Sprawdzenie loga z HijackThis

IP: *.ha.tuniv.szczecin.pl 27.07.05, 20:59
Uprzejmie proszę o sprawdzenie loga (z góry dziękuję):
Logfile of HijackThis v1.99.1
Scan saved at 21:06:12, on 2005-07-27
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Ukleja\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\Ukleja\USTAWI~1\Temp\se.dll/sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.interia.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\Ukleja\USTAWI~1\Temp\se.dll/sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.interia.pl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [wpkontakt] C:\Program Files\Wirtualna
Polska\wpkontakt\wpkontakt.exe -autostart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ODK_Mon] C:\Program Files\Odkurzacz 9.0 Pro\\odk_mon.exe
O4 - HKLM\..\Run: [SurfBuddy] rundll32 "C:\Program
Files\SurfBuddy\sbuddy.dll",run
O4 - HKCU\..\Run: [SurfBuddy] rundll32 "C:\Program
Files\SurfBuddy\sbuddy.dll",run
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Tlumacz z LING... -
www.ling.pl/ling/def-src.php4
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: Tarantella 3.x Framework Java Archive -
webtop.ps.pl/java/asadJ-du.cab
O16 - DPF: Tarantella 3.x Proxy Java Archive -
webtop.ps.pl/java/proxyJ-du.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) - download.mcafee.com/molbin/shared/mcinsctl/en-
us/4,0,0,84/mcinsctl.cab
O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) -
poczta.wp.pl/autoryzacja/mailcfg2.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program
Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MkS Net Monitor (MksNetMon) - Unknown owner - C:\Program
Files\MKS\Bin\NetMonSv.exe (file missing)

    • Gość: Kolobos Re: Sprawdzenie loga z HijackThis IP: *.warszawa.sdi.tpnet.pl 27.07.05, 23:50
      Uzyj tego:
      www.trojaner-info.de/files/SpSeHjfix112.exe
      Kasujesz to:

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
      res://C:\DOCUME~1\Ukleja\USTAWI~1\Temp\se.dll/sp.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
      res://C:\DOCUME~1\Ukleja\USTAWI~1\Temp\se.dll/sp.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      about:blank
      O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
      O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
      O4 - HKLM\..\Run: [SurfBuddy] rundll32 "C:\Program
      Files\SurfBuddy\sbuddy.dll",run <- odinstaluj ten program, a folder usun
      O4 - HKCU\..\Run: [SurfBuddy] rundll32 "C:\Program
      Files\SurfBuddy\sbuddy.dll",run
      O15 - Trusted Zone: www.skymasters.biz
      O23 - Service: MkS Net Monitor (MksNetMon) - Unknown owner - C:\Program
      Files\MKS\Bin\NetMonSv.exe (file missing) <- ta usluge wylacz i usun ja w
      hijackthis (open misc tools delete nt service -> MksNetMon
      • Gość: Qaz Re: Sprawdzenie loga z HijackThis IP: *.ha.tuniv.szczecin.pl 29.07.05, 17:14
        Dzięki Kolobos
        • Gość: PM Re: Sprawdzenie loga z HijackThis IP: *.neoplus.adsl.tpnet.pl 08.08.05, 00:06
          Czy ja też mogłabym prosić o sprawdzenie??? :):):)

          Logfile of HijackThis v1.99.1
          Scan saved at 00:02:16, on 2005-08-08
          Platform: Windows XP (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 (6.00.2600.0000)

          Running processes:
          D:\WINDOWS\System32\smss.exe
          D:\WINDOWS\system32\winlogon.exe
          D:\WINDOWS\system32\services.exe
          D:\WINDOWS\system32\lsass.exe
          D:\WINDOWS\system32\svchost.exe
          D:\WINDOWS\System32\svchost.exe
          D:\WINDOWS\Explorer.EXE
          D:\WINDOWS\system32\spoolsv.exe
          D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          D:\Program Files\Alwil Software\Avast4\ashServ.exe
          D:\Program Files\Winamp\winampa.exe
          D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
          D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          D:\WINDOWS\System32\msupdate32.exe
          D:\PROGRA~1\NEOSTR~1\CnxMon.exe
          D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
          D:\WINDOWS\System32\ctfmon.exe
          D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
          D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          D:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
          D:\PROGRA~1\NEOSTR~1\ComComp.exe
          D:\PROGRA~1\NEOSTR~1\Watch.exe
          D:\WINDOWS\System32\wuauclt.exe
          D:\Program Files\Internet Explorer\IEXPLORE.EXE
          D:\Documents and Settings\KASIA\Pulpit\hijackthis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.wp.pl/
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
          D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program
          Files\Spybot - Search & Destroy\SDHelper.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
          D:\WINDOWS\System32\msdxm.ocx
          O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - D:\PROGRA~1
          \Accoona\atoolbar.dll
          O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32
          \spool\drivers\w32x86\3\hpztsb04.exe
          O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
          O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32
          \mobsync.exe /logon
          O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [Windows Network Firewall] D:\WINDOWS\System32\firewall.exe
          O4 - HKLM\..\Run: [microsft Updates] msupdate32.exe
          O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe
          O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe
          O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
          O4 - HKLM\..\RunServices: [microsft Updates] msupdate32.exe
          O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
          O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840
          \dslmon.exe
          O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft
          Office\Office\OSA9.EXE
          O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
          D:\WINDOWS\web\related.htm
          O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
          00aa003c157a} - D:\WINDOWS\web\related.htm
          O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
          skaner.mks.com.pl/SkanerOnline.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{67102071-128C-4C93-A5B0-74B569457856}:
          NameServer = 194.204.152.34 217.98.63.164
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
          D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil
          Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil
          Software\Avast4\ashMaiSv.exe" /service (file missing)
          O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil
          Software\Avast4\ashWebSv.exe" /service (file missing)

          • Gość: Kolobos Re: Sprawdzenie loga z HijackThis IP: *.warszawa.sdi.tpnet.pl 08.08.05, 01:54
            Nie zakladaj paru watkow tylko pisz w jednym!
            Syf sie bierze stad, ze masz pirackiego windowsa i brak aktualizacji...

            Skan i usuwanie wszystkiego tym:
            download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
            download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
            przeskanowaniu odinstaluj.
            Zamknij porty tym:
            www.firewallleaktester.com/tools/wwdc.exe
            do tego:
            forum.gazeta.pl/forum/72,2.html?f=34&w=15679891&a=15680440
            W hijackthis:

            R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
            D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
            O3 - Toolbar: Accoona - {364B6276-C6C1-40B6-A6D7-6C48871FD707} - D:\PROGRA~1
            \Accoona\atoolbar.dll <- usun caly katalog
            O4 - HKLM\..\Run: [BearShare] "D:\Program Files\BearShare\BearShare.exe" /pause
            <- odinstaluj i zacznij uzywac programow nie instalujacych syfu!
            O4 - HKLM\..\Run: [Windows Network Firewall] D:\WINDOWS\System32\firewall.exe <-
            do ksacji
            O4 - HKLM\..\Run: [microsft Updates] msupdate32.exe
            O4 - HKLM\..\RunServices: [microsft Updates] msupdate32.exe <- plik do kasacji
            O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
            D:\WINDOWS\web\related.htm
            O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
            00aa003c157a} - D:\WINDOWS\web\related.htm
            O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

Pełna wersja