zbigniewf:

C./Programme/Internet Explorer/IEXPLORE.EXE

A ten to tez od dostawcy Internetu?

Nie, to nie od dostawcy. To przeciez przegladarka – IE.

kierofca, to raczej nie DEP, a Panda, czy tez jej firewall. DEP generuje inne komunikaty:

Datenausfhrungsverhinderung Microsoft Windows
Windows hat dieses Programm geschlossen, um Ihren Computer zu schtzen.
Name: Programmname
Herausgeber: Anwendungsherausgeber

Die Datenausfhrungsverhinderung trgt zum Schutz vor Viren und anderen Sicherheitsangriffen bei. Einige Programme werden mglicherweise nicht korrekt ausgefhrt, wenn sie aktiviert ist. Um eine aktualisierte Version des Programms zu erhalten, wenden Sie sich an den Herausgeber. Was muss ich noch ich tun?

Słuchajcie,
Nie znam niestety niemieckiego, ale te "dane" z komunikatu kojarzą mi się z funkcją DEP. Moźe tu jest problem :?:

C./Programme/Internet Explorer/IEXPLORE.EXE

A ten to tez od dostawcy Internetu?
Jak juz napisalem informacje te pojawiaja sie –raz jedna innym razem druga.

Przepraszam ze sie nie odzywalem –ale komupter byl "w naprawie"
u lokalnych znawcow.

Powiedzieli mi ze nie wiedza skad to sie bierze i nic nie usuneli.

Wszystkim czytajacym te slowa
Zycze pomyslnego Roku 2006 !

zbigniewf:

C:/Programme/T–online/T–online_Software5/Basis–Software/Basis2/kernel.exe

To chyba jakis program od Twojego dostawcy internetu ? Nie mozesz go przeinstalowac ? Albo calkowicie usunac i ustawic polaczenie recznie ?

Wesolych Swiat!
Najpierw chce podziekowac tym wszystkim dyskutantom ktorzy /calkiem nieoczekiwanie /przyslali mi bardzo mile zyczenia Swiateczne.
Takie Forum to mi sie podoba!
XXX
Drogi Coyote
Marudz ile wlezie.
Pisalem juz ze jestem noga komputerowa i wszelkie uwagi przyjmuje z zyczliwoscia :roll:

xxx
Usuniecie tych trzech "nasty" niczego nie zmienilo .

Dzisiaj rano na powitanie , gdy chcialem sie polaczyc z Interenetem wyskoczylo co nastepuje:

C:/Programme/T–online/T–online_Software5/Basis–Software/Basis2/kernel.exe

A dalej juz znana piosenka :
Ein anderes Programm greift gerade auf dieses Datei zu.

W tym czasie gdy bylem zajety przepisywaniem (na papier) gornego zdania – komputer polaczyl sie z Internetem jakby nigdy nic.

Jakby komunikatu na ekranie nie bylo.

Zniknal dopiero gdy kliknalem –OK–

Wyglada na to ze jest nieszkodliwy tylko denerwujacy.

Wszystkim ktorzy to czytaja i usmiechaja sie pod wasem ,raz jeszcze Wesolych Swiat!

Najpierw pomarudzę :wink:
Nie wiem po co wrzucałeś ta analize na forum , przeciez log juz jest i na nastepny raz zwracaj uwagę na nie pisanie jednego postu po drugim (jest opcja ZMIEŃ)
Co do tego źe usunołeś to dobrze :) , czy ten komunikat nadal sie pojawia ?

Jedna pozycje" Nasty "–
18 od dolu listy
i dwie pozycje "Possibly Nasty "
16 i 17 liczac od dolu listy

wywalilem na zbity leb

i co teraz?

Wesolych Swiat !

.......................................W przyklejonym temacie –jedna pozycja jest Nasty , a pare innych tez troche Nasty....................................

HijackThis log file analysis
HijackThis is a program used by experienced users in order to detect browser hijackers. It allows you to identify any sort of spyware and malware (as well as some trojan horses and worms). This is achieved by scanning special zones of the registry as well as the hard disk drive, the results being listed in a structured window. Another feature of HijackThis is the creation of a log file, which can be saved as a simple text file and opened by any text editor (notepad as default). Until now, inexperienced users, who could not analyze the log file by themselves, had no other choice than posting it in a specialized forum and to hope that a more experienced user takes some time to analyze it. The script presented on this page is a way to analyze your log without help from the outside: simply copy/paste the content of the log file in the textbox below and hit the analyze button. HijackThis is free and does not need to be installed. It can be downloaded here:
Due to a few misunderstandings, I just want to make it clear that this site provides only an online analysis, and not HijackThis the program.
To the authors homepage | Direct download | [mirror]
Languages: Deutsch – French – English – Italian – Czech

If you have a question concerning the analysis, you can post it in one of these forums:
HijackThis.de Supportforum Deutsch | English
HijackThis.de Chat chat.hijackthis.de
(irc.quakenet.org #hijackthis)
Forospyware.com (Spanish) www.forospyware.com
Pchelpforum.com www.pchelpforum.com

Tip: Copy the link at the bottom of the page (save analysis) and paste it in your post


You can paste a logfile in this textbox

or you can choose a logfile from your computer

Show the visitors ratings


Help us to keep this free service online! Please give us a small donation via PayPal.
No active firewall was found on your system or the firewall you use is unknown to us. If you dont use a firewall you should download and install one or activate windows xps own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum www.hijackthis.de/forum
Entry Kind
(Safe, Nasty, Unknown) Description Tip
Logfile of HijackThis v1.99.1
Safe. Shows the version of HijackThis an. The newest version is: v1.99.1!
This should be the newest version. (v1.99.1)
Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2900.2180!
This should be the newest version. (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\csrss.exe
Safe. running process. (csrss.exe)
Systemprozess – Client Server Runtime


C:\WINDOWS\system32\winlogon.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\services.exe
Safe. running process. (services.exe)
Systemprozess – Verwaltet die Systemdienste.


C:\WINDOWS\system32\lsass.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess – Allgemeiner Hostprozessname fr Dienste.


C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
Unknown running process. (TPSrv.exe)

This is a unknown process.

C:\WINDOWS\system32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess – Allgemeiner Hostprozessname fr Dienste.


C:\WINDOWS\System32\svchost.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess – Allgemeiner Hostprozessname fr Dienste.


C:\WINDOWS\system32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess – Allgemeiner Hostprozessname fr Dienste.


C:\WINDOWS\Explorer.EXE
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\spoolsv.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
Safe. running process. (PavFnSvr.exe)
Panda Titanium Antivirus

Possibly nasty! According to our database this process runs normally in c:\programme\panda software\panda titanium antivirus 2004\! Check if you know this process and arrange a viruscheck where required.
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
Safe. running process. (pavprsrv.exe)


Possibly nasty! According to our database this process runs normally in c:\archivos de programa\archivos comunes\panda software\pavshld\! Check if you know this process and arrange a viruscheck where required.
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
Safe. running process. (pavsrv51.exe)
Panda Titanium Antirivus

Possibly nasty! According to our database this process runs normally in c:\programme\panda software\panda antivirus platinum\! Check if you know this process and arrange a viruscheck where required.
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
Safe. running process. (AVENGINE.EXE)


Possibly nasty! According to our database this process runs normally in c:\programme\panda software\panda antivirus platinum\! Check if you know this process and arrange a viruscheck where required.
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
Unknown running process. (pskmssvc.exe)

This is a unknown process.

C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PNMSRV.EXE
Unknown running process. (PNMSRV.EXE)

This is a unknown process.

C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
Safe. running process. (PsImSvc.exe)
Panda Titanium Antivirus 2004

Possibly nasty! According to our database this process runs normally in c:\programme\panda software\panda titanium antivirus 2004\! Check if you know this process and arrange a viruscheck where required.
C:\WINDOWS\system32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess – Allgemeiner Hostprozessname fr Dienste.


C:\WINDOWS\system32\wdfmgr.exe
Safe. running process. (wdfmgr.exe)



C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
Safe. running process. (apvxdwin.exe)


Possibly nasty! According to our database this process runs normally in c:\programme\panda software\panda antivirus platinum\! Check if you know this process and arrange a viruscheck where required.
C:\Programme\Conexant\AccessRunner ADSL\CnxDslTb.exe
Safe. running process. (CnxDslTb.exe)
Connexant DSL Taskbar as used on Acess Runner and Samsung AHT–E310 ADSL modems
Not dangerous, but unnecessary.

C:\Programme\Hewlett–Packard\HP Share–to–Web\hpgs2wnd.exe
Safe. running process. (hpgs2wnd.exe)



C:\Programme\Spybot – Search & Destroy\TeaTimer.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\System32\alg.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Programme\Hewlett–Packard\HP Share–to–Web\hpgs2wnf.exe
Safe. running process. (hpgs2wnf.exe)



C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
Safe. running process. (SRVLOAD.EXE)
Panda Platinum Internet Security

Possibly nasty! According to our database this process runs normally in c:\programme\panda software\avtc\! Check if you know this process and arrange a viruscheck where required.
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
Safe. running process. (WebProxy.exe)


Possibly nasty! According to our database this process runs normally in c:\programme\panda software\panda titanium antivirus 2004\! Check if you know this process and arrange a viruscheck where required.
C:\Programme\T–Online\T–Online_Software_5\Basis–Software\Basis2\kernel.exe
Safe. running process. (kernel.exe)
Malware or part of some friendly programs. Check with an AV–Scanner to be sure.


