x-kom hosting

Problem z połączeniem

addiX
utworzono
utworzono

Wczoraj, ściągnąłem pewien program - był to chyba wirus. Gdy go uruchomiłem do programów startowych (EasyCleaner) dodało się 2x doom3d. Usunełem, lecz wirus sam się dodawał więc wyłączyłem doom3d i potem ze startu. Ale szkody pozostały. Jeżeli wchodzę na witryny WWW muszę dać 3 razy refresh by je wyświetliło, to samo jest z IRCem - trzy próby połączenia by się podłączyć - mój avast nic nie wykrył.

Proszę o pomoc - jeżeli chcesz napisać format - po prostu nie pisz ;).

skowrona
komentarz
komentarz

daj logi ;)

addiX
komentarz
komentarz
daj logi ;)

Loool, z czego?!

addiX
komentarz
komentarz

Ok, problem znasz.

Logfile of HijackThis v1.99.1Scan saved at 19:46:40, on 2007-04-01Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSExplorer.EXEC:Program FilesATI TechnologiesATI.ACEcli.exeC:Program FilesAnalog DevicesSoundMAXSMTray.exeC:Program FilesJavajre1.5.0_11binjusched.exeC:Programyavast!ashDisp.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesATI TechnologiesATI.ACECLI.exeC:Programyavast!aswUpdSv.exeC:Programyavast!ashServ.exeC:Program FilesIVT CorporationBlueSoleilBTNtService.exeC:Program FilesAnalog DevicesSoundMAXSMAgent.exeC:WINDOWSsystem32svchost.exeC:Programyavast!ashMaiSv.exeC:Programyavast!ashWebSv.exeC:ProgramyXfirexfire.exeC:Program FilesMozilla Firefoxfirefox.exeC:ProgramyGadu-Gadugg.exeC:Program FilesmIRCmirc.exeC:Documents and SettingsaddiXPulpitHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.eu.microsoft.com/poland/R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_11binssv.dllO4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtimeO4 - HKLM..Run: [smapp] C:Program FilesAnalog DevicesSoundMAXSMTray.exeO4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.5.0_11binjusched.exe"O4 - HKLM..Run: [avast!] "C:Programyavast!ashDisp.exe"O4 - Startup: Xfire.lnk = C:ProgramyXfirexfire.exeO4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:Program FilesATI TechnologiesATI.ACECLI.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:ProgramyMicrosoft Office XPOffice10EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11binssv.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSkype4COM.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Programyavast!aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exeO23 - Service: avast! Antivirus - Unknown owner - C:Programyavast!ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:Programyavast!ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:Programyavast!ashWebSv.exe" /service (file missing)O23 - Service: BlueSoleil Hid Service - Unknown owner - C:Program FilesIVT CorporationBlueSoleilBTNtService.exeO23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exeO23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
skowrona
komentarz
komentarz
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

usuń ten wpis ale to tylko kosmetyka ;)

doom3d. dobrze by było jak byś mi podał dokładną ścieszke dostępu to tego pliku wtedy by szło go usunąć

addiX
komentarz
komentarz
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

usuń ten wpis ale to tylko kosmetyka ;)

doom3d. dobrze by było jak byś mi podał dokładną ścieszke dostępu to tego pliku wtedy by szło go usunąć

Wcześniej było w system32 ale teraz już go niema w całym komputerze - gdy usunełem go ze startu w ogóle go nie ma.

