przoszę o sprawdzenie Hijack This

IP: *.internetdsl.tpnet.pl 09.05.05, 22:49
Logfile of HijackThis v1.99.1
Scan saved at 22:44:50, on 2005-05-09
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
c:\searchpage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.idg.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
www.searchv.com/1/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
c:\searchpage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
www.searchv.com/1/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
www.searchv.com/1/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
www.searchv.com/1/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
www.idg.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program
Microsoft Internet Explorer dostarczony przez IDG.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program
Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FLASHGET\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mp3: C:\Program Files\Internet
Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=www.idg.pl
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09C72EF7-4FB5-46D7-A21D-
97A4AA2A9F47}: NameServer = 194.204.159.1,194.204.152.34
O19 - User stylesheet: C:\WINDOWS\windows.dat
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe

    • Gość: T-800 Re: przoszę o sprawdzenie Hijack This IP: *.tpnet.pl / *.tpnet.pl 09.05.05, 23:03
      Do usunięcia:

      > R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html
      > R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > c:\searchpage.html
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
      > c:\searchpage.html

      > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
      > www.searchv.com/1/search.html
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      > c:\searchpage.html
      > R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
      > www.searchv.com/1/
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
      > www.searchv.com/1/search.html
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
      > www.searchv.com/1/
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

      > R3 - Default URLSearchHook is missing

      > O19 - User stylesheet: C:\WINDOWS\windows.dat

      Uruchom ponownie system, przeskanuj Ad-Aware’em:
      ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe
      i wklej nowego loga.
      • Gość: pat Re: przoszę o sprawdzenie Hijack This IP: *.internetdsl.tpnet.pl 12.05.05, 10:09
        Logfile of HijackThis v1.99.1
        Scan saved at 10:08:06, on 2005-05-12
        Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\System32\nvsvc32.exe
        C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        www.idg.pl
        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
        www.idg.pl/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program
        Microsoft Internet Explorer dostarczony przez IDG.pl
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
        \MICROS~2\Office10\EXCEL.EXE/3000
        O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program
        Files\FlashGet\jc_link.htm
        O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
        C:\Program Files\FlashGet\jc_all.htm
        O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
        C:\PROGRA~1\FLASHGET\flashget.exe (file missing)
        O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
        0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O12 - Plugin for .mp3: C:\Program Files\Internet
        Explorer\PLUGINS\npqtplugin4.dll
        O14 - IERESET.INF: START_PAGE_URL=www.idg.pl
        O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
        ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{09C72EF7-4FB5-46D7-A21D-97A4AA2A9F47}:
        NameServer = 194.204.159.1,194.204.152.34
        O19 - User stylesheet: C:\WINDOWS\windows.dat
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\System32\nvsvc32.exe

    • Gość: barracuda7110 Re: przoszę o sprawdzenie Hijack This IP: *.dsl.telepac.pt 10.05.05, 18:13
      Zmień nazwę swojego konta.
      • Gość: pat Re: przoszę o sprawdzenie Hijack This IP: *.internetdsl.tpnet.pl 10.05.05, 21:16
        hey ale o jakie konto chodzi? bo nie rozumiem
        • Gość: Kolobos Re: przoszę o sprawdzenie Hijack This IP: *.warszawa.sdi.tpnet.pl 10.05.05, 22:27
          Chyba o konto Administratora, ktorego uzywasz zamiast uzywac zwyklego konta.
    • Gość: magda Ja rowniez poprosze o sprawdzenie IP: *.slp.vectranet.pl / 195.136.35.* 12.05.05, 10:24

