Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    trojan

    IP: *.neoplus.adsl.tpnet.pl 27.04.05, 17:44
    pokazuje się napisa na pulpicie...(pulpit jest niebieski)

    a fatal erro in EI has occured at 0028: c0011e36 in vxd vmm (01)00010e36.
    Error was caused by trojan-spy.html.smitfraud.c


    Logfile of HijackThis v1.99.1
    Scan saved at 16:23:50, on 2005-04-27
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
    C:\WINDOWS\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\DOCUME~1\Marecki\USTAWI~1\Temp\update.tmp
    C:\Program Files\FlashGet\flashget.exe
    C:\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://C:\DOCUME~1\Marecki\USTAWI~1\Temp\se.dll/spage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    res://C:\DOCUME~1\Marecki\USTAWI~1\Temp\se.dll/spage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O2 - BHO: (no name) - {035749F7-79F5-485C-98C6-C92C783ADBF1} - (no file)
    O2 - BHO: (no name) - {26CBADF4-0150-4B6F-9A82-9F1B1B5DFA73} -
    C:\WINDOWS\System32\ikbc.dll
    O2 - BHO: (no name) - {6A64C6C7-FF52-4F89-BC20-16979F845E11} - (no file)
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
    C:\PROGRA~1\FLASHGET\jccatch.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
    C:\PROGRA~1\FLASHGET\fgiebar.dll
    O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0
    \outpost.exe /waitservice
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Marecki\USTAWI~1
    \Temp\se.dll,DllInstall
    O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program
    Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program
    Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
    00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
    C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
    0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra button: Microsoft AntiSpyware helper - {471E3BEB-5EBC-4C1D-90AA-
    8D1AAAF81FD9} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {471E3BEB-5EBC-
    4C1D-90AA-8D1AAAF81FD9} - (no file) (HKCU)
    O16 - DPF: {11311111-1111-1111-1111-111111111157} -
    file://C:\Recycled\Q330995.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC85E18D-B55A-4756-A3BB-
    F0AE03FC1B19}: NameServer = 192.168.0.1
    O18 - Filter: text/html - {E556A7EE-B2FA-4784-86C7-6F0D0F67F0DD} -
    C:\WINDOWS\System32\ikbc.dll
    O18 - Filter: text/plain - {E556A7EE-B2FA-4784-86C7-6F0D0F67F0DD} -
    C:\WINDOWS\System32\ikbc.dll
    O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum -
    C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe

    Obserwuj wątek
      • Gość: Kolobos Re: trojan IP: *.warszawa.sdi.tpnet.pl 27.04.05, 17:50
        Poczytaj i zrob to co jest opisane tutaj:
        www.searchengines.pl/phpbb203/index.php?showtopic=31936

        Do tego uzyj:
        www.trojaner-info.de/files/SpSeHjfix112.exe
        W hijackthis zaznacz i usun te wpisy:

        > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        > res://C:\DOCUME~1\Marecki\USTAWI~1\Temp\se.dll/spage.html
        > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
        > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
        > res://C:\DOCUME~1\Marecki\USTAWI~1\Temp\se.dll/spage.html
        > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
        > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        > about:blank
        > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        > about:blank
        > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
        > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
        > O2 - BHO: (no name) - {035749F7-79F5-485C-98C6-C92C783ADBF1} - (no file)
        > O2 - BHO: (no name) - {26CBADF4-0150-4B6F-9A82-9F1B1B5DFA73} -
        > C:\WINDOWS\System32\ikbc.dll
        > O2 - BHO: (no name) - {6A64C6C7-FF52-4F89-BC20-16979F845E11} - (no file)
        > O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Marecki\USTAWI~1
        > \Temp\se.dll,DllInstall
        > O16 - DPF: {11311111-1111-1111-1111-111111111157} -
        > file://C:\Recycled\Q330995.exe
        > O18 - Filter: text/html - {E556A7EE-B2FA-4784-86C7-6F0D0F67F0DD} -
        > C:\WINDOWS\System32\ikbc.dll
        > O18 - Filter: text/plain - {E556A7EE-B2FA-4784-86C7-6F0D0F67F0DD} -
        > C:\WINDOWS\System32\ikbc.dll

        Pliki dll usun z dysku oraz C:\Recycled\Q330995.exe, najlepiej wyczysc cale
        TEMP.
        Jak juz wszystko zrobisz to wklej nowy log.

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin