Fachowcy proszę o sprawdzenie loga

IP: *.pentex.pl 07.07.05, 21:45
Zareczam że jest to cały skopiowany po skanowaniu Hijackiem

Logfile of HijackThis v1.99.1
Scan saved at 21:43:30, on 2005-07-07
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVirenKit\AVKService.exe
C:\Program Files\AntiVirenKit\AVKWCtl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\olo.KIDI\Pulpit\instalki\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =
fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
69.50.182.88/?qq=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
69.50.182.88/?qq=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
69.50.182.88/?qq=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
69.50.182.88/?qq=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-0000-0000-0000-000000000000} - (no
file)
R3 - URLSearchHook: Search - {0164E178-5957-4DD7-A671-76F68CC2EC43} - (no
file)
R3 - URLSearchHook: Search - {ADD386B2-5FA9-4D9B-B770-13D55B6D584D} - (no
file)
R3 - URLSearchHook: Search - {E659754D-F1E2-4BED-A4B2-1E4AD3A9E719} - (no
file)
R3 - URLSearchHook: Search - {6197E814-7A06-4AB2-B4A6-4B268B26A037} - (no
file)
R3 - URLSearchHook: Search - {FF01E44C-E97D-4F9D-854F-ACB93AA30B99} - (no
file)
R3 - URLSearchHook: Search - {0DE9899E-4B4F-4E32-8B81-ECE09BA2C603} - (no
file)
R3 - URLSearchHook: Search - {A752FF3D-D991-4F62-969F-4595C576CE24} - (no
file)
R3 - URLSearchHook: Search - {B7047657-3382-4158-A8E1-BE026D388470} - (no
file)
R3 - URLSearchHook: Search - {63B270FD-DAFA-42CC-87F0-79C76C5A28CD} - (no
file)
R3 - URLSearchHook: Search - {D7119F6F-1703-4EC8-842F-49E7C3A516CA} - (no
file)
R3 - URLSearchHook: Search - {6D8EA68F-50D2-410E-A225-03342711FE12} - (no
file)
R3 - URLSearchHook: Search - {9B6DA976-2E13-4052-A3BD-2C1F28DCBEA2} - (no
file)
R3 - URLSearchHook: Search - {A4AF7D13-1A58-40C6-A675-8B7827EBA6F8} - (no
file)
R3 - URLSearchHook: Search - {899B89FA-FED8-464C-96DA-1D62DA19456D} - (no
file)
R3 - URLSearchHook: Search - {9527846D-9B35-46C1-B985-E8B021DDB0EF} - (no
file)
R3 - URLSearchHook: Search - {FC1295A3-27BE-49CC-85EE-03F668083150} - (no
file)
R3 - URLSearchHook: Search - {EC50181B-77F1-4D95-B1B0-12B1218FCA87} - (no
file)
R3 - URLSearchHook: Search - {D71456EA-4296-4112-84A5-69AE2A9F71AD} - (no
file)
R3 - URLSearchHook: Search - {CBA6BA13-2EB8-4996-AB11-DCC9A25D3C4A} - (no
file)
R3 - URLSearchHook: Search - {22BF48CB-EBE5-4C35-A9FA-12E28ED8DDC9} - (no
file)
R3 - URLSearchHook: Search - {67AC6F48-45A0-428A-BE94-2A2EFA1C4CB3} - (no
file)
R3 - URLSearchHook: Search - {5209B6DE-DDEE-4B58-8B01-C300DB36C110} - (no
file)
R3 - URLSearchHook: Search - {F87EACF5-6700-4E1C-911E-3BE8F451C424} - (no
file)
R3 - URLSearchHook: Search - {48A253C9-FB00-4030-8BF2-D6EA68CD61C7} - (no
file)
R3 - URLSearchHook: Search - {7C7B5E88-B929-4117-B423-FAD2C88CDCAB} - (no
file)
R3 - URLSearchHook: Search - {CE649B68-86E3-4DED-A676-5CBEE89061BE} - (no
file)
R3 - URLSearchHook: Search - {B0886B3E-E8B7-4C9B-BA39-1CE920CD1024} - (no
file)
R3 - URLSearchHook: Search - {730DECF4-E6DD-4228-BDAC-8CF79C690324} - (no
file)
R3 - URLSearchHook: Search - {9927760E-B113-4A99-94DE-42DA7C287459} - (no
file)
R3 - URLSearchHook: Search - {995D0166-E6CF-4847-AD98-60181F66A2AE} - (no
file)
R3 - URLSearchHook: Search - {43574E47-5C3D-4D8A-BEE9-8BF6738FFB66} - (no
file)