      Logfile of HijackThis v1.99.1
      Scan saved at 10:20:30, on 2005-05-12
      Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\soundman.exe
      C:\DOCUME~1\magda\USTAWI~1\Temp\sahagent-cdt1004.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Media Access\MediaAccK.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
      C:\Program Files\Media Access\MediaAccess.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Gadu-Gadu\gg.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Documents and Settings\magda\Dane aplikacji\aopp.exe
      C:\WINDOWS\System32\w?nlogon.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\WINDOWS\System32\wbem\wmiapsrv.exe
      C:\Program Files\WinRAR\WinRAR.exe
      C:\DOCUME~1\magda\USTAWI~1\Temp\Rar$EX01.397\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.google.pl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
      Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: (no name) - {8E6DDB74-62E8-6E1A-EE7A-19F3EF2C44E3} -
      C:\WINDOWS\System32\hdr.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [SoundMan] soundman.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
      O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
      O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\magda\USTAWI~1\Temp\sahagent-
      cdt1004.exe run
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
      Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost
      2003\GhostStartTrayApp.exe
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
      \SNDMon.exe /Consumer
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program
      Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Csrs] C:\Documents and Settings\magda\Dane aplikacji\aopp.exe
      O4 - HKCU\..\Run: [Ugnyp] C:\WINDOWS\System32\w?nlogon.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office\OSA9.EXE
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-
      00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
      its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge-
      c18.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
      a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
      O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
      Control) - ms-its:mhtml:file://c:\nosuxxx.mht!
      kazaalite.pl/stats/mt.chm::/MediaTicketsInstaller.cab
      O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) -
      www.windowsecurity.com/trojanscan/axscan.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1
      \Symantec\NORTON~1\GHOSTS~2.EXE
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
      Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

      • Gość: barracuda7110 Re: Ja rowniez poprosze o sprawdzenie IP: *.dsl.telepac.pt 12.05.05, 11:54
        Wywal to:
        > O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
        > Control) - ms-its:mhtml:file://c:\nosuxxx.mht!
        > kazaalite.pl/stats/mt.chm::/MediaTicketsInstaller.cab

        Kazaa jest strasznie zawalona spywarem. Jeżeli już musisz korzystać z p2p to
        przerzuć się na coś bezpieczniejszego (emule, dc++). Pozatym zainstaluj poprawki
        do systemu, firewalla i alternatywną przeglądarkę (firefox lub opera).
      • Gość: Kolobos Re: Ja rowniez poprosze o sprawdzenie IP: *.warszawa.sdi.tpnet.pl 12.05.05, 12:13
        Usun te wpisy:

        O2 - BHO: (no name) - {8E6DDB74-62E8-6E1A-EE7A-19F3EF2C44E3} -
        C:\WINDOWS\System32\hdr.dll
        O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
        O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\magda\USTAWI~1\Temp\sahagent-
        cdt1004.exe run
        O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
        O4 - HKCU\..\Run: [Csrs] C:\Documents and Settings\magda\Dane aplikacji\aopp.exe
        O4 - HKCU\..\Run: [Ugnyp] C:\WINDOWS\System32\w?nlogon.exe
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-
        its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge-
        c18.cab
        O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
        Control) - ms-its:mhtml:file://c:\nosuxxx.mht!
        kazaalite.pl/stats/mt.chm::/MediaTicketsInstaller.cab


        I Fix Checked, nastepnie sciagnij:
        www.downloads.subratam.org/KillBox.zip
        Rozpakuj, zaznacz Delete file on reboot wklej sciezke do pliku (sam/a nie
        szukaj tylko wklejaj gotowa) i naciskaj czerwony przycisk ale na pytanie o
        reset odpowiadaj nie i tak zrob z tymi plikami:

        C:\WINDOWS\System32\w?nlogon.exe
        C:\Documents and Settings\magda\Dane aplikacji\aopp.exe
        C:\Program Files\Media Access\MediaAccK.exe
        C:\DOCUME~1\magda\USTAWI~1\Temp\sahagent-cdt1004.exe
        c:\temp\salm.exe
        C:\WINDOWS\System32\hdr.dll

        Jak juz wszystko zrobisz to resec i po resecie usun ten katalog:
        C:\Program Files\Media Access\

        A nastepnie wklej nowy log z hijackthis.
Pełna wersja