CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Mój log i beird.exe

Mój log i beird.exe

oto mój log

ogfile of HijackThis v1.97.7
Scan saved at 13:15:36, on 2004–11–08
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32mswctl32.exe
C:Program FilesJavaj2re1.4.2_05injusched.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:Program FilesWinampwinampa.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSSystem32devldr32.exe
C:WINDOWSSystem32wuauclt.exe
C:WINDOWSsystem32 undll32.exe
E:Grycounterhl.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsKamilPulpitHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigURL = http://proxy.solutions.net.pl/auto.pac
O4 – HKLM..Run: [Microsoft Windows Control] mswctl32.exe
O4 – HKLM..Run: [Go And Start] svdll32.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_05injusched.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [Sys29] C:windowssystem32wingiy32.exe
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [System Restore Data] c:windowssystem32frbyjed epcale.exe c:windowssystem32frbyjedeird.exe
O4 – HKLM..RunServices: [Microsoft Windows Control] mswctl32.exe
O4 – HKLM..RunServices: [Go And Start] svdll32.exe
O4 – HKLM..RunServices: [System Restore Data] c:windowssystem32frbyjed epcale.exe c:windowssystem32frbyjedeird.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [Go And Start] svdll32.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [System Restore Data] c:windowssystem32frbyjed epcale.exe c:windowssystem32frbyjedeird.exe
O4 – HKCU..RunServices: [System Restore Data] c:windowssystem32frbyjed epcale.exe c:windowssystem32frbyjedeird.exe
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 – DPF: v3cab – http://searchmiracle.com/cab/v3cab.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=771aab6407e17cd246b004e5ead7108eb8dcf063dc6b72823084f 634e85247620f8876e5c718c2d0a1bb170a7006cb02f30bd52db8 3cd8ff38d3fb72d88b5ced:bcbeac9adb4287dd435f5ab0907ede44
O16 – DPF: {19E28AFC–EAE3–4CE5–AC83–2407B42F57C9} (MSSecurityAdvisor Class) – http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1099843701084
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099843133606
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
O17 – HKLMSystemCCSServicesTcpip..{E797758C–16B8–4E25–B3D3–AED60957C84A}: NameServer = 217.144.197.1,217.144.192.2


co jest zle

Odpowiedzi: 2

Toto rowniez:
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://public.windupdates.com/get_file.php?bt=ie&p=771aab6407e17cd246b004e5ead7108eb8dcf063dc6b72823084f63 4e85247620f8876e5c718c2d0a1bb170a7006cb02f30bd52db83cd8 ff38d3fb72d88b5ced:bcbeac9adb4287dd435f5ab0907ede44


A i to watpie zebys sam instalowal:

O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/eng/snooker_2_0_0_21.cab
EL NINO
Dodano
08.11.2004 21:30:53
Loga zamieszcza sie w code bo jak w tym przypadku nieraz strona sie rozjerzdza

Wylacz Przywracanie
Zakoncz proces:
mswctl32.exe

Pliki wymienione nizej leca z dysku i FIX wpisy z loga:
O4 – HKLM..Run: [Microsoft Windows Control] mswctl32.exe
O4 – HKLM..Run: [Go And Start] svdll32.exe
O4 – HKLM..Run: [Sys29] C:windowssystem32wingiy32.exe
O4 – HKLM..Run: [System Restore Data] c:windowssystem32frbyjed epcale.exe c:windowssystem32frbyjedeird.exe
O4 – HKLM..RunServices: [Microsoft Windows Control] mswctl32.exe
O4 – HKLM..RunServices: [Go And Start] svdll32.exe
O4 – HKLM..RunServices: [System Restore Data] c:windowssystem32frbyjed epcale.exe c:windowssystem32frbyjedeird.exe
O4 – HKCU..Run: [Go And Start] svdll32.exe
O4 – HKCU..Run: [System Restore Data] c:windowssystem32frbyjed epcale.exe c:windowssystem32frbyjedeird.exe
O4 – HKCU..RunServices: [System Restore Data] c:windowssystem32frbyjed epcale.exe c:windowssystem32frbyjedeird.exe
O8 – Extra context menu item: Web Rebates – file://C:Program FilesWeb_RebatesSy1150Tp1150scri1150a.htm
O16 – DPF: v3cab – http://searchmiracle.com/cab/v3cab.cab

Wlacz przywracanie
Bobi
Dodano
08.11.2004 15:08:14
ranev
Dodano:
08.11.2004 14:20:47
Komentarzy:
2
Strona 1 / 1