - O - L - ! ]
juz nie ma glowy do tego. a najgorsze ze nawet jak jest gra czy cos wlaczone to tez sie uruchamia :/
Ralion [ Konsul ]
Użyj hijacka i wklej tu wyniki.
mozdzek, dla ciebie napewno.
maciek_ssi [ Electroma ]
oto moj wynik skanowania za pomoca hijack
Logfile of HijackThis v1.99.1
Scan saved at 17:41:30, on 2005-10-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5112.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\kxmixer.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\QWRtaW4A\command.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\usr\MYSQL\bin\mysqld.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Winamp\winamp.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\Rar$EX00.000\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [kX Mixer] C:\WINDOWS\system32\kxmixer.exe --startup
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
O4 - Startup: GuildFTPd FTP.lnk = C:\usr\GuildFTPd\GuildFTPd.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - ‹08B0E5C0-4FCB-11CF-AAA5-00401C608501› - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - ‹08B0E5C0-4FCB-11CF-AAA5-00401C608501› - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Badanie - ‹92780B25-18CC-41C8-B9BE-3C9C571A8263› - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: ‹04E214E5-63AF-4236-83C6-A7ADCBF9BD02› (HouseCall Control) - https://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: ‹6414512B-B978-451D-A0D8-FCFDF33E833C› (WUWebControl Class) - https://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124314419453
O16 - DPF: ‹6E32070A-766D-4EE6-879C-DC1FA91D2FC3› (MUWebControl Class) - https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124389895562
O16 - DPF: ‹9A9307A0-7DA4-4DAF-B042-5009F29E09E1› (ActiveScan Installer Class) - https://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: ‹E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7› (MainControl Class) - https://skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\‹091DD4A7-E322-49BC-883B-FA332FAFD2EC›: NameServer = 212.2.96.52,212.2.96.51,195.205.118.2
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\q2680cjuefo80.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWRtaW4A\command.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sega License Service - Sega - C:\Program Files\Common Files\Sega Shared\Service\SegaLicSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Michlos [ ! - C - O - O - L - ! ]
Nie wiem skad ale teraz nagle pojawil mi sie iexplore.exe i kilka innych :/
Odrazu w tle jedna z owcyh stronek.
poznizej stronka ktora moze byc przydatna aczkolwiek jak narazie zero pozytywnych rezultatow
wysiu [ ]
maciek -->
https://shield.prevx.com/pxparall.asp?PXC=66491806667
maciek_ssi [ Electroma ]
znalazlem nastepnego chwasta: q2680cjuefo80.dll i jest podobny do wyzej wspomnianego pliku
Michlos [ ! - C - O - O - L - ! ]
CWShredder wczenisj nic nie znajdywal a tearz zawsze znajduje i niby usuwa "CWS.Jksearch"
a masz maciek msn'a XP? bo ja chyba przedwczoraj usunalem... moze to cos przez to
Michlos [ ! - C - O - O - L - ! ]
Logfile of HijackThis v1.99.1
Scan saved at 17:56:36, on 2005-10-20
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
E:\Programy\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Programy\Skype\Skype.exe
E:\Programy\Tlen.pl\tlen.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Programy\Winwall\Winwall.exe
E:\Programy\Avast4\aswUpdSv.exe
E:\Programy\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
E:\Programy\Avast4\ashWebSv.exe
E:\Programy\Avast4\ashMaiSv.exe
E:\Programy\Winamp\winamp.exe
C:\WINDOWS\System32\ctfmon.exe
E:\Programy\Acrobat 6.0 CE\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Programy\Opera\Opera.exe
E:\Programy\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - ‹8E718888-423F-11D2-876E-00A0C9082467› - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] E:\Programy\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KAZAA] "E:\Programy\Kazaa Lite Rewolucja\kpp.exe" "E:\Programy\Kazaa Lite Rewolucja\kazaalite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "E:\Programy\Skype\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Komunikator] E:\Programy\Tlen.pl\tlen.exe
O4 - HKCU\..\RunServices: [Windows Ocx Service] winocx.exe
O4 - Startup: Winwall Autostart.lnk = E:\Programy\Winwall\Winwall.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Programy\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\Programy\MICROS~1\Office10\EXCEL.EXE/3000
O16 - DPF: ‹644E432F-49D3-41A1-8DD5-E099162EEEC5› (Symantec RuFSI Utility Class) - https://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: ‹9A9307A0-7DA4-4DAF-B042-5009F29E09E1› (ActiveScan Installer Class) - https://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: ‹E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7› (MainControl Class) - https://skaner.mks.com.pl/SkanerOnline.cab
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\q4860elsehq60.dll
O21 - SSODL: SysTray.Exys - ‹7368D5FC-6F5C-4f5b-B964-E67214F67852› - C:\WINDOWS\System32\jfhicnbn.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Programy\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Programy\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programy\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Programy\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
Zrobic cos z tym?
