Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3900: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3902: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3903: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3904: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
prosze o sprawdzenie loga. • programosy.pl
Aktualizacje na programosy.pl: DBF ViewerCamtasia StudioGetFLVMediaInfoEverNotereaConverter LiteVisual Studio CodeChromiumKaspersky Rescue Disk  

  • Ogłoszenie:

prosze o sprawdzenie loga.

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.
Wyślij odpowiedź

prosze o sprawdzenie loga.

Postprzez Smilodon 12 Lis 2005, 00:51

reklama
Na poczatek chciałbym sie przywitac to moj pierwszy post na tym swietnym forum :wink:
Szkoda ze zaczynam od problemow, a wiec tak juz od dluzszego czasu (ok 2 tygodnie) mam wrazenie ze cos nie tak dzieje sie z moim kompem - podejrzewam ze przez to ze nie mialem czasu uaktualnic antivirusa :( - praca komputera jakby troche zwolnila, a ponadto dosyc czesto wyskakuja okienka z firewall'a o zmianach dokonanych w pliku C:\WINDOWS\SYSTEM32\i tutaj nie pamietam cos na N ktorych chce dokonac aplikacja o nazwie MD5.
Podejrzewam ze to haker albo jakis szpieg bo ten algorytm jak slyszalem stosuje sie do przechwytywania hasel.
Ponadto antivirus wykryl wirusa i duzo trojanow na kompie oraz elementow szpiegujacych no i sie pogubilem nie jestem az tak zaawansowany wiec prosze Was o pomoc.

Oto log:
Logfile of HijackThis v1.99.1
Scan saved at 23:32:20, on 2005-11-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMY\Ochrona\Anti-virus\aswUpdSv.exe
C:\PROGRAMY\Ochrona\Anti-virus\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRAMY\Ochrona\Firewall\Keiro Firewall\persfw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\PowerS.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRAMY\Ochrona\ANTI-V~1\ashDisp.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\MULTIMEDIA\Internetowe\Gadu-Gadu\gg.exe
C:\MULTIMEDIA\Internetowe\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
C:\PROGRAMY\Internetowe\UD Agent\UD.EXE
C:\Program Files\Neostrada TP\ComComp.exe
C:\PROGRAMY\Internetowe\UD Agent\ud_7657531.exe
C:\PROGRAMY\Ochrona\Anti-virus\ashMaiSv.exe
C:\PROGRAMY\Ochrona\Anti-virus\ashWebSv.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\PROGRAMY\Internetowe\UD Agent\ud_7657531_0.dir\WCGrid_Rosetta.exe
C:\PROGRAMY\Internetowe\Oprea 8.1\Opera.exe
C:\Documents and Settings\PSmillodon\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amnezja.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\MULTIMEDIA\Internetowe\Shareaza\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAMY\Ochrona\ANTYSP~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsxA9B.dll
O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\system32\italpfau.dll
O2 - BHO: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.6.4.1\HbtHostIE.dll (file missing)
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.6.4.1\HbtHostIE.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.6.4.1\HbtOEAddOn.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.6.4.1\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [nlxsifjt] C:\WINDOWS\system32\qcixoufm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRAMY\Ochrona\ANTI-V~1\ashDisp.exe
O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Neostrada TP\NeostradaTP.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\MULTIMEDIA\Internetowe\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\MULTIMEDIA\Internetowe\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe
O4 - Startup: UD Agent.lnk = C:\PROGRAMY\Internetowe\UD Agent\UD.EXE
O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: Download with &Shareaza - res://C:\MULTIMEDIA\Internetowe\Shareaza\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz używając Download &Express'a - C:\MULTIMEDIA\Internetowe\Download Express\Add_Url.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.amnezja.org/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121553044804
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C8D2A53-C8BF-44C7-9E8A-56FAA66623FC}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C8D2A53-C8BF-44C7-9E8A-56FAA66623FC}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\PROGRAMY\Ochrona\Anti-virus\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\PROGRAMY\Ochrona\Anti-virus\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\PROGRAMY\Ochrona\Anti-virus\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\PROGRAMY\Ochrona\Anti-virus\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\PROGRAMY\Ochrona\Firewall\Keiro Firewall\persfw.exe


A i jeszcze gdy wlaczam skanowanie dyskow antivirusem to gdy skan dojdzie do zainfekowanego obiektu i pyta sie co robic w krotce potem (ok 30 min) komputer zawiesza sie muli i mozna do aplikacji dostac sie tylko z Menedżera zadan.
Jeszcze raz baedzo prosze o pomoc z góry dzieki. :|
Awatar użytkownika
Smilodon
~user
 