C:\Programme\T–Online\T–Online_Software_5\Basis–Software\Basis2\sc_watch.exe
Safe. running process. (sc_watch.exe)
Part of T–Online Software


C:\PROGRA~1\T–Online\T–ONLI~1\BASIS–~1\Basis2\PROFIL~1.EXE
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
Safe. running process. (IEXPLORE.EXE)
Internet Explorer – Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)


C:\Programme\Internet Explorer\IEXPLORE.EXE
Safe. running process. (IEXPLORE.EXE)
Internet Explorer – Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)


C:\DOKUME~1\Doktor\LOKALE~1\Temp\Temporres Verzeichnis 1 fr hijackthis_199.zip\HijackThis.exe
Safe. running process. (HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
Safe. This page has been identified as safe.

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
Safe. This page has been identified as safe.

R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
Safe. This page has been identified as safe.

O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Programme\Spybot – Search & Destroy\SDHelper.dll
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O2 – BHO: MSN Suche Toolbar Helper – {BDBD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de–de\msntb.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([BDBD1DAD–C946–4A17–ADC1–64B5B4FF55D0] – Result: BDBD1DAD–C946–4A17–ADC1–64B5B4FF55D0) has been checked. Hit rate: 99 %

O3 – Toolbar: MSN Suche Toolbar – {BDAD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de–de\msntb.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([BDAD1DAD–C946–4A17–ADC1–64B5B4FF55D0] – Result: BDAD1DAD–C946–4A17–ADC1–64B5B4FF55D0) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %

O4 – HKLM\..\Run: [CnxDslTaskBar] C:\Programme\Conexant\AccessRunner ADSL\CnxDslTb.exe
Safe. Connexant DSL Taskbar as used on Acess Runner and Samsung AHT–E310 ADSL modems
Hit rate: 99 % (result)
Not dangerous, but unnecessary.
O4 – HKLM\..\Run: [Share–to–Web Namespace Daemon] C:\Programme\Hewlett–Packard\HP Share–to–Web\hpgs2wnd.exe
Safe. "HPs exclusive Share–to–Web software makes it easy to share content with others through our affiliate Internet websites." In other words an application that allows users to upload scanned images to their personal webpages if desired. Available via Start –> Programs
Hit rate: 99 % (result)
Not dangerous, but unnecessary.
O4 – HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
Safe. Part of Panda Anti–Virus. Required to enable permanent virus protection
Hit rate: 53 % (result)

O4 – HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
Safe. Part of Panda Anti–Virus. Responsible for scanning the boot sector of your disk and your memory at startup to check for viruses that try and load and act before your anti–virus is fully operational. It only adds a fraction of a second to start–up time and is worth leaving active
Hit rate: 59 % (result)
Not dangerous, but unnecessary.
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot – Search & Destroy\TeaTimer.exe
Safe. Spybot – Search & Destroy – free multi–spyware removal tool from Patrick Kolla. TeaTimer.exe monitors certain changes to the registry and notifies when browser plugins and activeX controls get installed, allowing you to block/reverse this.
Hit rate: 99 % (result)

O8 – Extra context menu item: &MSN Suche – res://C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de–de\msntb.dll/search.htm
Nasty The entry &MSN Suche has been identified as nasty.

O8 – Extra context menu item: In neuer Registerkarte im Hintergrund ffnen – res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de–de\msntabres.dll/229?9ea1340d53fd4bd58d837966421afc 9d
Possibly nasty Entries shown in the menu that pops up when right–clicking into the Internet Explorer. Unknown entries should be fixed.
To be fixed if the entry 'In neuer Registerkarte im Hintergrund ffnen ' is unknown.
O8 – Extra context menu item: In neuer Registerkarte im Vordergrund ffnen – res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de–de\msntabres.dll/230?9ea1340d53fd4bd58d837966421afc 9d
Possibly nasty Entries shown in the menu that pops up when right–clicking into the Internet Explorer. Unknown entries should be fixed.
To be fixed if the entry 'In neuer Registerkarte im Vordergrund ffnen ' is unknown.
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programme\Messenger\msmsgs.exe
Safe. The entry Messenger has been identified as safe.
If the entry 'Messenger ' is not needed anymore, it should be fixed.
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programme\Messenger\msmsgs.exe
Safe. The entry Windows Messenger has been identified as safe.
If the entry 'Windows Messenger ' is not needed anymore, it should be fixed.
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
Safe. This entry has been identified as safe.

O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
Safe. This entry has been identified as safe.

O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_si te.cab?1124280460875
Safe. This entry has been identified as safe.

O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
Safe. This entry has been identified as safe.

O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/msnmessengersetupdownloader.cab
Safe. This entry has been identified as safe.

O17 – HKLM\System\CCS\Services\Tcpip\..\{B0797D4B–23ED–4670–AEB6–BDD10B4E0FFE}: NameServer = 217.237.148.33 217.237.151.33
Safe. If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.
The entered IP or Domain '217.237.148.33 217.237.151.33' has been identified as safe.
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (PavFnSvr.exe) was identified as a good one.
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (pavprsrv.exe) was identified as a good one.
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (pavsrv51.exe) was identified as a good one.
O23 – Service: Panda Antispam Engine (pmshellsrv) – PANDA SOFTWARE – C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
Unknown service. (pskmssvc.exe)
O23 – Service: Panda Network Manager (PNMSRV) – Panda Software – C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PNMSRV.EXE
Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
Unknown service. (PNMSRV.EXE)
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (PsImSvc.exe) was identified as a good one.
O23 – Service: Panda TPSrv (TPSrv) – Panda Software – C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
Unknown service. (TPSrv.exe)
Save analysis | Short analysis
NOTICE: Your analysis will only be saved for 3 days.
You should save this file on your hard disk drive. (right click –> save target as)


Use these tips at your own risk!

Copyright 2004 – 2005 by Mathias Mattner | Contact | File Database | Malwareupload.com

zbigniewf:

I co dalej?
[/list]

Sprawdzasz log – http://forum.centrumxp.pl/viewtopic.php?t=37513

Tak to wyglda:

Logfile of HijackThis v1.99.1
Scan saved at 20:32:08, on 23.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PNMSRV.EXE
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
C:\Programme\Conexant\AccessRunner ADSL\CnxDslTb.exe
C:\Programme\Hewlett–Packard\HP Share–to–Web\hpgs2wnd.exe
C:\Programme\Spybot – Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Hewlett–Packard\HP Share–to–Web\hpgs2wnf.exe
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
C:\Programme\T–Online\T–Online_Software_5\Basis–Software\Basis2\kernel.exe
C:\Programme\T–Online\T–Online_Software_5\Basis–Software\Basis2\sc_watch.exe
C:\PROGRA~1\T–Online\T–ONLI~1\BASIS–~1\Basis2\PROFIL~1.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\DOKUME~1\Doktor\LOKALE~1\Temp\Temporres Verzeichnis 1 fr hijackthis_199.zip\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Programme\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: MSN Suche Toolbar Helper – {BDBD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de–de\msntb.dll
O3 – Toolbar: MSN Suche Toolbar – {BDAD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de–de\msntb.dll
O4 – HKLM\..\Run: [CnxDslTaskBar] C:\Programme\Conexant\AccessRunner ADSL\CnxDslTb.exe
O4 – HKLM\..\Run: [Share–to–Web Namespace Daemon] C:\Programme\Hewlett–Packard\HP Share–to–Web\hpgs2wnd.exe
O4 – HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot – Search & Destroy\TeaTimer.exe
O8 – Extra context menu item: &MSN Suche – res://C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de–de\msntb.dll/search.htm
O8 – Extra context menu item: In neuer Registerkarte im Hintergrund ffnen – res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de–de\msntabres.dll/229?9ea1340d53fd4bd58d837966421afc9d
O8 – Extra context menu item: In neuer Registerkarte im Vordergrund ffnen – res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de–de\msntabres.dll/230?9ea1340d53fd4bd58d837966421afc9d
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programme\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programme\Messenger\msmsgs.exe
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124280460875
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{B0797D4B–23ED–4670–AEB6–BDD10B4E0FFE}: NameServer = 217.237.148.33 217.237.151.33
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 – Service: Panda Antispam Engine (pmshellsrv) – PANDA SOFTWARE – C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 – Service: Panda Network Manager (PNMSRV) – Panda Software – C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PNMSRV.EXE
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
O23 – Service: Panda TPSrv (TPSrv) – Panda Software – C:\Programme\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

I co dalej?
[/list]

zbigniewf:

ale poprzednio pojawial sie rowniez gdy chcialem wlaczyc Internet albo otworzyc Eigene Dateien.