maciek_ssi [ Electroma ]
nie wiem czy mam, bo po prostu nie uzywam, zaczyna mnie draznic ten wir, jeszcze otwiera mi okienka w Operze, wyskakuja flashe na caly ekran
jasna cholera, z niektorych powodow nie moge przeinstalowywac systemu
sciagam program z jednej ze stron, ktory podal wysiu, podaje link do pliku, bo trzeba sie rejestrowac
maciek_ssi [ Electroma ]
michlos ---->
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\q4860elsehq60.dll
O21 - SSODL: SysTray.Exys - ‹7368D5FC-6F5C-4f5b-B964-E67214F67852› - C:\WINDOWS\System32\jfhicnbn.dll (file missing)
podejrzane cos, nie sadzisz?
maciek_ssi [ Electroma ]
CounterSpy nic nie pomogl
Liczyrzepa [ Pretorianin ]
niech żyje superbezpieczny system Microsoft Windows !
slot5 [ Dragon ]
Polceam to potraktować Ad-aware'me (freeware). Też miałem podobny problem (rzecz jasna tylko pod IE) - program wszystko wykasował.
Liczyrzepa --> to nie wina Windowsa, tylko samych programów, które w tle instaluje takie śmieci. Trzeba uważać po prostu co się instaluje.
maciek_ssi [ Electroma ]
slot5 ---> u mnie nic nie zrobil
Michlos [ ! - C - O - O - L - ! ]
Ad-aware to jest podstawa ale takze jest bardzo ale to bardzo okrojony i ubogi jesli chodzi o wykrywanie spyware
Qbaa [ Senator ]
a więc wszystko się zainstalowało po wejściu na tamtą stronę?
jeśli chcesz się zemścić, opisz problem:
[email protected]
Michlos [ ! - C - O - O - L - ! ]
Nie chce sie mscic Qbaa bo to moja wina. uzylem IE co prawie z grzechem sie rowna. nie mozna kogos winic ze chcialem popelnic samobojstwo, wkoncu uzycie IE temu sie rowna :/
maciek_ssi [ Electroma ]
jest coraz gorzej, nie mam juz sil na zabawe, opera "miga", flashe dalej sie pokazuja, prawdziwy dramat, wirusow w moim zyciu moze mialem piec sztuk, ale ten jest najgorszy
nie moge przeinstalowac systemu, z wielu powowdów
Zajcef [ Konsul ]
Uzywam spy emergency 2005 i radzi sobie z tym wszystkim. Oczywiscie o ile jestem zmuszony korzystac z IE. Na przyszlosc polecam inna przegladarke, a problemy jak reka odjal
maciek_ssi [ Electroma ]
nie mow mi o IE, bo nawet reka nie dotknalem tej przegladarki, co ciekawsze, mam zainstalowana wersje 7.0 i wpakowalo sie jakies badziewie