CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo mój log– P O M O C Y !!!!!!!!!!!!!!!!!!

mój log– P O M O C Y !!!!!!!!!!!!!!!!!!

mam problem, wszystko chyba jest pokopane...

Logfile of HijackThis v1.98.2
Scan saved at 18:14:35, on 2004–10–31
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32 od32m2.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesHHVcdV5SysVC5SecS.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:WINDOWSSystem32RunDll32.exe
C:Program FilesAlcatelSpeedTouch USBDragdiag.exe
C:Program FilesWanadoo askbaricon.exe
C:Program FilesHHVcdV5SysVC5Play.exe
C:WINDOWSSystem32jaitkv.exe
C:WINDOWSszchost.exe
C:Program FilesEsetpop3scan.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesVirtual CD v5SystemVC5Tray.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesWanadooEspaceWanadoo.exe
C:Program FilesWanadooComComp.exe
C:Program FilesWanadooWatch.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesSpyware Doctorspydoctor.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1!!!!!!~1USTAWI~1TempRar$EX00.082HijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://super–spider.com/sp.htm?id=11316
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://super–spider.com/sp.htm?id=11316
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://win–eto.com/hp.htm?id=11316
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://super–spider.com/sp.htm?id=11316
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSabout.htm
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F3 – REG:win.ini: run=C:Program FilesWindows Media Playerwmplayer.exe
O2 – BHO: (no name) – {467FAEB2–5F5B–4c81–BAE0–2A4752CA7F4E} – C:WINDOWSSystem3231EY2B~1.DLL
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesAlcatelSpeedTouch USBDragdiag.exe" /icon
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1WANADOOWatch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:Program FilesWanadoo askbaricon.exe
O4 – HKLM..Run: [SYSTEM] lsas.exe
O4 – HKLM..Run: [Windows Messenger] msmsgs.exe
O4 – HKLM..Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_05injusched.exe
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [VC5Player] C:Program FilesHHVcdV5SysVC5Play.exe
O4 – HKLM..Run: [tjzselubf] C:WINDOWSSystem32jaitkv.exe
O4 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKLM..Run: [Zone system] C:WINDOWSszchost.exe
O4 – HKLM..Run: [Amon] "C:Program FilesEsetamon.exe"
O4 – HKLM..Run: [NOD32POP3] "C:Program FilesEsetpop3scan.exe"
O4 – HKLM..Run: [Nod32CC] "C:WINDOWSSystem32 od32cc.exe" –DONTSHOW
O4 – HKLM..RunServices: [SYSTEM] lsas.exe
O4 – HKLM..RunServices: [Windows Messenger] msmsgs.exe
O4 – HKLM..RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Windows Messenger] msmsgs.exe
O4 – HKCU..Run: [SYSTEM] lsas.exe
O4 – HKCU..Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKCU..Run: [Bscu] C:Documents and Settings!!!!!!!!!!!!!!!!!!Dane aplikacjicasa.exe
O4 – HKCU..Run: [Spyware Doctor] "C:Program FilesSpyware Doctorspydoctor.exe" /Q
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O13 – DefaultPrefix: http://more–pages.com/p/
O13 – WWW Prefix: http://more–pages.com/p/
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://213.159.117.133/dl/adv96/x.chm::/load.exe
O16 – DPF: {11111111–1111–1111–1111–111111111181} – ms–its:mhtml:file://c:\nosuch.mht!http://line–plus.com/mshelp.chm::/mshelp.exe
O16 – DPF: {11111111–1111–1111–1111–111111113457} – file://c:ied_s7m.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097513937750
O16 – DPF: {A67BA5E3–5B79–11D6–A711–00C12601EADE} – http://d.xo.pl/full.exe
O17 – HKLMSystemCCSServicesTcpip..{13AE1614–A106–4BDE–9896–E57C751F76DD}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLMSystemCS1ServicesTcpip..{13AE1614–A106–4BDE–9896–E57C751F76DD}: NameServer = 194.204.152.34 217.98.63.164
O20 – AppInit_DLLs: jho5jue375.dll

Odpowiedzi: 5

Wyłacz Przywracanie systemu
Wyłacz w tasku:
nod32cc.exe

Wywal z dysku:
nod32cc.exe

Fix jeszcze te 2 wpisy:

C:WINDOWSSystem32 od32cc.exe
O4 – HKLM..Run: [Nod32CC] "C:WINDOWSSystem32 od32cc.exe" –DONTSHOW

Włacz Przywracanie
Bobi
Dodano
31.10.2004 22:27:36
dobra. troche pokombinowalem i przedstawiam nowego loga. mam nadzieje ze juz sie w nim nic nie znajdzie:)

Logfile of HijackThis v1.98.2
Scan saved at 21:18:01, on 2004–10–31
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32 od32cc.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesHHVcdV5SysVC5SecS.exe
C:WINDOWSSystem32wuauclt.exe
C:WINDOWSSystem32RUNDLL32.EXE
C:WINDOWSSystem32RunDll32.exe
C:Program FilesAlcatelSpeedTouch USBDragdiag.exe
C:Program FilesWanadoo askbaricon.exe
C:Program FilesHHVcdV5SysVC5Play.exe
C:Program FilesEsetamon.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesSpyware Doctorspydoctor.exe
C:Program FilesVirtual CD v5SystemVC5Tray.exe
C:Program FilesWanadooEspaceWanadoo.exe
C:Program FilesWanadooComComp.exe
C:Program FilesWanadooWatch.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesGadu–Gadugg.exe
C:Documents and Settings!!!!!!!!!!!!!!!!!!PulpitantywiryhijackthisHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.gogle.pl/
F3 – REG:win.ini: run=C:Program FilesWindows Media Playerwmplayer.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesAlcatelSpeedTouch USBDragdiag.exe" /icon
O4 – HKLM..Run: [WOOWATCH] C:PROGRA~1WANADOOWatch.exe
O4 – HKLM..Run: [WOOTASKBARICON] C:Program FilesWanadoo askbaricon.exe
O4 – HKLM..Run: [Windows Messenger] msmsgs.exe
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_05injusched.exe
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [VC5Player] C:Program FilesHHVcdV5SysVC5Play.exe
O4 – HKLM..Run: [Amon] "C:Program FilesEsetamon.exe"
O4 – HKLM..Run: [Nod32CC] "C:WINDOWSSystem32 od32cc.exe" –DONTSHOW
O4 – HKLM..RunServices: [Windows Messenger] msmsgs.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Windows Messenger] msmsgs.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [Spyware Doctor] "C:Program FilesSpyware Doctorspydoctor.exe" /Q
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097513937750
O17 – HKLMSystemCCSServicesTcpip..{13AE1614–A106–4BDE–9896–E57C751F76DD}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLMSystemCS1ServicesTcpip..{13AE1614–A106–4BDE–9896–E57C751F76DD}: NameServer = 194.204.152.34 217.98.63.164
ponton86
Dodano
31.10.2004 22:21:25
ponton86:
dobra a jezeli mi sie stronka www.more–pages.com i jej podobne ustawia bez przerwy jako startowa, albo jak wchodze na jakas strone i mnie na ten chłam przekierowuje to co mam zrobic??? z gory dziex wielkie za odpowiedz.:):):) acha i jeszcze mam jakiegos wirusa ktory "zjada" mi pliki exe uruchamiajace programy. nagranie od nowa programu nic nie daje... plik uruchamiajacy po chwili znika...

Sory ale przestoj ale drobne problemy z netem mialem

Wiec zfixowales ??
O13 – WWW Prefix: http://more–pages.com/p/

Jesli nie zrob to

Wywal rowniez z dysku po uprzednim ubiciu w tasku nod32m2.exe
Bo mam watpliwosc co do tego ze to AntyVirus NOD32
Bobi
Dodano
31.10.2004 21:26:53
dobra a jezeli mi sie stronka www.more–pages.com i jej podobne ustawia bez przerwy jako startowa, albo jak wchodze na jakas strone i mnie na ten chłam przekierowuje to co mam zrobic??? z gory dziex wielkie za odpowiedz.:):):) acha i jeszcze mam jakiegos wirusa ktory "zjada" mi pliki exe uruchamiajace programy. nagranie od nowa programu nic nie daje... plik uruchamiajacy po chwili znika...
ponton86
Dodano
31.10.2004 19:56:41
Troche smiecia jest

Uruchom komputer w awaryjnym
Wyłacz Przywracanie
Zakoncz nastepujace procesy:
szchost.exe
jaitkv.exe

Wyszukaj i usun z HDD:
szchost.exe >> zwroc uwage na podobienstwo do systemowego svchost.exe
jaitkv.exe
31EY2B~1.DLL
lsas.exe >> zwroc uwage na podobienstwo do systemowego lsass.exe
casa.exe
ied_s7m.cab
jho5jue375.dll
ati2vid.exe
nosuch.mht!



C:WINDOWSSystem32jaitkv.exe
C:WINDOWSszchost.exe
R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://super–spider.com/sp.htm?id=11316
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://super–spider.com/sp.htm?id=11316
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://win–eto.com/hp.htm?id=11316
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://213.159.117.134/index.php
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://213.159.117.134/index.php
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://super–spider.com/sp.htm?id=11316
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSabout.htm
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://213.159.117.134/index.php
O2 – BHO: (no name) – {467FAEB2–5F5B–4c81–BAE0–2A4752CA7F4E} – C:WINDOWSSystem3231EY2B~1.DLL
O4 – HKLM..Run: [SYSTEM] lsas.exe
O4 – HKLM..Run: [tjzselubf] C:WINDOWSSystem32jaitkv.exe
04 – HKLM..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKLM..Run: [Zone system] C:WINDOWSszchost.exe
O4 – HKLM..RunServices: [SYSTEM] lsas.exe
O4 – HKLM..RunServices: [ATI VIDEO REGKEY] ati2vid.exe
O4 – HKCU..Run: [SYSTEM] lsas.exe
O4 – HKCU..Run: [ATI VIDEO REGKEY] ati2vid.exe
O4 – HKCU..Run: [SysTime] C:WINDOWSSystem32systime.exe
O4 – HKCU..Run: [Bscu] C:Documents and Settings!!!!!!!!!!!!!!!!!!Dane aplikacjicasa.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – (no file)

O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O13 – DefaultPrefix: http://more–pages.com/p/
O13 – WWW Prefix: http://more–pages.com/p/
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://c: osuch.mht!http://213.159.117.133/dl/adv96/x.chm::/load.exe
O16 – DPF: {11111111–1111–1111–1111–111111111181} – ms–its:mhtml:file://c:\nosuch.mht!http://line–plus.com/mshelp.chm::/mshelp.exe
O16 – DPF: {11111111–1111–1111–1111–111111113457} – file://c:ied_s7m.cab
O20 – AppInit_DLLs: jho5jue375.dll

Włacz Przywracanie

Co by nie bylo watpliwosci przelec system Ad–Awere, Spybotem S&D, CWShredder'em
+ kompleksowy scan uaktualnionym AV
Bobi
Dodano
31.10.2004 19:46:48
ponton86
Dodano:
31.10.2004 19:16:37
Komentarzy:
5
Strona 1 / 1