CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo log z hijackthis

log z hijackthis

Witam, mam dosc dziwny problem, dostalem od kogos na plytce mnostwo jakich smiesznych dupereli na cd, podczas kopiowania z cd na dysk naped zaczal wariowac, przyspieszal na makx(takie glosne rzyyyyyyyyyyyy=]) a w tym czase kopiowanie stalo, gdy zwolnil kopiowal dalej, po czym od nowa to samo i tak nonstoptechno! z 10–15 min. Po wszystkim moj sys. zaczal strasznie zwalniac tj. dziala normalnie ale co kilka sec. ma takie jakby lagi a przy sluchaniu muzyki to uuuu panie! :D

oto log
Logfile of HijackThis v1.99.0
Scan saved at 17:25:09, on 2005–02–08
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlcatelSpeedTouch USBDragdiag.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32 otepad.exe
C:Documents and Settingskro0kuPulpithijackthisHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar1.dll
O2 – BHO: CNavExtBho Class – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar1.dll
O4 – HKLM..Run: [SystemTray] SysTray.Exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_05injusched.exe
O4 – HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesAlcatelSpeedTouch USBDragdiag.exe" /icon
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [ccRegVfy] "C:Program FilesCommon FilesSymantec SharedccRegVfy.exe"
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O8 – Extra context menu item: &Google Search – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_05in pjpi142_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_05in pjpi142_05.dll
O9 – Extra button: ICQ 4 – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – C:Program FilesICQLiteICQLite.exe
O9 – Extra 'Tools' menuitem: ICQ Lite – {B863453A–26C3–4e1f–A54D–A2CD196348E9} – C:Program FilesICQLiteICQLite.exe
O9 – Extra button: Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – C:PROGRA~1AgnitumOUTPOS~1.0 rash.exe (file missing) (HKCU)
O9 – Extra 'Tools' menuitem: Show Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – C:PROGRA~1AgnitumOUTPOS~1.0 rash.exe (file missing) (HKCU)
O16 – DPF: {53B8B406–42E4–4DD3–96E7–9DEC8CEB3DD8} (ICQVideoControl Class) – http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099152555317
O17 – HKLMSystemCCSServicesTcpip..{A09DB3BC–848F–43AF–A0B9–792D3C8E9B10}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Usługa Auto–Protect w programie Norton AntiVirus – Symantec Corporation – C:Program FilesNorton AntiVirus avapsvc.exe
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: SymWMI Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe

a moze nie jest to wina wirusa tylko np. zaczalem przegrywanie w zlej fazie ksiezyca =]

Odpowiedzi: 4

No jest Spybot

Wylacz proces i usun z dysku:
wupdate.exe

FIX:
O4 – HKLM..Run: [Microsoft Windows Update] wupdate.exe
O4 – HKLM..RunServices: [Microsoft Windows Update] wupdate.exe
O4 – HKCU..Run: [Microsoft Windows Update] wupdate.exe
Bobi
Dodano
10.02.2005 21:59:42
witam.
nie chciałem tworzyć kolejnego tematu o sprawdzeniu loga więc pisze tutaj.
co w tym logu jest niepokojącego?


    Logfile of HijackThis v1.97.7
    Scan saved at 20:32:29, on 2005–02–10
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:WINDOWSSystem32smss.exe
    C:WINDOWSsystem32winlogon.exe
    C:WINDOWSsystem32services.exe
    C:WINDOWSsystem32lsass.exe
    C:WINDOWSsystem32svchost.exe
    C:WINDOWSSystem32svchost.exe
    C:WINDOWSsystem32spoolsv.exe
    C:WINDOWSExplorer.EXE
    C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
    C:WINDOWSSystem32 vsvc32.exe
    C:WINDOWSSystem32wupdate.exe
    C:PROGRA~1WanadooTaskbarIcon.exe
    C:WINDOWSSystem32RUNDLL32.EXE
    C:Program FilesCyberLinkPowerDVDPDVDServ.exe
    C:Program FilesWinampwinampa.exe
    C:Program FilesParagon SoftwareParagon CD–ROM Emulator ray.exe
    C:Documents and SettingsPrzemekPulpitHijackThis.exe