CO ROBIĆ? :(

skowrona
komentarz
komentarz

daj mi jeszcze loga z tego

http://graj.info/forum/viewtopic.php?t=274

sory ale na forum nie ma opisu :P

addiX
komentarz
komentarz
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}"Steam" = "(empty string)" [file not found]HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}"ATICCC" = ""C:Program FilesATI TechnologiesATI.ACEcli.exe" runtime" [null data]"Smapp" = "C:Program FilesAnalog DevicesSoundMAXSMTray.exe" ["Analog Devices, Inc."]"SunJavaUpdateSched" = ""C:Program FilesJavajre1.5.0_11binjusched.exe"" ["Sun Microsystems, Inc."]"avast!" = ""C:Programyavast!ashDisp.exe"" [null data]HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"				   InProcServer32(Default) = "C:Program FilesJavajre1.5.0_11binssv.dll" ["Sun Microsystems, Inc."]HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"				   InProcServer32(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"				   InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"  -> {HKLM...CLSID} = "SimpleShlExt Class"				   InProcServer32(Default) = "C:Program FilesATI TechnologiesATI.ACEatiacmxx.dll" [empty string]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"  -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"				   InProcServer32(Default) = "C:Program FilesNeroNero 7Nero CoverDesignerCoverEdExtension.dll" ["Nero AG"]"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"				   InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"				   InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"				   InProcServer32(Default) = "C:ProgramyMicrosoft Office XPOffice10OLKFSTUB.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)				   InProcServer32(Default) = "C:ProgramyMicrosoft Office XPOffice10msohev.dll" [MS]"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"  -> {HKLM...CLSID} = "avast"				   InProcServer32(Default) = "C:Programyavast!ashShell.dll" ["ALWIL Software"]HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify<<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]HKLMSoftwareClassesFoldershellexColumnHandlers{7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"				   InProcServer32(Default) = "C:Program FilesCommon FilesAheadLibNeroDigitalExt.dll" ["Nero AG"]HKLMSoftwareClasses*shellexContextMenuHandlersavast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"				   InProcServer32(Default) = "C:Programyavast!ashShell.dll" ["ALWIL Software"]Cover Designer(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"  -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"				   InProcServer32(Default) = "C:Program FilesNeroNero 7Nero CoverDesignerCoverEdExtension.dll" ["Nero AG"]WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]HKLMSoftwareClassesDirectoryshellexContextMenuHandlersWinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]HKLMSoftwareClassesFoldershellexContextMenuHandlersavast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"  -> {HKLM...CLSID} = "avast"				   InProcServer32(Default) = "C:Programyavast!ashShell.dll" ["ALWIL Software"]WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer"NoWindowsUpdate" = (REG_DWORD) hex:0x00000001{User Configuration|Administrative Templates|Start Menu and Taskbar|Remove links and access to Windows Update}HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer"NoLowDiscSpaceChecks" = (REG_BINARY) hex:00 00 00 00 00 00 F0 3F{unrecognized setting}HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCUControl PanelDesktop"Wallpaper" = "C:Documents and SettingsaddiXUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"Startup items in "addiX" & "All Users" startup folders:-------------------------------------------------------C:Documents and SettingsaddiXMenu StartProgramyAutostart"Xfire" -> shortcut to: "C:ProgramyXfirexfire.exe" ["Xfire Inc."]C:Documents and SettingsAll UsersMenu StartProgramyAutostart"ATI CATALYST – pasek zadań" -> shortcut to: "C:Program FilesATI TechnologiesATI.ACECLI.exe SystemTray" [null data]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Etries {++}000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]Transport Service ProvidersHKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Enries {++}0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 24%SystemRoot%system32rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Extensions (Tools menu items, main toolbar menu buttons)HKLMSoftwareMicrosoftInternet ExplorerExtensions{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"				   InProcServer32(Default) = "C:Program FilesJavajre1.5.0_11binssv.dll" ["Sun Microsystems, Inc."]  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"				   InProcServer32(Default) = "C:Program FilesJavajre1.5.0_11binnpjpi150_11.dll" ["Sun Microsystems, Inc."]{FB5F1910-F110-11D2-BB9E-00C04F795683}"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."]avast! Antivirus, avast! Antivirus, ""C:Programyavast!ashServ.exe"" [null data]avast! iAVS4 Control Service, aswUpdSv, ""C:Programyavast!aswUpdSv.exe"" [null data]avast! Mail Scanner, avast! Mail Scanner, ""C:Programyavast!ashMaiSv.exe" /service" ["ALWIL Software"]avast! Web Scanner, avast! Web Scanner, ""C:Programyavast!ashWebSv.exe" /service" ["ALWIL Software"]BlueSoleil Hid Service, BlueSoleil Hid Service, "C:Program FilesIVT CorporationBlueSoleilBTNtService.exe" [null data]SoundMAX Agent Service, SoundMAX Agent Service (default), "C:Program FilesAnalog DevicesSoundMAXSMAgent.exe" ["Analog Devices, Inc."]Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]----------<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points, use the -supp parameter or answer "No" at the  first message box and "Yes" at the second message box.---------- (total run time: 95 seconds, including 5 seconds for message boxes)
skowrona
komentarz
komentarz

logi czyste wiec to nie jest wina wirusów

addiX
komentarz
komentarz

CO MAM ROBIĆ ! ?:(

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.