prośba do ekspertów o sprawdzenie loga...

IP: 81.15.254.* 06.11.04, 13:03
z góry dziękuję

Logfile of HijackThis v1.97.7
Scan saved at 13:01:24, on 6.11.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Matek\Moje dokumenty\winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows AdTools\WinAdTools.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Windows AdTools\WinRatchet.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Marcin\Moje dokumenty\Nowy folder\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\System32\kinih.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55
\ATWatch.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03
\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Matek\Moje
dokumenty\winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows
AdTools\WinAdTools.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - Startup: Power Project.lnk = C:\Program Files\Gadu-Gadu\PowerGG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1
\POPUPCOP\popupcop.dll/imagenew
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
(PPSDKActiveXScanner.MainScreen) -
www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
    • Gość: luna-tic Re: prośba do ekspertów o sprawdzenie loga... IP: 81.15.254.* 06.11.04, 13:06
      skanuje adawarem nowym i juz sporo mi wykrył... podejrzewam ze pousuwa troche
      wtedy wrzuce nowego loga
      • Gość: luna.tic Re: prośba do ekspertów o sprawdzenie loga... IP: 81.15.254.* 07.11.04, 19:19
        wrzucam teraz - prosze ponownie o pomoc.. bo na razie nic mi nie wykrywa ale
        chyba jakies smieci jeszcze pozostaly

        Logfile of HijackThis v1.97.7
        Scan saved at 19:19:29, on 7.11.2004
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\Program Files\Norton AntiVirus\navapsvc.exe
        C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
        C:\WINDOWS\System32\tcpsvcs.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
        C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
        C:\Program Files\D-Tools\daemon.exe
        C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Documents and Settings\Matek\Moje dokumenty\winamp\winampa.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Tlen.pl\tlen.exe
        C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Outlook Express\msimn.exe
        C:\Program Files\Winamp\winamp.exe
        C:\Documents and Settings\Marcin\Moje dokumenty\Nowy folder\HijackThis.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.onet.pl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
        res://C:\WINDOWS\System32\kinih.dll/sp.html (obfuscated)
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
        Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
        \spool\drivers\w32x86\3\hpztsb04.exe
        O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
        O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55
        \ATWatch.exe
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
        lang 1033
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03
        \bin\jusched.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
        atboottime
        O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Matek\Moje
        dokumenty\winamp\winampa.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
        O4 - Startup: Power Project.lnk = C:\Program Files\Gadu-Gadu\PowerGG.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office10\OSA.EXE
        O4 - Global Startup: Image Transfer.lnk = ?
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1
        \POPUPCOP\popupcop.dll/imagenew
        O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
        O9 - Extra button: ATI TV (HKLM)
        O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
        www.apple.com/qtactivex/qtplugin.cab
        O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
        (PPSDKActiveXScanner.MainScreen) - www.pestscan.com/scanner/axscanner.cab
        O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
        www.bitdefender.com/scan/Msie/bitdefender.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
        www.pandasoftware.com/activescan/as5/asinst.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
        download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        • netsec Re: prośba do ekspertów o sprawdzenie loga... 08.11.04, 08:57
          Wklej nowego loga ale wykonanego wersją 1.98.2 Hijack.
          • Gość: lunatic Re: prośba do ekspertów o sprawdzenie loga... IP: 81.15.254.* 11.11.04, 13:50
            oki log jest: pliss help me if everythin'is ok!!!


            Logfile of HijackThis v1.98.2
            Scan saved at 13:50:15, on 11.11.2004
            Platform: Windows XP (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 (6.00.2600.0000)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\System32\Ati2evxx.exe
            C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            C:\Program Files\Norton AntiVirus\navapsvc.exe
            C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
            C:\WINDOWS\System32\tcpsvcs.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
            C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
            C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
            C:\Program Files\D-Tools\daemon.exe
            C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
            C:\Program Files\QuickTime\qttask.exe
            C:\Documents and Settings\Matek\Moje dokumenty\winamp\winampa.exe
            C:\WINDOWS\SOUNDMAN.EXE
            C:\WINDOWS\System32\ctfmon.exe
            C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
            C:\Program Files\Winamp\winamp.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\Program Files\Gadu-Gadu\gg.exe
            C:\Program Files\Outlook Express\msimn.exe
            C:\Documents and Settings\Marcin\Pulpit\HijackThis.exe

            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
            res://C:\WINDOWS\System32\kinih.dll/sp.html (obfuscated)
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
            Panel\atiptaxx.exe
            O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32
            \spool\drivers\w32x86\3\hpztsb04.exe
            O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
            O4 - HKLM\..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55
            \ATWatch.exe
            O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
            lang 1033
            O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03
            \bin\jusched.exe
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
            atboottime
            O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Matek\Moje
            dokumenty\winamp\winampa.exe
            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
            O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
            O4 - Startup: Power Project.lnk = C:\Program Files\Gadu-Gadu\PowerGG.exe
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office10\OSA.EXE
            O4 - Global Startup: Image Transfer.lnk = ?
            O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
            res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
            O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1
            \POPUPCOP\popupcop.dll/imagenew
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
            C:\WINDOWS\System32\msjava.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
            00401C608501} - C:\WINDOWS\System32\msjava.dll
            O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program
            Files\ATI Technologies\TV\EXPLBAR.DLL
            O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
            (PPSDKActiveXScanner.MainScreen) - www.pestscan.com/scanner/axscanner.cab
            O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
            www.bitdefender.com/scan/Msie/bitdefender.cab
            O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
            www.pandasoftware.com/activescan/as5/asinst.cab
            O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
            skaner.mks.com.pl/SkanerOnline.cab
Pełna wersja