CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Proszę o sprawdzenie tego loga!

Proszę o sprawdzenie tego loga!

Logfile of HijackThis v1.99.1
Scan saved at 07:43:09, on 2005–02–19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSSystem32cisvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32 vsvc32.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
C:WINDOWSMixer.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesNetWatcherProNetWatcherPro.exe
C:Program FilesLavasoftAd–Aware SE ProfessionalAd–Watch.exe
C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
C:Program FilesTlen.pl len.exe
C:WINDOWSsystem32cidaemon.exe
C:PROGRA~1DAPDAP.EXE
D:PROGRAMYOPTYMAL XPXP PROBLEM FIXEDHIJACKTHISHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = www.google.pl
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = www.google.pl
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = www.google.pl
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = www.google.pl
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
O2 – BHO: (no name) – {0000CC75–ACF3–4cac–A0A9–DD3868E06852} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 – BHO: Web assistant – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O2 – BHO: (no name) – {F2709B05–A26A–4FAF–BFD7–5F9C6C526B90} – (no file)
O3 – Toolbar: Web assistant – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:Program FilesCommon FilesSymantec SharedAdBlockingNISShExt.dll
O4 – HKLM..Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [NetWatcherPro] C:Program FilesNetWatcherProNetWatcherPro.exe
O4 – HKLM..Run: [AWMON] "C:Program FilesLavasoftAd–Aware SE ProfessionalAd–Watch.exe"
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [DeskAd Service] C:Program FilesDeskAd ServiceDeskAdServ.exe
O4 – HKLM..Run: [KAVPersonal50] "C:Program FilesKaspersky LabKaspersky Anti–Virus Personalkav.exe" /minimize
O4 – HKCU..Run: [Komunikator] C:Program FilesTlen.pl len.exe
O8 – Extra context menu item: &Add animation to IncrediMail Style Box – C:PROGRA~1INCRED~1in esourcesWebMenuImg.htm
O8 – Extra context menu item: &Download with &DAP – C:PROGRA~1DAPdapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:PROGRA~1DAPdapextie2.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:WINDOWSSystem32msjava.dll
O9 – Extra button: Run DAP – {669695BC–A811–4A9D–8CDF–BA8C795F261C} – C:PROGRA~1DAPDAP.EXE
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {F00F4763–7355–4725–82F7–0DA94A256D46} (IncrediMail) – http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O17 – HKLMSystemCCSServicesTcpip..{426B5961–C3E7–456C–90EE–C56D3A893140}: NameServer = 194.204.152.34,194.204.159.1
O17 – HKLMSystemCS1ServicesTcpip..{426B5961–C3E7–456C–90EE–C56D3A893140}: NameServer = 194.204.152.34,194.204.159.1
O17 – HKLMSystemCS2ServicesTcpip..{426B5961–C3E7–456C–90EE–C56D3A893140}: NameServer = 194.204.152.34,194.204.159.1
O18 – Protocol: offline–8876480 – {AF49DB9D–E980–48FC–8213–C80F7D690DC1} – C:Program FilesLogitechDesktop Messenger8876480ProgramBWPlugProtocol–8876480.dll
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccProxy.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: kavsvc – Kaspersky Lab – C:Program FilesKaspersky LabKaspersky Anti–Virus Personalkavsvc.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Unknown owner – C:Program FilesNorton Internet Security ProfessionalNorton AntiVirusAdvToolsNPROTECT.EXE (file missing)
O23 – Service: NVIDIA Driver Helper Service (NVSvc) – NVIDIA Corporation – C:WINDOWSsystem32 vsvc32.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
O23 – Service: Symantec Core LC – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedCCPD–LCsymlcsvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe

Odpowiedzi: 3

Skoro juz nie ma to pliku tez nie ma (file missing) wpis sie jednynie zachował
Mozesz w takim razie sfixowac
Bobi
Dodano
19.02.2005 10:07:23
Usunąłem według twoich zaleceń–Jedyny problem pojawił się przy usunięciu klucza rejestru:
O23 – Service: Norton Unerase Protection (NProtectService) – Unknown owner – C:Program FilesNorton Internet Security ProfessionalNorton AntiVirusAdvToolsNPROTECT.EXE (file missing)
Nortona odinstalowałem wczoraj, obecnie posiadam antywirusa z rosyjskim imieniem w tytule "Kaspersky"!To chyba jakis plik, ktory uchował się po deinstalacji!Z tego co widzę odnosi się do programu NIS(Norton Internet Security), ale chyba jest zbedny!Wielkie dzieki za pomoc!
Jeypi
Dodano
19.02.2005 09:59:33
Pozbadz sie
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
O2 – BHO: (no name) – {0000CC75–ACF3–4cac–A0A9–DD3868E06852} – (no file)
O2 – BHO: (no name) – {F2709B05–A26A–4FAF–BFD7–5F9C6C526B90} – (no file)
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [DeskAd Service] C:Program FilesDeskAd ServiceDeskAdServ.exe


To niby wyglada na na file missing ale zostawiłbym to bo masz u sibie Nortona i nie wiadomo jak na to zreaguje:
O23 – Service: Norton Unerase Protection (NProtectService) – Unknown owner – C:Program FilesNorton Internet Security ProfessionalNorton AntiVirusAdvToolsNPROTECT.EXE (file missing)
Bobi
Dodano
19.02.2005 09:34:19
Jeypi
Dodano:
19.02.2005 08:43:21
Komentarzy:
3
Strona 1 / 1