Skoro ma zwiazek z IE i greift gerade Ci te Datei, a ponadto robi sie to przy otwieraniu Eigene Dateien, mozna przyjrzec sie systemowi na obecnosc jakichs smieci.
W dziale Bezpieczenstwo w przyklejonym tamcie "FAQ..." znajdziesz programik HiJack This, zastosuj, pokaz z niego log lub sprawdz samodzielnie w drugim przyklejonym tam temacie.
Od czegos trzeba zaczac.

Masz racje ze "atakuje"nie jest dobrym tlumaczeniem .
Jest takie pojecie "Programmzugriff"
co oznacza dostep do jakiegos programu ,sieganie po jakis program.

Od paru dni komunikat sie nie ukazuje./Moze sie dowiedzial ze na niego donioslem?/.
Jak tylko sie ukaze postaram sie go przekazac w oryginale.
xxxx
14:30 Pojawil sie!
Postaram sie ten komunikat opisac poniewaz zrzutu ekranowego nie potrafie zrobic.
Tabliczka w kolorze niebieskim .

U gory ciemnoniebieska linja a na niej czytamy:

C./Programme/Internet Explorer/IEXPLORE.EXE

u dolu po lewej czerwony guzik z bialym krzyzykiem–takim jak do srubokretu krzyzowego –na prawo tekst:

Ein anderes Programm greift gerade auf diese Datei zu.

u dolu –OK–

Pojawil sie w momencie gdy kliknalem na symbol:
Internet Explorer Browser Starten

ale poprzednio pojawial sie rowniez gdy chcialem wlaczyc Internet albo otworzyc Eigene Dateien.

Tabliczke komunikatu mozna klikac dowolnymi klawiszami myszy –nic sie z niego nie wydusi poza tym ze latwo sie zamyka /proponuje Strg+F4/.

Naciskam OK i potem PC pracuje normalnie,ale wolno–co moze ,ale nie musi miec zwiazek z tymi komunikatami.

zbigniewf:

Informacja brzmi :

Ein andres Programm greifta auf diese Dateien zu.

Co w dowolnym tlumaczeniu moze znaczyc :

Inny program atakuje te dane.

Watpie zeby cos "atakowalo".
Jesli wyskoczy Ci znowu ten komunikat, zrob jego zrzut ekranowy –> nacisnij ALT+PrtScreen, otworz Painta i wklej przez CTRL+V. Zapisz jako plik jpg i dolacz do nastepnego posta.

Jesli nie moze tego usunac sprobuj zrobic i sprawdzic loga z HijackThis. Wiecej o tym znajdziesz w dziale Bezpieczenstwo. Lub poprostu wklej loga tutaj.

Uprzejmie dziekuje za zaintersowanie.

Moj komputer stoi Niemczech.Dostawca Internetu jest T–online.de
Jako uzytkownik tej piekielnej maszynerii to jestem normalna betka , a do tego samouk.
O ile sie orientuje to informacja ze cos atakuje wyklikany przeze mnie program pochodzi z systemu./Nie bardzo pamietam calego adresu , ale konczy sie na –kernel–/.

Informacja brzmi :

Ein andres Programm greifta auf diese Dateien zu.

Co w dowolnym tlumaczeniu moze znaczyc :

Inny program atakuje te dane.

"Jakiś" program czyli? Komunikat wyświetla antywirus czy to systemowe powiadomienie?
Zrób moźe jakiegoś screena albo przepisz dokłądnie komunikat. Oczekujemy konkretów.
Przy okazji, temu Spyware Doctor'owi tak specjanie bym nie wierzył, były z nim cyrki w przeszłości, a teraz niby juź jest wporządku. Nie chce mi się wierzyć.

"Jakiś" program czyli? Komunikat wyświetla antywirus czy to systemowe powiadomienie?
Zrób moźe jakiegoś screena albo przepisz dokłądnie komunikat. Oczekujemy konkretów.
Przy okazji, temu Spyware Doctor'owi tak specjanie bym nie wierzył, były z nim cyrki w przeszłości, a teraz niby juź jest wporządku. Nie chce mi się wierzyć.

Sprawdzalem przy pomocy Lavasoft Advare,Panda Platinum 2006,Spyware Doctor i paru innych/ i to wielokrotnie./

Raz ten Doktor od Szpiegow podal ze mam PeopleOnPage .Usunac nie potrafil.

Sprawdzałeś czy jakichś nieproszonych gości nie masz w systemie ?? Jeźeli nie to sprawdź ...