CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Prośba o sprawdzenie loga

Prośba o sprawdzenie loga

Zmieniła mi się tapeta na pulpicie i niemoge jej zmienić moźe problem tkwi tu..
Z góry dzięki za pomoc :lol:
Logfile of HijackThis v1.99.0
Scan saved at 16:35:55, on 2005–02–12
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSYSTEM32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesEset od32krn.exe
C:WINDOWSSystem32svzhost.exe
C:WINDOWSSystem32Systoy.exe
C:WINDOWSSystem32SDK0mCORE.exe
C:Program FilesEset od32kui.exe
C:Program FilesInternet Exploreriexplore.exe
C:HijackThis.exe

R1 – HKLMSoftwareMicrosoftInternet Explorer,SearchURL = http://v73.us/search.htm
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://v73.us/search.htm
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: RichFind – {E5A2678F–DA83–4D2E–BA85–6236E90098FA} – C:WINDOWS ichfind.dll
F3 – REG:win.ini: run=C:WINDOWSinet10055services.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:Program FilesYahoo!CompanionInstallscpnycomp5_3_19_0.dll
O3 – Toolbar: RichFind – {E5A2678F–DA83–4D2E–BA85–6236E90098FA} – C:WINDOWS ichfind.dll
O4 – HKLM..Run: [xp_system] C:WINDOWSinet10055services.exe
O4 – HKLM..Run: [wuviewer] C:WINDOWSSystem32wuviewer.exe
O4 – HKLM..Run: [nod32kui] "C:Program FilesEset od32kui.exe" /WAITSERVICE
O4 – HKLM..Run: [Microsoft Windows Update] svzhost.exe
O4 – HKLM..Run: [Sms Systems] Systoy.exe
O4 – HKLM..Run: [sdkupdate22] SDK0mCORE.exe
O4 – HKLM..RunServices: [Microsoft Windows Update] svzhost.exe
O4 – HKLM..RunServices: [Yahoo Messenger] YPager.EXE
O4 – HKLM..RunServices: [Microsoft Update] vpc32.exe
O4 – HKLM..RunServices: [Sms Systems] Systoy.exe
O4 – HKLM..RunServices: [Windows PDG] winpdgs.exe
O4 – HKLM..RunServices: [winmgr.exe] scvhost.exe
O4 – HKLM..RunServices: [IExplorer] microsoft.exe
O4 – HKLM..RunServices: [sdkupdate22] SDK0mCORE.exe
O4 – HKLM..RunServices: [SDKz0r] SDKc55rezzz2.exe
O4 – HKLM..RunServices: [FaxModem] dcaueyre.exe
O4 – HKLM..RunServices: [wuviewer] C:WINDOWSSystem32wuviewer.exe
O4 – HKLM..RunOnce: [Microsoft Windows Update] svzhost.exe
O4 – HKLM..RunOnce: [Sms Systems] Systoy.exe
O4 – HKLM..RunOnce: [sdkupdate22] SDK0mCORE.exe
O4 – HKCU..Run: [xp_system] C:WINDOWSinet10055services.exe
O4 – HKCU..Run: [wuviewer] C:WINDOWSSystem32wuviewer.exe
O4 – HKCU..Run: [Microsoft Windows Update] svzhost.exe
O4 – HKCU..Run: [Sms Systems] Systoy.exe
O4 – HKCU..Run: [sdkupdate22] SDK0mCORE.exe
O4 – HKCU..RunOnce: [Microsoft Windows Update] svzhost.exe
O4 – HKCU..RunOnce: [Sms Systems] Systoy.exe
O4 – HKCU..RunOnce: [sdkupdate22] SDK0mCORE.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_04in pjpi142_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.2_04in pjpi142_04.dll
O12 – Plugin for .mov: C:Program FilesInternet ExplorerPLUGINS pqtplugin.dll
O12 – Plugin for .tif: C:Program FilesInternet ExplorerPLUGINS pqtplugin5.dll
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: (HKLM)
O16 – DPF: {11456451–1561–1111–1000–134466001123} – ms–its:mhtml:file://C:MAIN.MHT!http://www.wofldsex.com///cj.chm::/project1.exe
O16 – DPF: {DF780F87–FF2B–4DF8–92D0–73DB16A1543A} (PopCapLoader Object) – http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O20 – AppInit_DLLs: PAVWAIT.DLL
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSSystem32Ghjmqg32.dll
O23 – Service: Ati HotKey Poller – Unknown – C:WINDOWSSystem32Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:WINDOWSsystem32ati2sgag.exe
O23 – Service: Manageer Network Connections – Unknown – C:WINDOWSSystem32 elcmd.exe
O23 – Service: NOD32 Kernel Service – Unknown – C:Program FilesEset od32krn.exe
O23 – Service: Symantec Network Drivers Service – Unknown – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe (file missing)
O23 – Service: Working Network Connections – Unknown – C:WINDOWSSystem32hicom.exe

