Proszę o sprawdzenie loga

Dla specjalistów Bezpieczeństwo
#1

Tym razem nie mój log, nazwałem tak temat ponieważ nie wiem co koledze dokładnie jest, ale nie może wejść na tą stronę.

Logfile of HijackThis v1.99.1

Scan saved at 18:50:36, on 2006-11-02

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\PornPass Manager\isamonitor.exe

C:\Program Files\PornPass Manager\pmsngr.exe

C:\WINDOWS\system32\ishost.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\AntiVirenKit 2006\AVKTray\AVKTray.exe

C:\Program Files\VirusBursters\virusbursters.exe

C:\Program Files\ipwins\ipwins.exe

C:\Program Files\Common Files\{A8F168B5-0517-1045-1102-010226020030}\Update.exe

C:\WINDOWS\system32\ctfmon.exe

D:\steam\steam.exe

C:\WINDOWS\system32\?racle\s?rvices.exe

C:\PROGRA~1\TSKS~1\winlogon.exe

C:\Program Files\PornPass Manager\isamini.exe

C:\Program Files\PornPass Manager\pmmon.exe

C:\WINDOWS\system32\ismini.exe

C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

C:\Program Files\AntiVirenKit 2006\AVKService.exe

C:\Program Files\AntiVirenKit 2006\AVKWCtl.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\rundll32.exe

C:\DOCUME~1\aprieS\USTAWI~1\Temp\Katalog tymczasowy 2 dla hijackthis.zip\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.warez.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F2 - REG:system.ini: Shell=explorer.exe 

O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\PornPass Manager\isaddon.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38F168B5-0517-1045-1102-010226020030}\MyToolBar.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\PornPass Manager\iesplugin.dll (file missing)

O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{38F168B5-0517-1045-1102-010226020030}\MyToolBar.dll (file missing)

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\AntiVirenKit 2006\AVKTray\AVKTray.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [winlog] winlog.exe

O4 - HKLM\..\Run: [Globe7] "C:\Program Files\Globe7\Globe7.exe" /hide

O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvzam.dll,startup

O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe

O4 - HKLM\..\RunServices: [winlog] winlog.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Ljnxudjo] C:\WINDOWS\system32\?racle\s?rvices.exe

O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe

O4 - HKCU\..\Run: [Ttst] "C:\PROGRA~1\TSKS~1\winlogon.exe" -vt yazb

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: winwyi32 - C:\WINDOWS\SYSTEM32\winwyi32.dll

O21 - SSODL: ferrateen - {27321538-5739-4aa1-b84c-7d18e4383f1f} - C:\WINDOWS\system32\rrtcany.dll

O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AntiVirenKit 2006\AVKService.exe

O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program Files\AntiVirenKit 2006\AVKWCtl.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
#2

Użyj narzędzia -> SmitFraudFix (w trybie awaryjnym z opcji 2 )

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):

Po zabiegach nowy log z Hijacka + log z Silent Runners

#3

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222