    R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada Plus wita Cie w Internecie
    R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 192.168.0.1:8080
    O2 – BHO: (no name) – {0EEDB912–C5FA–486F–8334–57288578C627} – (no file)
    O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:PROGRA~1FlashGetjccatch.dll
    O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:PROGRA~1FlashGetfgiebar.dll
    O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
    O4 – HKLM..Run: [Microsoft Windows Update] wupdate.exe
    O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1WanadooWatch.exe
    O4 – HKLM..Run: [WOOTASKBARICON] C:PROGRA~1WanadooTaskbarIcon.exe
    O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
    O4 – HKLM..Run: [nwiz] nwiz.exe /install
    O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
    O4 – HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
    O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
    O4 – HKLM..Run: [tray.exe] "C:Program FilesParagon SoftwareParagon CD–ROM Emulator ray.exe"
    O4 – HKLM..RunServices: [Microsoft Windows Update] wupdate.exe
    O4 – HKCU..Run: [Microsoft Windows Update] wupdate.exe
    O8 – Extra context menu item: Download with &Shareaza – res://C:Program FilesShareazaPluginsRazaWebHook.dll/3000
    O8 – Extra context menu item: Ściągnij przy pomocy FlashGet'a – C:Program FilesFlashGetjc_link.htm
    O8 – Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a – C:Program FilesFlashGetjc_all.htm
    O9 – Extra button: Related (HKLM)
    O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 – Extra button: FlashGet (HKLM)
    O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
    O16 – DPF: {70BA88C8–DAE8–4CE9–92BB–979C4A75F53B} (GSDACtl Class) – https://www.gamespyid.com/alaunch.cab
    O17 – HKLMSystemCCSServicesTcpip..{F5A90690–4526–4FCC–B6C6–D4C0D08494F4}: NameServer = 217.30.129.149,217.30.137.200

klosik007
Dodano
10.02.2005 21:41:07
Wylacz przywracanie

Zakoncz procesy:
s lsv.exe ( nie wiem co to ?? Moze spoolsv, jesli tak to zostawia)
P2P Networking.exe

Z dysku leci:
C:WINDOWSSystem32P2P Networking
cpfp.dll
i oczywisce zawartosc Tempu

FIX
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res /C:DOCUME~1 USTAWI~1Tempsp.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res /C:DOCUME~1 USTAWI~1Tempsp.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {C21045F5–69A8–4EBF–8978–B2A644F28E94} – C:WINDOWSSystem32cpfp.dll
O4 – HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O18 – Filter: text/html – {F12FBE59–5108–4417–A58C–D91F023B772F} – C:WINDOWSSystem32cpfp.dll
O18 – Filter: text/plain – {F12FBE59–5108–4417–A58C–D91F023B772F} – C:WINDOWSSystem32cpfp.dll
Bobi
Dodano
09.02.2005 22:54:22
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32s lsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAvastashDisp.exe
C:PROGRA~1Avastashmaisv.exe
C:ProgramyWinampWinampa.exe
C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe
C:Program FilesJavajre1.5.0_01injusched.exe
C:WINDOWSSystem32P2P NetworkingP2P Networking.exe
C:Program FilesAvastaswUpdSv.exe
C:Program FilesAvastashserv.exe
C:Gadu–Gadugg.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesWindows Media Playerwmplayer.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1 USTAWI~1TempRar$EX08.j00HijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res /C:DOCUME~1 USTAWI~1Tempsp.dll/sp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res /C:DOCUME~1 USTAWI~1Tempsp.dll/sp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:Program FilesSpybot – Search & DestroySDHelper.dll
O2 – BHO: QUICKfind BHO Object – {C08DF07A–3E49–4E25–9AB0–D3882835F153} – C:PROGRA~1TEXTwareQUICKF~1PlugInsIEHelp.dll
O2 – BHO: (no name) – {C21045F5–69A8–4EBF–8978–B2A644F28E94} – C:WINDOWSSystem32cpfp.dll
O4 – HKLM..Run: [avast!] C:Program FilesAvastashDisp.exe
O4 – HKLM..Run: [ashMaiSv] C:PROGRA~1Avastashmaisv.exe
O4 – HKLM..Run: [WinampAgent] "C:ProgramyWinampWinampa.exe"
O4 – HKLM..Run: [MMTray] C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_01injusched.exe
O4 – HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O18 – Filter: text/html – {F12FBE59–5108–4417–A58C–D91F023B772F} – C:WINDOWSSystem32cpfp.dll
O18 – Filter: text/plain – {F12FBE59–5108–4417–A58C–D91F023B772F} – C:WINDOWSSystem32cpfp.dll
O23 – Service: avast! iAVS4 Control Service – Unknown – C:Program FilesAvastaswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown – C:Program FilesAvastashserv.exe


Najpowaźniejszy problem to przekierowanie stron, kolega (bo to jego log) po wpisaniu czegokolwiek do IE przenosi go na jakieś inne strony.

Dziękuje za uwage.
run_DNA
Dodano
09.02.2005 22:43:27
o0
Dodano:
08.02.2005 18:26:45
Komentarzy:
4
Strona 1 / 1