VIRUS – PROSIM ČIMPREJŠNJO POMOČ!
Logfile of HijackThis v1.99.0
Scan saved at 15:37:02, on 31.5.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Gigaset\talk&surf 5.1\SEMon21.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Gigaset\talk&surf 5.1\xControlCOM.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\JOŽICA\LOCALS~1\Temp\Rar$DI01.646\rsqfqe.htm .pif
C:\WINDOWS\system32\sol.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jožica\My Documents\HijackThis.exe
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1-072E-44cf-8957-5838F569A31D} – C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 – HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 – HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 – HKLM\..\Run: [http://www.lienvandekelder.be] \Lien Van de Kelderrr.exe
O4 – HKLM\..\RunServices: [http://www.lienvandekelder.be] \Lien Van de Kelderrr.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 – HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 – HKCU\..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 – HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 – Global Startup: talk&surf 5.1 Monitor.lnk = ?
O8 – Extra context menu item: I&zvoz v Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} – http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1018_EN_XP.cab
O16 – DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} – http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 – DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {469C7080-8EC8-43A6-AD97-45848113743C} – http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 – DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 – DPF: {8FFB551F-5FA2-41A2-B2A2-56E587675786} (kupidChatx Class) – http://freeweb.siol.net/ytz997/kupidChat.cab
O16 – DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) – http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 – DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} – http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{AD51B842-D645-4106-8F29-3138EA16B8E2}: NameServer = 193.189.160.11 193.189.160.12
O23 – Service: DefWatch – Symantec Corporation – C:\Program Files\NavNT\defwatch.exe
O23 – Service: Norton AntiVirus Client – Symantec Corporation – C:\Program Files\NavNT\rtvscan.exe
O23 – Service: Sygate Personal Firewall – Sygate Technologies, Inc. – C:\Program Files\Sygate\SPF\Smc.exe
O23 – Service: xControlCOM – Siemens – C:\Program Files\Gigaset\talk&surf 5.1\xControlCOM.exe
Kaj sedaj?
Lp, Manca.
Ko pa si načela temo o blondinkah, bi te rad malce pobaral, od kdaj meniš, da ima SIOL toooliko časa, da bi uporabnikom pošiljal zazipane datoteke, in to z domene info@siol.com? Glej, da je bilo to prvič in zadnjič. 🙂
Tkolala.. tole je nujno še ven za pometat
O4 – HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 – HKLM\..\Run: [http://www.lienvandekelder.be] \Lien Van de Kelderrr.exe
O4 – HKLM\..\RunServices: [http://www.lienvandekelder.be] \Lien Van de Kelderrr.exe
Zdej pa jaz potujem na pivce k ste me razdražil, upam da ti fantje pomagajo do konca.
Pa tole:
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3.0/sb_searchPageHome.htm
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1-072E-44cf-8957-5838F569A31D} – C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
pa še kaj 🙂
Forum je zaprt za komentiranje.