Proszę o sprawdzenie LOGA i komentarz do tego
Proszę o pomoc. Coraz wolniej chodzi mi komp
OTO MOJ LOG:
Logfile of HijackThis v1.99.0
Scan saved at 18:26:35, on 2005–02–06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAVPersonalAVWUPSRV.EXE
C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
C:WINDOWSsystem32 vsvc32.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:WINDOWSExplorer.EXE
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:Program FilesWinampwinampa.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesTlen.pl len.exe
C:Program FilesMicrotek ScanSuiteSDetect.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1ekekeUSTAWI~1TempRar$EX00.254HijackThis.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://onet.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar2.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar2.dll
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [SysTime] C:WINDOWSsystem32systime.exe
O4 – HKLM..Run: [System Service] C:WINDOWSsystem32msrexe.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O4 – HKCU..Run: [SysTime] C:WINDOWSsystem32systime.exe
O4 – HKCU..Run: [sr64] C:Documents and SettingsekekeDane aplikacjiMicrosoftsr64hclbflbl.exe
O4 – Global Startup: Scanner Detector.lnk = C:Program FilesMicrotek ScanSuiteSDetect.exe
O8 – Extra context menu item: &Google Search – res://c:program filesgoogleGoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:program filesgoogleGoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:program filesgoogleGoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 – Extra context menu item: Similar Pages – res://c:program filesgoogleGoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:program filesgoogleGoogleToolbar2.dll/cmtrans.html
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSsystem32Aciamemn.dll (file missing)
O23 – Service: AntiVir Update – H+BEDV Datentechnik GmbH, Germany – C:Program FilesAVPersonalAVWUPSRV.EXE
O23 – Service: Kerio Personal Firewall 4 – Kerio Technologies – C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSsystem32 vsvc32.exe
OTO MOJ LOG:
Logfile of HijackThis v1.99.0
Scan saved at 18:26:35, on 2005–02–06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAVPersonalAVWUPSRV.EXE
C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
C:WINDOWSsystem32 vsvc32.exe
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:WINDOWSExplorer.EXE
C:Program FilesKerioPersonal Firewall 4kpf4gui.exe
C:Program FilesWinampwinampa.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesTlen.pl len.exe
C:Program FilesMicrotek ScanSuiteSDetect.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesWinRARWinRAR.exe
C:DOCUME~1ekekeUSTAWI~1TempRar$EX00.254HijackThis.exe
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://onet.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:program filesgooglegoogletoolbar2.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:program filesgooglegoogletoolbar2.dll
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [SysTime] C:WINDOWSsystem32systime.exe
O4 – HKLM..Run: [System Service] C:WINDOWSsystem32msrexe.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O4 – HKCU..Run: [SysTime] C:WINDOWSsystem32systime.exe
O4 – HKCU..Run: [sr64] C:Documents and SettingsekekeDane aplikacjiMicrosoftsr64hclbflbl.exe
O4 – Global Startup: Scanner Detector.lnk = C:Program FilesMicrotek ScanSuiteSDetect.exe
O8 – Extra context menu item: &Google Search – res://c:program filesgoogleGoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:program filesgoogleGoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:program filesgoogleGoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 – Extra context menu item: Similar Pages – res://c:program filesgoogleGoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:program filesgoogleGoogleToolbar2.dll/cmtrans.html
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSsystem32Aciamemn.dll (file missing)
O23 – Service: AntiVir Update – H+BEDV Datentechnik GmbH, Germany – C:Program FilesAVPersonalAVWUPSRV.EXE
O23 – Service: Kerio Personal Firewall 4 – Kerio Technologies – C:Program FilesKerioPersonal Firewall 4kpf4ss.exe
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSsystem32 vsvc32.exe
Odpowiedzi: 1
Wylaczasz przywracanie
Usuwasz z HDD:
systime.exe >> trojan CWS
msrexe.exe >> Backdoor.Jeem
FIX:
Jakby te trusted IP nie chciałby sobie pojsc to sciagnij DelDomains.inf
Znasz to: O4 – HKCU..Run: [sr64] C:Documents and SettingsekekeDane aplikacjiMicrosoftsr64hclbflbl.exe
Jesli nie to wywal
Usuwasz z HDD:
systime.exe >> trojan CWS
msrexe.exe >> Backdoor.Jeem
FIX:
O4 – HKLM..Run: [SysTime] C:WINDOWSsystem32systime.exe
O4 – HKLM..Run: [System Service] C:WINDOWSsystem32msrexe.exe
O4 – HKCU..Run: [SysTime] C:WINDOWSsystem32systime.exe
O15 – Trusted Zone: *.blazefind.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.flingstone.com
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchbarcash.com
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotch.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.xxxtoolbar.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.blazefind.com (HKLM)
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.flingstone.com (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchbarcash.com (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotch.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O21 – SSODL: Web Event Logger – {7EFBAEFF–EE02–1333–ABDF–416572E5D639} – C:WINDOWSsystem32Aciamemn.dll (file missing)
Jakby te trusted IP nie chciałby sobie pojsc to sciagnij DelDomains.inf
Znasz to: O4 – HKCU..Run: [sr64] C:Documents and SettingsekekeDane aplikacjiMicrosoftsr64hclbflbl.exe
Jesli nie to wywal
Strona 1 / 1