R3 - URLSearchHook: Search - {6EA6C65F-F539-4331-AEE0-0F09A7FA1C9C} - (no
file)
R3 - URLSearchHook: Search - {4411D5BF-6BB6-4288-9B83-482FC0649656} - (no
file)
R3 - URLSearchHook: Search - {94941FD9-F9D2-4772-8EF9-8AF11B683EF8} - (no
file)
R3 - URLSearchHook: Search - {56D104FD-0523-4798-A752-048EA7974F05} - (no
file)
R3 - URLSearchHook: Search - {3810F237-84C0-46A5-92DF-A86E21631AC4} - (no
file)
R3 - URLSearchHook: Search - {B69B92D6-8E4C-4B57-BF8C-1741457CE291} - (no
file)
R3 - URLSearchHook: Search - {61343CB0-663C-4D62-8CCA-53E54730FA81} - (no
file)
R3 - URLSearchHook: Search - {92BEE749-875C-4567-A13D-9DA025A55F70} - (no
file)
R3 - URLSearchHook: Search - {7686E8D5-30CD-4AAF-B2A2-F01C380198D6} - (no
file)
R3 - URLSearchHook: Search - {24CD863A-7CFD-4723-951A-DBACDD9F076E} - (no
file)
R3 - URLSearchHook: Search - {FA42EBCE-9013-4E68-BBF7-B68815AE1B9C} - (no
file)
R3 - URLSearchHook: Search - {682B642F-0F57-4EF1-93B3-FA42D2CE7F19} - (no
file)
R3 - URLSearchHook: Search - {69C7A8DF-8494-480E-9ED6-2645222574C0} - (no
file)
R3 - URLSearchHook: Search - {7B26B01A-2C7C-41D0-8216-88AA62E76864} - (no
file)
R3 - URLSearchHook: Search - {3CAF05BB-61E3-4235-A5E2-52A41242FD7D} - (no
file)
R3 - URLSearchHook: Search - {F209E24C-68EF-4DF1-BD98-E7208703B4A7} - (no
file)
R3 - URLSearchHook: Search - {4DACA504-1BB4-4D7A-9FDC-B7011D19F413} - (no
file)
R3 - URLSearchHook: Search - {97DCE5A4-2AFD-43C0-837D-AB8D053F1CD5} - (no
file)
R3 - URLSearchHook: Search - {CA5D6040-D93C-4BAA-B818-D706FB86F883} - (no
file)
R3 - URLSearchHook: Search - {0BCBFF7E-33F0-47F7-942D-01624E1D820C} - (no
file)
R3 - URLSearchHook: Search - {63C31941-3D8A-4E3B-AE24-0AC2C1864DC6} - (no
file)
R3 - URLSearchHook: Search - {1C487491-EBEE-421A-AEFE-37A5AD85C838} - (no
file)
R3 - URLSearchHook: Search - {06F417DF-53C9-415E-95E1-10A154FF52F0} - (no
file)
R3 - URLSearchHook: Search - {15C1228F-AEF7-4AD2-AD06-187C410E8274} - (no
file)
R3 - URLSearchHook: Search - {76DE3DE5-19EB-49D5-872A-4F80FE25F570} - (no
file)
R3 - URLSearchHook: Search - {8152496C-999B-4350-AF89-A182C10EC279} - (no
file)
R3 - URLSearchHook: Search - {83106DB2-3629-4DE5-8058-C714A08C7754} - (no
file)
R3 - URLSearchHook: Search - {3B97F49E-5030-4FD5-A61F-77BA19C33FE2} - (no
file)
R3 - URLSearchHook: Search - {1CE8CE4C-0199-405D-B484-6C78A1AA8BFB} - (no
file)
R3 - URLSearchHook: Search - {E48764EA-A227-4875-91EA-6482D14DF3EE} - (no
file)
R3 - URLSearchHook: Search - {3A33309B-27C6-494E-9D9F-39B48A6FC864} - (no
file)
R3 - URLSearchHook: Search - {4C21516E-5720-4B46-B990-AB3A8F2C85BC} - (no
file)
R3 - URLSearchHook: Search - {5CEAE88C-B408-4D4C-9C2F-C293F8494B2B} - (no
file)
R3 - URLSearchHook: Search - {B3650354-D979-4EDE-B7F7-1A969DD9646D} - (no
file)
R3 - URLSearchHook: Search - {F301F3AD-2B6E-4574-87DA-AE36DA1DDB44} - (no
file)
R3 - URLSearchHook: Search - {CBBA0737-ED54-424E-A239-828626713C10} - (no
file)
R3 - URLSearchHook: Search - {C6F41E0A-7E61-400F-BBF8-29E6BB97CCA8} - (no
file)
R3 - URLSearchHook: Search - {67F7D8FC-7AC2-477B-BADE-2949A59CDE83} - (no
file)
R3 - URLSearchHook: Search - {ADC68ECC-BC56-4B1B-9A0E-CE2239E910E4} - (no
file)
R3 - URLSearchHook: Search - {F7C0D7AF-AE62-4EC0-8343-FDB4AA
    • Gość: polski hydarulik Re: Fachowcy proszę o sprawdzenie loga IP: *.tpnet.pl / *.tpnet.pl 07.07.05, 21:48
      Nie cały, bo się przecież nie zmieści, ucięty na dole.

