ziolo
(zioło)
1 Marzec 2006 16:31
#1
Prosilbym o sprawdzenie loga bo ostatnio cly zcas wyskakuje mi wiadomosc o trojanie
Logfile of HijackThis v1.99.1 Scan saved at 13:46:22, on 2006-03-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe e:\Program Files\Alwil Software\Avast4\ashServ.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe E:\Program Files\D-Tools\daemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe E:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe e:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\NEOSTR~1\Watch.exe E:\Program Files\przeglądarka firefox\firefox.exe E:\downolads\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing O1 - Hosts: localhost 127.0.0.1 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe O4 - HKLM…\Run: [DAEMON Tools-1033] “E:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [yaemu.exe] C:\WINDOWS\system32\yaemu.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “E:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [unSpyPC] “C:\Program Files\UnSpyPC\UnSpyPC.exe” O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (file missing) (HKCU) O9 - Extra ‘Tools’ menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (file missing) (HKCU) O17 - HKLM\System\CCS\Services\Tcpip…{0B367E03-0945-47C3-B400-783D79FCCB6B}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CCS\Services\Tcpip…{D9275549-0E73-4FF5-807C-A277C80F9020}: NameServer = 85.255.113.91,85.255.112.180 O17 - HKLM\System\CS1\Services\Tcpip…{0B367E03-0945-47C3-B400-783D79FCCB6B}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
Złączono Posta : 01.03.2006 (Sro) 18:49
Jescze jedno.Avas co 5-10minut wywalami cos takiego http://www.fotosik.pl/pokaz_obrazek/y4aqhl1xw74n0351.html
Raz jest to trojan a dwa razy reklamiarz bardzo mnie to denerwuje pozcie
olek96
(Olek96)
1 Marzec 2006 18:02
#2
cześć dj.Do wywalenia:
O4 - HKLM…\Run: [yaemu.exe] C:\WINDOWS\system32\yaemu.exe
O4 - HKCU…\Run: [unSpyPC] “C:\Program Files\UnSpyPC\UnSpyPC.exe”(
to chyba spyware chyba że instalowałeś sam program.Jeśli nie to to wywal.
O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (file missing) (HKCU)
O9 - Extra ‘Tools’ menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (file missing) (HKCU)
HKLM\System\CCS\Services\Tcpip…{D9275549-0E73-4FF5-807C-A277C80F9020}: NameServer = 85.255.113.91,85.255.112.180
O17 - HKLM\System\CS1\Services\Tcpip…{0B367E03-0945-47C3-B400-783D79FCCB6B}: NameServer = 217.98.63.164
niech to jeszcze ktoś sprawdzi ale myśle że się aż tak nie mogłem pomylić.
Pozdro!
ziolo
(zioło)
1 Marzec 2006 18:41
#4
Logfile of HijackThis v1.99.1 Scan saved at 19:41:58, on 2006-03-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe e:\Program Files\Alwil Software\Avast4\ashServ.exe E:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe E:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\wbem\wmiprvse.exe e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe e:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe E:\Program Files\przeglądarka firefox\firefox.exe E:\downolads\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing O1 - Hosts: localhost 127.0.0.1 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe O4 - HKLM…\Run: [DAEMON Tools-1033] “E:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “E:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip…{0B367E03-0945-47C3-B400-783D79FCCB6B}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CCS\Services\Tcpip…{D9275549-0E73-4FF5-807C-A277C80F9020}: NameServer = 85.255.113.91,85.255.112.180 O17 - HKLM\System\CS1\Services\Tcpip…{0B367E03-0945-47C3-B400-783D79FCCB6B}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - e:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
I jak log jest czysty??
Przy okazji prosilbym o padanie nie potrzebnych rzeczy ktore mge wyzucic z autostartu.
Gutek
(Gutek)
1 Marzec 2006 19:36
#6
nie odznaczaj
Panel sterowania >>> Ustawienia regionalne >>> Języki >>> Detale >>> Zaawansowane >>> odznaczyć usługi tekstowe, zrób tak jeżeli nie używasz innych języków przy pisaniu.
Panel sterowania >>> Java Plug-in >>> Update >>> odptaszkuj Check for updates automatically