Prosze o sprawdzenie loga z Hijackthis :)

04.06.05, 16:08
Logfile of HijackThis v1.99.0
Scan saved at 16:07:07, on 2005-06-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Alcatel One Touch PC Suite 2\DesktopTool\DesktopTool.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Gadu-Gadu\gg.exe
D:\Programy\instalki\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1045
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Desktop Tool] "C:\Program Files\Alcatel One Touch PC Suite 2\DesktopTool\DesktopTool.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\PowerGG.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVK Service - Unknown - C:\Program Files\AntiVirenKit\AVKService.exe (file missing)
O23 - Service: Strażnik AVK - Unknown - C:\Program Files\AntiVirenKit\AVKWCtl.exe (file missing)
O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service - Unknown - C:\Program Files\Eset\nod32krn.exe

    • Gość: Kolobos Re: Prosze o sprawdzenie loga z Hijackthis :) IP: *.warszawa.sdi.tpnet.pl 04.06.05, 16:21
      Wszystko ok.
      • Gość: Ewelinka Re: Prosze o sprawdzenie loga z Hijackthis :) IP: *.Dwudziestolatka.ds.uni.wroc.pl 07.06.05, 20:02
        o co chodzi z tym sprawdzaniem loga????? wszyscy o to prosza a ja nic nie kumam:)
        • Gość: Kolobos Re: Prosze o sprawdzenie loga z Hijackthis :) IP: *.warszawa.sdi.tpnet.pl 07.06.05, 20:07
          Proponuje Ci poczytac:
          www.searchengines.pl/phpbb203/index.php?showtopic=15989
          I wszystko stanie sie jasne :-)


          W skrocie hijackthis pokazuje lokacje w ktorych moga sie chowac robaki itp
          zyjatka ;-)
          Oczywiscie pokazuje tez dobre wpisy wiec jak ktos nie umie sie nim poslugiwac
          to sobie moze napsuc w systemie :P
          • Gość: Przemek Re: Prosze o sprawdzenie loga z Hijackthis :) IP: *.jg.energiapro.pl / *.jg.energiapro.pl 08.06.05, 15:46
            Borykam się z otwierającą się po uruchomieniu IE www. Czy na podstawie loga z
            Hijacka coś będzie można wysnuć?

            Przedstawiam logo:

            Logfile of HijackThis v1.99.1
            Scan saved at 15:35:06, on 05-06-08
            Platform: Windows 95 B (Win9x 4.00.1111)
            MSIE: Internet Explorer v5.50 (5.50.4134.0600)

            Running processes:
            C:\WINDOWS\SYSTEM\KERNEL32.DLL
            C:\WINDOWS\SYSTEM\MSGSRV32.EXE
            C:\WINDOWS\SYSTEM\MPREXE.EXE
            C:\WINDOWS\SYSTEM\mmtask.tsk
            C:\WINDOWS\EXPLORER.EXE
            C:\WINDOWS\SYSTEM\INTERNAT.EXE
            C:\WINDOWS\SYSTEM\SYSTRAY.EXE
            C:\WINDOWS\SYSTEM\LOADWC.EXE
            C:\WINDOWS\RUNDLL32.EXE
            C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
            C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
            C:\WINDOWS\SYSTEM\PSTORES.EXE
            C:\WINDOWS\SYSTEM\DDHELP.EXE
            C:\PROGRAM FILES\WINRAR\WINRAR.EXE
            C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
            res://C:\WINDOWS\TEMP\se.dll/sp.html
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
            res://C:\WINDOWS\TEMP\se.dll/sp.html
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
            R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
            about:blank
            R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
            about:blank
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
            Settings,ProxyServer = proxyjg:8080
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
            Settings,ProxyOverride = info; 192.168.251.1
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\PROGRAM FILES\ADOBE\ACROBAT 5.0 CE\READER\ACTIVEX\ACROIEHELPER.OCX
            O2 - BHO: (no name) - {C28716E3-D757-11D9-B2E4-0001EED00DCA} -
            C:\WINDOWS\SYSTEM\EMAPHEA.DLL
            O3 - Toolbar: @msdxmLC.dll,-1@1045,&Radio - {8E718888-423F-11D2-876E-
            00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
            O4 - HKLM\..\Run: [internat.exe] internat.exe
            O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
            O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
            O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\SYSTEM\msmsgs.exe
            O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
            O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\SYSTEM\winnook.exe
            O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft
            Office\Office\FINDFAST.EXE
            O4 - Startup: Uruchamianie pakietu Office.lnk = C:\Program Files\Microsoft
            Office\Office\OSA.EXE
            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
            C:\WINDOWS\web\related.htm
            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
            00aa003c157a} - C:\WINDOWS\web\related.htm
            O13 - WWW. Prefix:
            O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
            software-dl.real.com/273b929de64e822d9005/netzip/RdxIE601.cab
            O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = jg.energiapro.pl
            O18 - Filter: text/html - {C28716E2-D757-11D9-B2E4-0001819CA851} -
            C:\WINDOWS\SYSTEM\EMAPHEA.DLL
            O18 - Filter: text/plain - {C28716E2-D757-11D9-B2E4-0001819CA851} -
            C:\WINDOWS\SYSTEM\EMAPHEA.DLL


