CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Oto moj log... Nie wiem co jest nie tak...

Oto moj log... Nie wiem co jest nie tak...

Logfile of HijackThis v1.97.7
Scan saved at 21:07:40, on 2004–10–11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32CTsvcCDA.exe
C:Program FilesPanda SoftwarePanda Antivirus Platinumpavsrv51.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32oneLabsvsmon.exe
C:Program FilesPanda SoftwarePanda Antivirus PlatinumAVENGINE.EXE
C:WINDOWSSystem32MsPMSPSv.exe
C:WINDOWSSystem32setver32.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesWinampwinampa.exe
C:Program FilesPanda SoftwarePanda Antivirus PlatinumAPVXDWIN.EXE
C:Program FilesJavaj2re1.4.2_05injusched.exe
C:WINDOWSSystem32CTHELPER.EXE
C:Program FilesD–Toolsdaemon.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesCreativeSBAudigyTaskBarCTLTray.exe
C:Program FilesCreativeSBAudigyTaskBarCTLTask.exe
C:Program Filesone LabsoneAlarmzonealarm.exe
C:WINDOWS wain_32A4CISWATCH.exe
C:Program FilesPanda SoftwarePanda Antivirus PlatinumpavProxy.exe
C:Program FilesGadu–Gadugg.exe
C:Program FilesAzureusAzureus.exe
C:Program FilesJavaj2re1.4.2_05injavaw.exe
C:Documents and SettingsAdministrator.SERWERPulpitInstalkiHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R1 – HKCUSoftwareMicrosoftInternet Connection Wizard,Shellnext = http://www.sygate.com/swat/support/spf50_help.htm
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 – HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 – HKLM..Run: [SCANINICIO] "C:Program FilesPanda SoftwarePanda Antivirus PlatinumInicio.exe"
O4 – HKLM..Run: [APVXDWIN] "C:Program FilesPanda SoftwarePanda Antivirus PlatinumAPVXDWIN.EXE" /s
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_05injusched.exe
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBAudigyPROGRAMADGJDet.exe"
O4 – HKLM..Run: [DAEMON Tools–1033] "C:Program FilesD–Toolsdaemon.exe" –lang 1033
O4 – HKLM..Run: [Windows secure] setver32.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..RunServices: [Windows secure] setver32.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [TaskTray] "C:Program FilesCreativeSBAudigyTaskBarCTLTray.exe"
O4 – HKCU..Run: [TaskBar] "C:Program FilesCreativeSBAudigyTaskBarCTLTask.exe"
O4 – HKCU..Run: [Windows secure] setver32.exe
O4 – HKLM..RunOnce: [Windows secure] setver32.exe
O4 – HKCU..RunOnce: [Windows secure] setver32.exe
O4 – Startup: Watch.lnk = C:WINDOWS wain_32A4CISWATCH.exe
O4 – Global Startup: ZoneAlarm.lnk = C:Program Filesone LabsoneAlarmzonealarm.exe
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 – DPF: {5F874A6F–8B34–433D–BA4B–47AC91C0567F} (MailCfg Control) – https://poczta.wp.pl/autoryzacja/mailcfg2.ocx
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Odpowiedzi: 4

Sorki za tego loga – zrobiłem to tak z czystej ciekawości czy u mnie wszystko jest ok. (zawsze moźna na coś trafić o czym się nie wie) Dzieki. Pozdrawiam.
Zibi
Dodano
12.10.2004 03:17:30
Napraw :

O2 – BHO: (no name) – {E5A1691B–D188–4419–AD02–90002030B8EE} – (no file)

BTW, nie zamieszczajcie logów jeśli nic się podejrzanego nie dzieje ( to tak na przyszłość ).
McScr@by
Dodano
12.10.2004 03:11:18
No to moźe i umnie znajdziecie coś co jest nie tak :?: :? :P

Logfile of HijackThis v1.98.2
Scan saved at 01:02:18, on 2004–10–12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32CTHELPER.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:PROGRA~1ALWILS~1Avast4ashmaisv.exe
C:PROGRA~1A4TechMouseAmoumain.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSSystem32CTsvcCDA.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32 vsvc32.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FileseMuleemule.exe
C:Program FilesAvant Browseriexplore.exe
J:FTPPROGRAMYHijackThis 1.98.2hijackthisHijackThis.exe
C:WINDOWSSystem32 egsvr32.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 – HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.leadtek.com.tw/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: DAPHelper Class – {0000CC75–ACF3–4cac–A0A9–DD3868E06852} – C:Program FilesDAPDAPBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: (no name) – {E5A1691B–D188–4419–AD02–90002030B8EE} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 – HKLM..Run: [WinFast Schedule] C:Program FilesWinFastWFTVFMWFWIZ.exe
O4 – HKLM..Run: [CTHelper] CTHELPER.EXE
O4 – HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 – HKLM..Run: [Jet Detection] "C:Program FilesCreativeSBLivePROGRAMADGJDet.exe"
O4 – HKLM..Run: [REGSHAVE] C:Program FilesREGSHAVEREGSHAVE.EXE /AUTORUN
O4 – HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 – HKLM..Run: [ashMaiSv] C:PROGRA~1ALWILS~1Avast4ashmaisv.exe
O4 – HKLM..Run: [WheelMouse] C:PROGRA~1A4TechMouseAmoumain.exe
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O8 – Extra context menu item: &Download with &DAP – C:PROGRA~1DAPdapextie.htm
O8 – Extra context menu item: Blokuj wszystkie obrazy z tego serwera – C:Program FilesAvant BrowserAddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj do listy blokowanych reklam – C:Program FilesAvant BrowserAddToADBlackList.htm
O8 – Extra context menu item: Download &all with DAP – C:PROGRA~1DAPdapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 – Extra context menu item: Otwórz wszystkie adresy z tej strony... – C:Program FilesAvant BrowserOpenAllLinks.htm
O8 – Extra context menu item: Podświetl – C:Program FilesAvant BrowserHighlight.htm
O8 – Extra context menu item: Szukaj – C:Program FilesAvant BrowserSearch.htm
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:PROGRA~1DAPDAP.EXE
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
Zibi
Dodano
12.10.2004 03:03:26
Wyłącz przywracanie systemu,
Zakończ proces w Task`u :

setver32.exe

Napraw :

O4 – HKLM..Run: [Windows secure] setver32.exe
O4 – HKLM..RunServices: [Windows secure] setver32.exe
O4 – HKCU..Run: [Windows secure] setver32.exe
O4 – HKLM..RunOnce: [Windows secure] setver32.exe
O4 – HKCU..RunOnce: [Windows secure] setver32.exe

Wyszukaj zaznaczając ukryte i usuń :

setver32.exe

Włącz przywracanie.
McScr@by
Dodano
12.10.2004 01:47:07
kronung
Dodano:
12.10.2004 01:27:07
Komentarzy:
4
Strona 1 / 1