Prosze sprawdzic-odnosnie pytania w Problemy

Dla specjalistów Bezpieczeństwo
#1

Logfile of HijackThis v1.99.1

Scan saved at 15:00:46, on 2005-04-02

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

C:\Program Files\Wanadoo\taskbaricon.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\SOUNDMAN.EXE

F:\JAGA\Skype(Phone Online)\Skype.exe

C:\Program Files\Art Plus\Wallpaper5\wallpaper.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\GetRight\getright.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\MSI\Common\Bin\WinCinemaMgr.exe

C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Kalendarz XP\Kalendarz.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Hotbar\Bin\4.6.1.0\HbSrv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Se … ftPane.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll

O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [WinPatrol] “C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe”

O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe

O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\HP\HP Software Update\HPWuSchd2.exe”

O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [ljwybser] C:\WINDOWS\System32\bthzqmgz.exe

O4 - HKLM…\Run: [Hotbar] C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe

O4 - HKCU…\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU…\Run: [skype] “F:\JAGA\Skype(Phone Online)\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [Art Plus Wallpaper Calendar] “C:\Program Files\Art Plus\Wallpaper5\wallpaper.exe” /a

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\MSI\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe

O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/se … loader.cab

O17 - HKLM\System\CCS\Services\Tcpip…{FCC56671-D2B5-4284-ADA9-C8D0C89447A0}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Pewnie przez Hotbar ten problem,tak mysle,musze wywalic czy moze zostac?To jakies duze zagrozenie?Czemu mam uruchomione az 4 (czy nawet wiecej) procesy svchost.exe i pozeraja mase pamieci?-czy to normalne?

#2

Jest to normalne.

No to tak. Najpierw usuń tego Hotbara. Najlepiej, jak da się zrobić to poprzez dodaj/usuń. Jeśli nie, to znajduje się w C:\Program Files\Hotbar. Usuń stamtąd wszystko. Sama go instalowałaś?

W hijacku wykasuj: (searchassistant)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

   	R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLef tPane.htm

   	R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

   	R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Wpisy Hotbara: (Po usunięciu tego poprzez Dodaj/Usuń może już ich nie być):

O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll

   	O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

   	O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll

   	O4 - HKLM\..\Run: [ljwybser] C:\WINDOWS\System32\bthzqmgz.exe

   	O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe

Zainstaluj SP2.

#3

Ok,dzieki.zainstalowal sie chyba jakos sam via mail,ktory dostalam od kolezanki z tamtej chyba stronki?Sa tam jakies rozne cudactwa jako dodatki do poczty,nawet fajne+pasek do str. w necie a to juz mi bylo podejrzane.Co wlazi przez ten Hotbar?-jakies wiry?-bede musiala jej dac cynk zeby tez to usunela(to duze niebezpieczenstwo?)

#4

Tu masz pełne informacje: http://www.pchell.com/support/hotbar.shtml

Niestety po angielsku.