      To zostaw:
      > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
      > Settings,ProxyOverride = localhost
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

      A resztę usuń.

      Wklej całego loga, jak się nie zmieści, to doklej w kilku postach.
      • emi71 Re: Fachowcy proszę o sprawdzenie loga 07.07.05, 22:37
        Logfile of HijackThis v1.99.1
        Scan saved at 22:29:22, on 2005-07-07
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\LEXBCES.EXE
        C:\WINDOWS\system32\LEXPPS.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\AntiVirenKit\AVKService.exe
        C:\Program Files\AntiVirenKit\AVKWCtl.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\Program Files\Norton AntiVirus\navapsvc.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\explorer.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Documents and Settings\olo.KIDI\Pulpit\instalki\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =
        fastsearchweb.com/srh.php?q=%s
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
        69.50.182.88/?qq=
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        69.50.182.88/?qq=
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        69.50.182.88/?qq=
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
        69.50.182.88/?qq=
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\lsasrv.exe
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      • emi71 Re: Fachowcy proszę o sprawdzenie loga 07.07.05, 22:39
        O9 - Extra button: Search - {00000000-0000-0000-0000-000000000000} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {00EF3495-3AEB-4F2E-A0CB-28E5B1727BA5} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {02540317-BC48-424D-B10F-E6D5B39CD980} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {03FCAB17-104B-4D86-8EC3-D3BFEA9CB4CC} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {077BDF6F-536B-4D0A-A083-DAE3D37E517C} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
        O9 - Extra button: Search - {095642A4-36C6-4562-B7D3-41892EECA930} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {0C31D129-3978-4F21-8CA3-17542DC81164} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {0F4DBD1B-159B-4CD0-9E61-A9BBD2533559} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {0FF0AC7D-3430-4A8B-83CD-CB40937BA25C} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {10729058-5EE3-44EC-896B-1AB8CE3266FF} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {17783BB4-C180-4785-8F40-FE600D1CAFC0} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {190CDD5C-F6AC-4B2D-90C2-8B93ADF7F97A} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {1E2D3D72-F274-41FB-829D-DEB9093C6A4F} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {1FCEDE6F-23D2-4EBD-92E2-48FBF5AE5893} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {2032104D-4186-4E25-A758-EC1754DF0E57} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {24C2AE51-6EB2-4BB5-8FDA-09BDF9C91A37} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {285510E0-2FFD-4386-A62E-ED9CDD9FDECD} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {294A2EED-CE15-4C33-B73C-2BBC03611623} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {294C23F3-3897-45F5-A814-1A19406B0B76} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {303F59FC-A6B5-462E-9016-D45AB2847875} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {3547AAAE-1AF5-48E6-9ADD-31D90E6BE276} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {3A207E34-8110-409A-8977-2793AC2151CE} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {3FA6A7D1-2F87-4F35-A8E9-BD0311163357} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {409CA466-383D-413F-90D4-CEBA49FA4723} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {422E67DC-8F6E-4E04-85AD-9240F27242F0} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {44AC6603-EF74-4F89-A2E0-A157CC82E059} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {47B55661-ABF1-43EE-A5C2-F02036F1A9AE} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {48EDD0AC-3D93-49F2-8075-E0E71D88C116} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {4E508AE0-B9C7-4FD1-843F-8FC69D424C70} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {4F378C61-3987-41FF-9561-D94DA4455F54} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {4F9FA613-8D06-4298-BF77-3B4BEF7D7B7C} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {51FEA0E3-7357-48BA-B24C-534B1C296F4C} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {57F76C78-C900-4FFE-95A3-18F217E8AF1D} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {5C323311-E2D4-42E8-AE7D-0B52C7BA2E4C} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {5C96C83E-C04F-4B78-823A-2511AFC1B376} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {5FB410B1-5853-4A40-8FC1-E5D1F5E9AAE8} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {6118C051-CD98-42CA-977E-3B028DA8B1ED} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {6195A0C6-ABCD-4A44-9B98-BAAE96FA3259} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {65B7EB8A-9FEC-440A-B419-62354F287F16} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {678110B9-66B0-4D9E-A279-2CAFBA360F5C} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {6C324E92-406B-423E-9127-A11E0A833C3F} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {722E7FB5-DCBF-4088-A807-41F5CA8BC75F} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {73671E89-64EB-4A31-9940-923E77EE6A8C} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {73ED4246-37E0-4336-9AB4-FF665674A6DB} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {7539CD89-F343-4F38-8E4C-74FE8C357A66} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {7564B41F-8585-4F80-A801-EF3F045D7D76} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {76FBAB39-45BF-4EF9-A036-0BFF9FB2BF24} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {7B7FCCAC-897B-42E8-A4F6-907F8382C34C} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {7C226B6E-EFA2-4B99-9FCD-07260DA03A64} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {7E24BC4D-B940-468D-803E-BF0B78899117} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {81F6C44B-793C-4612-91DC-12A7356D5755} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {824149B5-FA40-46B6-9528-E88094675F1E} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {82643E96-4936-49A4-8A4D-E13261923A59} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {83948B82-388A-4657-829E-8AD64DD7A01B} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {8834FEDD-AA46-4309-A04A-54B018574D2E} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {894EDF4C-1F65-404D-B95D-5EECCC444A7E} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {8C1155EC-B26A-49A8-B644-F454FC20CEF7} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {9726BEB3-C5F5-49E6-B910-7D7826EFB872} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {9A538678-E850-4C5D-9065-42D097F7486E} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {9AC85659-3F58-468A-A512-6F5125A7B834} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {9C814F36-2EE7-476F-B295-93248EDDDB24} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {A91852D1-C6E3-4635-B3AD-7F8063B5E7E2} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {ACBF3FC9-13A9-4D34-AFE8-C7CE8B82FC18} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {ACF494B5-529E-48B5-9479-538EEFC23E54} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {ADE1A4FC-8F7A-4F25-BC28-EC5679CD209C} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {AEFB467D-B631-4211-B6BC-96F25C6DB9F0} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {B040EE3A-90D4-4364-8FDA-C41DEC244C05} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {B154124F-C087-492C-BA82-C09C3622689E} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {B1A04E57-DB9F-4EC8-A7B7-35A5FDE99224} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {B66CBA5E-32D8-4B2E-9BF6-D651B6784DAD} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {BCE6455C-B1F7-456F-A911-CE71EC10D58D} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {BD3F4FE2-85CB-45D8-A8FA-8CBD52B48844} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {BD4C3CC8-E944-4B49-A117-AFA29B4AE5B1} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {C0D5E553-C793-44FF-9CC9-6D64EF2A3AAA} -
        C:\WINDOWS\System32\shdocvw.dll
        O9 - Extra button: Search - {
      • emi71 Re: Fachowcy proszę o sprawdzenie loga 07.07.05, 22:39
        O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
        O15 - Trusted Zone: *.crazywinnings.com (HKLM)
        O15 - Trusted Zone: *.skoobidoo.com (HKLM)
        O15 - Trusted Zone: *.slotchbar.com (HKLM)
        O15 - Trusted Zone: *.windupdates.com (HKLM)
        O15 - Trusted IP range: 67.19.185.246
        O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet
        Zone
        O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q779.exe
        O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
        Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
        www.pandasoftware.com/activescan/as5/asinst.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{255D0A72-C22C-4E9C-BC66-013FCA11DAA2}:
        NameServer = 69.50.176.156,195.225.176.31
        O17 - HKLM\System\CCS\Services\Tcpip\..\{7FDEDDD0-5091-4D2A-A562-A1F2C0508F7E}:
        NameServer = 69.50.176.156,195.225.176.31
        O19 - User stylesheet: C:\WINDOWS\windows.dat
        O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
        O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - (no
        file)
        O21 - SSODL: DCOM Server - {2c1cd3d7-86ac-4068-93bc-a02304bb8c34} - (no file)
        O21 - SSODL: PVpLVqNX - {E4A786F3-4E0D-2C59-3DDC-9956BBE9C64B} - (no file)
        O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program
        Files\AntiVirenKit\AVKService.exe
        O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program
        Files\AntiVirenKit\AVKWCtl.exe
        O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program
        Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe (file missing)
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
        C:\WINDOWS\system32\LEXBCES.EXE
        O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) -
        Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
        O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
        C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
        Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program
        Files\Softwin\BitDefender8\vsserv.exe (file missing)
        O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program
        Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe (file missing)

        • Gość: Kolobos Re: Fachowcy proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 07.07.05, 23:09
          Nie prosciej bylo usunac wpisy O9 i wkleic log w jednym poscie?
          Po co Ci dwa antyvirusy? I tak bedziesz miala syf bo nie masz aktualizacji i do
          tego piracki windows! Odinstaluj nortona, BitDefender, AntiVirenKit bo nie
          mozna miec wiecj niz jednego antyvirusa!
          I zainstaluj avast:
          www.avast.com/eng/avast_4_home.html
          Chyba, ze masz ktorys z tych antyvirusow legalnie to wtedy go zostaw i nie
          instaluj avast'a.

          Zamknij porty tym:
          www.firewallleaktester.com/tools/wwdc.exe
          Skan i usuwanie wszystkiego tym:
          download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
          Do tego:
          cwshredder.net/bin/CWShredder.exe
          I jeszcze to:
          www.searchengines.pl/phpbb203/index.php?
          s=5debf1bfeab0c89e54567f66c39699f0&act=Attach&type=post&id=459
          I to:
          www.searchengines.pl/phpbb203/index.php?act=Attach&type=post&id=1310

          W hijackthis kasujesz:


          R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =
          fastsearchweb.com/srh.php?q=%s
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
          69.50.182.88/?qq=
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          69.50.182.88/?qq=
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          69.50.182.88/?qq=
          R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
          69.50.182.88/?qq=
          F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\lsasrv.exe <- virus
          mydoom wiec nie wiem jak Ci te antyvirusy dzialaja...

          Wszystkie takie wpisy:
          O9 - Extra button: Search - {077BDF6F-536B-4D0A-A083-DAE3D37E517C} -
          C:\WINDOWS\System32\shdocvw.dll
          O15 - Trusted Zone: *.crazywinnings.com (HKLM)
          O15 - Trusted Zone: *.skoobidoo.com (HKLM)
          O15 - Trusted Zone: *.slotchbar.com (HKLM)
          O15 - Trusted Zone: *.windupdates.com (HKLM)
          O15 - Trusted IP range: 67.19.185.246
          O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet
          Zone
          O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q779.exe
          O17 - HKLM\System\CCS\Services\Tcpip\..\{255D0A72-C22C-4E9C-BC66-013FCA11DAA2}:
          NameServer = 69.50.176.156,195.225.176.31 <- dnsy rootkita ...
          O17 - HKLM\System\CCS\Services\Tcpip\..\{7FDEDDD0-5091-4D2A-A562-A1F2C0508F7E}:
          NameServer = 69.50.176.156,195.225.176.31
          O19 - User stylesheet: C:\WINDOWS\windows.dat
          O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
          O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - (no
          file)
          O21 - SSODL: DCOM Server - {2c1cd3d7-86ac-4068-93bc-a02304bb8c34} - (no file)
          O21 - SSODL: PVpLVqNX - {E4A786F3-4E0D-2C59-3DDC-9956BBE9C64B} - (no file)

          Kasujesz z dysku:
          C:\WINDOWS\windows.dat
          C:\WINDOWS\System32\lsasrv.exe

          Jak juz to wszystko zrobisz to wklej nowy log.


          PS. Powinni Ci zabronic dostepu do komputera albo wyslac na jakies przymusowe
          szkolenie :(
          • m.gregor Re: Fachowcy proszę o sprawdzenie loga 08.07.05, 08:35
            > PS. Powinni Ci zabronic dostepu do komputera albo wyslac na jakies przymusowe
            > szkolenie :(
            Smutne ale prawdziwe. Ale na takich szkoleniach to ucza jak sformatowac tekst w
            wordzie, nagrac go na wczesniej sformatowana dyskietke. Psu na bude takie szkolenie.
            A najgorsze jest ze takim osobom 'kolega co sie troche zna' (zazwyczaj 14-letni
            syn sasiadki) powie ze trzeba miec 3 antywirusy i BRON BOZE NIE INSTALOWAC
            POPRAWEK BO SZPIEGUJA. A potem takie kwiatki. W pracy ciagle spotykam sie z taka
            argumentacja: dlaczego ma Pan/Pani 3 antywirusy? Bo syn sasiadki mi powiedzial
            ze bede bezpieczniejszy/a. A dlaczego nie ma Pan/Pani poprawek do systemu mimo
            ze ma Pan/Pani legalny system? Bo on powiedzial ze to do niczego nie potrzebne i
            ze oni potem widza nasz dysk.

            No po prostu rece opadaja...
    • m.gregor Re: Fachowcy proszę o sprawdzenie loga 07.07.05, 21:49
      Na poczatek usun wszystkie R3, przeskanuj znowu a potem wrzuc nowego loga. Bo
      ten jest obciety...
    • Gość: Kolobos Re: Fachowcy proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 07.07.05, 22:20
      Po co nowy watek? Poprzedni byl zly?
      Post ma limit znakow i jak widzisz nie miesci sie caly log! czy tak ciezko to
      zrozumiec?
Pełna wersja