CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo log

log

proszę o sprawdzenie loga kumpla – ma tak zasyfionego kompa, źe nie moźe tu sam wejść.

Logfile of HijackThis v1.98.2
Scan saved at 19:37:21, on 2005–04–24
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\piyjvg.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\Services\{2020C440–5C32–43F9–9B04–9D744B788BA5}\SVCHOST.EXE
C:\WINDOWS\System32\atipatxx.exe
F:\Gadu–Gadu\gg.exe
C:\progra~1\steam\steam.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Spybot – Search & Destroy\SpybotSD.exe
E:\instalki itp\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 – BHO: (no name) – {BFE4BBB6–AE88–4E46–8F51–58B87B5CB59E} – C:\WINDOWS\System32\ddbp.dll
O4 – HKLM\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 – HKLM\..\Run: [HBVh$ć/E%)fC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\piyjvg.exe
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKLM\..\RunServices: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 – HKCU\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O18 – Filter: text/html – {EA0909F6–C0F0–42D5–A308–E490B7D69A5D} – C:\WINDOWS\System32\ddbp.dll
O18 – Filter: text/plain – {EA0909F6–C0F0–42D5–A308–E490B7D69A5D} – C:\WINDOWS\System32\ddbp.dll

Odpowiedzi: 3

Opróźnij ponadto katalogi:

C:\Documents And Settings\Nazwa_Uźytkownika\Ustawienia Lokalne\TEMP

C:\Documents And Settings\Nazwa_Uźytkownika\Ustawienia Lokalne\Temporary Internet Files

Pozdrawiam :)
Mrówek
Dodano
28.04.2005 21:32:10
ale jestem niewychowany :P dzięki oczywiście – ale Ty bez tego wiesz, źe jestem wdzięczny :wink:
Over
Dodano
28.04.2005 21:30:06
W przyklejonym temacie znajdziesz linka do fixa se.dll – sciagnij i zastosuj. Usunie Ci wszystko z nim zwiazane.
Pozniej usun reszte i uwazaj na svchost.exe – ten ponizej nie jest systemowy:


C:\WINDOWS\piyjvg.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\Services\{2020C440–5C32–43F9–9B04–9D744B788BA5}\SVCHOST.EXE
C:\WINDOWS\System32\atipatxx.exe
C:\WINDOWS\System32\paytime.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll/spage.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://81.222.131.49/index.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 – BHO: (no name) – {BFE4BBB6–AE88–4E46–8F51–58B87B5CB59E} – C:\WINDOWS\System32\ddbp.dll
O4 – HKLM\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 – HKLM\..\Run: [HBVh$ć/?E%)fC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\piyjvg.exe
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKLM\..\RunServices: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 – HKCU\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O18 – Filter: text/html – {EA0909F6–C0F0–42D5–A308–E490B7D69A5D} – C:\WINDOWS\System32\ddbp.dll
O18 – Filter: text/plain – {EA0909F6–C0F0–42D5–A308–E490B7D69A5D} – C:\WINDOWS\System32\ddbp.dll
EL NINO
Dodano
24.04.2005 23:13:01
Over
Dodano:
24.04.2005 21:39:40
Komentarzy:
3
Strona 1 / 1