Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    prosze o diagnoze.+Log.

    IP: 80.51.176.* 21.10.05, 23:59
    Chcialem spytac o "to cos" co probuje sie laczyc z netem ale mu na to nie
    pozwalam w zonealarm.A mianowicie update.tmp.Pozwole sobie na wyslanie
    loga,bo cos napewno niegra Logfile of HijackThis v1.99.1
    Scan saved at 23:54:33, on 05-10-21
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\GADU-GADU\GG.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NDETECT.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\HIJACK\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    pbar.net/PBar/custom_search.php?lang=2&bar_id=BADBADFIHBzQNXDBHTHTM
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    pbar.net/PBar/custom_search.php?lang=2&bar_id=BADBADFIHBzQNXDBHTHTM
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    pbar.net/PBar/custom_search.php?lang=2&bar_id=BADBADFIHBzQNXDBHTHTM
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.gazeta.pl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    pbar.net/PBar/custom_search.php?lang=2&bar_id=BADBADFIHBzQNXDBHTHTM
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    pbar.net/PBar/custom_search.php?lang=2&bar_id=BADBADFIHBzQNXDBHTHTM
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    pbar.net/PBar/custom_search.php?lang=2&bar_id=BADBADFIHBzQNXDBHTHTM
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - URLSearchHook: (no name) - {687C7EE8-4D54-11D7-9B69-0050DABF55DD} - (no
    file)
    O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1
    \STARDO~1\SDIEINT.DLL
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {42132494-F48F-4187-ABC8-0F343AD2E465} -
    C:\WINDOWS\SYSTEM\PBSHMD.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\PROGRAM FILES\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &PBar - {CA1D1B05-9C66-11D5-A009-000103C1E50B} -
    C:\WINDOWS\SYSTEM\PBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
    Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
    \SNDMON.EXE /Consumer
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
    Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec
    Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
    Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -
    service
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
    O4 - HKCU\..\Run: [Skype] "C:\PROGRAM
    FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
    O8 - Extra context menu item: &PBar Search - C:\Program Files\PBar\pbar.htm
    O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAM
    FILES\STAR DOWNLOADER\sdie.htm
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-
    0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-
    its:mhtml:file://C:\nosuch.mht!http://85.255.113.4/dl/adv588/x.chm::/load.exe
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -
    www.ysbweb.com/ist/softwares/v4.0/ysb_mp3x.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
    Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = sucha.net.pl
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =

    Obserwuj wątek
      • Gość: Kolobos Re: prosze o diagnoze.+Log. IP: *.warszawa.sdi.tpnet.pl 22.10.05, 01:35
        Usun:

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        pbar.net/PBar/custom_search.php?lang=2&bar_id=BADBADFIHBzQNXDBHTHTM
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        pbar.net/PBar/custom_search.php?lang=2&bar_id=BADBADFIHBzQNXDBHTHTM
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
        pbar.net/PBar/custom_search.php?lang=2&bar_id=BADBADFIHBzQNXDBHTHTM
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        pbar.net/PBar/custom_search.php?lang=2&bar_id=BADBADFIHBzQNXDBHTHTM
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
        pbar.net/PBar/custom_search.php?lang=2&bar_id=BADBADFIHBzQNXDBHTHTM
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        pbar.net/PBar/custom_search.php?lang=2&bar_id=BADBADFIHBzQNXDBHTHTM
        R3 - URLSearchHook: (no name) - {687C7EE8-4D54-11D7-9B69-0050DABF55DD} - (no
        file)
        O2 - BHO: (no name) - {42132494-F48F-4187-ABC8-0F343AD2E465} -
        C:\WINDOWS\SYSTEM\PBSHMD.DLL <- usun plik
        O3 - Toolbar: &PBar - {CA1D1B05-9C66-11D5-A009-000103C1E50B} -
        C:\WINDOWS\SYSTEM\PBAR.DLL <- usun plik
        O8 - Extra context menu item: &PBar Search - C:\Program Files\PBar\pbar.htm
        O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-
        its:mhtml:file://C:\nosuch.mht!http://85.255.113.4/dl/adv588/x.chm::/load.exe

        Zainstaluj sobie:
        www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
        przeskanuj i wlacz ochrone przegladarki
        www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
        ochrone przegladarki
        www.wilderssecurity.net/spywareguard.html <- SpywareGuard
        • Gość: maga Re: prosze o diagnoze.+Log. IP: 80.51.176.* 22.10.05, 16:08
          Wielkie Dzięki!!Można na Ciebie liczyć.Jeszcze raz Dziękuję!

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.