x-kom hosting

Komputer się tnie, chyba jest wirus, sprawdzenie loga proszę

tristan202

tristan202

utworzono
utworzono

Tak jak w temacie, komputer strasznie się tnie i proszę o sprawdzenie logów.

Hijackthis:

Logfile of HijackThis v1.99.1Scan saved at 15:10:25, on 2007-07-20Platform: Windows XP  (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSSystem32FTRTSVC.exeD:Program FilesProgramy internetoweNod32nod32krn.exeC:Program FilesCyberlinkShared filesRichVideo.exeC:WINDOWSExplorer.EXEC:WINDOWSSystem32RUNDLL32.EXED:Program FilesProgramy internetoweBearShareBearShare.exeC:Program FilesCommon FilesRealUpdate_OBrealsched.exeD:Program FilesProgramyWinampwinampa.exeD:Program FilesProgramyPower DVDPDVDServ.exeC:WINDOWSSystem32spooldriversw32x863hpztsb09.exeC:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exeC:Program FilesHPhpcoretechhpcmpmgr.exeC:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exeC:WINDOWSSystem32rundll32.exeC:WINDOWSMixer.exeD:Program FilesProgramy internetoweNod32nod32kui.exeD:Program FilesProgramy internetoweAresAres.exeC:Program FilesSkypePhoneSkype.exeC:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exeC:PROGRA~1NEOSTR~1TaskBarIcon.exeC:WINDOWSSystem32msq23.exeD:Program FilesProgramyKalendarz XPKalendarz.exeC:Program FilesHPhpcoretechcomphptskmgr.exeC:Program FilesSkypePlugin ManagerSkypePM.exeC:Program Filesneostrada tpneostradatp.exeC:Program Filesneostrada tpComComp.exeC:PROGRA~1NEOSTR~1Toaster.exeC:PROGRA~1NEOSTR~1Inactivity.exeC:PROGRA~1NEOSTR~1PollingModule.exeC:WINDOWSSystem32ALERTM~1ALERTM~1.EXEC:Program Filesneostrada tpWatch.exeD:Program FilesProgramy internetoweGadu-Gadugg.exeC:Program FilesInternet ExplorerIEXPLORE.EXEE:Nowy folderHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.plR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = neostrada tpR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLLR3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:Program FilesShare_Accelerator_MMtbShar.dllF3 - REG:win.ini: run= O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:PROGRA~1SkypePhoneIEPluginSKYPEI~1.DLLO2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLLO2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:Program FilesShare_Accelerator_MMtbShar.dllO2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:Program FilesProgramyExpressivo DemoIH_iexplore.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dllO3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLLO3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - D:Program FilesProgramyExpressivo DemoIH_iexplore.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocxO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dllO3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:Program FilesShare_Accelerator_MMtbShar.dllO4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartupO4 - HKLM..Run: [nwiz] nwiz.exe /installO4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInitO4 - HKLM..Run: [bearShare] "D:Program FilesProgramy internetoweBearShareBearShare.exe" /pauseO4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe"  -osbootO4 - HKLM..Run: [WinampAgent] D:Program FilesProgramyWinampwinampa.exeO4 - HKLM..Run: [RemoteControl] "D:Program FilesProgramyPower DVDPDVDServ.exe"O4 - HKLM..Run: [LanguageShortcut] "D:Program FilesProgramyPower DVDLanguageLanguage.exe"O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exeO4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb09.exeO4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe"O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"O4 - HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett-PackardDigital Imagingbinhpotdd01.exeO4 - HKLM..Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBarO4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exeO4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1GestMaj.exe TaskBarIcon.exeO4 - HKLM..Run: [WMI Standard Event Consumer - Scripting] C:WINDOWSsystem32scrcons32.exeO4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM..Run: [nod32kui] "D:Program FilesProgramy internetoweNod32nod32kui.exe" /WAITSERVICEO4 - HKLM..Run: [5684735485910] netdll.exeO4 - HKLM..Run: [internet Security Service ] msq23.exeO4 - HKLM..RunServices: [WMI Standard Event Consumer - Scripting] C:WINDOWSsystem32scrcons32.exeO4 - HKLM..RunServices: [5684735485910] netdll.exeO4 - HKLM..RunServices: [internet Security Service ] msq23.exeO4 - HKCU..Run: [ares] "D:Program FilesProgramy internetoweAresAres.exe" -hO4 - HKCU..Run: [skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimizedO4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exeO4 - HKCU..Run: [eMuleAutoStart] D:Program FilesProgramy internetoweeMuleemule.exe -AutoStartO4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesProgramy internetoweGadu-Gadugg.exe" /trayO4 - HKCU..Run: [internet Security Service ] msq23.exeO4 - Global Startup: Microsoft Office.lnk = D:Program FilesProgramyMicrosoft Office 2000OfficeOSA9.EXEO4 - Global Startup: Kalendarz XP.lnk = D:Program FilesProgramyKalendarz XPKalendarz.exeO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:PROGRA~1SkypePhoneIEPluginSKYPEI~1.DLLO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htmO9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htmO17 - HKLMSystemCCSServicesTcpip..{74CCD59C-487A-4817-83F6-AB25390A2AB4}: NameServer = 194.204.159.1 217.98.63.164O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLLO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:Program FilesProgramy internetoweAreschatServer.exeO23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:WINDOWSSystem32FTRTSVC.exeO23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - D:Program FilesProgramy internetoweNod32nod32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:WINDOWSSystem32nvsvc32.exe (file missing)O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberlinkShared filesRichVideo.exe

CatchMe

CatchMe

komentarz
komentarz

Zablokuj porty programami WWDC i Seconfig XP

Wejdź w tryb awaryjny.

Najpierw usuwasz wpisy w Hijackthis, następnie pogrubione pliki ręcznie z dysku:

C:WINDOWSSystem32msq23.exe

C:WINDOWSSystem32ALERTM~1ALERTM~1.EXE

F3 - REG:win.ini: run=

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O4 - HKLM..Run: [WMI Standard Event Consumer - Scripting] C:WINDOWSsystem32scrcons32.exe

O4 - HKLM..Run: [5684735485910] netdll.exe

O4 - HKLM..Run: [internet Security Service ] msq23.exe

O4 - HKLM..RunServices: [WMI Standard Event Consumer - Scripting] C:WINDOWSsystem32scrcons32.exe

O4 - HKLM..RunServices: [5684735485910] netdll.exe

O4 - HKLM..RunServices: [internet Security Service ] msq23.exe

O4 - HKCU..Run: [internet Security Service ] msq23.exe

- Następnie wklejasz log z HijackThis i ComboFix.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

Zadaj pytanie bez logowania
Przejdź do listy tematów
×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.

  Akceptuję