Prosze o sprawdzenia loga

Dla specjalistów Bezpieczeństwo
#1 
Logfile of HijackThis v1.99.1 

Scan saved at 14:38:00, on 2005-08-03 

Platform: Windows XP (WinNT 5.01.2600) 

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) 


Running processes: 

C:\WINDOWS\System32\smss.exe 

C:\WINDOWS\system32\csrss.exe 

C:\WINDOWS\SYSTEM32\winlogon.exe 

C:\WINDOWS\system32\services.exe 

C:\WINDOWS\system32\lsass.exe 

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe 

C:\WINDOWS\system32\svchost.exe 

C:\WINDOWS\System32\svchost.exe 

C:\WINDOWS\System32\svchost.exe 

C:\WINDOWS\Explorer.EXE 

C:\WINDOWS\System32\svchost.exe 

C:\WINDOWS\system32\spoolsv.exe 

C:\WINDOWS\System32\RunDll32.exe 

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE 

C:\Program Files\Winamp\winampa.exe 

C:\WINDOWS\System32\ctfmon.exe 

C:\Program Files\Kalendarz XP\Kalendarz.exe 

C:\WINDOWS\System32\Ati2evxx.exe 

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe 

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe 

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe 

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe 

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE 

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe 

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe 

C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe 

C:\Program Files\Internet Explorer\iexplore.exe 

C:\WINDOWS\System32\wuauclt.exe 

C:\Program Files\Gadu-Gadu\gg.exe 

C:\Program Files\Internet Explorer\iexplore.exe 

C:\WINDOWS\system32\NOTEPAD.EXE 

C:\Documents and Settings\Magda\Moje dokumenty\HijackThis.exe 


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =  

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =  

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza 

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll 

O2 - BHO: (no name) - {33BCE033-AC51-48CB-9486-7783D6878618} - C:\WINDOWS\System32\pdkp.dll (file missing) 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll 

O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL (file missing) 

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll 

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd 

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s 

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k 

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause 

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe 

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe 

O4 - HKCU\..\Run: [Microsoft Windows Update] svmhost.exe 

O4 - HKCU\..\Run: [Microsoft Synchronization Manager] ___synmgr.exe 

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray 

O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE 

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html 

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html 

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html 

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html 

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll 

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm 

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm 

O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll 

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll 

O15 - Trusted Zone: *.blazefind.com 

O15 - Trusted Zone: *.clickspring.net 

O15 - Trusted Zone: *.flingstone.com 

O15 - Trusted Zone: *.mt-download.com 

O15 - Trusted Zone: *.my-internet.info 

O15 - Trusted Zone: *.searchbarcash.com 

O15 - Trusted Zone: *.searchmiracle.com 

O15 - Trusted Zone: *.skoobidoo.com 

O15 - Trusted Zone: *.slotch.com 

O15 - Trusted Zone: *.slotchbar.com 

O15 - Trusted Zone: *.windupdates.com 

O15 - Trusted Zone: *.xxxtoolbar.com 

O15 - Trusted Zone: *.ysbweb.com 

O15 - Trusted Zone: *.blazefind.com (HKLM) 

O15 - Trusted Zone: *.clickspring.net (HKLM) 

O15 - Trusted Zone: *.flingstone.com (HKLM) 

O15 - Trusted Zone: *.mt-download.com (HKLM) 

O15 - Trusted Zone: *.my-internet.info (HKLM) 

O15 - Trusted Zone: *.searchbarcash.com (HKLM) 

O15 - Trusted Zone: *.searchmiracle.com (HKLM) 

O15 - Trusted Zone: *.skoobidoo.com (HKLM) 

O15 - Trusted Zone: *.slotch.com (HKLM) 

O15 - Trusted Zone: *.slotchbar.com (HKLM) 

O15 - Trusted Zone: *.windupdates.com (HKLM) 

O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) 

O15 - Trusted Zone: *.ysbweb.com (HKLM) 

O15 - Trusted IP range: 81.222.131.59 

O15 - Trusted IP range: 81.222.131.59 (HKLM) 

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe 

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe 

O23 - Service: Microsoft Windows Update (Microsoft Update) - Unknown owner - C:\WINDOWS\System32\svmhost.exe" -netsvcs (file missing) 

O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe 

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe 

O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe 

O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe 

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe 

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe 

O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe 

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe

Z gory dzieki.

#2

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Start => Uruchom => wpisz services.msc => zatrzymaj i wyłącz proces Microsoft Windows Update nastepnie odpalasz HijackThis Misc Tools => Delete NT service => wpisz Microsoft Update => Ok i zresetuj komputer.

Pliki na czerwono usun ręcznie z dysku

Jeżeli wpisy 015 będą stawiać opór to usuń je narzędziem KillTrusted 0.7

Update:

Panie Nowicki jeszcze raz zobacze tego typu posty dostaniesz ostrzeżenie :evil:

Zbedne posty kosz

Aszsz cholera zapomniałem dodać :wink: (przez pana … :x )

#3

kuz5 a to ? :

też skasuj :!:

Złączono Posta : 03.08.2005 (Sro) 15:00

i kosmetycznie to:

#4

tu cudne zjawisko i czasami format nawet nic nie daje :slight_smile:

hijack tez nie pomoze

http://wirusy.antivirenkit.pl/pl/opis/N … lan.b.html

ale powalczyc warto jesli bedziesz chciał :lol:

#5

przykład:

http://www.searchengines.pl/phpbb203/in … &hl=maslan

warto poczytać i także zastosować sie do porad picasso