jamper
(Jamper3)
#1
Hej mam prośbę kumplowi coś kiepsko chodzi net wrzucam loga do sprawdzenia
Logfile of HijackThis v1.99.1
Scan saved at 17:42:22, on 2005-10-09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\oodag.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\programy\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - D:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - D:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [eDonkey2000] "D:\Program Files\eDonkey2000\eDonkey2000.exe" -t
O4 - HKLM\..\Run: [FastCache] D:\Program Files\AnalogX\FastCache\fc.exe
O4 - HKLM\..\Run: [Anti Trojan Elite] D:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [Outpost Firewall] "D:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - D:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{251F4414-4869-4904-93B8-DBE844B3DCB9}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{251F4414-4869-4904-93B8-DBE844B3DCB9}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\System32\oodag.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - E:\Outpost Firewall 1.0\outpost.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
a w dodatku duże ma obciążenie procesu "csrss.exe’.
Z góry dzięki
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - D:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - D:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O4 - HKLM\..\Run: [FastCache] D:\Program Files\AnalogX\FastCache\fc.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
Poczytaj też tutaj:
http://www.doxdesk.com/parasite/NewDotNet.html
(po angielsku)
jamper
(Jamper3)
#3
Prosba co z tym zrobić bo z angielskim słabo.
Usuń najpierw wpisy, które podałem.
Potem wejdź w Dodaj/usuń programy i odinstaluj coś z tej listy:
New.net domains
FirstLook
QuickSearch Toolbar
Zrób nowy log i wklej go.
Możesz też zoptymalizować działanie usług Windowsa:
http://www.xp.net.pl/art/services_optimiz_pl.html
jamper
(Jamper3)
#5
No zrobiłem co napisałes o to log
Logfile of HijackThis v1.99.1
Scan saved at 18:42:33, on 2005-10-09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\oodag.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
D:\Program Files\Anti Trojan Elite\TJEnder.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\D-Link AirPlus\AirPlus.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Documents and Settings\programy\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [eDonkey2000] "D:\Program Files\eDonkey2000\eDonkey2000.exe" -t
O4 - HKLM\..\Run: [Anti Trojan Elite] D:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - D:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{251F4414-4869-4904-93B8-DBE844B3DCB9}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{251F4414-4869-4904-93B8-DBE844B3DCB9}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{251F4414-4869-4904-93B8-DBE844B3DCB9}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\System32\oodag.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - E:\Outpost Firewall 1.0\outpost.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
kuz5
(Kuz5)
#7
Panie longpaul chciałbym ci zwrócic uwage iz wpisów 010 nie usuwa sie HijackThisem tylko narzędziem LSP-Fix, mogło dojść do utraty neta. :evil:
To jest moja osotatnie słowne ostrzezenie