Dodaj do ulubionych

mam loga z Hijack'a

IP: *.duszniki-zdroj.sdi.tpnet.pl 30.08.04, 10:01
czy ktoś mógłby mi powiedzieć co mam usunąć,a co zostawić???

dziękuję:DDD
Obserwuj wątek
    • Gość: crime acha :))) a to ten log !!!! IP: *.duszniki-zdroj.sdi.tpnet.pl 30.08.04, 10:02
      Logfile of HijackThis v1.98.2
      Scan saved at 09:54:54, on 2004-08-30
      Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
      C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
      C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
      C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
      C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
      C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\VTTimer.exe
      C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
      C:\Program Files\Opera7\Opera.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Documents and Settings\czwarty\Pulpit\hijackthis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.wp.pl
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lckdh.dll/sp.html#26512
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lckdh.dll/sp.html#26512
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lckdh.dll/sp.html#26512
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lckdh.dll/sp.html#26512
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lckdh.dll/sp.html#26512
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lckdh.dll/sp.html#26512
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\lckdh.dll/sp.html#26512
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      R3 - Default URLSearchHook is missing
      O2 - BHO: (no name) - {1232CBB6-BC91-7F26-4FD6-0DCBB322B11B} - C:\WINDOWS\system32\ntyg.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
      O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
      O4 - HKLM\..\Run: [crza32.exe] C:\WINDOWS\system32\crza32.exe
      O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
      O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
      O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/nikoxxsp.chm::/on-line.exe
      O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://weba.directwebsearch.net/winsearchie32.chm::/winsearchie32.exe
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - www.pandasoftware.com/activescan/as5/asinst.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - skaner.mks.com.pl/SkanerOnline.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{01EDB92C-905D-4588-A70E-35C04A0CFC5A}: NameServer = 194.204.159.1,195.205.252.2
      O17 - HKLM\System\CS1\Services\Tcpip\..\{01EDB92C-905D-4588-A70E-35C04A0CFC5A}: NameServer = 194.204.159.1,195.205.252.2
      O17 - HKLM\System\CS2\Services\Tcpip\..\{01EDB92C-905D-4588-A70E-35C04A0CFC5A}: NameServer = 194.204.159.1,195.205.252.2
      O20 - AppInit_DLLs: PAVWAIT.DLL

      • netsec Re: acha :))) a to ten log !!!! 30.08.04, 10:29
        Gość portalu: crime napisał(a):

        > Logfile of HijackThis v1.98.2
        > Scan saved at 09:54:54, on 2004-08-30
        > Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
        > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Na początek sprawdź czy baza wirusów w Panda Antywirus dalej się aktualizuje.

        Sprawdź czy masz włączoną zaporę Internetową we właściwościach Twojego
        połączenia do Internetu. Tu jest opis jak to wykonać
        www.microsoft.com/poland/security/protect/windowsxp/firewall.aspx
        Wyłącz przywracanie systemu (tylko XP i Me)
        support.microsoft.com/default.aspx?scid=kb;pl;310405
        Ściągnij CWShredder 1.59.1
        www.softpedia.com/public/cat/10/17/10-17-150.shtml
        Uruchom komputer w trybie awaryjnym:
        support.microsoft.com/default.aspx?scid=KB;PL;315222
        Po uruchomieniu komputera w trybie awaryjnym, nie otwieraj Internet Explorera.

        Uruchom ponownie HijackTHis wykonaj SCAN i zaznacz te pozycje:

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        res://C:\WINDOWS\system32\lckdh.dll/sp.html#26512
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
        res://C:\WINDOWS\system32\lckdh.dll/sp.html#26512
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        res://C:\WINDOWS\system32\lckdh.dll/sp.html#26512
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
        res://C:\WINDOWS\system32\lckdh.dll/sp.html#26512
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
        res://C:\WINDOWS\system32\lckdh.dll/sp.html#26512
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        res://C:\WINDOWS\system32\lckdh.dll/sp.html#26512
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        res://C:\WINDOWS\system32\lckdh.dll/sp.html#26512
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        R3 - Default URLSearchHook is missing
        O2 - BHO: (no name) - {1232CBB6-BC91-7F26-4FD6-0DCBB322B11B} -
        C:\WINDOWS\system32\ntyg.dll
        O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
        -atboottime
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
        Files\Java\j2re1.4.2_01\bin\jusched.exe
        O4 - HKLM\..\Run: [crza32.exe] C:\WINDOWS\system32\crza32.exe
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
        O9 - Extra 'Tools' menuitem: Sun Java Console -
        {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
        O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:
        href="file://c:\nosuch.mht!http://2awm.com/pop/chm/nikoxxsp.chm::/on-line.exe"
        target="_blank">file://c:\nosuch.mht!http://2awm.com/pop/chm/nikoxxsp.chm::/on-line.exe
        O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:
        href="file://c:\nosuch.mht!http://weba.directwebsearch.net/winsearchie32.chm::/winsearchie32.exe"
        target="_blank">file://c:\nosuch.mht!http://weba.directwebsearch.net/winsearchie32.chm::/winsearchie32.exe
        O20 - AppInit_DLLs: PAVWAIT.DLL

        Po zaznaczeniu wykonaj FIX CHECKED i OK.

        W Opcjach Internetowych usuń Tymczasowe pliki Internetowe (Wszystkie) i Cooki.

        Odinstaluj w Panelu sterowania Dodaj/Usuń programy wszystkie
        programy, co do których nie masz pewności, że Ci są potrzebne.

        Uruchom CWShredder i wykonaj FIX.

        Uruchom komputer w normalnym trybie.

        Po tym połącz się www.windowsupdate.com i zaktualizuj system o
        wszystkie krytyczne poprawki. Tutaj masz więcej na ten temat
        www.microsoft.com/poland/security/protect/windowsxp/updates.aspx
        Przeskanuj system Ad-aware z opcjami opisanymi tu
        ralphcaddell.com/pchelp/Ad-aware%20instructions.htm
        Ważne jest aby baza w Ad-aware przed skanowaniem została zaktualizowana.

        Po wszystkim wklej nowy log z HiJackThis.
    • Gość: crime zrobione oto nowy log IP: *.duszniki-zdroj.sdi.tpnet.pl 30.08.04, 13:05
      Logfile of HijackThis v1.98.2
      Scan saved at 13:04:14, on 2004-08-30
      Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
      C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
      C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
      C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
      C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
      C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
      C:\WINDOWS\System32\VTTimer.exe
      C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
      C:\Program Files\Winamp\winampa.exe
      C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
      C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
      C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\Opera7\Opera.exe
      C:\Documents and Settings\czwarty\Pulpit\hijackthis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.wp.pl
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
      O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
      O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
      O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - www.pandasoftware.com/activescan/as5/asinst.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - skaner.mks.com.pl/SkanerOnline.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{01EDB92C-905D-4588-A70E-35C04A0CFC5A}: NameServer = 194.204.159.1,195.205.252.2
      O17 - HKLM\System\CS1\Services\Tcpip\..\{01EDB92C-905D-4588-A70E-35C04A0CFC5A}: NameServer = 194.204.159.1,195.205.252.2
      O17 - HKLM\System\CS2\Services\Tcpip\..\{01EDB92C-905D-4588-A70E-35C04A0CFC5A}: NameServer = 194.204.159.1,195.205.252.2

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka