|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!
|
|
#1
September 3rd, 2004, 11:11 AM
|
|||
|
|||
|
Hijacked!!!! Help!!!
Hi,
I'm posting again. I've been hijacked bad. Please, someone help me! --------------------------- Logfile of HijackThis v1.97.7 Scan saved at 00:06:38, on 04/09/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\WINDOWS\iplc32.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe F:\programs for win xp\qttask.exe F:\PROGRA~2\WINPAT~1\WinPatrol.exe F:\Programs for Win XP\RFA\rfagent.exe C:\WINDOWS\system32\iewu32.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe F:\Programs for Win XP\acrobat 5\Distillr\AcroTray.exe F:\Programs for Win XP\NkVwMon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\ICQ\ICQ.exe F:\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\anmmn.dll/sp.html#96676 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jjpzi.dll/sp.html#96676 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\anmmn.dll/sp.html#96676 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\anmmn.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\anmmn.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\anmmn.dll/sp.html#96676 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\anmmn.dll/sp.html#96676 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\programs for win xp\acrobat 5\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {C8BEE708-6D04-1677-F2EE-681F5D9D77B5} - C:\WINDOWS\atlyv32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\msgr.en-us.ms\msntb.dll O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "F:\programs for win xp\qttask.exe" -atboottime O4 - HKLM\..\Run: [SpyHunter] F:\Programs for Win XP\spyhunter\SpyHunter.exe O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe O4 - HKLM\..\Run: [WinPatrol] "f:\PROGRA~2\WINPAT~1\WinPatrol.exe" O4 - HKLM\..\Run: [RFAgent] F:\Programs for Win XP\RFA\rfagent.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [iewu32.exe] C:\WINDOWS\system32\iewu32.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKLM\..\RunOnce: [iplc32.exe] C:\WINDOWS\iplc32.exe O4 - HKLM\..\RunOnce: [d3jg32.exe] C:\WINDOWS\system32\d3jg32.exe O4 - HKLM\..\RunOnce: [appjt.exe] C:\WINDOWS\system32\appjt.exe O4 - HKLM\..\RunOnce: [crby32.exe] C:\WINDOWS\crby32.exe O4 - HKLM\..\RunOnce: [d3pm32.exe] C:\WINDOWS\d3pm32.exe O4 - HKLM\..\RunOnce: [addse.exe] C:\WINDOWS\addse.exe O4 - HKLM\..\RunOnce: [atloi32.exe] C:\WINDOWS\atloi32.exe O4 - HKLM\..\RunOnce: [sdkoo32.exe] C:\WINDOWS\system32\sdkoo32.exe O4 - HKLM\..\RunOnce: [sdkjo32.exe] C:\WINDOWS\sdkjo32.exe O4 - HKLM\..\RunOnce: [addyt.exe] C:\WINDOWS\addyt.exe O4 - HKLM\..\RunOnce: [d3uj32.exe] C:\WINDOWS\d3uj32.exe O4 - HKLM\..\RunOnce: [sdkjl32.exe] C:\WINDOWS\sdkjl32.exe O4 - HKLM\..\RunOnce: [sdkgi32.exe] C:\WINDOWS\sdkgi32.exe O4 - HKLM\..\RunOnce: [ippx32.exe] C:\WINDOWS\system32\ippx32.exe O4 - HKLM\..\RunOnce: [atlrs.exe] C:\WINDOWS\atlrs.exe O4 - HKLM\..\RunOnce: [addkv32.exe] C:\WINDOWS\system32\addkv32.exe O4 - HKLM\..\RunOnce: [winoj32.exe] C:\WINDOWS\system32\winoj32.exe O4 - HKLM\..\RunOnce: [sdkhb.exe] C:\WINDOWS\system32\sdkhb.exe O4 - HKLM\..\RunOnce: [crsb.exe] C:\WINDOWS\system32\crsb.exe O4 - HKLM\..\RunOnce: [d3mf.exe] C:\WINDOWS\system32\d3mf.exe O4 - HKLM\..\RunOnce: [appwg32.exe] C:\WINDOWS\appwg32.exe O4 - HKLM\..\RunOnce: [iexc.exe] C:\WINDOWS\iexc.exe O4 - HKLM\..\RunOnce: [apphb32.exe] C:\WINDOWS\system32\apphb32.exe O4 - HKLM\..\RunOnce: [d3xf32.exe] C:\WINDOWS\system32\d3xf32.exe O4 - HKLM\..\RunOnce: [nthe.exe] C:\WINDOWS\system32\nthe.exe O4 - HKLM\..