Podgląd wydruku

Proszę o sprawdzenie loga

Tutaj możesz poprosić o pomoc po zainfekowaniu systemu przez wirusy, trojany etc.
Odpowiedz
Awatar użytkownika
wac_11
Nowicjusz
  • Posty: 2

Post 30 sie 2006, 15:03

Witam. Ciągle wyskakują mi jakieś okienka w mojej wyszukiwarce. Przeskanowałem system AntiVirem ale nic nie znalazł, więc daję loga do sprawdzenia. Proszę o pomoc.

Logfile of HijackThis v1.99.1
Scan saved at 13:45:55, on 2006-08-30
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32acs.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32rundll32.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32RUNDLL32.EXE
C:WINDOWSSystem32RunDll32.exe
C:Program FilesWinampwinampa.exe
C:Program FilesDAEMON Toolsdaemon.exe
C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
C:Program FilesAntiVir PersonalEdition Classicavgnt.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:WINDOWSSystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSaveSave.exe
C:Program FilesLogitechVideoFxSvr2.exe
C:Program FilesPLANET WL-8310WLANPRO.exe
C:Program FilesWinZipWZQKPICK.EXE
C:Program FilesivoUniSpiker-2.6uni_spiker-2.6.exe
C:Program FilesAntiVir PersonalEdition Classicsched.exe
C:Program FilesAntiVir PersonalEdition Classicavguard.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesNetwork Monitornetmon.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesGadu-Gadugg.exe
C:Documents and SettingsMUSIOŁPulpithijackthis(2)HijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:Program FilesDeskbardeskbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - d:steganos internet anonym pro 7siapro7iep.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe"
O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
O4 - HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
O4 - HKLM..Run: [avgnt] "C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSSystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [defender] C:\dfndrff_14.exe
O4 - HKLM..Run: [keyboard] C:\kybrdff_14.exe
O4 - HKLM..Run: [newname] C:\nwnmff_14.exe
O4 - HKLM..Run: [yesb301d] RUNDLL32.EXE w0022764.dll,n 003b301a0000000a0022764
O4 - HKLM..Run: [Anti Trojan Elite] C:Program FilesAnti Trojan EliteTJEnder.exe :NO
O4 - HKLM..RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [WhenUSave] "C:Program FilesSaveSave.exe"
O4 - HKCU..Run: [GoD] "C:Program FilesGoDGoD.exe" /tray
O4 - HKCU..Run: [Trust Cleaner] C:Program FilesTrust CleanerTrustCleaner.exe
O4 - HKCU..Run: [SIAPRO7] "D:Steganos Internet Anonym Pro 7SIAPRO7.exe" -boot
O4 - Startup: UniSpiker-2.6.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: PLANET WL-8310 Configuration Utility.lnk = ?
O4 - Global Startup: Reg.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:Program FilesWinZipWZQKPICK.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O20 - Winlogon Notify: MCD - C:WINDOWSsystem32g6jo0g13e6.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:WINDOWSSystem32acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:Program FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:WINDOWSTVVTSU+jcommand.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:Program FilesNetwork Monitornetmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
Na górę
Awatar użytkownika
Seth
Nowicjusz
  • Posty: 47

Post 30 sie 2006, 15:42

wylacz przywracanie systemu ,wejdz w tryb awaryjny windowsa f8 i usuwasz


R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
C:Program FilesSaveSave.exe
C:Program FilesNetwork Monitornetmon.exe
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM..Run: [defender] C:\dfndrff_14.exe
O4 - HKLM..Run: [keyboard] C:\kybrdff_14.exe
O4 - HKLM..Run: [newname] C:\nwnmff_14.exe

O4 - HKLM..Run: [yesb301d] RUNDLL32.EXE w0022764.dll,n 003b301a0000000a0022764
O23 - Service: Command Service (cmdService) - Unknown owner - C:WINDOWSTVVTSU+jcommand.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:Program FilesNetwork Monitornetmon.exe



zaznacz te wpisy w hijacku ,zafixuj ,to co pogrubilem usuwasz recznie z dysku

dodatkowo sciagnij i uruchom:
http://www.atribune.org/ccount/click.php?id=7

Po restarcie daj log do kontroli.
Na górę
Awatar użytkownika
wac_11
Nowicjusz
  • Posty: 2

