CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo log... standardowo :)

log... standardowo :)

Witam...
Standardowo prosba do Madrzejszych o sprawdzenie :)
Logfile of HijackThis v1.97.7
Scan saved at 17:42:51, on 2005–02–14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32CTsvcCDA.exe
C:Program FilesNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32ScsiAccess.EXE
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesNorton AntiVirusSAVScan.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSSystem32winadh.exe
C:WINDOWSSystem32svchosts.exe
C:WINDOWSSystem32ccUpdate.exe
C:Program FilesWindows FormatAdWinForm.exe
C:WINDOWSSystem32gah95on6.exe
C:WINDOWSSystem32 Vid.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesHotKeyHotKey.exe
C:Program FilesKodakKodak EasyShare softwareinEasyShare.exe
C:Program FilesWindows FormatAdWinFormKeep.exe
C:Program FilesKodakKODAK Software Updater7288971ProgramackWeb–7288971.exe
F:ProgsHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O1 – Hosts: 217.96.35.130 auto.search.msn.com
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – (no file)
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: Search Relevancy – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:PROGRA~1SEARCH~1SEARCH~2.DLL (file missing)
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" –atboottime
O4 – HKLM..Run: [Microsoft Intrenet Explorer] winadh.exe
O4 – HKLM..Run: [svchost] svchosts.exe
O4 – HKLM..Run: [Norton Updater] ccUpdate.exe
O4 – HKLM..Run: [Windows FormatAd] C:Program FilesWindows FormatAdWinForm.exe
O4 – HKLM..Run: [gah95on6] C:WINDOWSSystem32gah95on6.exe
O4 – HKLM..Run: [Nvidia Driver] nVid.exe
O4 – HKLM..RunServices: [Microsoft Intrenet Explorer] winadh.exe
O4 – HKLM..RunServices: [svchost] svchosts.exe
O4 – HKLM..RunServices: [Norton Updater] ccUpdate.exe
O4 – HKLM..RunServices: [Nvidia Driver] nVid.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 – HKCU..Run: [svchost] svchosts.exe
O4 – HKCU..RunServices: [svchost] svchosts.exe
O4 – Global Startup: HotKey Driver.lnk = C:Program FilesHotKeyHotKey.exe
O4 – Global Startup: Kodak EasyShare software.lnk = C:Program FilesKodakKodak EasyShare softwareinEasyShare.exe
O4 – Global Startup: Kodak software updater.lnk = C:Program FilesKodakKODAK Software Updater7288971ProgramackWeb–7288971.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/CDTInc/ie/bridge–c282.cab
O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 – DPF: {4539348E–01D7–11D5–9A39–0080C8D85044} (GameDesire Slots 90th) – http://67.15.101.3/g_bin/pl/slots90_2_0_0_23.cab
O16 – DPF: {4B4513E2–4E57–43DF–9496–FCD37E9DFA64} (GameDesire Sea Battle) – http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 – DPF: {9085316E–42BA–11D4–BAA3–0080C8D7ED4A} (GameDesire JungleHunter) – http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/pl/slots70_2_0_0_22.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab

Dzieki!

Odpowiedzi: 4

Bobi_robert:
A juz wymiana Windowsa to koniecznosc :mrgreen:
Tia najlepiej na win 3.1...
kietek
Dodano
15.02.2005 17:33:00
Przecie szpece zawsze uwazaja format za nalepsze rozwiazanie. A juz wymiana Windowsa to koniecznosc :mrgreen:

Oni na pewno naleza do tych "madrzejszych" :wink:
Bobi
Dodano
15.02.2005 16:04:23
EL NINO:
W takim razie pomyliles forum. Tu takich nie ma :P

No nie przesadzaj :)
Nie moj komp, wiec wolalem zapytac zanim poczyszcze. Dzieki za pomoc :)
BTW: Standardowy tekst admina w ichniejszej sieci osiedlowej:
W zwiazku z wykryciem na Panstwa komputerze wirusa

dostep do Internetu zostal zablokowany !!!

