Dodaj do ulubionych

Z prośbą do piecyka

IP: *.neoplus.adsl.tpnet.pl 05.10.04, 03:28
Dopisałem w innym wątku ale nie zauważyłeś.
Proszę o pomoc w rozszyfrowaniu tych logów.

Logfile of HijackThis v1.98.2
Scan saved at 19:17:29, on 2004-10-04
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\PopTray\PopTray.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1045\nt\MAPISP32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.gazeta.pl/0,0.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (value not
set)
(file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1
\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (value
not
set) (file missing)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} -
C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\System32\Rscmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5
\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware
Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
5.0
\Distillr\AcroTray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1
\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1
\FlashGet\jc_link.htm
O8 - Extra context menu item: Otwórz obraz w programie &Microsoft PhotoDraw -
res://C:\PROGRA~1\MICROS~2\Office\1045\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program
Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} -
C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-
8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} -
C:\Program Files\Copernic Agent\CopernicAgent.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) -
www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{14EF72BF-E663-4C0E-BA62-
D0B803BD23E2}:
NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E9A3FEB-A5CE-46C2-8913-
BB670295ACD5}:
NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{14EF72BF-E663-4C0E-BA62-
D0B803BD23E2}:
NameServer = 194.204.152.34 217.98.63.164




Mam podejrzenia co do pewnych wpisów, ale nie chciałbym zrobić nic pochopnie.
Obserwuj wątek
    • kalinowski11 Re: Z prośbą do piecyka 05.10.04, 06:08
      Ja wywalił bym to :

      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      > O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (value not
      > set)
      > (file missing)
      > O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (value
      > not
      > set) (file missing)
      > O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} -
      > C:\Program Files\Copernic Agent\CopernicAgentExt.dll
      > O8 - Extra context menu item: Search Using Copernic Agent - C:\Program
      > Files\Copernic Agent\Web\SearchExt.htm
      > O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} -
      > C:\Program Files\Copernic Agent\CopernicAgent.exe
      > O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-
      > 8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe
      > O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} -
      > C:\Program Files\Copernic Agent\CopernicAgent.exe

      Może Piecu albo Netsec znajdą coś jeszcze :)

      Pozdrawiam .
    • Gość: piecyk gazowy Re: Z prośbą do piecyka IP: *.tpnet.pl / *.tpnet.pl 05.10.04, 11:17
      Gość portalu: Wojtek napisał(a):

      *> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
      > Plus wita Cie w Internecie

      > O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (value not
      > set)
      > (file missing)

      > O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\System32\Rscmpt.exe

      *> O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

      *> O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-
      > Packard\HP Share-to-Web\hpgs2wnd.exe
      *> O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

      > O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      > O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
      > O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe

      DWA ANTYWIRUSY??? Wywal jeden!

      > O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe

      > O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) -
      > www.webshots.com/samplers/WSDownloader.ocx

      Copernic Agent to chyba jakaś wyszukiwarka. Zaznacz powyższe pozycje
      (antywirusa jednego zostaw) i wciśnij Fix Checked. Gwiazdką oznaczyłem wpisy
      poprawne, ale według mnie zbędne - decyzja należy do Ciebie.

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka