winsock.cfg

Gość: maya48 Re: winsock.cfg IP: *.uni.lodz.pl 24.04.05, 16:39

Scan saved at 16:32:27, on 2005-04-24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsgPlus.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\tr\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
www.mjwjpyvkdllosnpamvmje.com/NoTX7I5Ha9I63GBNeHDgtuqBozlh5U6ceu7cyXdClX23k_2FoxW4CNZt8CFkx7It.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.newgenlook.info/ad/ad0278/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
txicbykybogkwxsnpyps.net/NoTX7I5Ha9I63GBNeHDgtuqBozlh5U6ceu7cyXdClX18bfz1eZA20tZt8CFkx7It.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.newgenlook.info/ad/ad0278/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Super Popup Blocker - {F1C0FAF2-E52F-4370-BC75-2C828C027B9E} -
C:\WINDOWS\System32\popkill.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} -
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\MsgPlus.exe"
O4 - HKLM\..\Run: [Fork loud four lite] C:\Documents and Settings\All
Users\Dane aplikacji\fast pile fork loud\joy new.exe
O4 - HKLM\..\Run: [Super Popup Blocker] C:\Saga\Super Popup Blocker\popkill.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN
Messenger\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [roam bind] C:\DOCUME~1\kamilka\DANEAP~1\PROGRA~1\List
Bleh.exe
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SAM.lnk = C:\Program Files\Skype\SAM\SAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A34548C0-7648-48FB-B406-
FD7B2A67573D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A34548C0-7648-48FB-
B406-FD7B2A67573D} - (no file) (HKCU)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00D20B4C-5497-479D-B5F0-6026AF230EAA}:
NameServer = 212.191.64.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEC39FC5-D38A-42F7-AF8B-3AA877A61259}:
NameServer = 212.191.64.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{00D20B4C-5497-479D-B5F0-6026AF230EAA}:
NameServer = 212.191.64.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{00D20B4C-5497-479D-B5F0-6026AF230EAA}:
NameServer = 212.191.64.10
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)

Drzewko
Od najstarszego
Od najnowszego

Gość: Kolobos Re: winsock.cfg IP: *.warszawa.sdi.tpnet.pl 24.04.05, 16:37

Wklej wyniki skanowania z hijackthis:
www.spychecker.com/program/hijackthis.html
To zobaczymy co i jak usunac.

Przeskanuj system tymi skanerami:
housecall.trendmicro.com/housecall/start_corp.asp
www.windowsecurity.com/trojanscan/
www.pandasoftware.com/activescan/pol/activescan_principal.htm
Zainstaluj:
www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
przeskanuj i wlacz ochrone przegladarki
www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
ochrone przegladarki
www.wilderssecurity.net/spywareguard.html <- SpywareGuard
- Gość: maya48 Re: winsock.cfg IP: *.uni.lodz.pl 24.04.05, 16:39
  
  Scan saved at 16:32:27, on 2005-04-24
  Platform: Windows XP (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 (6.00.2600.0000)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\Program Files\MSN Messenger\MsgPlus.exe
  C:\WINDOWS\System32\ctfmon.exe
  C:\Program Files\Skype\Phone\Skype.exe
  C:\Program Files\Messenger\msmsgs.exe
  c:\progra~1\intern~1\iexplore.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\tr\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
  www.mjwjpyvkdllosnpamvmje.com/NoTX7I5Ha9I63GBNeHDgtuqBozlh5U6ceu7cyXdClX23k_2FoxW4CNZt8CFkx7It.html
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
  www.newgenlook.info/ad/ad0278/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
  txicbykybogkwxsnpyps.net/NoTX7I5Ha9I63GBNeHDgtuqBozlh5U6ceu7cyXdClX18bfz1eZA20tZt8CFkx7It.html
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
  www.newgenlook.info/ad/ad0278/
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
  O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
  C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
  O2 - BHO: Super Popup Blocker - {F1C0FAF2-E52F-4370-BC75-2C828C027B9E} -
  C:\WINDOWS\System32\popkill.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
  C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} -
  C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\MsgPlus.exe"
  O4 - HKLM\..\Run: [Fork loud four lite] C:\Documents and Settings\All
  Users\Dane aplikacji\fast pile fork loud\joy new.exe
  O4 - HKLM\..\Run: [Super Popup Blocker] C:\Saga\Super Popup Blocker\popkill.exe
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
  O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN
  Messenger\MsgPlus.exe" /WinStart
  O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
  O4 - HKCU\..\Run: [roam bind] C:\DOCUME~1\kamilka\DANEAP~1\PROGRA~1\List
  Bleh.exe
  O4 - HKCU\..\Run: [Skype] "C:\Program
  Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
  O4 - Startup: SAM.lnk = C:\Program Files\Skype\SAM\SAM.exe
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
  Office\Office\OSA9.EXE
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
  C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
  00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
  O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
  O9 - Extra button: Microsoft AntiSpyware helper - {A34548C0-7648-48FB-B406-
  FD7B2A67573D} - (no file) (HKCU)
  O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A34548C0-7648-48FB-
  B406-FD7B2A67573D} - (no file) (HKCU)
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
  (MsnMessengerSetupDownloadControl Class) -
  messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O17 - HKLM\System\CCS\Services\Tcpip\..\{00D20B4C-5497-479D-B5F0-6026AF230EAA}:
  NameServer = 212.191.64.10
  O17 - HKLM\System\CCS\Services\Tcpip\..\{DEC39FC5-D38A-42F7-AF8B-3AA877A61259}:
  NameServer = 212.191.64.10
  O17 - HKLM\System\CS1\Services\Tcpip\..\{00D20B4C-5497-479D-B5F0-6026AF230EAA}:
  NameServer = 212.191.64.10
  O17 - HKLM\System\CS2\Services\Tcpip\..\{00D20B4C-5497-479D-B5F0-6026AF230EAA}:
  NameServer = 212.191.64.10
  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
  Software\Avast4\ashServ.exe
  O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
  Software\Avast4\ashMaiSv.exe" /service (file missing)
  O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
  Software\Avast4\ashWebSv.exe" /service (file missing)
  - Gość: Kolobos Re: winsock.cfg IP: *.warszawa.sdi.tpnet.pl 24.04.05, 16:54
    
    W hijackthis wybierz san only i zaznacz te wpisy:
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    www.mjwjpyvkdllosnpamvmje.com/NoTX7I5Ha9I63GBNeHDgtuqBozlh5U6ceu7cyXdClX23k_2Fox
    W4CNZt8CFkx7It.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.newgenlook.info/ad/ad0278/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    txicbykybogkwxsnpyps.net/NoTX7I5Ha9I63GBNeHDgtuqBozlh5U6ceu7cyXdClX18bfz1eZA20tZ
    t8CFkx7It.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.newgenlook.info/ad/ad0278/
    O4 - HKLM\..\Run: [Fork loud four lite] C:\Documents and Settings\All
    Users\Dane aplikacji\fast pile fork loud\joy new.exe
    O4 - HKCU\..\Run: [roam bind] C:\DOCUME~1\kamilka\DANEAP~1\PROGRA~1\List
    Bleh.exe
    
    I nacisnij Fix Checked.
    
    Przeskanuj tez skanerami, ktore podalem wczesniej.
    
    Nastepnie wklej po resecie nowy log z hijackthis i napisz gdzie znajduje tego
    winsock.cfg ?

Najnowsze z forum Wirusy, trojany, spyware

Zaloguj się