Spyware telepedett a gépemre
-
Vito01 #137 Sziasztok!
Hasonló problémám lenne, mint misi6-nak. Ugyanaaz a searchbar jelentkezik nekem is nap mint nap, plusz a kezdőlapomat is átállította egy look-today.com nevű, eléggé akaratos oldal. Már átnézettem a gépet az ad-aware-vel és a spybottal, de nem sikerült leállítani. Mellékelem a hijackthis logfile-t, amit csökkentett üzemmódban készítettem. Kérlek segítsetek. Köszi.
Logfile of HijackThis v1.98.2
Scan saved at 13:29:43, on 2004.10.04
Platform: Windows XP Szervizcsomag 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Vrakosi\Dokumentumok\Vito\utils\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://forum.index.hu/forum.cgi?a=t&t=9018169&uq=508
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ldemezyaue.info/m_S/g9TQZIMNoJYC5FJxWiL1vw8XUXn11VZtJdmz/PM.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://forum.index.hu/forum.cgi?a=t&t=9018169&uq=508
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.bzczfdpprmjtvz.com/m_S/g9TQZIOuiATRkajl8KKv4uY/sX40sqwpK4SQ35hcPM4O9NVTkho4VC
ALMYdu.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://forum.index.hu/forum.cgi?a=t&t=9018169&uq=508
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {D2FB2FD5-8D10-2633-E41F-626E3658B0DF} - C:\PROGRA~1\ONLINE~2\time
deaf.exe
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Rádió - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int110531.exe -auto
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [jugs enc] C:\PROGRA~1\FLAPSE~1\activedumb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SavePhonePlanRegs] C:\Documents and Settings\All Users\Application
Data\Freemeowsavephone\dashooze.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Letöltés a FlashGet-tel - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: MINDEN letöltése a FlashGet-tel - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Microsoft® JavaScript® Console - {7ECBB709-27C6-48AE-B3F4-31E9074496AE} -
C:\WINDOWS\System32\comdlg32.ocx (file missing)
O9 - Extra 'Tools' menuitem: JavaScript Console - {7ECBB709-27C6-48AE-B3F4-31E9074496AE} -
C:\WINDOWS\System32\comdlg32.ocx (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Microsoft® JavaScript® Console - {7ECBB709-27C6-48AE-B3F4-31E9074496AE} -
C:\WINDOWS\System32\comdlg32.ocx (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {7ECBB709-27C6-48AE-B3F4-31E9074496AE} -
C:\WINDOWS\System32\comdlg32.ocx (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_file.php?bt=ie&p=8902da520ea2cb6c540a4fcee4b5f7d40605916c7fb619
42adbcb598a59c2d3c889f2bd3b107335763fda97fa70eb85f576c040e108148b9:0e1e56def0c253a0a486d66f
6712b078
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) -
http://bud-dms01.insidemedia.net/iNotes.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.com/download/cult.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) -
http://www.grupomarineda.net/auto/DialerData.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -
http://www.budapestmap.com/bkv/MGViewer/ActiveX/mgaxctrl.cab
O16 - DPF: {6814A9EF-FBF1-46B2-A46E-56B401079C26} -
http://www.dialer-shop.com/cexe/b200ex8.exe
O16 - DPF: {7589EEE6-E336-11D4-8A7E-EE1D971D9B47} (AcontiX Control) -
http://secure.aconti.net/acontix/goodthinxx.cab
O16 - DPF: {BD092CD7-AA66-4FF6-8CE1-D4E01489ED2B} (VacPro.UserControl1) -
http://www.7adpower.com/dialer/EMSAT.CAB
O16 - DPF: {E795CA75-530A-4981-80F2-0C9EF7CF0F58} (vcload) -
http://secure.goodthinxx.com/vcloadgt.cab