Proszę o sprawdzenie loga

Dla specjalistów Bezpieczeństwo
#1

Witam, prosze o sprawdzenie loga. Niby wszystko jest ok, ale jakiś wolny ten komp ostatnio, przy 1024 MB Ramu. Dziekuje i pozdrawiam sebcioseb:

a oto log:

Logfile of HijackThis v1.99.1

Scan saved at 13:37:45, on 21/04/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\Gadu-Gadu\gg.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

F:\Kazaa Lite K++\KazaaLite.kpp

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

c:\Program Files\PestPatrol\ppmemcheck.exe

c:\Program Files\PestPatrol\cookiepatrol.exe

c:\Program Files\PestPatrol\ppcontrol.exe

C:\Program Files\Winamp\winamp.exe

F:\PROGRAMY\Anty szpiedzy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Acrobat Raider\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM…\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM…\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM…\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM…\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM…\Run: [KAZAA] “F:\Kazaa Lite K++\kpp.exe” “F:\Kazaa Lite K++\KazaaLite.kpp” /SYSTRAY

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Gadu-Gadu\gg.exe” /tray

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\System32\shdocvw.dll (HKCU)

O9 - Extra ‘Tools’ menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\System32\shdocvw.dll (HKCU)

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan.cab

O16 - DPF: {2882C368-D508-11D4-A2AB-000102598CE4} (LProtect Control) - http://download.globalhauri.com/Eng/onl … vecall.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} - http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 … scan53.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru … ebscan.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {E95CF138-A587-4C54-8175-3AD80997CB14} (GINSOCCER Class) - http://67.15.101.3/g_bin/pl/soccer_2_0_0_8.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l … cfscan.cab

O17 - HKLM\System\CCS\Services\Tcpip…{64784EEC-AADD-493D-897F-66E2256FB714}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip…{64784EEC-AADD-493D-897F-66E2256FB714}: NameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip…{64784EEC-AADD-493D-897F-66E2256FB714}: NameServer = 192.168.1.1

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\a\USTAWI~1\Temp\hpdj.exe (file missing)

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#2

Nie ten Dział !!

#3

Przeniesiony.

#4

Do logów masz specjalny dział:

:arrow: http://forum.dobreprogramy.pl/viewforum.php?f=16

Nie zapomnij zainstalować SP2:

:arrow: http://dobreprogramy.pl/index.php?dz=2&t=35&id=795

Ale to oczywiście na sam koniec.

#5

po pierwsze to uzywasz nielegalnego oprogramowania:

O4 - HKLM…\Run: [KAZAA] “F:\Kazaa Lite K++\kpp.exe” “F:\Kazaa Lite K++\KazaaLite.kpp” /SYSTRAY

po drugie nie masz sp2

#6

Po trzecie nie interesuja mnie kolego twoje porady prawnicze. Jak znam zycie to też masz nielegalne p2p p,więc mnie nie pouczaj. Kaze tylko testowałem i juz jej nie mam. Sp miałem ale wywaliłem, ponieważ strasznie muliło mi kompa i tak postanowiłem, zreszta wielu informatyków radziło mi to samo. wiec jak nie masz wiele do powiedzenia na temat mojego loga to głosu nie zabieraj wcale.

#7

Wchodzisz w tryb awaryjny i fixujesz w Hijacku:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza

F2 - REG:system.ini: Shell=explorer.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\a\USTAWI~1\Temp\hpdj.exe (file missing)

#8

Dzięki damian. Wiedziałem, że coś jest nie tak. Pozdrawiam sebcioseb

#9

Radzę poczytać regulamin:

:arrow: http://forum.dobreprogramy.pl/rules.php

Nie mierz wszystkich swoją miarą :evil:

Może czas zmienić informatyków? :roll: