Automatyczne otwieranie stron yyy65 BARDZO PROSZĘ O POMOC
Witam wszystkich mam problem z wirusem o którym była juź niejednokrotnie mowa ale ja nic z tego nie rozumiem i nie wiem jak sobie z nim poradzić.Mianowicie otwierają mi się same strony z końcówkam yyy65 bodajźe chodzi o Look podaje poniźej log z hijack i licze źe ktoś mi pomoźe to gówno usunąć Prosze o szybką odpowiedz i dogłębne wyjaśnienie.
Logfile of HijackThis v1.99.1
Scan saved at 23:04:52, on 2005–12–14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\Avast4\aswUpdSv.exe
D:\Programy\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
D:\Programy\Avast4\ashDisp.exe
C:\windows\adtech2006a.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
D:\Programy\Avast4\ashMaiSv.exe
D:\Programy\Avast4\ashWebSv.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
D:\Programy\Gadu–Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Róźne\PROGRAMY z netu\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [autoclk] autoclk.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [adiras] adiras.exe
O4 – HKLM\..\Run: [avast!] D:\Programy\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [Microsoft tool] C:\WINDOWS\system32\mstool.exe
O4 – HKLM\..\Run: [winsync] C:\WINDOWS\system32\okwkoc.exe reg_run
O4 – HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Programy\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [murz] C:\Program Files\Common Files\murz\murzm.exe
O4 – HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 – HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 – HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe –AutoStart
O4 – Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 – Global Startup: WarpSpeeder Tray Icon.lnk = ?
O4 – Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: WinManager.lnk = C:\Program Files\PC–TV\WinManager\WinManager.exe
O9 – Extra button: Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O17 – HKLM\System\CCS\Services\Tcpip\..\{B34C7818–F473–4E21–9A1B–97F2E07B9F56}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: policies – C:\WINDOWS\system32\mv82l9lo1.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – D:\Programy\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – D:\Programy\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – D:\Programy\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – D:\Programy\Avast4\ashWebSv.exe" /service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 23:04:52, on 2005–12–14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programy\Avast4\aswUpdSv.exe
D:\Programy\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
D:\Programy\Avast4\ashDisp.exe
C:\windows\adtech2006a.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
D:\Programy\Avast4\ashMaiSv.exe
D:\Programy\Avast4\ashWebSv.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
D:\Programy\Gadu–Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Róźne\PROGRAMY z netu\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F2 – REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 – HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [autoclk] autoclk.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [adiras] adiras.exe
O4 – HKLM\..\Run: [avast!] D:\Programy\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [Microsoft tool] C:\WINDOWS\system32\mstool.exe
O4 – HKLM\..\Run: [winsync] C:\WINDOWS\system32\okwkoc.exe reg_run
O4 – HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Programy\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [murz] C:\Program Files\Common Files\murz\murzm.exe
O4 – HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 – HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 – HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe –AutoStart
O4 – Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 – Global Startup: WarpSpeeder Tray Icon.lnk = ?
O4 – Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: WinManager.lnk = C:\Program Files\PC–TV\WinManager\WinManager.exe
O9 – Extra button: Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – –{FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O17 – HKLM\System\CCS\Services\Tcpip\..\{B34C7818–F473–4E21–9A1B–97F2E07B9F56}: NameServer = 194.204.152.34 217.98.63.164
O20 – Winlogon Notify: policies – C:\WINDOWS\system32\mv82l9lo1.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – D:\Programy\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – D:\Programy\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – D:\Programy\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – D:\Programy\Avast4\ashWebSv.exe" /service (file missing)
Odpowiedzi: 1
W pzryklejonym FAQ masz instrukcę jak usuwać Look2Me – skorzystaj z niej. Loga teź sobie sprawdź bo trochę śmiecia tam lata poza Look2Me – instrukcja – http://forum.centrumxp.pl/viewtopic.php?t=37513
Strona 1 / 1