Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    Prosze o sprawdzenie loga!!!!!!!!!!!!!!!!!!!!!!!!!

    IP: *.neoplus.adsl.tpnet.pl 09.02.06, 17:55
    Proszę o sprawdzenie loga....

    Logfile of HijackThis v1.99.1
    Scan saved at 17:49:19, on 2006-02-09
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe
    C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\HbTools\Bin\4.7.1.0\HbtSrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\cofik\Pulpit\antywirusowe\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <!DOCTYPE
    HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <HTML><HEAD>
    <TITLE>404 Not Found</TITLE>
    </HEAD><BODY>
    <H1>Not Found</H1>
    The requested URL /url.dat was not found on this server.<P>
    </BODY></HTML>

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <!DOCTYPE
    HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <HTML><HEAD>
    <TITLE>404 Not Found</TITLE>
    </HEAD><BODY>
    <H1>Not Found</H1>
    The requested URL /url.dat was not found on this server.<P>
    </BODY></HTML>

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    F2 - REG:system.ini:
    UserInit=C:\WINDOWS\svchost32.exe,C:\WINDOWS\system32\userinit.exe,
    O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    O1 - Hosts: <HTML><HEAD>
    O1 - Hosts: <TITLE>404 Not Found</TITLE>
    O1 - Hosts: </HEAD><BODY>
    O1 - Hosts: <H1>Not Found</H1>
    O1 - Hosts: The requested URL /stat.dat was not found on this server.<P>
    O1 - Hosts: </BODY></HTML>
    O1 - Hosts: 217.96.35.130 auto.search.msn.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program
    Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
    O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program
    Files\HbTools\Bin\4.7.1.0\HbtHostIE.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program
    Files\HbTools\Bin\4.7.1.0\HbtHostIE.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Winlogun] C:\WINDOWS\system32\winlogin.exe
    O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe
    O4 - HKLM\..\Run: [eyvalvqv] C:\WINDOWS\system32\pgpuzugf.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: ShopperReports - Compare travel rates -
    {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program
    Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
    O9 - Extra button: ShopperReports - Compare product prices -
    {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program
    Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: skaner.mks.com.pl
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129461810932
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129461950733
    O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
    skaner.mks.com.pl/SkanerOnline.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{67B171B0-4750-4598-ADEA-C090261382BD}:
    NameServer = 193.178.241.130,193.178.241.131
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{D03ADF00-ABE8-4DF3-A0B7-256DFEB0ABB4}:
    NameServer = 193.178.241.130,193.178.241.131
    O17 -
    HKLM\System\CS1\Services\Tcpip\..\{67B171B0-4750-4598-ADEA-C090261382BD}:
    NameServer = 193.178.241.130,193.178.241.131
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division
    Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    Obserwuj wątek
      • kolobos Re: Prosze o sprawdzenie loga!!!!!!!!!!!!!!!!!!!! 09.02.06, 19:39
        W menadzerze zadan zakoncz:
        C:\Program Files\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe
        C:\Program Files\HbTools\Bin\4.7.1.0\HbtSrv.exe

        W hijackthis usun:
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <!DOCTYPE
        HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
        <HTML><HEAD>
        <TITLE>404 Not Found</TITLE>
        </HEAD><BODY>
        <H1>Not Found</H1>
        The requested URL /url.dat was not found on this server.<P>
        </BODY></HTML>

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <!DOCTYPE
        HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
        <HTML><HEAD>
        <TITLE>404 Not Found</TITLE>
        </HEAD><BODY>
        <H1>Not Found</H1>
        The requested URL /url.dat was not found on this server.<P>
        </BODY></HTML>

        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.h
        tm
        F2 - REG:system.ini:
        UserInit=C:\WINDOWS\svchost32.exe,C:\WINDOWS\system32\userinit.exe, <- usun
        plik svchost32.exe z dysku, a userinit nie ruszaj!
        O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
        O1 - Hosts: <HTML><HEAD>
        O1 - Hosts: <TITLE>404 Not Found</TITLE>
        O1 - Hosts: </HEAD><BODY>
        O1 - Hosts: <H1>Not Found</H1>
        O1 - Hosts: The requested URL /stat.dat was not found on this server.<P>
        O1 - Hosts: </BODY></HTML>
        O1 - Hosts: 217.96.35.130 auto.search.msn.com
        O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program
        Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
        O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program
        Files\HbTools\Bin\4.7.1.0\HbtHostIE.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
        C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <- odinstaluj jak nie
        uzywasz.
        O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program
        Files\HbTools\Bin\4.7.1.0\HbtHostIE.dll
        O4 - HKLM\..\Run: [Winlogun] C:\WINDOWS\system32\winlogin.exe <- usun plik
        O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.1.0\HbtOEAddOn.exe
        <- usun katalog HbTools
        O4 - HKLM\..\Run: [eyvalvqv] C:\WINDOWS\system32\pgpuzugf.exe <- usun plik
        O9 - Extra button: ShopperReports - Compare travel rates -
        {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program
        Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll <- usun katalog ShopperRep...
        O9 - Extra button: ShopperReports - Compare product prices -
        {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program
        Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll

        Skan:
        ftp://download.hirekmedia.hu/ssfsetup1_0.exe <- zrob update przed skanowaniem,
        po przeskanowaniu odinstaluj.
        download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
        przeskanowaniu odinstaluj.

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.