W komputerze moze byc wirus wykrywany przez programy antywirusowe
lub NOWY – nie wykrywany jeszcze przez programy antywirusowe.

PROSZE ODLACZYC KOMPUTER OD SIECI (odlaczyc kabel) i usunac wirusa
poprzez format dysku i ponowna instalacje systemu.
JEST TO, NIESTETY, JEDYNY SPOSOB NA USUNIECIE WIRUSA !!!
Ze wzgledu na "dziury" wystepujace w Windows XP,
zaleca sie korzystanie z Windowsow innych niz XP (np. 98 se, Me, 2000).
Po instalacji Windowsa XP nalezy zainstalowac Service Pack 2
(SP2 nalezy instalowac z plyty CD–ROM
aby nie wpuscic do komputera wirusa podczas sciagania z Internetu)

Ręce i cycki opadają...
sponsi
Dodano
15.02.2005 16:00:28
sponsi:
Standardowo prosba do Madrzejszych o sprawdzenie :)
W takim razie pomyliles forum. Tu takich nie ma :P .

Usuwaj:


C:WINDOWSSystem32winadh.exe
C:WINDOWSSystem32ccUpdate.exe
C:Program FilesWindows FormatAdWinForm.exe
C:WINDOWSSystem32gah95on6.exe
C:WINDOWSSystem32 Vid.exe
C:Program FilesWindows FormatAdWinFormKeep.exe
C:WINDOWSSystem32svchosts.exe

R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O1 – Hosts: 217.96.35.130 auto.search.msn.com
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – (no file)
O2 – BHO: Search Relevancy – {1D7E3B41–23CE–469B–BE1B–A64B877923E1} – C:PROGRA~1SEARCH~1SEARCH~2.DLL (file missing)
O4 – HKLM..Run: [Microsoft Intrenet Explorer] winadh.exe
O4 – HKLM..Run: [svchost] svchosts.exe
O4 – HKLM..Run: [Norton Updater] ccUpdate.exe
O4 – HKLM..Run: [Windows FormatAd] C:Program FilesWindows FormatAdWinForm.exe
O4 – HKLM..Run: [gah95on6] C:WINDOWSSystem32gah95on6.exe
O4 – HKLM..Run: [Nvidia Driver] nVid.exe
O4 – HKLM..RunServices: [Microsoft Intrenet Explorer] winadh.exe
O4 – HKLM..RunServices: [svchost] svchosts.exe
O4 – HKLM..RunServices: [Norton Updater] ccUpdate.exe
O4 – HKLM..RunServices: [Nvidia Driver] nVid.exe
O4 – HKCU..Run: [svchost] svchosts.exe
O4 – HKCU..RunServices: [svchost] svchosts.exe
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/CDTInc/ie/bridge–c282.cab

O16 – DPF: {18506D80–9B80–11D4–82C2–0080C8D7ED4A} (GameDesire Roulette) – http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab
O16 – DPF: {4539348E–01D7–11D5–9A39–0080C8D85044} (GameDesire Slots 90th) – http://67.15.101.3/g_bin/pl/slots90_2_0_0_23.cab
O16 – DPF: {4B4513E2–4E57–43DF–9496–FCD37E9DFA64} (GameDesire Sea Battle) – http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 – DPF: {9085316E–42BA–11D4–BAA3–0080C8D7ED4A} (GameDesire JungleHunter) – http://67.15.101.3/g_bin/pl/hunter_2_0_0_16.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GameDesire Slots 70th) – http://67.15.101.3/g_bin/pl/slots70_2_0_0_22.cab


Nie pomyl systemowego svchost z svchosts ktory jest u Ciebie.
Te gry – jesli grasz, nie usuwaj.
EL NINO
Dodano
15.02.2005 15:19:55
sponsi
Dodano:
15.02.2005 13:29:40
Komentarzy:
4
Strona 1 / 1