CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo help!:)

help!:)

Czesc! juz kilka dni mecze sie z wirusami na kompie:( a mianowicie skanowalem go chyba z 3 razy w awaryjnym Avastem pozniej oczywiscie hijack(chyba nie wszystko usunolem:/ wiec przesylam loga:)) i znow to samo:/ avast wykrywa mi wirusy w tempie i temp int files. Jak daje usunn czasem zalacza mi sie win media player:/ i co najlepsze niejaki spyanihilator instaluje mi sie samodzielnie po kazdym resecie:( no i do tego przy zalaczaniu stron internetowych win domaga sie sp1 po kazdym zalaczeniu int explorera.


Logfile of HijackThis v1.98.0
Scan saved at 11:36:01, on 2005–01–25
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesWinampwinampa.exe
C:PROGRA~1Avast4ashDisp.exe
C:Program FilesJavaj2re1.4.2_06injusched.exe
C:Program FilesAvast4aswUpdSv.exe
C:Program FilesAvast4ashServ.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesAvast4ashMaiSv.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesAdStatus ServiceAdStatServ.exe
C:Program FilesAdStatus ServiceAdStatKeep.exe
C:Program FilesGadu–Gadugg.exe
C:WINDOWSsystem321727c53b.exe
C:WINDOWSsystem3264orSP.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32sy64.exe
C:WINDOWSsystem3232hhPE.exe
C:WINDOWSsystem32PE32sySPSP.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32ors–6432ms.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32s–hhPEPE.exe
C:Program FilesInternet Exploreriexplore.exe
F:ProgramyHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://search–system.com/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {06D8B660–5DE7–1F57–AE60–663FA1307B91} – C:WINDOWSsystem32msadblock32.dll
O2 – BHO: Search Relevancy – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:PROGRA~1SEARCH~1SEARCH~1.DLL
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSsystem32msdxm.ocx
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [avast!] C:PROGRA~1Avast4ashDisp.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_06injusched.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [msadcheck] C:WINDOWSsystem32msadcheck32.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [AdStatus Service] C:Program FilesAdStatus ServiceAdStatServ.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 – HKCU..Run: [msadcheck] C:WINDOWSsystem32msadcheck32.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSsystem32msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSsystem32msjava.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O15 – Trusted Zone: http://*.windupdates.com
O15 – Trusted Zone: http://*.xxxtoolbar.com
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/CDTInc/ie/bridge–c46.cab

Odpowiedzi: 7

mypumas:
teraz troche wolno stronki chodza i kommp cos sie wiesza ale moze z czasem to dojdzie do siebie:]

Skoro teraz powiadasz ze "wolno chodzi" to co musiał robic z takim syfem na pokładzie
Pełzać ?? :wink:
Bobi
Dodano
25.01.2005 22:56:33
wielkie dzieki za pomoc:] co o wirusow to narazie zaden sie nie pojawil i mam nadzieję ze się nie pojawi:) teraz troche wolno stronki chodza i kommp cos sie wiesza ale moze z czasem to dojdzie do siebie:]
mypumas
Dodano
25.01.2005 22:40:07
Kolego szybki jestes, pare godzin i smietnik znowu

Wylacz przywracanie :!: :!:

Zakoncz procesy w tasku:
istsvc.exe
hxmhk.exe
optimize.exe
sais.exe
SahAgent.exe
actalert.exe

Usun z HDD:
C:Program FilesISTsvc
hxmhk.exe
C:Program FilesInternet Optimizer
C:program files180solutions
yfen.exe
SahAgent.exe
wsem303.dll