Posty: 67
Dołączenie: 08 Lis 2005, 17:05
Pochwały: 1

Góra

Postprzez jeff 12 Lis 2005, 01:10

wszystkie czynności wykonujesz w trybie awaryjnym z wyłączonym przywracaniem systemu

O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\MULTIMEDIA\Internetowe\Shareaza\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsxA9B.dll
O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\system32\italpfau.dl
O2 - BHO: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.6.4.1\HbtHostIE.dll (file missing)
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.6.4.1\HbtHostIE.dll (file missing)
O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.6.4.1\HbtOEAddOn.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.6.4.1\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [nlxsifjt] C:\WINDOWS\system32\qcixoufm.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN


najpierw kasujesz wpisy w Hijacku a potem ręcznie pogrubione pliki/foldery.

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)


Ten wpis z kreseczką "_" usuniesz edytorem rejestru Registrar Lite

http://www.resplendence.com/reglite

Uruchom edytor w pole Address wklej ścieżke
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks i kliknij Go poczym zostaniesz przeniesiony do tego klucza. Po prawej stronie będzie widoczny wpis _{00A6FAF6-072E-44cf-8957-5838F569A31D} wszystkie inne wpisy z taką samą kreseczką także kasujesz i z prawokliku kasujesz wpisy.

tak samo robisz z tym:

R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)


po zabiegach nowy log

Autor postu otrzymał pochwałę
jeff
 


Góra

Postprzez Smilodon 13 Lis 2005, 18:21

Czesc sorka ze tak pozno ale najpierw mnie nie bylo a pozniej okazalo sie wczoraj ze myszke mam zepsuta no i dzisiaj zrobilem i dopiero sie wzialem za to co mi napisales.

Zrobilem wszystko tak jak mowiles tylko nie moge sciagnac tego Registrar Lite mozna usunac to innym programem albo bezposrednio z rejestru?

Oto swiezy log:
Logfile of HijackThis v1.99.1
Scan saved at 17:14:35, on 2005-11-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMY\Ochrona\Anti-virus\aswUpdSv.exe
C:\PROGRAMY\Ochrona\Anti-virus\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRAMY\Ochrona\Firewall\Keiro Firewall\persfw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\PowerS.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRAMY\Ochrona\ANTI-V~1\ashDisp.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\MULTIMEDIA\Internetowe\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
C:\PROGRAMY\Internetowe\UD Agent\UD.EXE
C:\PROGRAMY\Internetowe\UD Agent\ud_7657531.exe
C:\PROGRAMY\Ochrona\Anti-virus\ashMaiSv.exe
C:\PROGRAMY\Ochrona\Anti-virus\ashWebSv.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\PROGRAMY\Internetowe\UD Agent\ud_7657531_0.dir\WCGrid_Rosetta.exe
C:\PROGRAMY\Internetowe\Oprea 8.1\Opera.exe
C:\WINDOWS\system32\svchost.exe
C:\MULTIMEDIA\Internetowe\Gadu-Gadu\gg.exe
C:\Documents and Settings\PSmillodon\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amnezja.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAMY\Ochrona\ANTYSP~1\Spybot\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRAMY\Ochrona\ANTI-V~1\ashDisp.exe
O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Neostrada TP\NeostradaTP.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\MULTIMEDIA\Internetowe\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\MULTIMEDIA\Internetowe\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: UD Agent.lnk = C:\PROGRAMY\Internetowe\UD Agent\UD.EXE
O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\MULTIMEDIA\Internetowe\Shareaza\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz używając Download &Express'a - C:\MULTIMEDIA\Internetowe\Download Express\Add_Url.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.amnezja.org/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121553044804
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C8D2A53-C8BF-44C7-9E8A-56FAA66623FC}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C8D2A53-C8BF-44C7-9E8A-56FAA66623FC}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\PROGRAMY\Ochrona\Anti-virus\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\PROGRAMY\Ochrona\Anti-virus\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\PROGRAMY\Ochrona\Anti-virus\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\PROGRAMY\Ochrona\Anti-virus\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\PROGRAMY\Ochrona\Firewall\Keiro Firewall\persfw.exe
Awatar użytkownika
Smilodon
~user
 
Posty: 67
Dołączenie: 08 Lis 2005, 17:05
Pochwały: 1

Góra

Postprzez Red 13 Lis 2005, 18:30

Smilodon napisał(a):mozna usunac to innym programem albo bezposrednio z rejestru?


a walnij to zwyczajnie z hijacka ,mowa oczywiscie o tych wpisach:
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

i daj log kontrolnie :)

