Proszę o sprawdzenie loga

Dla specjalistów Bezpieczeństwo
#1

Logfile of HijackThis v1.99.0

Scan saved at 00:00:58, on 2005-02-12

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

D:\PROGRA~1\PESTPA~1\PPMemCheck.exe

D:\PROGRA~1\PESTPA~1\PPControl.exe

D:\PROGRA~1\PESTPA~1\CookiePatrol.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

D:\Program Files\Wcinap\winampa.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Messenger\msmsgs.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Program Files\BitComet\BitComet.exe

D:\WINDOWS\system32\ldrtt.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\DOCUME~1\MICHAŁ~1.RAM\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis1.99.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://new-search.net/search.php?v=6&aff=791780

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://new-search.net/index.php?v=6&aff=791780

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page … _id=138770

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts file is located at: D:\WINDOWS\nsdb\hosts

O1 - Hosts: 82.179.166.192 new-search.net

O1 - Hosts: 82.179.166.190 x-google.net

O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)

O4 - HKLM…\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [iyO1] D:\WINDOWS\tugruv.exe

O4 - HKLM…\Run: [sais] d:\program files\180solutions\sais.exe

O4 - HKLM…\Run: [dgl] D:\WINDOWS\dgl.exe

O4 - HKLM…\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM…\Run: [PestPatrol Control Center] D:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM…\Run: [CookiePatrol] D:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM…\Run: [sCANINICIO] “D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe”

O4 - HKLM…\Run: [APVXDWIN] “D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE” /s

O4 - HKLM…\Run: [WinampAgent] D:\Program Files\Wcinap\winampa.exe

O4 - HKCU…\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU…\Run: [skype] “D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [HomeDialer] D:\Program Files\dial@home\dial@home.exe tray

O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht! http://82.179.166.145/x15.chm::/trs15.exe

O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares … cracks.cab

O17 - HKLM\System\CCS\Services\Tcpip…{56138D6F-73F1-4914-B66D-57548A5D7E38}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: Macromedia Licensing Service - Unknown - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Firewall Service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

#2

O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares … cracks.cab

.Czy Ty jestes piratem i uzywasz krakowanych programow?A oprocz tego masz jeszcze wiele trojanow kolego.

#3

a teraz?

Logfile of HijackThis v1.99.0

Scan saved at 00:13:59, on 2005-02-12

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

D:\PROGRA~1\PESTPA~1\PPMemCheck.exe

D:\PROGRA~1\PESTPA~1\PPControl.exe

D:\PROGRA~1\PESTPA~1\CookiePatrol.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

D:\Program Files\Wcinap\winampa.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Messenger\msmsgs.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe

D:\WINDOWS\system32\wscntfy.exe

D:\Program Files\BitComet\BitComet.exe

D:\WINDOWS\system32\ldrtt.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\Internet Explorer\iexplore.exe

D:\Program Files\AutoConnect\AutoConnect.exe

D:\DOCUME~1\MICHAŁ~1.RAM\USTAWI~1\Temp\Katalog tymczasowy 2 dla hijackthis1.99.zip\HijackThis.exe

D:\Program Files\Panda Software\Panda Antivirus Platinum\Upgrader.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

O1 - Hosts file is located at: D:\WINDOWS\nsdb\hosts

O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM…\Run: [PestPatrol Control Center] D:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM…\Run: [CookiePatrol] D:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM…\Run: [sCANINICIO] “D:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe”

O4 - HKLM…\Run: [APVXDWIN] “D:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE” /s

O4 - HKLM…\Run: [WinampAgent] D:\Program Files\Wcinap\winampa.exe

O4 - HKCU…\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU…\Run: [skype] “D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [AutoConnect] D:\Program Files\AutoConnect\AutoConnect.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O23 - Service: Macromedia Licensing Service - Unknown - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Firewall Service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

O23 - Service: Panda anti-virus service - Unknown - D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

#4

Wyłącz przywracanie systemu i kasuj w trybie awaryjnym:

Ręcznie:

D:\WINDOWS\system32\ldrtt.exe

O1 - Hosts file is located at: D:\WINDOWS\nsdb\hosts

Zbędny:

O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)

#5

Dzięki damian jeszcze robie skan dla bezpieczności.

#6

właściwie musiałeś coś zrobić że dajesz log z Hijacka. czy może musg sie nie mylił co do swojego postu ? :? pytam tylko z ciekawości

#7

trojan CWS xplugin:

BHO:

___________________________________

Nie używasz Messengera:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

Z Messengerem poradzi sobie XP-AntiSpy (http://www.amnezja.org)

–KOSMETYKA–

Start >>> uruchom >>> msconfig >>> uruchamianie >>> odznaczasz:

winampa

msmsgs