Prosze o sprawdzenie loga :)

patryk112 · 6 Luty 2005 16:25

Logfile of HijackThis v1.99.0

Scan saved at 17:21:36, on 2005-01-26

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\System32\svigost.exe

D:\WINDOWS\nmstt.exe

D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

P:\Panda Antivirus Platinum\APVXDWIN.EXE

D:\WINDOWS\System32\ctfmon.exe

D:\WINDOWS\System32\rundll32.exe

P:\Gadu-Gadu\gg.exe

D:\Program Files\D-Link AirPlus\AIRPLUS.EXE

D:\WINDOWS\System32\nvsvc32.exe

P:\Panda Antivirus Platinum\Firewall\PavFires.exe

P:\Panda Antivirus Platinum\pavsrv51.exe

P:\Panda Antivirus Platinum\pavProxy.exe

D:\WINDOWS\System32\wuauclt.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\svchost.exe

P:\Panda Antivirus Platinum\AVENGINE.EXE

D:\WINDOWS\System32\MSNSRV32.exe

D:\Program Files\Internet Explorer\iexplore.exe

P:\Hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=2446

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=2446

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.keygen.us/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.zicom.pl/auto.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - D:\WINDOWS\cerbmod.dll

O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - P:\Panda Antivirus Platinum\azesearch.dll

O3 - Toolbar: AZESearch toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - P:\Panda Antivirus Platinum\azesearch.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Windows Updater] svigost.exe

O4 - HKLM\..\Run: [_Cat4] D:\WINDOWS\msmsgr2.exe

O4 - HKLM\..\Run: [_Cat2] D:\WINDOWS\nmstt.exe

O4 - HKLM\..\Run: [Sygate Personal Firewall] MSNSRV32.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [SCANINICIO] "P:\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "P:\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\RunServices: [Windows Updater] svigost.exe

O4 - HKLM\..\RunServices: [Sygate Personal Firewall] MSNSRV32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [SysTime] D:\WINDOWS\System32\systime.exe

O4 - HKCU\..\Run: [Microsoft Windows Update] svshost.exe

O4 - HKCU\..\Run: [Sygate Personal Firewall] MSNSRV32.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "P:\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: D-Link AirPlus.lnk = D:\Program Files\D-Link AirPlus\AIRPLUS.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O15 - Trusted IP range: 67.19.178.84

O15 - Trusted IP range: 67.19.178.84 (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106674867269

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B3F5E4B-96C0-44E6-8B22-49E30B867278}: NameServer = 217.70.48.6,217.70.48.20

O17 - HKLM\System\CS1\Services\Tcpip\..\{1B3F5E4B-96C0-44E6-8B22-49E30B867278}: NameServer = 217.70.48.6,217.70.48.20

O23 - Service: Microsoft Windows Update - Unknown - D:\WINDOWS\System32\svshost.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Firewall Service - Unknown - P:\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service - Unknown - P:\Panda Antivirus Platinum\pavsrv51.exe

Trosyk się tego uybierao Z góry dziękuję.

musg · 6 Luty 2005 16:32

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

 	R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=2446

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

   	R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

   	R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

O4 - HKLM\..\Run: [Windows Updater] svigost.exe

O4 - HKLM\..\RunServices: [Windows Updater] svigost.exe

   	O4 - HKCU\..\Run: [SysTime] D:\WINDOWS\System32\systime.exe

 	O4 - HKCU\..\Run: [Microsoft Windows Update] svshost.exe

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.ysbweb.com

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted Zone: *.ysbweb.com (HKLM)

O23 - Service: Microsoft Windows Update - Unknown - D:\WINDOWS\System32\svshost.exe (file missing

   	O15 - Trusted IP range: 67.19.178.84 (HKLM)

uff -przeskanuj sie jeszcze raz po usunieciu tego i daj loga

patryk112 · 6 Luty 2005 18:31

Proszę:

Logfile of HijackThis v1.99.0

Scan saved at 19:29:55, on 2005-01-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\System32\nvsvc32.exe

P:\Panda Antivirus Platinum\Firewall\PavFires.exe

P:\Panda Antivirus Platinum\pavsrv51.exe

P:\Panda Antivirus Platinum\AVENGINE.EXE

P:\Panda Antivirus Platinum\apvxdwin.exe

D:\WINDOWS\Explorer.EXE

P:\Panda Antivirus Platinum\pavProxy.exe

D:\WINDOWS\system32\svigost.exe

D:\WINDOWS\nmstt.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

D:\WINDOWS\System32\ctfmon.exe

D:\WINDOWS\system32\rundll32.exe

P:\Gadu-Gadu\gg.exe

D:\Program Files\D-Link AirPlus\AIRPLUS.EXE

D:\WINDOWS\system32\MSNSRV32.exe

P:\Hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.zicom.pl/auto.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - D:\WINDOWS\cerbmod.dll

O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - P:\Panda Antivirus Platinum\azesearch.dll

O3 - Toolbar: AZESearch toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - P:\Panda Antivirus Platinum\azesearch.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [_Cat4] D:\WINDOWS\msmsgr2.exe

O4 - HKLM\..\Run: [_Cat2] D:\WINDOWS\nmstt.exe

O4 - HKLM\..\Run: [Sygate Personal Firewall] MSNSRV32.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [SCANINICIO] "P:\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "P:\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\RunServices: [Windows Updater] svigost.exe

O4 - HKLM\..\RunServices: [Sygate Personal Firewall] MSNSRV32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [Sygate Personal Firewall] MSNSRV32.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "P:\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: D-Link AirPlus.lnk = D:\Program Files\D-Link AirPlus\AIRPLUS.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106674867269

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B3F5E4B-96C0-44E6-8B22-49E30B867278}: NameServer = 217.70.48.6,217.70.48.20

O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Firewall Service - Unknown - P:\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service - Unknown - P:\Panda Antivirus Platinum\pavsrv51.exe

Diablos · 6 Luty 2005 19:19

widze że twoim antywirem jest Panda ! a jaka wersja ? radze przeżućić się na inny antywirus , wydaje mi się że to jest lepsze rozwiazanie jeśli sobie wybierzesz np. Kasperskiego 5.0.227

patryk112 · 7 Luty 2005 09:18

To jest Panda 7.0. A dlaczego Kaspersky? Pandę wybrałem ze względu na dobrego wbudowanego firewalla… Taraz co chwilę ktoś mi próbuje skanować porty. I to ktoś z mojej sieci Wkurzające.

kuz5 · 7 Luty 2005 16:43

Jeżeli nie używasz Windows Messenger to go usuń:

Start=>Uruchom=>Wpisz polecenie

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove