Prośba o sprawdzenie loga


(Jamper3) #1

Hej mam prośbę kumplowi coś kiepsko chodzi net wrzucam loga do sprawdzenia

Logfile of HijackThis v1.99.1

Scan saved at 17:42:22, on 2005-10-09

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\WINDOWS\System32\oodag.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

D:\Program Files\Gadu-Gadu\gg.exe

D:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Documents and Settings\programy\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - D:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll

O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - D:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll

O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [eDonkey2000] "D:\Program Files\eDonkey2000\eDonkey2000.exe" -t

O4 - HKLM\..\Run: [FastCache] D:\Program Files\AnalogX\FastCache\fc.exe

O4 - HKLM\..\Run: [Anti Trojan Elite] D:\Program Files\Anti Trojan Elite\TJEnder.exe :NO

O4 - HKLM\..\Run: [Outpost Firewall] "D:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: D-Link AirPlus.lnk = ?

O8 - Extra context menu item: Download All by FlashGet - D:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - D:\PROGRA~1\FlashGet\jc_link.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{251F4414-4869-4904-93B8-DBE844B3DCB9}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{251F4414-4869-4904-93B8-DBE844B3DCB9}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\System32\oodag.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - E:\Outpost Firewall 1.0\outpost.exe (file missing)

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

a w dodatku duże ma obciążenie procesu "csrss.exe'.

Z góry dzięki


(Pablo Spam) #2
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - D:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - D:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll

O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - D:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll 

O4 - HKLM\..\Run: [FastCache] D:\Program Files\AnalogX\FastCache\fc.exe 

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

Poczytaj też tutaj:

http://www.doxdesk.com/parasite/NewDotNet.html

(po angielsku)


(Jamper3) #3

Prosba co z tym zrobić bo z angielskim słabo.


(Pablo Spam) #4

Usuń najpierw wpisy, które podałem.

Potem wejdź w Dodaj/usuń programy i odinstaluj coś z tej listy:

New.net domains

FirstLook

QuickSearch Toolbar

Zrób nowy log i wklej go.

Możesz też zoptymalizować działanie usług Windowsa:

http://www.xp.net.pl/art/services_optimiz_pl.html


(Jamper3) #5

No zrobiłem co napisałes o to log

Logfile of HijackThis v1.99.1

Scan saved at 18:42:33, on 2005-10-09

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\System32\nvsvc32.exe

D:\WINDOWS\System32\oodag.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

D:\Program Files\Anti Trojan Elite\TJEnder.exe

D:\Program Files\Gadu-Gadu\gg.exe

D:\Program Files\Skype\Phone\Skype.exe

D:\Program Files\D-Link AirPlus\AirPlus.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe

D:\WINDOWS\System32\wuauclt.exe

D:\Documents and Settings\programy\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [eDonkey2000] "D:\Program Files\eDonkey2000\eDonkey2000.exe" -t

O4 - HKLM\..\Run: [Anti Trojan Elite] D:\Program Files\Anti Trojan Elite\TJEnder.exe :NO

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: D-Link AirPlus.lnk = ?

O8 - Extra context menu item: Download All by FlashGet - D:\PROGRA~1\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - D:\PROGRA~1\FlashGet\jc_link.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe

O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{251F4414-4869-4904-93B8-DBE844B3DCB9}: NameServer = 192.168.0.1

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{251F4414-4869-4904-93B8-DBE844B3DCB9}: NameServer = 192.168.0.1

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 127.0.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{251F4414-4869-4904-93B8-DBE844B3DCB9}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\System32\oodag.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - E:\Outpost Firewall 1.0\outpost.exe (file missing)

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

(Gutek) #6

LOG OK :stuck_out_tongue:


(Kuz5) #7

Panie longpaul chciałbym ci zwrócic uwage iz wpisów 010 nie usuwa sie HijackThisem tylko narzędziem LSP-Fix, mogło dojść do utraty neta. :evil:

To jest moja osotatnie słowne ostrzezenie