Prosze o sprawdzenie loga

IP: *.wlan.pl 19.09.06, 12:44
Przeskanowalam komputer skanerem antywirusowym online Panda:
img174.imageshack.us/img174/5130/raportnk8.jpg
Wykrylo ze mam jedno "narzedzie hakerskie i niebezpieczne programy" i
chcialabym sie tego pozbyc.
Wklejam raport Pandy

Zdarzenie
Status Lokalizacja




Niechciane narzędzia:application/mywebsearch
Nie wyleczalny hkey_local_machine\software\MyGlobalSearch



Spyware:Cookie/Toplist
Nie wyleczalny C:\Documents and
Settings\Gość\Cookies\gość@toplist[2].txt



Spyware:Cookie/Yadro
Nie wyleczalny C:\Documents and
Settings\Gość\Cookies\gość@yadro[2].txt



Spyware:Cookie/Tradedoubler
Nie wyleczalny C:\Documents and Settings\Gość\Dane
aplikacji\Mozilla\Firefox\Profiles\0hh18cj0.default\cookies.txt[.tradedoubler.com/]


Spyware:Cookie/2o7
Nie wyleczalny C:\Documents and Settings\Michał\Dane
aplikacji\Mozilla\Firefox\Profiles\ecg0kde4.default\cookies.txt[.2o7.net/]


Spyware:Cookie/Doubleclick
Nie wyleczalny C:\Documents and Settings\Michał\Dane
aplikacji\Mozilla\Firefox\Profiles\ecg0kde4.default\cookies.txt[.doubleclick.net/]


Spyware:Cookie/Adserver
Nie wyleczalny C:\Documents and Settings\Michał\Dane
aplikacji\Mozilla\Firefox\Profiles\ecg0kde4.default\cookies.txt[.adserver.o2.pl/]


Spyware:Cookie/adultfriendfinder
Nie wyleczalny C:\Documents and Settings\Michał\Dane
aplikacji\Mozilla\Firefox\Profiles\ecg0kde4.default\cookies.txt[.adultfriendfinder.com/]


Spyware:Cookie/Serving-sys
Nie wyleczalny C:\Documents and Settings\Michał\Dane
aplikacji\Mozilla\Firefox\Profiles\ecg0kde4.default\cookies.txt[.serving-sys.com/]


Spyware:Cookie/Tradedoubler
Nie wyleczalny C:\Documents and Settings\Michał\Dane
aplikacji\Mozilla\Firefox\Profiles\ecg0kde4.default\cookies.txt[.tradedoubler.com/]


Spyware:Cookie/Yadro
Nie wyleczalny C:\Documents and Settings\Michał\Dane
aplikacji\Mozilla\Firefox\Profiles\ecg0kde4.default\cookies.txt[.yadro.ru/]


Spyware:Cookie/YieldManager
Nie wyleczalny C:\Documents and Settings\Michał\Dane
aplikacji\Mozilla\Firefox\Profiles\ecg0kde4.default\cookies.txt[ad.yieldmanager.com/]


Spyware:Cookie/adstat
Nie wyleczalny
C:\RECYCLER\NPROTECT\00088704.MOZ[.adstat.4u.pl/]



Spyware:Cookie/Tradedoubler
Nie wyleczalny
C:\RECYCLER\NPROTECT\00088704.MOZ[.tradedoubler.com/]



Spyware:Cookie/adstat
Nie wyleczalny
C:\RECYCLER\NPROTECT\00088704.MOZ[.adstat.4u.pl/]



Spyware:Cookie/Adserver
Nie wyleczalny
C:\RECYCLER\NPROTECT\00088704.MOZ[.adserver.o2.pl/]



Spyware:Cookie/Serving-sys
Nie wyleczalny
C:\RECYCLER\NPROTECT\00088704.MOZ[.serving-sys.com/]



Spyware:Cookie/Yadro
Nie wyleczalny C:\RECYCLER\NPROTECT\00088704.MOZ[.yadro.ru/]



Spyware:Cookie/adstat
Nie wyleczalny
C:\RECYCLER\NPROTECT\00088705.MOZ[.adstat.4u.pl/]



Spyware:Cookie/Tradedoubler
Nie wyleczalny
C:\RECYCLER\NPROTECT\00088705.MOZ[.tradedoubler.com/]
    • Gość: Hania Re: Prosze o sprawdzenie loga IP: *.wlan.pl 19.09.06, 12:47
      Zamieszczam log Hijacka jeszcze:
      Logfile of HijackThis v1.99.1
      Scan saved at 12:29:33, on 2006-09-19
      Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Kerio\Personal Firewall\persfw.exe
      C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\CTHELPER.EXE
      C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\RunDLL32.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\SmartCom\RTEGPRS.exe
      C:\Program Files\ScannerU\AM32.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\WinRAR\WinRAR.exe
      C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\Rar$EX00.625\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
      C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
      Files\Java\jre1.5.0_07\bin\ssv.dll
      O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
      Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
      C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
      Files\Java\jre1.5.0_07\bin\jusched.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
      Shared\ccRegVfy.exe"
      O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton
      Ghost\GhostStartTrayApp.exe
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
      /Consumer
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
      bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync]
      C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"
      -lang 1033
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\SmartCom\RTEGPRS.exe"
      tray
      O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
      Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
      Files\Logitech\SetPoint\SetPoint.exe
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console -
      {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
      Files\Java\jre1.5.0_07\bin\ssv.dll
      O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
      C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger -
      {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
      bezpieczenstwo.onet.pl/skaner/ArcaOnline.cab
      O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania
      Onet.pl) - slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
      acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) -
      67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab
      O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) -
      67.15.101.3/g_bin/pl/billard9_2_0_0_24.cab
      O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) -
      67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec
      Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
      C:\WINDOWS\system32\CTsvcCDA.exe
      O23 - Service: GhostStartService - Symantec Corporation -
      C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
      O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) -
      Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
      AntiVirus\navapsvc.exe
      O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
      Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
      C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies -
      C:\Program Files\Kerio\Personal Firewall\persfw.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
      C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
      - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Speed Disk service - Symantec Corporation -
      C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
      Files\Common Files\
      • Gość: Kolobos Re: Prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 19.09.06, 13:39
        Usun to wszystko, do tego wylacz w nortonie ochrone kosza i usun katalog nprotect.
Pełna wersja