CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo ja teź bardzo proszę o sprawdzenie loga

ja teź bardzo proszę o sprawdzenie loga

proszę o pomoc bo juź wyczerpałem wszystkie pomysły. Ciągle zmienia mi się strona startowa. Za kaźdym razem gdy włanczam IE ta strona sama sie ustawia.


Logfile of HijackThis v1.99.0
Scan saved at 01:07:18, on 2004–12–23
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesKerioPersonal Firewallpersfw.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSSystem32CTHELPER.EXE
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGadu–Gadugg.exe
C:WINDOWSSystem32logon.exe
C:Documents and SettingsKubaDane aplikacjiomoh.exe
C:WINDOWSSystem32 ?skmgr.exe
C:Program FilesBitTornadotdownloadgui.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
D:DownloadsHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: DOMP Class – {4C1B116F–2860–46db–8E6C–B4BFC4DFD683} – C:WINDOWSietlbass.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O2 – BHO: (no name) – {B48B8EF8–3A4B–3FB0–3C06–1EB32EEC0BE7} – C:WINDOWSSystem32fubolf.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] C:Program FilesCreativeSBLivePROGRAMADGJDet.exe
O4 – HKLM..Run: [CTStartup] C:Program FilesCreativeSplash ScreenCTEaxSpl.EXE /run
O4 – HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 – HKLM..Run: [update run dos] logon.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [update run registry] logon.exe
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..RunServices: [update run dos] logon.exe
O4 – HKLM..RunServices: [update run registry] logon.exe
O4 – HKLM..RunOnce: [SpybotSnD] "C:Program FilesSpybot – Search & DestroySpybotSD.exe" /autocheck
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Micr Update] soundblaster.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Gadu–Gadu] C:Program FilesGadu–Gadugg.exe /tray
O4 – HKCU..Run: [wvsvc] wvsvc.exe
O4 – HKCU..Run: [update run dos] logon.exe
O4 – HKCU..Run: [Steam] "d:gryvalvesteamsteam.exe" –silent
O4 – HKCU..Run: [update run registry] logon.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe
O13 – DefaultPrefix:
O13 – WWW Prefix:
O13 – WWW. Prefix: http://ehttp.cc/?
O15 – Trusted IP range: 69.50.161.82
O15 – Trusted IP range: (HKLM)
O23 – Service: avast! iAVS4 Control Service – Unknown – C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown – C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 – Service: LexBce Server – Lexmark International, Inc. – C:WINDOWSsystem32LEXBCES.EXE
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
O23 – Service: Kerio Personal Firewall – Kerio Technologies – C:Program FilesKerioPersonal Firewallpersfw.exe

Odpowiedzi: 3

Plikow rowniez sie pozbadz :!:

Znasz to: omoh.exe ??
Jesli nie to wywal

Zapomniales o:
O4 – HKCU..Run: [wvsvc] wvsvc.exe
DO wywalenia z logu i dysku
Bobi
Dodano
23.12.2004 16:05:29
dzieki. Usunałem te wszystkie wpisyu z tego loga. Ale czy tesz ma je usunąć z dysku? Chodzi mi o te dll.
np.fubolf.dll
tak wyglada teraz ten log

Logfile of HijackThis v1.99.0
Scan saved at 12:38:50, on 2004–12–23
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesKerioPersonal Firewallpersfw.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:WINDOWSSystem32CTHELPER.EXE
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Documents and SettingsKubaDane aplikacjiomoh.exe
C:Program FilesBitTornadotdownloadgui.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
D:DownloadsHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] C:Program FilesCreativeSBLivePROGRAMADGJDet.exe
O4 – HKLM..Run: [CTStartup] C:Program FilesCreativeSplash ScreenCTEaxSpl.EXE /run
O4 – HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..RunOnce: [SpybotSnD] "C:Program FilesSpybot – Search & DestroySpybotSD.exe" /autocheck
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Gadu–Gadu] C:Program FilesGadu–Gadugg.exe /tray
O4 – HKCU..Run: [wvsvc] wvsvc.exe
O4 – HKCU..Run: [Steam] "d:gryvalvesteamsteam.exe" –silent
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O8 – Extra context menu item: Download All by FlashGet – C:Program FilesFlashGetjc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:Program FilesFlashGetjc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:PROGRA~1FlashGetflashget.exe
O23 – Service: avast! iAVS4 Control Service – Unknown – C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown – C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 – Service: LexBce Server – Lexmark International, Inc. – C:WINDOWSsystem32LEXBCES.EXE
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
O23 – Service: Kerio Personal Firewall – Kerio Technologies – C:Program FilesKerioPersonal Firewallpersfw.exe
regnar
Dodano
23.12.2004 13:39:31
Usun i z loga i exeki z dysku:

C:WINDOWSSystem32logon.exe
C:WINDOWSSystem32 ?skmgr.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://default.home
O2 – BHO: DOMP Class – {4C1B116F–2860–46db–8E6C–B4BFC4DFD683} – C:WINDOWSietlbass.dll
O2 – BHO: (no name) – {B48B8EF8–3A4B–3FB0–3C06–1EB32EEC0BE7} – C:WINDOWSSystem32fubolf.dll
O4 – HKLM..Run: [update run dos] logon.exe
O4 – HKLM..Run: [update run registry] logon.exe
O4 – HKLM..RunServices: [update run dos] logon.exe
O4 – HKLM..RunServices: [update run registry] logon.exe
O4 – HKCU..Run: [Micr Update] soundblaster.exe
O4 – HKCU..Run: [wvsvc] wvsvc.exe
O4 – HKCU..Run: [update run dos] logon.exe
O4 – HKCU..Run: [update run registry] logon.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O13 – DefaultPrefix:
O13 – WWW Prefix:
O13 – WWW. Prefix: http://ehttp.cc/?
O15 – Trusted IP range: 69.50.161.82
O15 – Trusted IP range: (HKLM)


Nie znasz, usuwasz:
C:Documents and SettingsKubaDane aplikacjiomoh.exe
EL NINO
Dodano
23.12.2004 02:21:36
regnar
Dodano:
23.12.2004 02:12:34
Komentarzy:
3
Strona 1 / 1