\RunOnce: [netft32.exe] C:\WINDOWS\system32\netft32.exe O4 - HKLM\..\RunOnce: [d3yp32.exe] C:\WINDOWS\d3yp32.exe O4 - HKLM\..\RunOnce: [winow32.exe] C:\WINDOWS\system32\winow32.exe O4 - HKLM\..\RunOnce: [appwa32.exe] C:\WINDOWS\system32\appwa32.exe O4 - HKLM\..\RunOnce: [addax32.exe] C:\WINDOWS\addax32.exe O4 - HKLM\..\RunOnce: [winep32.exe] C:\WINDOWS\system32\winep32.exe O4 - HKLM\..\RunOnce: [mfccp.exe] C:\WINDOWS\system32\mfccp.exe O4 - HKLM\..\RunOnce: [iehn.exe] C:\WINDOWS\iehn.exe O4 - HKLM\..\RunOnce: [ntmu32.exe] C:\WINDOWS\ntmu32.exe O4 - HKLM\..\RunOnce: [crid.exe] C:\WINDOWS\system32\crid.exe O4 - HKLM\..\RunOnce: [wintj.exe] C:\WINDOWS\system32\wintj.exe O4 - HKLM\..\RunOnce: [mfctu.exe] C:\WINDOWS\system32\mfctu.exe O4 - HKLM\..\RunOnce: [sdkpw32.exe] C:\WINDOWS\sdkpw32.exe O4 - HKLM\..\RunOnce: [wintv.exe] C:\WINDOWS\wintv.exe O4 - HKLM\..\RunOnce: [winas.exe] C:\WINDOWS\winas.exe O4 - HKLM\..\RunOnce: [msvn.exe] C:\WINDOWS\system32\msvn.exe O4 - HKLM\..\RunOnce: [ntfw.exe] C:\WINDOWS\ntfw.exe O4 - HKLM\..\RunOnce: [winqi.exe] C:\WINDOWS\system32\winqi.exe O4 - HKLM\..\RunOnce: [atldi.exe] C:\WINDOWS\atldi.exe O4 - HKLM\..\RunOnce: [d3tg32.exe] C:\WINDOWS\system32\d3tg32.exe O4 - HKLM\..\RunOnce: [sysfc.exe] C:\WINDOWS\sysfc.exe O4 - HKLM\..\RunOnce: [ntiz.exe] C:\WINDOWS\system32\ntiz.exe O4 - HKLM\..\RunOnce: [sdkmu32.exe] C:\WINDOWS\system32\sdkmu32.exe O4 - HKLM\..\RunOnce: [mslf32.exe] C:\WINDOWS\system32\mslf32.exe O4 - HKLM\..\RunOnce: [ntcl32.exe] C:\WINDOWS\system32\ntcl32.exe O4 - HKLM\..\RunOnce: [sdkom32.exe] C:\WINDOWS\sdkom32.exe O4 - HKLM\..\RunOnce: [applp32.exe] C:\WINDOWS\system32\applp32.exe O4 - HKLM\..\RunOnce: [crqh32.exe] C:\WINDOWS\crqh32.exe O4 - HKLM\..\RunOnce: [d3fz32.exe] C:\WINDOWS\d3fz32.exe O4 - HKLM\..\RunOnce: [apite32.exe] C:\WINDOWS\system32\apite32.exe O4 - HKLM\..\RunOnce: [sysqc.exe] C:\WINDOWS\sysqc.exe O4 - HKLM\..\RunOnce: [crbt.exe] C:\WINDOWS\crbt.exe O4 - HKLM\..\RunOnce: [windi.exe] C:\WINDOWS\windi.exe O4 - HKLM\..\RunOnce: [ipct32.exe] C:\WINDOWS\system32\ipct32.exe O4 - HKLM\..\RunOnce: [apiev.exe] C:\WINDOWS\system32\apiev.exe O4 - HKLM\..\RunOnce: [atlbg.exe] C:\WINDOWS\system32\atlbg.exe O4 - HKLM\..\RunOnce: [applk32.exe] C:\WINDOWS\system32\applk32.exe O4 - HKLM\..\RunOnce: [netlz.exe] C:\WINDOWS\netlz.exe O4 - HKLM\..\RunOnce: [winwg32.exe] C:\WINDOWS\system32\winwg32.exe O4 - HKLM\..\RunOnce: [crlw32.exe] C:\WINDOWS\system32\crlw32.exe O4 - HKLM\..\RunOnce: [ntdq.exe] C:\WINDOWS\ntdq.exe O4 - HKLM\..\RunOnce: [d3ze32.exe] C:\WINDOWS\d3ze32.exe O4 - HKLM\..\RunOnce: [mfcwe32.exe] C:\WINDOWS\system32\mfcwe32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Acrobat Assistant.lnk = F:\Programs for Win XP\acrobat 5\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: NkVwMon.exe.lnk = F:\Programs for Win XP\NkVwMon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv65/x.chm::/load.exe O16 - DPF: {54F8C0E2-34F9-474F-B47F-2CFCFE2300A2} - http://download.imu.com.cn/client/chatatwill/ie/imuliver.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
|
|
#2
September 3rd, 2004, 11:11 AM
|
|||
|
|||
|
continued...
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38208.8544907407 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSEWC.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{20A4C3CB-B4FC-45C7-90A3-1547366887B8}: NameServer = 202.188.0.133 202.188.1.5
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Hijacked!!!! Help!!! |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