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=67198
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=67198
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.start24.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=67198
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: BHObj Class – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:WINDOWSwsem303.dll
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [kfdPJu6] C:WINDOWShxmhk.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [sais] c:program files180solutionssais.exe
O4 – HKLM..Run: [yfen] C:WINDOWSyfen.exe
O4 – HKLM..Run: [SAHAgent] C:WINDOWSSystem32SahAgent.exe
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
Bobi
Dodano
25.01.2005 17:23:04
ogfile of HijackThis v1.98.0
Scan saved at 15:30:13, on 2005–01–25
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesWinampwinampa.exe
C:PROGRA~1Avast4ashDisp.exe
C:Program FilesJavaj2re1.4.2_06injusched.exe
C:Program FilesISTsvcistsvc.exe
C:WINDOWShxmhk.exe
C:Program FilesInternet Optimizeroptimize.exe
C:program files180solutionssais.exe
C:WINDOWSSystem32SahAgent.exe
C:Program FilesInternet Optimizeractalert.exe
C:Program FilesAvast4aswUpdSv.exe
C:Program FilesAvast4ashServ.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesAvast4ashMaiSv.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
F:ProgramyHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=67198
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=67198
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.start24.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=67198
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O2 – BHO: BHObj Class – {8F4E5661–F99E–4B3E–8D85–0EA71C0748E4} – C:WINDOWSwsem303.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSsystem32msdxm.ocx
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [avast!] C:PROGRA~1Avast4ashDisp.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_06injusched.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe
O4 – HKLM..Run: [kfdPJu6] C:WINDOWShxmhk.exe
O4 – HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"
O4 – HKLM..Run: [sais] c:program files180solutionssais.exe
O4 – HKLM..Run: [yfen] C:WINDOWSyfen.exe
O4 – HKLM..Run: [Power Scan] C:Program FilesPower Scanpowerscan.exe
O4 – HKLM..Run: [SAHAgent] C:WINDOWSSystem32SahAgent.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSsystem32msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSsystem32msjava.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O16 – DPF: {386A771C–E96A–421F–8BA7–32F1B706892F} (Installer Class) – http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
mypumas
Dodano
25.01.2005 16:32:08
Wklej nowego loga
Tego: nem220.dll , wyrejestruj i wywal
Bobi
Dodano
25.01.2005 16:06:00
zrobilem j/w w awaryjnym bo nie dalo sie wylaczyc pierwszych 2ch procesow i po ponownym zalaczeniu kompa wyskakuje mi jakis "power scan"?? a nastepnie znow wirus Win32:Trojan–gen. {Other}
C:WINDOWS em220.dll
teraz jakies okienka dodatkowe jakb wchodze na stronki :/ to chyba jeszcze cos jeszcze siedzi:(
mypumas
Dodano
25.01.2005 13:43:38
Wylacz procesy .exe, usun wpisy w HJ i usun pliki na dysku jesli sa:

C:Program FilesAdStatus ServiceAdStatServ.exe
C:Program FilesAdStatus ServiceAdStatKeep.exe
C:WINDOWSsystem321727c53b.exe
C:WINDOWSsystem3264orSP.exe
C:WINDOWSsystem32sy64.exe
C:WINDOWSsystem3232hhPE.exe
C:WINDOWSsystem32PE32sySPSP.exe
C:WINDOWSsystem32ors–6432ms.exe
C:WINDOWSsystem32s–hhPEPE.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://search–system.com/
O2 – BHO: (no name) – {06D8B660–5DE7–1F57–AE60–663FA1307B91} – C:WINDOWSsystem32msadblock32.dll
O2 – BHO: Search Relevancy – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:PROGRA~1SEARCH~1SEARCH~1.DLL
O4 – HKLM..Run: [msadcheck] C:WINDOWSsystem32msadcheck32.exe
O4 – HKLM..Run: [AdStatus Service] C:Program FilesAdStatus ServiceAdStatServ.exe
O4 – HKCU..Run: [msadcheck] C:WINDOWSsystem32msadcheck32.exe
O15 – Trusted Zone: http://*.windupdates.com
O15 – Trusted Zone: http://*.xxxtoolbar.com
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/CDTInc/ie/bridge–c46.cab
EL NINO
Dodano
25.01.2005 13:00:31
mypumas
Dodano:
25.01.2005 12:43:53
Komentarzy:
7
Strona 1 / 1