            Dzięki za pomoc

            Przemek
            • Gość: Kolobos Re: Prosze o sprawdzenie loga z Hijackthis :) IP: *.warszawa.sdi.tpnet.pl 08.06.05, 18:58
              Sciagnij i uzyj tego:
              www.derbilk.de/SpSeHjfix109.zip
              Po resecie w hijackthis zaznacz te wpisy:

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
              res://C:\WINDOWS\TEMP\se.dll/sp.html
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
              res://C:\WINDOWS\TEMP\se.dll/sp.html
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
              R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              about:blank
              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              about:blank
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
              O2 - BHO: (no name) - {C28716E3-D757-11D9-B2E4-0001EED00DCA} -
              C:\WINDOWS\SYSTEM\EMAPHEA.DLL
              O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\SYSTEM\msmsgs.exe
              O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
              O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\SYSTEM\winnook.exe
              O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
              C:\WINDOWS\web\related.htm
              O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
              00aa003c157a} - C:\WINDOWS\web\related.htm
              O13 - WWW. Prefix:
              O18 - Filter: text/html - {C28716E2-D757-11D9-B2E4-0001819CA851} -
              C:\WINDOWS\SYSTEM\EMAPHEA.DLL
              O18 - Filter: text/plain - {C28716E2-D757-11D9-B2E4-0001819CA851} -
              C:\WINDOWS\SYSTEM\EMAPHEA.DLL

              I Fix Checked, nastepnie uruchom komputer w trybie msdos (F8 przy starcie ) i
              usun te pliki:
              C:\WINDOWS\SYSTEM\EMAPHEA.DLL
              C:\WINDOWS\SYSTEM\winnook.exe
              C:\WINDOWS\TEMP\SE.DLL
              C:\WINDOWS\SYSTEM\msmsgs.exe

              Usuwasz tak:
              del C:\WINDOWS\SYSTEM\winnook.exe
              i tak ze wszystkimi plikami, ktore podalem.

              W Start->Programy->Austostart usun to:
              Microsoft Find Fast
              Uruchamianie pakietu Office

              Nie uzywaj wiecej Internet Explorera bo jest stary, a nowszego miec nie
              bedziesz wiec zmien przegladarke na Opere:
              www.opera.com/download/
              Lub jak masz lepszy komputer to FireFox:
              www.firefox.pl/
              Ale pewnie jakbys miel lepszy komputer to nie mialbys Windows 95B.

              Nie masz antyvirusa ani nic, eh ten komputer nie nadaje sie do Internetu.

              Zainstaluj sobie tego antyvirusa:
              www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
              Przeskanuj tez tym:
              www.safer-networking.org/pl/mirrors/index.html
              O ile masz nowy winsock zainstalowany.
Pełna wersja