CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo log + debugowanie. HELP!

log + debugowanie. HELP!

proszę o sprawdzenie loga bo zapewne jest w nim coś nie tak. będę wdzięczny
a druga sprawa to taki oto komunikat pojawiający się przy próbie włączenia np. DAP, soulseek , czy skrótu na pulpicie do: np. c:, po tym komunikacie wywala mi wszystko z traya i staje się dość uciąźliwe bo coraz częstsze.


i log:
Logfile of HijackThis v1.99.0
Scan saved at 22:28:03, on 2004–12–21
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32atiptaxx.exe
C:Program FilesD–Toolsdaemon.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb08.exe
C:Program FilesHewlett–PackardHP Software UpdateHPWuSchd.exe
C:Program FilesHewlett–PackardDigital Imaginginhpotdd01.exe
C:Program FilesInkSaverInkSaver.exe
C:Program FilesGIANT Company SoftwareSpam InspectorsiService.exe
C:Program FilesGIANT Company SoftwareSpam InspectorsiMailProxyServer.exe
C:Program FilesGIANT Company SoftwareSpam InspectorsiSpamFilterEngine.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesNetPatrolNetPatrol.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSoulseekslsk.exe
C:Program FilesGadu–Gadugg.exe
C:WINDOWSexplorer.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsKrzysztofUstawienia lokalneTempHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://82.179.166.192/search.php?v=6&aff=151670
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://82.179.166.192/index.php?v=6&aff=151670
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.google.pl
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 213.130.53.82:80
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe
O1 – Hosts: 200.199.201.81 www.zebj.brturbo.com
O2 – BHO: DAPHelper Class – {0000CC75–ACF3–4cac–A0A9–DD3868E06852} – C:Program FilesDAPDAPBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~1SDHelper.dll
O2 – BHO: Zero Popup – {EB23F789–F17F–4bcc–988B–6B70A3A67E9C} – C:PROGRA~1EROPO~1ERO–P~1.DLL
O2 – BHO: (no name) – {EFE36F9B–4A06–45F6–B8A7–0C8E6A80FCC8} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: 3DNA Toolbar – {2ECB7FB2–0333–416F–92FD–4904AD49252B} – C:WINDOWSsystem323DNATO~1.DLL
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O4 – HKLM..Run: [AtiPTA] atiptaxx.exe
O4 – HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [DAEMON Tools–1033] "C:Program FilesD–Toolsdaemon.exe" –lang 1033
O4 – HKLM..Run: [121186d53e977912833568c3cf509353] C:Program FilesInternet Explorer121186d53e977912833568c3cf509353.exe
O4 – HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb08.exe
O4 – HKLM..Run: [HP Software Update] C:Program FilesHewlett–PackardHP Software UpdateHPWuSchd.exe
O4 – HKLM..Run: [DeviceDiscovery] C:Program FilesHewlett–PackardDigital Imaginginhpotdd01.exe
O4 – HKLM..Run: [cupdate] C:DOCUME~1KRZYSZ~1USTAWI~1TempSFX176.tmpcupdate.exe
O4 – HKLM..Run: [InkSaver] C:Program FilesInkSaverInkSaver.exe hide
O4 – HKLM..Run: [siService.exe] "C:Program FilesGIANT Company SoftwareSpam InspectorsiService.exe"
O4 – HKLM..Run: [CorelDRAW Graphics Suite 11b] E:Program filescorelLanguagesENProgramsRegistration.exe /title="CorelDRAW Graphics Suite 12" /date=052804 serial=DR12WTX–9999998–YSP lang=EN
O4 – HKLM..Run: [DownloadAccelerator] C:PROGRA~1DAPDAP.EXE /STARTUP
O4 – HKLM..Run: [KAVPersonal50] E:Program filesKaspersky Anti–Virus Personalkav.exe /minimize
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [WITaj!] C:Program FilesWITaj!Wit2000.exe /ikona
O4 – HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 – Extra context menu item: &Download with &DAP – C:PROGRA~1DAPdapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:PROGRA~1DAPdapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.1_02in pjpi141_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavaj2re1.4.1_02in pjpi141_02.dll
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:PROGRA~1DAPDAP.EXE
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O12 – Plugin for .pdf: C:Program FilesInternet ExplorerPLUGINS ppdf32.dll
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 – DPF: {70BA88C8–DAE8–4CE9–92BB–979C4A75F53B} – https://www.gamespyid.com/alaunch.cab
O16 – DPF: {74D05D43–3236–11D4–BDCD–00C04F9A3B61} (HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 – DPF: {80DD2229–B8E4–4C77–B72F–F22972D723EA} (AvxScanOnline Control) – http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLMSystemCCSServicesTcpip..{7EBFDC0B–B41E–4B7C–A7F0–2B6BBB176037}: NameServer = 192.168.56.1,217.97.164.5
O23 – Service: kavsvc – Kaspersky Lab – E:Program filesKaspersky Anti–Virus Personalkavsvc.exe
O23 – Service: MkS Net Monitor – Unknown – D:Program FilesMKSBinNetMonSv.exe (file missing)
O23 – Service: MkSUpdateInt – Unknown – D:Program FilesMKSinMkSUpdateInt.exe (file missing)
O23 – Service: MkS_Vir Monitor – Unknown – D:Program FilesMKSBinmksmonsv.exe (file missing)
O23 – Service: MkS_Scan – Unknown – D:Program FilesMKSBinmks_scan.exe (file missing)
O23 – Service: Qbik NetPatrol Engine – QBIK NZ Ltd – C:Program FilesNetPatrolNetPatrol.exe

