HijackThis Log


(Mztswk) #1

Prosze o sprawdzenie loga

Logfile of HijackThis v1.98.2

Scan saved at 17:24:42, on 2004-12-08

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\RAM Idle Standard\RAM_2K.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

C:\WINDOWS\system32\RaConfig.exe

C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Opera75\opera.exe

C:\Documents and Settings\Zarebski\Pulpit\Gry i programy\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.pl/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - C:\WINDOWS\system32\mscfg.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [RAM Idle] C:\Program Files\RAM Idle Standard\RAM_2K.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\Run: [Reg Service] REGSRV32.EXE

O4 - HKLM\..\RunServices: [Reg Service] REGSRV32.EXE

O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\PestPatrol\ppclean.exe" "clean" "ts:20041207232537926" "cws" "2"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3C8CFDAE-9E65-4219-9B55-836EE5A022F4}: NameServer = 194.204.159.1,194.204.152.34

Nie obeszło się bez reinstalki.

Miałem problem z usunięciem wszystkich wpisów po winlogon.exe i pousuwałem przy okazji kilka potrzebnych wpisów.


(Dragonlnx) #2

Ho ho !!

Start uruchom - msconfig - uruchamianie - odznacz:

Nerocheck

Jushed

nwiz


(Xiao19) #3

kasujesz tak w /tryb awaryjny/ jak mozesz to z dostepem do netu

O4 - HKLM..\Run: [Reg Service] REGSRV32.EXE

O4 - HKLM..\RunServices: [Reg Service] REGSRV32.EXE

[RBOT-GM WORM!]

O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe

[znasz zostawiasz /NIE/ kasacja]

wywalasz te pliki REGSRV32.EXE i ewent. te RaConfig.exe

zamykasz porty w tym progsie /ALL/

Windows Worms Doors Cleaner v1.4.1

http://www.firewallleaktester.com/tools/wwdc.exe

INFO:

http://forum.dobreprogramy.pl/viewtopic ... dows+worms

skan skanerami AV

--F-Secure--

http://support.f-secure.com/enu/home/ols.shtml

--GeCAD (RAV)--

http://www.ravantivirus.com/scan/

--Trend Micro (PC-cillin)--

http://housecall.trendmicro.com/houseca ... t_corp.asp

potem skan PestPatrolem


(Mztswk) #4

Dzięki Shark i Kamcia_18, ale chyba zrobie formata.

Coś namieszałem i niektóre programy nie działają.


(Dragonlnx) #5

Dokładnie co ??

ewent. Przywracanie Systemu !