Odpowiedzi: 1

Multum robali

Wylacz przywracanie

Zakoncz procesy:
svzhost.exe
Systoy.exe
SDK0mCORE.exe

Usun z dysku:
svzhost.exe
Systoy.exe
SDK0mCORE.exe
richfind.dll
C:WINDOWSinet10055
C:Program FilesYahoo!
YPager.EXE
wuviewer.exe
vpc32.exe
winpdgs.exe
scvhost.exe
microsoft.exe
SDKc55rezzz2.exe
dcaueyre.exe
Ghjmqg32.dll
telcmd.exe
hicom.exe

FIX:
R1 – HKLMSoftwareMicrosoftInternet Explorer,SearchURL = http://v73.us/search.htm
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://v73.us/search.htm
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R3 – URLSearchHook: RichFind – {E5A2678F–DA83–4D2E–BA85–6236E90098FA} – C:WINDOWS ichfind.dll
F3 – REG:win.ini: run=C:WINDOWSinet10055services.exe
O3 – Toolbar: Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:Program FilesYahoo!CompanionInstallscpnycomp5_3_19_0.dll
O3 – Toolbar: RichFind – {E5A2678F–DA83–4D2E–BA85–6236E90098FA} – C:WINDOWS ichfind.dll
O4 – HKLM..Run: [xp_system] C:WINDOWSinet10055services.exe
O4 – HKLM..Run: [wuviewer] C:WINDOWSSystem32wuviewer.exe
O4 – HKLM..Run: [Microsoft Windows Update] svzhost.exe
O4 – HKLM..Run: [Sms Systems] Systoy.exe
O4 – HKLM..Run: [sdkupdate22] SDK0mCORE.exe
O4 – HKLM..RunServices: [Microsoft Windows Update] svzhost.exe
O4 – HKLM..RunServices: [Yahoo Messenger] YPager.EXE
O4 – HKLM..RunServices: [Microsoft Update] vpc32.exe
O4 – HKLM..RunServices: [Sms Systems] Systoy.exe
O4 – HKLM..RunServices: [Windows PDG] winpdgs.exe
O4 – HKLM..RunServices: [winmgr.exe] scvhost.exe
O4 – HKLM..RunServices: [IExplorer] microsoft.exe
O4 – HKLM..RunServices: [sdkupdate22] SDK0mCORE.exe
O4 – HKLM..RunServices: [SDKz0r] SDKc55rezzz2.exe
O4 – HKLM..RunServices: [FaxModem] dcaueyre.exe
O4 – HKLM..RunServices: [wuviewer] C:WINDOWSSystem32wuviewer.exe
O4 – HKLM..RunOnce: [Microsoft Windows Update] svzhost.exe
O4 – HKLM..RunOnce: [Sms Systems] Systoy.exe
O4 – HKLM..RunOnce: [sdkupdate22] SDK0mCORE.exe
O4 – HKCU..Run: [xp_system] C:WINDOWSinet10055services.exe
O4 – HKCU..Run: [wuviewer] C:WINDOWSSystem32wuviewer.exe
O4 – HKCU..Run: [Microsoft Windows Update] svzhost.exe
O4 – HKCU..Run: [Sms Systems] Systoy.exe
O4 – HKCU..Run: [sdkupdate22] SDK0mCORE.exe
O4 – HKCU..RunOnce: [Microsoft Windows Update] svzhost.exe
O4 – HKCU..RunOnce: [Sms Systems] Systoy.exe
O4 – HKCU..RunOnce: [sdkupdate22] SDK0mCORE.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: (HKLM)
O16 – DPF: {11456451–1561–1111–1000–134466001123} – ms–its:mhtml:file://C:MAIN.MHT!http://www.wofldsex.com///cj.chm::/project1.exe
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSSystem32Ghjmqg32.dll
O23 – Service: Manageer Network Connections – Unknown – C:WINDOWSSystem32 elcmd.exe

O23 – Service: Symantec Network Drivers Service – Unknown – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe (file missing)
O23 – Service: Working Network Connections – Unknown – C:WINDOWSSystem32hicom.exe
Bobi
Dodano
12.02.2005 18:35:31
demixus
Dodano:
12.02.2005 17:37:27
Komentarzy:
1
Strona 1 / 1