log z hijacka

IP: *.neoplus.adsl.tpnet.pl 17.12.04, 19:55
wklejam loga, prosze o sprawdzenie go :-)

Logfile of HijackThis v1.98.2
Scan saved at 19:55:07, on 2004-12-17
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\BullsEye Network\bin\bargains.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Gadu-Gadu\gg.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\WINDOWS\System32\systime.exe
E:\WINDOWS\System32\rundll32.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Internet Explorer\iexplore.exe
C:\xp-AntiSpy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} -
E:\Program Files\SurfSideKick 2\SskBho.dll (file missing)
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -
E:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-
4208340c1f7f} - E:\Program Files\IEMenuExtension\tbextn.dll
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SysTime] E:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [SurfSideKick 2] E:\Program Files\SurfSideKick 2\Ssk.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {1CBF5620-2DBE-0392-3E68-40AA41D4E825} -
213.159.117.150/1/rdgPL10.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
www.errorguard.com/installation/Install.cab
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) -
www.globalphon.com/dialer/russia.CAB
O16 - DPF: {4C84FE8E-7E7E-11A6-E46E-74FA4383C97D} -
213.159.117.150/1/rdgPL10.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100169734654
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
static.topconverting.com/activex/loader2.ocx
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} -
E:\WINDOWS\System32\Fbffffpd.dll

    • Gość: piecyk gazowy Re: log z hijacka IP: *.tpnet.pl / *.tpnet.pl 17.12.04, 19:57
      Ściągnij najnowszego HijackThis
      www.spywareinfo.com/~merijn/files/HijackThis.exe
      i wklej loga jeszcze raz. Przy wklejaniu pomiń sekcję "Running processes" (bo
      inaczej wszystko może się nie zmieścić):
Pełna wersja