Post 30 sie 2006, 17:23

Dzięki za pomoc. Już nic nie wyskakuje. Teraz log wygląda tak:

Logfile of HijackThis v1.99.1
Scan saved at 17:22:03, on 2006-08-30
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32acs.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32RUNDLL32.EXE
C:WINDOWSSystem32RunDll32.exe
C:Program FilesWinampwinampa.exe
C:Program FilesDAEMON Toolsdaemon.exe
C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
C:Program FilesAntiVir PersonalEdition Classicavgnt.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:WINDOWSSystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesSaveSave.exe
D:Steganos Internet Anonym Pro 7SIAPRO7.exe
C:Program FilesLogitechVideoFxSvr2.exe
C:Program FilesPLANET WL-8310WLANPRO.exe
C:Program FilesWinZipWZQKPICK.EXE
C:Program FilesivoUniSpiker-2.6uni_spiker-2.6.exe
C:Program FilesAntiVir PersonalEdition Classicsched.exe
C:Program FilesAntiVir PersonalEdition Classicavguard.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSSystem32wuauclt.exe
C:Documents and SettingsMUSIOŁPulpithijackthis(2)HijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:Program FilesDeskbardeskbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-781cd0e19f00} - d:steganos internet anonym pro 7siapro7iep.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe"
O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
O4 - HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exe
O4 - HKLM..Run: [avgnt] "C:Program FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSSystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [Anti Trojan Elite] C:Program FilesAnti Trojan EliteTJEnder.exe :NO
O4 - HKLM..RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [WhenUSave] "C:Program FilesSaveSave.exe"
O4 - HKCU..Run: [GoD] "C:Program FilesGoDGoD.exe" /tray
O4 - HKCU..Run: [Trust Cleaner] C:Program FilesTrust CleanerTrustCleaner.exe
O4 - HKCU..Run: [SIAPRO7] "D:Steganos Internet Anonym Pro 7SIAPRO7.exe" -boot
O4 - Startup: UniSpiker-2.6.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: PLANET WL-8310 Configuration Utility.lnk = ?
O4 - Global Startup: Reg.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:Program FilesWinZipWZQKPICK.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:WINDOWSSystem32acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:Program FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:WINDOWSTVVTSU+jcommand.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
Na górę
Awatar użytkownika
Serafin
Mentor
Mentor
  • Posty: 767

Post 30 sie 2006, 17:31

Kosmetycznie skasuj 8)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm


O4 - HKCU..Run: [WhenUSave] "C:Program FilesSaveSave.exe"


Folder skasowałeś :?:
Na górę
Awatar użytkownika
Seth
Nowicjusz
  • Posty: 47

Post 31 sie 2006, 10:54

dodatkowo do usuniecia w hijacku:

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.findthewebsiteyouneed.com



pozbadz sie tego badziewia:

O4 - HKCU..Run: [Trust Cleaner] C:Program FilesTrust CleanerTrustCleaner.exe
O4 - HKLM..RunServices: [p2p networking] p2pnetworking.exe


zostaje jeszcze:

O23 - Service: Command Service (cmdService) - Unknown owner - C:WINDOWSTVVTSU+jcommand.exe (file missing)


wykonaj działanie:

Start >>> Uruchom >>> cmd i wklep komendę:


sc delete cmdService

a wpis 023 skasuj w hijacku
Na górę
Awatar użytkownika
Stary
Amator
  • Posty: 118

Post 13 lis 2011, 11:41

po dzialaniach log kontrolny ;)
Na górę
Odpowiedz

Wróć do Pomoc po zainfekowaniu

Kto jest online

Użytkownicy przeglądający ten temat: Obecnie na forum nie ma żadnego zarejestrowanego użytkownika i 1 gość