Odpowiedzi: 3

R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 213.130.53.82:80
To Twoje proxy Metropoliglobal ?
O3 – Toolbar: 3DNA Toolbar – {2ECB7FB2–0333–416F–92FD–4904AD49252B} – C:WINDOWSsystem323DNATO~1.DLL

Uźywasz tej wizualizacji pulpitu ?
O16 – DPF: {70BA88C8–DAE8–4CE9–92BB–979C4A75F53B} – https://www.gamespyid.com/alaunch.cab

Znana jest Tobie ta kontrolka ActiveX ?
F2 – REG:system.ini: Shell=explorer.exe

To teź moźesz Fix`nąć.
McScr@by
Dodano
22.12.2004 12:32:10
O pamięć nie moźe być "read" było juź po [banan] topiców na forum (zajrzyj –> archiwum)
Over
Dodano
22.12.2004 01:44:25
Wylaczasz przywracanie, killujesz pliki exe w menedzerze zadan (jesli sa) i pozbywasz sie ich z dysku i na samym koncu fixujesz ponizsze pozycje w hijackthis

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://82.179.166.192/search.php?v=6&aff=151670
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://82.179.166.192/index.php?v=6&aff=151670
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 213.130.53.82:80
O1 – Hosts: 200.199.201.81 www.zebj.brturbo.com
O2 – BHO: (no name) – {EFE36F9B–4A06–45F6–B8A7–0C8E6A80FCC8} – (no file)
O3 – Toolbar: 3DNA Toolbar – {2ECB7FB2–0333–416F–92FD–4904AD49252B} – C:WINDOWSsystem323DNATO~1.DLL
O3 – Toolbar: (no name) – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – (no file)
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [121186d53e977912833568c3cf509353] C:Program FilesInternet Explorer121186d53e977912833568c3cf509353.exe
O4 – HKLM..Run: [cupdate] C:DOCUME~1KRZYSZ~1USTAWI~1TempSFX176.tmpcupdate.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

Po wykonaniu mozesz wlaczyc przywracanie
wins
Dodano
22.12.2004 01:18:06
Al.Bundy
Dodano:
21.12.2004 23:44:16
Komentarzy:
3
Strona 1 / 1