Sprawdzenie loga Hijack This

[Gość: Artur]

Logfile of HijackThis v1.99.1
Scan saved at 14:28:02, on 2006-05-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis1
\ToADiMon.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2
\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\F-Secure Internet Security\Common\FSLAUNCH.EXE
C:\PROGRAM FILES\T-ONLINE\T-ONLINE_SOFTWARE_5\BROWSER\BROWSER.EXE
C:\Program Files\T-Online\T-Online_Software_5\Basis-Software\Basis2
\tonchkml32.exe
C:\Documents and Settings\ARTUR\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} -
C:\WINDOWS\system32\hpE270.tmp
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch
Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06
\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless
Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microfost Windows update] wyshafu.exe
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_5
\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Microfost Windows update] wyshafu.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microfost Windows update] wyshafu.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation
Monitor] "C:\Documents and
Settings\ARTUR\Pulpit\Advanced.Uninstaller.Pro.2006.v7.5.WinALL.Cracked-RES.
[eMulek.com.pl]\Advanced Uninstaller PRO 2006 7.5 Crack\Monitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program
Files\Hp\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) -
static.zangocash.com/cab/Seekmo/ie/bridge-c567.cab?e10519058b10590bbe6f538a09e0959a7c8f345d2c774ef646e5b2eb09c204de74f659583aa2eb
b5ed273444b59d587f079d1b588eded15d8e8e4cba6f53:08ae52e4a4b2cf3568c6ae6e6eef5a3
2
O17 - HKLM\System\CCS\Services\Tcpip\..\{10FB821C-06D5-4CF1-AFD8-
8453D3DD8E65}: NameServer = 85.255.115.114,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2A0F486-FC1C-463A-940E-
297C10750933}: NameServer = 217.237.150.97 217.237.149.161
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3C447FF-94E6-43D7-B167-
2A117FAFF11B}: NameServer = 85.255.115.114,85.255.112.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{10FB821C-06D5-4CF1-AFD8-
8453D3DD8E65}: NameServer = 85.255.115.114,85.255.112.142
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32
\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development
Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[Gość: k]

Tutaj mamy to co zwykle:
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} -
C:\WINDOWS\system32\hpE270.tmp
Usuwasz to tym:
Usuwasz tym:
siri.urz.free.fr/Fix/SmitfraudFix_En.php
Raport z usuwania wklej na forum.

Reszta do kasacji:
O4 - HKLM\..\Run: [Microfost Windows update] wyshafu.exe
O4 - HKLM\..\RunServices: [Microfost Windows update] wyshafu.exe
O4 - HKCU\..\Run: [Microfost Windows update] wyshafu.exe <- usun plik z dysku.
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe" <-
odinstaluj i usun katalog UnSpyPC i nie instaluj tego wiecej!
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation
Monitor] "C:\Documents and
Settings\ARTUR\Pulpit\Advanced.Uninstaller.Pro.2006.v7.5.WinALL.Cracked-RES.
[eMulek.com.pl]\Advanced Uninstaller PRO 2006 7.5 Crack\Monitor.exe" <-
pirat! ;-)

Zepsuta java, przeinstaluj:
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
file)
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) -
static.zangocash.com/cab/Seekmo/ie/bridge-c567.cab?
e10519058b10590bbe6f538a09e0959a7c8f345d2c774ef646e5b2eb09c204de74f659583aa2eb
b5ed273444b59d587f079d1b588eded15d8e8e4cba6f53:08ae52e4a4b2cf3568c6ae6e6eef5a3
2

Podmienione dnsy, usun i ustaw takie jakie zaleca Twoj dostawca netu:
O17 - HKLM\System\CCS\Services\Tcpip\..\{10FB821C-06D5-4CF1-AFD8-
8453D3DD8E65}: NameServer = 85.255.115.114,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2A0F486-FC1C-463A-940E-
297C10750933}: NameServer = 217.237.150.97 217.237.149.161
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3C447FF-94E6-43D7-B167-
2A117FAFF11B}: NameServer = 85.255.115.114,85.255.112.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{10FB821C-06D5-4CF1-AFD8-
8453D3DD8E65}: NameServer = 85.255.115.114,85.255.112.142
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

Na koniec skan:
download.ewido.net/ewido-setup.exe
Po przeskanowaniu odinstaluj.