Autor postu otrzymał pochwałę
Awatar użytkownika
Red
^zasłużony
 
Posty: 8694
Dołączenie: 01 Wrz 2005, 10:57
Miejscowość: Piaseczno
Pochwały: 701

Góra

Postprzez Smilodon 13 Lis 2005, 18:37

Ok juz sie robi dziekji nie ma tego ale prosze o sprawdzenie bo sie nie znam za bardzo:)

Logfile of HijackThis v1.99.1
Scan saved at 17:32:06, on 2005-11-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAMY\Ochrona\Anti-virus\aswUpdSv.exe
C:\PROGRAMY\Ochrona\Anti-virus\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRAMY\Ochrona\Firewall\Keiro Firewall\persfw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\PowerS.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRAMY\Ochrona\ANTI-V~1\ashDisp.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\MULTIMEDIA\Internetowe\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
C:\PROGRAMY\Internetowe\UD Agent\UD.EXE
C:\PROGRAMY\Internetowe\UD Agent\ud_7657531.exe
C:\PROGRAMY\Ochrona\Anti-virus\ashMaiSv.exe
C:\PROGRAMY\Ochrona\Anti-virus\ashWebSv.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\PROGRAMY\Internetowe\UD Agent\ud_7657531_0.dir\WCGrid_Rosetta.exe
C:\PROGRAMY\Internetowe\Oprea 8.1\Opera.exe
C:\WINDOWS\system32\svchost.exe
C:\MULTIMEDIA\Internetowe\Gadu-Gadu\gg.exe
C:\Documents and Settings\PSmillodon\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amnezja.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRAMY\Ochrona\ANTYSP~1\Spybot\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRAMY\Ochrona\ANTI-V~1\ashDisp.exe
O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Neostrada TP\NeostradaTP.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\MULTIMEDIA\Internetowe\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\MULTIMEDIA\Internetowe\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: UD Agent.lnk = C:\PROGRAMY\Internetowe\UD Agent\UD.EXE
O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\MULTIMEDIA\Internetowe\Shareaza\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz używając Download &Express'a - C:\MULTIMEDIA\Internetowe\Download Express\Add_Url.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.amnezja.org/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121553044804
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C8D2A53-C8BF-44C7-9E8A-56FAA66623FC}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C8D2A53-C8BF-44C7-9E8A-56FAA66623FC}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\PROGRAMY\Ochrona\Anti-virus\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\PROGRAMY\Ochrona\Anti-virus\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\PROGRAMY\Ochrona\Anti-virus\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\PROGRAMY\Ochrona\Anti-virus\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\PROGRAMY\Ochrona\Firewall\Keiro Firewall\persfw.exe
Awatar użytkownika
Smilodon
~user
 
Posty: 67
Dołączenie: 08 Lis 2005, 17:05
Pochwały: 1

Góra

Postprzez Red 13 Lis 2005, 18:39

to wszystko :)
Awatar użytkownika
Red
^zasłużony
 
Posty: 8694
Dołączenie: 01 Wrz 2005, 10:57
Miejscowość: Piaseczno
Pochwały: 701

Góra

Postprzez Smilodon 13 Lis 2005, 18:41

Dzieki chlopaki dzieki red dalbym wam pochwale ale nie wiem jak?

No i kolejka dla was:)

PS. A tak wogole to wy jestescie informatykami czy takimi hobbystami bo troche tu czyatlem rozne tematy i widze ze jestescie spoko i niezle obcykani we wszystkim :wink:
A tak apropo logów to mozna gdzies jakis poradnik albo co przeczytac zeby nauczyc sie sprawdzac to?(zrozumiem jak mnie wysmiejecie:)
Awatar użytkownika
Smilodon
~user
 
Posty: 67
Dołączenie: 08 Lis 2005, 17:05
Pochwały: 1

Góra

Postprzez jeff 13 Lis 2005, 18:54

Smilodon napisał(a): A tak wogole to wy jestescie informatykami czy takimi hobbystam


nie studiuje informy - to takie małe zainteresowanie - a co do logów to się nauczyłem gdzieś indziej. Raczej nie ma poradnika. Trzeba patrzec na początku co inni każą usuwać i z czasem dochodzi się do wprawy :D
jeff
 


Góra

Postprzez Smilodon 13 Lis 2005, 19:02

Aha dobra jeszcze raz dzieki.
Ciągle się ucze...
Linki jakie podaje komuś są, były albo będą podawane przez innych userow.
Awatar użytkownika
Smilodon
~user
 
Posty: 67
Dołączenie: 08 Lis 2005, 17:05
Pochwały: 1

Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 3 gości

Powered by phpBB © Group
Forum Programosy.pl